Skip to content

Commit

Permalink
Add interest group limits to the explainer (#839)
Browse files Browse the repository at this point in the history
This adds a couple of paragraphs describing the limits on the size and number of interest groups that may be joined on a given device.
orrb1 authored Oct 20, 2023
1 parent c063b7f commit 6360067
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions FLEDGE.md
Original file line number Diff line number Diff line change
@@ -228,6 +228,14 @@ loading Protected Audience resources.

The browser will provide protection against microtargeting, by only rendering an ad if the same rendering URL is being shown to a sufficiently large number of people (e.g. at least 50 people would have seen the ad, if it were allowed to show). While in the [Outcome-Based TURTLEDOVE](https://github.com/WICG/turtledove/blob/master/OUTCOME_BASED.md) proposal this threshold applied only to the rendered creative, Protected Audience has the additional requirement that the tuple of the interest group owner, bidding script URL, and rendered creative must be k-anonymous for an ad to be shown (this is necessary to ensure the current event-level reporting for interest group win reporting is sufficiently private). For interest groups that have component ads, all of the component ads must also separately meet this threshold for the ad to be shown. Since a single interest group can carry multiple possible ads that it might show, the group will have an opportunity to re-bid another one of its ads to act as a "fallback ad" any time its most-preferred choice is below threshold. This means that a small, specialized ad that is still below the k-anonymity threshold could still choose to participate in auctions, and its interest group has a way to fall back to a more generic ad until the more specialized one has a large enough audience.

Interest groups are subject to limits needed to bound resource utilization on the user's device. The browser limits the byte size of interest groups in order to safeguard browser storage used to hold the interest groups. Each interest group is individually limited to 1MB, and calls to `navigator.joinAdInterestGroup` will return an error when called with an interest group that exceeds this limit. To safeguard browser compute resources, the most effective strategy is for sellers to set `perBuyerCumulativeTimeouts` on the auction config. As an added measure, the browser also limits the number of interest groups to which a user may be joined.

Each owner is limited to:
* a 10MB limit combined across all interest groups,
* a maximum of 2,000 stored regular interest groups, and
* a maximum of 20,000 stored [negative targeting interest groups](#621-negative-interest-groups).

If any of these per-owner limits are exceeded, the interest group(s) that would expire soonest are removed until that owner is back within its limits.

#### 1.3 Permission Delegation

0 comments on commit 6360067

Please sign in to comment.