The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities as part of the effort around limiting third-party cookies. In particular, the Private Aggregation API (PAA) and the Attribution Reporting API (ARA) can be used for ad measurement while providing different guardrails for safeguarding user privacy, including a framework for satisfying differential privacy (DP). In this work, we provide an abstract model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee under certain assumptions. Our analysis handles the case where both the queries and database can change interactively based on previous responses from the API.

翻译：谷歌的隐私沙盒计划包含一系列API，旨在实现隐私保护的广告功能，这是限制第三方Cookie相关努力的一部分。具体而言，私有聚合API（PAA）与归因报告API（ARA）可用于广告效果衡量，同时提供不同的防护机制以保护用户隐私，包括一个满足差分隐私（DP）要求的框架。在本研究中，我们提出了一个用于分析这些API隐私性的抽象模型，并证明在特定假设下它们满足形式化的DP保证。我们的分析处理了查询和数据库均可根据API先前响应进行交互式变更的情况。