[Webkit-unassigned] [Bug 233673] New: PCM: Unlinkable tokens for triggering event to prevent fraud

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=233673

            Bug ID: 233673
           Summary: PCM: Unlinkable tokens for triggering event to prevent
                    fraud
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: wilander at apple.com

We recently introduced click fraud prevention with unlinkable tokens on the source side in Private Click Measurement (PCM). We should design and implement a way for click destinations to sign unlinkable tokens too and have those tokens be part of the resulting ad attribution report. This helps fight at least three types of fraud:

1. A fraudulent user induces a triggering event that the merchant doesn’t trust. The new feature would allow them to simply not sign a token for that event.
2. A fraudulent publisher creates an attribution report with a signed token from itself and submits it to the merchant to claim attribution.
3. A fraudulent merchant claims that a specific attribution report was fraudulent so that they don’t have to pay for attribution.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211201/8fc4f7fa/attachment.htm>