Data security

Interoperable Private Attribution – A proposed solution to modern data privacy problems

In the last 3 years, we have witnessed more than 100 countries either implementing some form of privacy law or actively working to ensure that the citizens’ data is under proper regulations and shouldn’t get compromised especially for advertising purposes. 

These movements indicate that the international privacy laws will only continue to evolve. As a result, legacy systems such as third-party cookies – arguably considered the backbone of digital advertising, are under scrutiny and will soon be deprecated as netizens demand a more responsible and privacy-focused online ecosystem. For instance, we saw Google propose FLoC (Federated Learning of Cohorts), which was rejected by the industry.

It was the need of the hour for experts to think beyond the third-party data, to come up with a solution with no dependency on cookies and having high standards for privacy – thus begetting the introduction of IPA i.e., Interoperable Private Attribution, a joint proposal by Mozilla and Meta experts.

IPA – A proposed solution for user data privacy concerns 

IPA (Interoperable Private Attribution) is a framework proposed by Ben Savage (Meta), Erik Taubeneck (Meta), and Martin Thomson (Mozilla). This framework essentially tries to have a fresh perspective on the ideal web infrastructure that will help enable a responsible and ethical internet ecosystem.  

If we look at the essential data requirements, brands investing in digital advertising just need to understand how each campaign and/or marketing channel works to optimize strategy. Therefore, at its crux, the primary data signals required are: 

  1. Where there was an engagement with the advertisement 
  1. If the engagement led to a conversion 

With these objectives at its core, IPA focuses on an approach that filters user-related information before sharing aggregated reports of these signals with the advertisement platforms. This way, the performance of digital campaigns can still be measured while respecting individual user privacy.

The IPA framework is built on 2 foundation pillars:

  1. Match Keys: Private and encrypted IDs
  1. Multi-Party Computation (MPC) Matching: Server-side matching of ad interactions with conversions

One thing to note is, that both browsers and OS along with advertisement platforms will need to adopt this framework for it to be fully functional.  

Two core approaches that make IPA different are Match Keys and Multi-Party Computations 

To get into the working of it, we need to understand the purpose of the two foundation pillars first.  

  1. Match keys: These are an alternative to global advertising IDs / cookie-based identifiers. However, there is a big difference in the way these work. Like a typical advertising cookie – any service provider can set this ID; but unlike cookie-based advertising ID, this is a private key and can only be read by the browser / OS. Having said that, the browser / OS can make a double encrypted form of the match key available when requested
  1. Multi-Party Computation (MPC): The MPC is a set of servers working together to collect encrypted advertisement related signals – which essentially help garble user-related information (encrypted match keys) all while ensuring it can still be used to match user advertisement engagement and conversions

With these concepts in mind, we proceed to understand how IPA employs the following process. This is the most exciting part of the framework! 

  1. First, websites and brands use service providers with a large audience reach (e.g. Google / Facebook / Twitter / etc.) to set “Match Key(s)” on the browser or OS level
  1. Since “Match Key(s)” can never be read by a website or an app, thus every time it is requested – an encrypted version of the “Match Key” is shared by the browser / OS
  1. Any subsequent advertisement engagements – e.g. impressions, clicks, or conversions that happen on the device are sent to an MPC (Multi-Party Computation) server (along with the encrypted Match Keys) for matching
  1. MPC waits and collects a batch of these signals from users. Eventually, all the individual encrypted match key values are garbled multiple times
  1. Next, these (garbled) Match Keys are decrypted so that MPC can use the (garbled) Match Keys and match them to their respective advertisement interactions. As a result, impressions and conversion values with the same (garbled) key will match, however, the original value of the Match Key is unknown because it was jumbled midway. This means, that the individual identity of the user is never revealed but MPC can understand if the (garbled) Match Key interacted and converted because of an advertisement
  1. Eventually, the ad-engagement-related pieces of information (such as impressions, clicks, and conversions) are aggregated and shared with ad-tech companies. All this while still ensuring the personal data (and original IDs) are protected
Infographics on how matching in MPC works
Source: Interoperable Private Attribution (IPA): A Non-technical introduction

IPA – A possible fix to Advertiser’s problems?  

IPA focuses on allowing brands to measure advertisement-related metrics (clicks/conversions) while still maintaining all the principles of privacy.

In addition to fulfilling the primary objectives, IPA is superior to other alternatives because of two main reasons:

  1. It allows for a far more accurate cross-device attribution: As the service provider (Google / Facebook / etc.) assigns a unique match-id to a single user – we can better understand cross-device advertisement interactions – all while ensuring the individual user identity is not revealed
  1. It avoids time delays in reporting and campaign limitations: IPA suggests implementing concepts of a privacy budget as well as entropy to ensure it is not feasible to game the system and/or correlate datasets to leak user-related information

IPA – Key Takeaways

There are 3 things that IPA needs to succeed:

  1. IPA is a work in progress framework, and many technical details still need to be answered. Its effectiveness rests on the final technical and design decisions that the team decides to take
  1. All browsers and mobile operating systems will need to adopt the IPA framework. Industry leaders like Google (Android and Chrome) and Apple (iOS and Safari) need to adopt this for it to be effective
  1. The web ecosystem also needs to be able to support “helper nodes” or MPCs to process massive amounts of data needed and eventually send it out to marketing platforms

The internet can be an easy-to-leverage commodity for advertisers, but an overhaul is long due. Having said that, we are at an interesting juncture where we get to see how the next phase of the web unravels itself. Hopefully, when it does, I’ll see you on the other side!


This article is meant for a wide range of audiences so in case you feel tempted to learn more about the framework, we recommend you give the following resources a read:

  1. IPA Non-Technical Introduction: Here
  1. IPA Technical Proposal: Here
  1. Here
  1. Ben Savage Twitter: Here

Authors: Ankur Singh & Gaurav Jhala

Other Articles: May Core Update 2022 – Performics Preliminary Report