With the impending removal of third-party cookies from major browsers and the introduction of new privacy-preserving advertising APIs, the research community has a timely opportunity to assist industry in qualitatively improving the Web's privacy. This paper discusses our efforts, within a W3C community group, to enhance existing privacy-preserving advertising measurement APIs. We analyze designs from Google, Apple, Meta and Mozilla, and augment them with a more rigorous and efficient differential privacy (DP) budgeting component. Our approach, called Alistair, enforces well-defined DP guarantees and enables advertisers to conduct more private measurement queries accurately. By framing the privacy guarantee in terms of an individual form of DP, we can make DP budgeting more efficient than in current systems that use a traditional DP definition. We incorporate Alistair into Chrome and evaluate it on microbenchmarks and advertising datasets. Across all workloads, Alistair significantly outperforms baselines in enabling more advertising measurements under comparable DP protection.

翻译：随着主流浏览器即将移除第三方Cookie以及新型隐私保护广告API的推出，研究界正面临协助产业界实质性提升网络隐私保护水平的宝贵机遇。本文阐述了我们在W3C社区小组中为增强现有隐私保护广告测量API所做的努力。我们系统分析了谷歌、苹果、Meta和Mozilla的设计方案，并通过引入更严谨高效的差分隐私预算组件对其进行增强。我们提出的Alistair方案能强制执行明确定义的差分隐私保障，使广告主能够更私密且精确地进行测量查询。通过采用个体化差分隐私的保障框架，我们的预算机制比采用传统差分隐私定义的系统更为高效。我们将Alistair集成至Chrome浏览器，并在微基准测试与广告数据集上进行评估。在所有工作负载中，Alistair在可比差分隐私保护条件下支持的广告测量数量显著优于基线方案。