How might the browser detect abusive usage of the API to keep the topic dissemination rate in line with expectations?

Question

How might the browser detect abusive usage of the API to keep the topic dissemination rate in line with expectations?

jkarlin opened this issue 3 years ago · 2 comments

Answer 1 · 2022-02-09T16:12:14.000Z

Existing proposal already imposes an upper-bound rate limit...

It is possible for an entity (or entities) to cooperate across hosts and acquire up to 15 topics per epoch for the same user in the first week.

Is the intent to explore how to reduce "15 topics per epoch" even further? What are some example scenarios?

Answer 2 · 2022-10-14T15:45:15.000Z

One option would be to require each calling domain to obtain a signature from a known organization, and maintain a public repository of signers and their policies for any key shipped with the browser. If a caller violates the policy and uses Topics API for malicious or non-ad purposes, any keys used to sign it could be dropped from the browser. (This is based on the First-Party Sets proposal) (#87)