Hi Michael,

Are these in fact mutually exclusive desires, or do you all think there's a way to achieve everyone's goals here?

The use case we'd like to support is to provide great ecommerce recommendations in our ads. Being able to show user-related sensitive information is definitely not something we're looking for.

Building on that, I think we can seek solutions that allow recommendation flexibility, but protect the user from sensitive information being leaked. Some ideas:

1. If we pursue the idea of ad component-level audience thresholds, that should already solve the concern. If desired though, we could consider strengthening the privacy guarantees by reporting to the publisher the components of the ads, not entire ads. ("Item 313 was displayed in 820 impressions, item 117 in 22001 impressions, ...")
2. If we'd like to be able to show rare ads, we could require all potential creatives (or components thereof) to be publicly available and auditable before an impression can occur.

// 1) and 2) are separate ideas, but they are compatible.

Hi Michael, Jonasz,

Thanks for your message. To be fully transparent, we proposed this reporting with the idea of cohorts being the atom of this new world.

I see some ways to handle these ads on new elemental particles. First if it is only used to choose product, we could send all products that are used to target a single users and the creative id (meaning that if 10 ads were shown at user level, you would have one bundle and the products of the 10 ads together without ways of knowing which were for whom).

This is really just an idea, but yes we might need a way to handle these specifics ads, and Jonasz also gave some ideas.

We are open on any ways to both allow ads targeted at the user level whilst preserving ways for the publisher to protect its user and its brand from malicious actors.