Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Activity controls: transmit ip using geo activity, document publisher provided IP address #11395

Open
jdwieland8282 opened this issue Apr 24, 2024 · 2 comments

Comments

@jdwieland8282
Copy link
Member

Type of issue

Feature request

Description

Google Chrome has announced, and is actively developing, a list-based, two-hop HTTP request proxy scheme in the Privacy Sandbox IP Protection feature. This is similar to Apple’s iCloud Private Relay. “Limiting access to IP addresses,” as IP Protection describes it, has the potential to degrade IVT/fraud evaluation and targeting use cases.

Publishers, who as first-parties should not be restricted by Chrome’s feature, may opt to share a visitor’s IP address with trusted partners.

Expected results

Publishers can configure on/off adding the device's ip to ortb.device.ip

pbjs.mergeConfig({
   ortb2: {
      device: {
        ip: '1.1.1.1'
           /* or */
        ipv6: '2001:db8:3333:4444:5555:6666:7777:8888'
      }
   }
});

Other information

@pm-harshad-mane has offered some server side code that can be used to return the clients IP
https://github.com/pm-harshad-mane/cloudflare-ip-example

@patmmccann
Copy link
Collaborator

I'll make an effort to discuss in documentation and include consent considerations

@patmmccann patmmccann removed their assignment Apr 25, 2024
@patmmccann patmmccann changed the title publisher provided IP address Activity controls: transmit ip using geo activity, document publisher provided IP address Apr 25, 2024
@AramZS
Copy link

AramZS commented May 8, 2024

Two major problems here:

  1. If the user is leveraging a service that obscures their IP but somehow the publisher has access to that IP why would counteracting the user's intent make sense?
  2. Where has it been indicated that the publisher would have special access to the IP? I haven't seen that yet and it doesn't make a ton of sense for anyone to do.

That said, transmitting an IP address across network requests seems to be a HUGE security challenge the minute the bidstream departs the hands of those with immediate access to the network request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Ready for Dev
Development

No branches or pull requests

3 participants