Big Bird: Privacy Budget Management for W3C's Privacy-Preserving Attribution API

• URL: http://arxiv.org/abs/2506.05290v1
• Date: Thu, 05 Jun 2025 17:45:13 GMT
• Title: Big Bird: Privacy Budget Management for W3C's Privacy-Preserving Attribution API
• Authors: Pierre Tholoniat, Alison Caulfield, Giorgio Cavicchioli, Mark Chen, Nikos Goutzoulias, Benjamin Case, Asaf Cidon, Roxana Geambasu, Mathias Lécuyer, Martin Thomson,
• Abstract summary: We present Big Bird, a privacy budget manager for Privacy-Preserving Attribution ( PPA)<n>Big Bird enforces utility-preserving limits via quota budgets and improves global budget utilization through a novel batched scheduling algorithm.<n>We implement Big Bird in Firefox and evaluate it on real-world ad data, demonstrating its resilience and effectiveness.
• Score: 4.162760892964329
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: Privacy-preserving advertising APIs like Privacy-Preserving Attribution (PPA) are designed to enhance web privacy while enabling effective ad measurement. PPA offers an alternative to cross-site tracking with encrypted reports governed by differential privacy (DP), but current designs lack a principled approach to privacy budget management, creating uncertainty around critical design decisions. We present Big Bird, a privacy budget manager for PPA that clarifies per-site budget semantics and introduces a global budgeting system grounded in resource isolation principles. Big Bird enforces utility-preserving limits via quota budgets and improves global budget utilization through a novel batched scheduling algorithm. Together, these mechanisms establish a robust foundation for enforcing privacy protections in adversarial environments. We implement Big Bird in Firefox and evaluate it on real-world ad data, demonstrating its resilience and effectiveness.

Related papers

• Breaking the Gaussian Barrier: Residual-PAC Privacy for Automatic Privatization [25.387857775660855]
  We introduce Residual PAC Privacy, an f-divergence-based measure that quantifies the privacy remaining after adversarial inference.<n>We also propose Stackelberg Residual-PAC (SR-PAC) privatization mechanisms for RPAC Privacy, a game-theoretic framework that selects optimal noise distributions.
  arXiv  Detail & Related papers  (2025-06-06T20:52:47Z)
• Optimal Allocation of Privacy Budget on Hierarchical Data Release [48.96399034594329]
  This paper addresses the problem of optimal privacy budget allocation for hierarchical data release.<n>It aims to maximize data utility subject to a total privacy budget while considering the inherent trade-offs between data granularity and privacy loss.
  arXiv  Detail & Related papers  (2025-05-16T05:25:11Z)
• Enhancing Feature-Specific Data Protection via Bayesian Coordinate Differential Privacy [55.357715095623554]
  Local Differential Privacy (LDP) offers strong privacy guarantees without requiring users to trust external parties. We propose a Bayesian framework, Bayesian Coordinate Differential Privacy (BCDP), that enables feature-specific privacy quantification.
  arXiv  Detail & Related papers  (2024-10-24T03:39:55Z)
• Cookie Monster: Efficient On-device Budgeting for Differentially-Private Ad-Measurement Systems [3.0175040505598707]
  This paper discusses our efforts to enhance existing privacy-preserving advertising measurement APIs. We analyze designs from Google, Apple, Meta and Mozilla, and augment them with a more rigorous and efficient differential privacy (DP) budgeting component. Our approach, called Cookie Monster, enforces well-defined DP guarantees and enables advertisers to conduct more private measurement queries accurately.
  arXiv  Detail & Related papers  (2024-05-26T23:27:27Z)
• Privacy-Preserving Billing for Local Energy Markets [1.1823918493146686]
  We propose a privacy-preserving billing protocol for local energy markets (PBP-LEM) that takes into account market participants' energy volume deviations from their bids. PBP-LEM enables a group of market entities to jointly compute participants' bills in a decentralized and privacy-preserving manner without sacrificing correctness.
  arXiv  Detail & Related papers  (2024-04-24T14:12:56Z)
• Chained-DP: Can We Recycle Privacy Budget? [18.19895364709435]
  We propose a novel Chained-DP framework enabling users to carry out data aggregation sequentially to recycle the privacy budget. We show the mathematical nature of the sequential game, solve its Nash Equilibrium, and design an incentive mechanism with provable economic properties. Our numerical simulation validates the effectiveness of Chained-DP, showing that it can significantly save privacy budget and lower estimation error compared to the traditional LDP mechanism.
  arXiv  Detail & Related papers  (2023-09-12T08:07:59Z)
• Theoretically Principled Federated Learning for Balancing Privacy and Utility [61.03993520243198]
  We propose a general learning framework for the protection mechanisms that protects privacy via distorting model parameters. It can achieve personalized utility-privacy trade-off for each model parameter, on each client, at each communication round in federated learning.
  arXiv  Detail & Related papers  (2023-05-24T13:44:02Z)
• A Randomized Approach for Tight Privacy Accounting [63.67296945525791]
  We propose a new differential privacy paradigm called estimate-verify-release (EVR) EVR paradigm first estimates the privacy parameter of a mechanism, then verifies whether it meets this guarantee, and finally releases the query output. Our empirical evaluation shows the newly proposed EVR paradigm improves the utility-privacy tradeoff for privacy-preserving machine learning.
  arXiv  Detail & Related papers  (2023-04-17T00:38:01Z)
• Rethinking Disclosure Prevention with Pointwise Maximal Leakage [36.3895452861944]
  We propose a general model of utility and privacy in which utility is achieved by disclosing the value of low-entropy features of a secret $X$. We prove that, contrary to popular opinion, it is possible to provide meaningful inferential privacy guarantees. We show that PML-based privacy is compatible with and provides insights into existing notions such as differential privacy.
  arXiv  Detail & Related papers  (2023-03-14T10:47:40Z)
• Privacy Amplification via Shuffling for Linear Contextual Bandits [51.94904361874446]
  We study the contextual linear bandit problem with differential privacy (DP) We show that it is possible to achieve a privacy/utility trade-off between JDP and LDP by leveraging the shuffle model of privacy. Our result shows that it is possible to obtain a tradeoff between JDP and LDP by leveraging the shuffle model while preserving local privacy.
  arXiv  Detail & Related papers  (2021-12-11T15:23:28Z)
• Private Reinforcement Learning with PAC and Regret Guarantees [69.4202374491817]
  We design privacy preserving exploration policies for episodic reinforcement learning (RL) We first provide a meaningful privacy formulation using the notion of joint differential privacy (JDP) We then develop a private optimism-based learning algorithm that simultaneously achieves strong PAC and regret bounds, and enjoys a JDP guarantee.
  arXiv  Detail & Related papers  (2020-09-18T20:18:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.