►
From YouTube: WebPerfWG TPAC meetings 2022 09 13 -Aggregated reporting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Yeah,
basically
cross
origin
leaks
are
bad.
They
allow
people
that
come
to
grab
user
State
and
then
and
use
it.
C
Potentially
aggregate
that
information
in
ways
that
don't
have
that
particular
risk.
C
Efforts
happening
now
around
attribution,
reporting,
there's
a
proposal.
C
Ad
conversions,
where
the
browser
essentially
sends
an
encrypted
aggregatable
report
to
the
origin.
Those
are
reports
that
the
origin
cannot
read.
They
are
comprised.
C
The
aggregation
service
has
the
keys,
it's
trusted
in
various
ways
and
then
the
aggregation
service
turns
them
into
summary
reports.
Charlie,
please
tell
me
if
I
got
anything.
B
Good,
so
maybe
we
couldn't
do
the
same.
There.
A
Of
and
this.
C
Will
enable
us
a
better
path
of
doing
that
without
taking
that
information
away
from
people
who
are
currently
using
it?
There
are
like
there
are
other
types
of
information
that
we
can
like
that
we
would
like
to
have
and
never
were
able
to,
and
this
would
potentially
enable
us
to
do
that
and
if
I
were
to
go
over
the
various
types
of
information,
so
we
have
navigation
redirect
times
that
we're
trying
to
kill
and
basically
move
the
time
origin
to
a
point.
After
all,
cross-origin
redirects
happened.
C
Were
upset
about
potentially
losing
that
information.
C
That
kind
of
migration,
without
taking
that
information
away
same
goes
for
DNS
resolution
times
where
we
essentially
realized
that,
like
currently,
they
are
blocked
on
Tau,
but
the
DNS
server
is
in
some
ways
not
to
the
origins
data.
To
give.
So
an
opt-in
from
the
origin
is
in
some
ways,
weird
for
when
it
comes
to
DNS
resolution
times
and
Reporting
them
in
aggregate.
A
Solves
all
the
use
cases
for
which
we
are
trying
to
report
DNS
and
then
silences.
B
C
Of
information
in
aggregated
and
safe
form,
or
that's
the
intent
here
and
finally
for
LCP,
render
times
there's
a
separate
discussion
to
be
had
whether
they
are
not
already
exposed
in
various
different
ways.
So
we
we
need
to.
But
this
is
potentially
a
separate
discussion.
But
if
we
were
to
conclude
that
they.
A
Need
to
be
protected
as
they
currently
are.
We
could
also
report
them
in
some
form
of
aggregate.
B
What
would
that
aggregation?
Look
like
basically
a
made-up
name
for
the
ATI
that
will
tell
the
browser
I'm.
A
A
And
the
key
is
the
dimensions
for
a
lot
of
the
features
it
just
ends
up
being
the
origin
that
you
know
accumulated.
C
This
measurement,
where
the
value
is
the
measurement
itself
and
then
summary
reports
are
created
from
that
and
represents
some
velocity
value,
distribution,
data
per
origin
and.
A
A
Predefined
hashing
for
the
origins,
and
then
you
know
to
stuff
them
into
those
keys
and
that
that
would
also
require.
C
Run
providers
or
folks
who
are
interested
in
collecting
that
information
to
create
various
hash
tables
or
rainbow
tables
or
whatever
of
popular
Origins,
that
they
want
to
know
the
hashtag
and
then
do
that
kind
of
translation
when
reporting
that
to
their
dashboards,
their
users.
C
Yeah
would
create
too
many
potential
hash.
B
Potentially
be
very
hard,
but
maybe.
C
Not
everything
can
be
a
dimension
of
a
specific
measurement.
For
example,
we
talked
about
next
top
protocol
and
maybe
dropping
that
or.
C
Charlie
pointed
out
right
talking
about
it,
but
we
wouldn't
be
able
to
then
recruited
that
as
a
dimension
for
user-specific
measurements,
so
where
it's
currently
being
used.
So
it
there
are
some
things
that
this.
A
Won't
give
us
and
then
the.
C
Security
people
and
proper
channels,
I
rented
by
some
people
who
gave
me
ideas
that,
from
my
perspective,
I
think
it's
safe
for
individual
users,
where
we
won't
be
exposing.
A
Information
about
them
at
the
same
time
it
can
expose
data
that
embedded
Origins,
don't
want
exposed.
C
A
Think
that
some
of
your
reports
could
be
made
lossy
enough
to
avoid
it
by
enabling
only
a
very
limited
number
of
buckets.
A
B
That
would
require
Let's
keep
questions.
Do
you
mind
just
going.
B
B
The
models-
maybe
we
can
report
more
buckets
than
that
that
seems
like
the.
A
You
know
the
the
least
useful
number
that
I,
don't
think,
exposes
anything
super
secret,
but
yeah
remains
to
be
seen.
B
B
Reports
and
then
the
each
side
or
each
run
provider
they
build
their
own
scheme
and
then
summary
reports
are
being
sent
it's
unclear
to
me.
We
would
be
able
to
reason
about
those
summary
reports.
B
But
I
could
be
wrong
and
this
could
be
a
point
of.
A
C
We
cannot
expose
that
a
particular
user
is
an
accessibility
like
a
user
that
enabled
assistive
technology,
but
we
could
expose
that
potentially
in
aggregate
without
requiring
an
implementation,
because
this
won't
be
cross-oriented
information.
This
would
be
same
origin,
information,
but
sensitive
information
about
the
user
that
we
don't
want
to
expose
otherwise,
and
there
could
be
other
examples
as
well.
So
I
looked
at
it
from
a
cross-origin
information
angle,
but
there
could
be
other
angles
where
this
kind
of
reporting
can
be
useful.
A
It
should
have
comment
access
to
the
world,
so
I'd
love
to
continue.
C
This
discussion
right
now,
but
then
later
on
on
the
dock
itself.
If
birds
are
interested
and.
A
In
more
details
and
soon
those
things
are
constructed
and
with
that
I
think
that's
that's
all
I
had
so
we
can
discuss
and
can
you
stop
the
recording
at.
B
All
habits
there
a
queue
here
or
do
you
just
speak?
We
yeah
raise
our
hand.