Trust Tokens - Revision history

Jkoran at 00:28, 4 February 2022

2022-02-04T00:28:45Z

Jkoran: Reverted edits by Jkoran (talk) to last revision by AdminUser

2022-02-04T00:24:59Z

Reverted edits by Jkoran (talk) to last revision by AdminUser

Jkoran at 15:54, 22 December 2021

2021-12-22T15:54:47Z

Jkoran at 00:53, 13 June 2021

2021-06-13T00:53:20Z

AdminUser at 15:22, 12 January 2021

2021-01-12T15:22:41Z

AdminUser at 19:04, 11 January 2021

2021-01-11T19:04:47Z

AdminUser: Created page with "Google's Trust Tokens are “issued” by one organization (a trust provider) and “redeemed” across different publishers.https://iabtechlab.com/blog/explaining-the-pr..."

2021-01-11T19:04:18Z

Created page with "Google's Trust Tokens are “issued” by one organization (a trust provider) and “redeemed” across different publishers.<ref>https://iabtechlab.com/blog/explaining-the-pr..."

New page

Google's Trust Tokens are “issued” by one organization (a trust provider) and “redeemed” across different publishers.<ref>https://iabtechlab.com/blog/explaining-the-privacy-sandbox-explainers</ref> Redemption requires the consent of the issuer. The token state is stored local to a web client.

== Impact ==
By removing the technographics that are often used to detect [[Non-human Traffic|non-human traffic]] via [[Privacy Budget]], marketers would not be able to rely on existing fraud detection and prevention services. Moreover, by not being able to detect which publishers' sites have relatively more non-human traffic more of marketers budgets will be spent on fraud.

== Open Questions ==
* Can organizations other than Google create Trust Tokens? And if so, how can their quality of trust be compared?
* What validation service can redeeming organizations rely upon to ensure that a token is not copied from one web client to multiple others?

== References ==

<references />

[[Category:Glossary|Privacy Budget]]
[[Category:Privacy Sandbox|Privacy Budget]]

← Older revision		Revision as of 15:54, 22 December 2021
Line 12:		Line 12:

	There is also a privacy concern that if publishers and marketers can no longer rely on a competitive market of fraud detection services, but instead the only means of validating whether a user is a human requires the web client to remember this individual has previously authenticated on at least one other web property, individuals may be forced to authenticate on more sites to generate more tokens. This would impact people's ability to navigate the web in an unauthenticated state as freely as they do today.		There is also a privacy concern that if publishers and marketers can no longer rely on a competitive market of fraud detection services, but instead the only means of validating whether a user is a human requires the web client to remember this individual has previously authenticated on at least one other web property, individuals may be forced to authenticate on more sites to generate more tokens. This would impact people's ability to navigate the web in an unauthenticated state as freely as they do today.
		+
		+	Additionally, trust tokens do not actually solve for fraud. For example, a valid user who is authenticated by a trust issuer, does not ensure their client is not infected by a malicious script to fire fraudulent traffic (e.g., open multiple tabs after the user steps away from the machine). Without granular tracking over time, most of fraud detection will suffer.

	== Regulator Perspectives ==		== Regulator Perspectives ==

← Older revision		Revision as of 15:22, 12 January 2021
Line 1:		Line 1:
−	Google's Trust Tokens are “issued” by one organization (a trust provider) and “redeemed” across different publishers.<ref>https://iabtechlab.com/blog/explaining-the-privacy-sandbox-explainers</ref> Redemption requires the consent of the issuer. The token state is stored local to a web client.	+	Google's Trust Tokens are “issued” by one organization (a trust provider) and “redeemed” across different publishers.<ref>https://iabtechlab.com/blog/explaining-the-privacy-sandbox-explainers</ref> Redemption requires the consent of the issuer. The token state is stored local to a web client.<ref>https://github.com/dvorak42/trust-token-api</ref>

	== Impact ==		== Impact ==

@@ Line 1: / Line 1: @@
 Google's Trust Tokens are “issued” by one organization (a trust provider) and “redeemed” across different publishers.<ref>https://iabtechlab.com/blog/explaining-the-privacy-sandbox-explainers</ref> Redemption requires the consent of the issuer. The token state is stored local to a web client.<ref>https://github.com/dvorak42/trust-token-api</ref>
 == Impact ==
 By removing the technographics that are often used to detect [[Non-human Traffic|non-human traffic]] via [[Privacy Budget]], marketers would not be able to rely on existing fraud detection and prevention services. Moreover, by not being able to detect which publishers' sites have relatively more non-human traffic more of marketers budgets will be spent on fraud.
 == Open Questions ==
-* Can organizations other than Google create Trust Tokens? And if so, how can their quality of trust be compared?
+* How can the reliable quality of issuers of Trust Tokens be compared?
 * What validation service can redeeming organizations rely upon to ensure that a token is not copied from one web client to multiple others?

@@ Line 12: / Line 12: @@
 <references />
-[[Category:Glossary|Privacy Budget]]
+[[Category:Glossary|Trust Tokens]]
-[[Category:Privacy Sandbox|Privacy Budget]]
+[[Category:Privacy Sandbox|Trust Tokens]]