We analyze the privacy guarantees of the Attribution API, an upcoming W3C standard for privacy-preserving advertising measurement. Its central guarantee--separate individual differential privacy (IDP) budgets per querier--proves unsound once data adaptivity across queriers is considered, a condition we argue is unavoidable in practice. The issue lies not with IDP or its device-epoch unit, but with the per-querier enforcement model, which has also appeared in other DP systems; we show formally that no per-querier accounting scheme, under either individual or traditional DP, remains sound under adaptivity, a gap missed by prior analyses. By contrast, a global device-epoch IDP guarantee remains sound, and we introduce Big Bird, a privacy budget manager for the Attribution API that enforces this guarantee. The challenge is that a global budget shared across many untrusted queriers creates denial-of-service (DoS) risks, undermining utility. Building on prior work that treats global budgets as a computing resource, we adapt resource isolation and scheduling techniques to the constraints of IDP, embedding DoS resilience into the budget management layer. Our Rust implementation with Firefox integration, evaluated on real-world ad data, shows that Big Bird supports benign workloads while mitigating DoS risks. Still, achieving both utility and robustness requires global budgets to be configured more loosely than per-site budgets; we therefore recommend that the Attribution API continue using tight per-site budgets but clarify their limited formal meaning, and complement them with global budgets tuned for benign load with added slack for DoS resilience.

翻译：本文分析了即将成为W3C标准的隐私保护广告测量规范Attribution API的隐私保障机制。其核心保障——为每个查询者设置独立的个体差分隐私（IDP）预算——在考虑跨查询者的数据适应性时被证明是不完备的，我们认为这种适应性在实际应用中不可避免。问题根源不在于IDP或其设备-时段单元，而在于按查询者执行的保障模型（该模型也出现在其他差分隐私系统中）；我们通过形式化证明表明，在适应性条件下，无论是基于个体差分隐私还是传统差分隐私，任何按查询者的核算方案都无法保持严谨性，这是先前分析未曾发现的缺陷。相比之下，全局设备-时段IDP保障则保持严谨性，为此我们提出了Big Bird——一个为Attribution API设计的隐私预算管理器，用于实施该保障。挑战在于，由多个不可信查询者共享的全局预算会引发拒绝服务（DoS）风险，从而损害实用性。基于先前将全局预算视为计算资源的研究，我们将资源隔离与调度技术适配到IDP的约束条件下，将DoS鲁棒性嵌入预算管理层。我们在Firefox中集成的Rust实现方案，通过真实广告数据评估表明：Big Bird在支持良性工作负载的同时能有效缓解DoS风险。然而，要同时实现实用性与鲁棒性，全局预算的配置需比按站点预算更为宽松；因此我们建议Attribution API继续采用严格的按站点预算，但需明确其有限的形式化意义，并辅以针对良性负载调整、预留DoS弹性余量的全局预算作为补充。