Image
Abstract
I’ll present the privacy architecture we designed for W3C’s Attribution API, the privacy-preserving ad-measurement standard being developed with participation from all major browsers. The API replaces backend tracking with on-device measurement and differentially private aggregation, grounded in individual differential privacy (IDP), which enables strong per-user guarantees and critical data-dependent optimizations. I’ll describe two systems that make this architecture practical: Cookie Monster, which introduced efficient on-device IDP budgeting and formed the basis of the W3C draft; and Big Bird, which extends it with principled defenses against adversarial privacy-budget depletion and is now being incorporated into the standard. I’ll conclude with open research challenges and why increased engagement from the research community is essential for these standards to deliver real-world privacy.