Interoperable Private Attribution

From Bitnami MediaWiki
Revision as of 01:10, 3 February 2022 by Jkoran (talk | contribs) (Created page with "Meta's Interoperable Private Attribution (IPA) is designed to provide less accurate, incomplete and time-delayed data to marketers about the events associated with their adver...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Meta's Interoperable Private Attribution (IPA) is designed to provide less accurate, incomplete and time-delayed data to marketers about the events associated with their advertising. Meta acknowledges that "Advertisers need accurate reporting about how their ad campaigns are performing."[1]


Meta proposes that the a few organizations "with large reach" can use their knowledge of people's login data to generate a "match key." A Match key is a "Global ID" linked to a user's identity.

"Any app or website can select a list of match key providers they want to use e.g. [“”, “”, “”]".[2]

IPA proposes a system to attribute conversions ("trigger events") to prior exposures ("source events") using these match keys.[3]

Only the browser or OS would have access to read the match key as an input into its Multi-party Computation process. The joining of source events to trigger events is done server side, relying on a cryptographically modified version of the individual's match key. This deterministic encryption ("blinding") process dissociates any information to be procesed from from the original match key. As with today's attribution processs, all the exposures and conversions must be sent to the same processing system.

Prior to returning the result from any query of this data, a Privacy Budget is applied to reduce risk of any other organization understanding individuals whose data is computed by the IPA system. Meta proposes the privacy budget be applied on a per requestor basis, rather than per individual as it would be "terrible for utility as queries from one site would then consumer budget for other sites."[4]

Note the marketer and media owner must rely on either the same match key provider OR match key providers must make their match keys interoperable.


Because transactions are sent in batch they are slower than today's feedback mechanisms. By removing accurate, complete and real-time feedback to marketers, their ability to adjust the pricing and budget associated with advertising will be impaired. As the value marketers receive from advertising declines, so to will publisher revenues.

Meta recongizes that given marketers often work with multiple partners to engage audiences across multiple media owner properties for effective advertising. This system does not currently support time-series reporting or splitting results across partners, which until addressed "could lead to adverse market effects."[5]

Meta states that the multiple parties processing the data (perhaps operated by separate organizations) must collude to re-identify an individual. Thus, when the data is not linked to an individual's identity it is "private." Meta does not describe why the sending of pseudonymous IDs (derived from the match key) to the IPA system exposes people to a different risk than sending pseudonymous IDs to an existing attribution vendor. For IPA to function, at some point the series of events assocaited with user activity are processed by B2B software and then onward sent to the IPA system. Some might consider this first hop in process an online risk.

Meta states each site/app controls the match key providers, but does not explain why more than a single "Global ID" controlled by the user is required to generate the seed ID into this process.

Meta should be commended for acknowledging the economics exist when designing systems to process the high volume of advertising events that support the open web. "In the IPA proposal, entitis will be running queries by sending batches of events to the MPC consortium for processing. This will cost money."[6]

Open Questions

  • Why should an organization that operates a browser or OS have exclusive control over the B2B advertising processing?
  • How will marketers value multi-touch attribution?
  • How can the privacy budget be applied in a way that does not advantage larger networks of sites?

See Also

  • Aggregate Reporting API
  • MURRE is designed to address the time-delayed and aggregate impairments of machine learning Google's Aggregate Reporting API otherwise imposes