You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I believe PBS should offer the ability to recognize a second domain name by looking at the HTTP host header. If called by that name, it should disallow these activities:
syncUser
enrichUfpd
transmitUfpd
transmitEids
transmitPreciseGeo
See below for proposed implementation.
Prebid legal counsel is ok with this proposal.
Assumption
We think Apple will be blocking only FQDNs (pbs.example.com) and not TLDs (example.com). If that's not true, then a whole separate domain (pbs.example2.com) would be needed by host companies.
Implementation details
Add a new host-level config external-url-privacy-safe
Prebid recommends to app developers that they disclose the "worst case" in their privacy manifest - i.e. define the 5 'CollectedDataType' fields.
Define the "main" Prebid Server domain in the NSPrivacyTrackingDomains field.
If the user declines to be tracked, we should assume that iOS will block that domain. That's fine.
But If the app developer so chooses, they could also supply a secondary "privacy mode" Prebid Server URL to PBSDK. The SDK would check for user permissions, and if they've opted out of tracking, then it would use this "privacy mode" PBS domain instead and be sure to set the LimitAdTracking ORTB field. PBS could recognize that it's being called as the secondary domain and see the LMT flag, and take steps to anonymize the request so the app can receive contextual ads. This "privacy mode" domain does not go on NSPrivacyTrackingDomains because it trusts the server-side anonymization.
Depending on how Apple chooses to monitor domains, it's possible that even the "privacy mode" domain could be blocked by iOS. If that happens, the PBS host company may have recourse to discuss with Apple.
If an app developer is concerned about app store review, they do not have to utilize this secondary privacy mode domain - just let iOS block the PBS requests.
Background info
I believe PBS should offer the ability to recognize a second domain name by looking at the HTTP host header. If called by that name, it should disallow these activities:
See below for proposed implementation.
Prebid legal counsel is ok with this proposal.
Assumption
Implementation details
external-url-privacy-safe
/auction endpoint
host
header.lmt
flag to 1/amp endpoint
host
header.lmt:1
to the base ORTB request./cookie_sync and /setuid endpoints
host
header.Enhance the current behavior of LMT to tie it to the noted activities.
The text was updated successfully, but these errors were encountered: