I can already see how Advertisers AND Websites will collude and break this one.
Specifically placed ads; targeted at specific website pages which a majority of their target grouping will visit.
Generate an ad that will specifically reside on a page deep inside of the site; think 4+ clicks deep; which is intensely personalized to their target. 1
Ad will trigger; register “Impression” and be boxed up into Differential Privacy set by the DAP.
Since that’s the only ad targeted for that specific page, any impression is an answer of 1 or ‘True’.
Through microtargeting of these deep pages they can learn a lot about what people do online and could potentially break Differential Privacy.
1 - In this example the URI being targeted could be something like https://www.example.com/zhuli/do/the/* in such a way that when you visit https://example.com/zhuli/do/the/thing/order.php is always recorded.
In theory this could be defeated easily if a fork of Firefox wanted to send lots of noise or someone decided to emulate many Firefox clients with false information.
I can already see how Advertisers AND Websites will collude and break this one.
1 - In this example the URI being targeted could be something like
https://www.example.com/zhuli/do/the/*
in such a way that when you visithttps://example.com/zhuli/do/the/thing/order.php
is always recorded.https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap#name-security-considerations
In theory this could be defeated easily if a fork of Firefox wanted to send lots of noise or someone decided to emulate many Firefox clients with false information.