On the Differential Privacy and Interactivity of Privacy Sandbox Reports
Badih Ghazi
Charlie Harrison
Arpana Hosabettu
Pritish Kamath
Alexander Knop
Ravi Kumar
Ethan Leeman
Pasin Manurangsi
Vikas Sahu
Vikas Sahu
Phillipp Schoppmann
Abstract
The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities as part of the effort around limiting third-party cookies. In particular, the Private Aggregation API (PAA) and the Attribution Reporting API (ARA) can be used for ad measurement while providing different guardrails for safeguarding user privacy, including a framework for satisfying differential privacy (DP). In this work, we provide an abstract model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee under certain assumptions. Our analysis handles the case where both the queries and database can change interactively based on previous responses from the API.
View on arXiv@article{ghazi2025_2412.16916,
title={ On the Differential Privacy and Interactivity of Privacy Sandbox Reports },
author={ Badih Ghazi and Charlie Harrison and Arpana Hosabettu and Pritish Kamath and Alexander Knop and Ravi Kumar and Ethan Leeman and Pasin Manurangsi and Mariana Raykova and Vikas Sahu and Phillipp Schoppmann },
journal={arXiv preprint arXiv:2412.16916},
year={ 2025 }
}Comments on this paper