-
Notifications
You must be signed in to change notification settings - Fork 720
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define OpenRTB location for hashed identifiers #3868
Comments
From a slack discussion, the preference seems to be to put this hashed info into the eids array. Here's a straw:
In Prebid.js, this would be set as:
For Prebid Server, the configuration could be:
Open items:
|
Thank you Bret for starting this conversation. I would just recommend having a field (probably under |
Hello Bret, We discussed this in Identity PMC and decided that the best way to go about passing hashed emails / phone numbers / device ids is through user syncing as defined here: https://docs.prebid.org/prebid-server/endpoints/pbs-endpoint-cookieSync.html and https://docs.prebid.org/prebid-server/developers/pbs-cookie-sync.html#bidder-instructions-for-building-a-sync-endpoint If we use a redirect user sync, we will create an endpoint that can take separate parameters to the url to take in different hashes of emails and phone numbers and device ids along with the capability to take in gdpr, gdpr_consent, us_privacy flags |
Not clear to me that user syncing is the right solution.
|
Discussed in the identity committee. Usersync doesn't work for mobile app, and it won't work for LiveIntent because they're not a bidder. So back to the EID approach, but with an additional requirement: the publisher needs to be able to define which specific modules have access to this data. i.e. it would be best to not trust non-ID modules with potential PII. Extend EIDs new stype 'hashid'Note that Criteo wants publishers to provide details about what kind of ID and what hash algorithm was used. This seems more revealing than necessary and much harder for publishers, so should be debated. For now, this example shows a simpler approach.
module permissionsSecond, there's a call to support filtering stype='hashid' from other server-side modules. This is a new feature:
account-level default eidpermissionsThird, there's an implied request here to make the The proposal is to implement this with the 'profile' feature being discussed in #3726 . i.e. implement profiles, support a list of "default profiles", and let the publisher come up with whatever default ORTB they'd like. |
LiveIntent is preparing to build a Prebid Server module to support use cases beyond what a Prebid.js can support. One of the key inputs the module requires is a hashed identifier. It's going to need to receive this data on the request from the client, whether that client is Prebid SDK, Prebid.js, or an SSAI server.
I don't believe the community has defined where to transmit this kind of data, so that's what this issue tracks.
This is the kind of data that would certainly need to get anonymized in the "transmitUfpd" activity control scenario, so the obvious place to put it would be in user.ext.data. However, all bid adapters receive data placed there, which is not necessary and seems like it ought to be avoided, particularly since this ID could be helpful for any entity attempting to fingerprint.
Since only user ID modules really need this, I would suggest that wherever we decide to put it, no bid or analytics adapter ever receives it - just user ID modules, and then only when the enrichUfpd activity is allowed.
Given these factors, how about we put this data in user.ext.hashes. e.g.
Then Prebid Server would:
The text was updated successfully, but these errors were encountered: