| Summary: | PCM: How can I check if PCM feature is enabled in a given Safari instance? | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Maojie <mwei> |
| Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW --- | ||
| Severity: | Normal | CC: | webkit-bug-importer, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari Technology Preview | ||
| Hardware: | All | ||
| OS: | All | ||
Hi! It’s highly unlikely that we will provide any signal about the user’s setting for PCM since that would constitute a fingerprinting vector. I don’t know what the Chrome team’s reasoning is there. We’ve deliberately designed PCM so that sites can not tell if it’s enabled and what its inner state is. It has a debug mode to help with testing. There will likely be one or two breaking changes such as name changes we hinted at in the most recent blog post. The reason is the standards process where browsers try to align as much as possible. A simple enabled/disabled signal would not help there. Thanks John. Your answer is super helpful. Hi John, I would like to add another reason why we think this signal is useful from the point of social.example's side. :) To integrate with PCM, the social.example server needs to make the decision about if a HTTP 302 redirect request needs to be sent in order to tell the browser to trigger the attribution. Before making that realtime decision, social.example needs to know if there is already an unattributed click already stored locally within the browser. Otherwise, social.example needs to request 302 HTTP redirect for every tag firing it received. However, if only small percentage of Safari upgraded to the version which supports PCM, then most of HTTP 302 redirect requests would be unnecessary. Hope this make senses to you. Thanks Maojie (In reply to Maojie from comment #3) > Hi John, I would like to add another reason why we think this signal is > useful from the point of social.example's side. :) > > To integrate with PCM, the social.example server needs to make the decision > about if a HTTP 302 redirect request needs to be sent in order to tell the > browser to trigger the attribution. Before making that realtime decision, > social.example needs to know if there is already an unattributed click > already stored locally within the browser. Otherwise, social.example needs > to request 302 HTTP redirect for every tag firing it received. However, if > only small percentage of Safari upgraded to the version which supports PCM, > then most of HTTP 302 redirect requests would be unnecessary. Hope this make > senses to you. I think this indicates a misunderstanding. No site should ever know if there is a stored click that would match a redirect. No webpage should ever know anything about the inner state of PCM since that would allow for covert cross-site data leakage that can be tied to a user. Concretely, anyone, including social.example, could learn that a specific user has previously clicked a PCM link to land on this website. No one should learn such info about the user. That is a core requirement of PCM. It is the clear intention to have all the pixels redirect in a speculative manner so that *if* there is a stored click that matches the redirect, an attribution report is scheduled. The model is: * The click source learns nothing about what the user does on the click destination site. * The click destination site does not know that the user came from the click source site – not that they came from there now or earlier. (In reply to John Wilander from comment #4) > (In reply to Maojie from comment #3) > > Hi John, I would like to add another reason why we think this signal is > > useful from the point of social.example's side. :) > > > > To integrate with PCM, the social.example server needs to make the decision > > about if a HTTP 302 redirect request needs to be sent in order to tell the > > browser to trigger the attribution. Before making that realtime decision, > > social.example needs to know if there is already an unattributed click > > already stored locally within the browser. Otherwise, social.example needs > > to request 302 HTTP redirect for every tag firing it received. However, if > > only small percentage of Safari upgraded to the version which supports PCM, > > then most of HTTP 302 redirect requests would be unnecessary. Hope this make > > senses to you. > > I think this indicates a misunderstanding. No site should ever know if there > is a stored click that would match a redirect. No webpage should ever know > anything about the inner state of PCM since that would allow for covert > cross-site data leakage that can be tied to a user. Concretely, anyone, > including social.example, could learn that a specific user has previously > clicked a PCM link to land on this website. No one should learn such info > about the user. That is a core requirement of PCM. > > It is the clear intention to have all the pixels redirect in a speculative > manner so that *if* there is a stored click that matches the redirect, an > attribution report is scheduled. > > The model is: > * The click source learns nothing about what the user does on the click > destination site. > * The click destination site does not know that the user came from the click > source site – not that they came from there now or earlier. I totally agree with the core requirement of PCM to protect users' privacy. It's not my intention to learn about users' preference or behavior. Rather, I'm interested in if their browsers are upgraded to the versions that will support PCM. Or I could add logic that PCM is enabled for all versions later than version X. Otherwise, it's to the challenge of social.example server to intelligently make the correct redirect: 1. To determine the correct redirect location. For example, if the user is browsing using Chrome, the redirect location would be /.well-known/register-conversion/. If the user is browsing using Safari, the redirect location would be /.well-known/private-click-measurement/trigger-attribution/. There may be other well-known path if other browsers follow the same pattern. 2. To determine if a redirect is needed. Would there be warning if a redirect was made on previous versions of browsers that do not support PCM? Thanks Maojie |
May I ask if Safari could tell me programmatically that whether PCM is enabled in a given Safari instance? The reason why I am asking is because currently only PCM is launched in iOS 14.5 and not yet on older version of iOS and MacOS. Thus, we would like to assess the coverage of PCM on all our offsite events. Google's Chrome is provide a javascript function like this below. function isConversionMeasurementEnabled() { var isChrome = !!window.chrome && (!!window.chrome.webstore || !!window.chrome.runtime); return isChrome && !!document.featurePolicy && !!document.featurePolicy.features() && document.featurePolicy.features().includes('conversion-measurement'); } Thanks Maojie