Abstract: This document relates to using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes receiving, by a first computing system of a secure MPC system and from a client device, a digital component request and a nonce. The first computing system generates, based on the nonce and a function, an array including a share of a Bloom filter representing user group identifiers for user groups that include a user of the client device as a member. For each of multiple user group identifiers, the first computing system calculates, in collaboration with one or more second computing systems of the secure MPC system and using the array, a respective first secret share of one or more user group membership condition parameters.

Abstract: This document describes systems and techniques for improving the integrity and protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first server of a secure multi-party computation (MFC) system from an application on a user device, a request for a digital component. The request is parsed into distinct sub-requests. Each sub-request is transmitted to a different server. A set of candidate selection values is received from a separate server. The first server performs, in collaboration with one or more second servers of the MFC system, a selection process to generate a selection result for a winning digital component, including merging, the first set of candidate selection values and a set of cached selection values to create a final set of candidate selection values and sorting the final set according to the values of the candidate selection values.

Abstract: This disclosure relates to protecting the confidential information of multiple entities using secure multi-party computation (MPC) and k-anonymity techniques. In some aspects, a method includes receiving, by a first MPC computing system from a client device, a content request including encrypted user group identifiers. Each encrypted user group identifier is encrypted using a first encryption key of a second MPC computing system. For each encrypted user group identifier, a request is transmitted to the second MPC computing system. The request includes the encrypted user group identifier. For each user group identifier that satisfies a k-anonymity, the first MPC computing system receives, from the second MPC computing system, a plaintext value of the user group identifier. The first MPC computing system transmits a selection parameter request to one or more platforms. The selection parameter request includes the plaintext value of the user group identifier.

Abstract: This disclosure describes systems and techniques for using controlling access to user information using ephemeral user identifiers. In one aspect, a method includes determining, for a given domain, engagement by a user with content provided by the given domain for display by an application at a client device of the user. A determination is made, based on the engagement by the user, to extend, for the given domain, a linkage between user identifiers for a user of the application. In response to determining to extend, for the given domain, the linkage between the user identifiers for the user of the application, one or more future domain-specific ephemeral user identifiers for the user and the given domain are obtained. An attestation record that includes a current domain-specific ephemeral user identifier and the one or more is generated and sent to the given domain.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying labels for a dataset without revealing the dataset to any individual computing system. Methods can include receiving, by a first computing system of a multi-party computation (MPC) system, a query that includes a first and second share of a given user profile. The second share is encrypted with a key that prevents the first computing system from accessing the second share. The second share is transmitted to a second computing system of the MPC system. The first and the second computing system generates a machine learning model and identifies a respective first and a second label. The first computing system receives the second label as a response from the second computing system. The first computing system responds to the query with a response that includes the first and the second label.

Abstract: This disclosure relates to protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, from a client device and by a first computing system of multi-party computation (MPC) systems, a digital component request including first secret shares of data identifying user groups that include a user of the client device as a member. The first computing system transmits a contextual digital component request to a content platform. The first computing system receives, from the content platform, selection data for multiple digital components. The selection data includes first vector data defining a contextual-based vector of values selected based in part on the set of contextual signals. The first computing system obtains, for each digital component, second vector data defining a user group-based vector of values selected based in part on a respective user group corresponding to the digital component.

Abstract: This document describes systems and techniques for improving the integrity and protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first server of a secure multi-party computation (MPC) system and from an application on a client device, a request for a selection value. In response to receiving the request, the first server conducts, in collaboration with a second server of the secure MPC system, a privacy-preserving selection process and a counterfactual selection process. The first server transmits a selection result defining the first winning selection value from the privacy-preserving selection process and the second winning selection value from the counterfactual selection process and receives, from the application on the client device, a notification indicating that a digital component corresponding to the winning selection value from the privacy-preserving selection process was presented at the client device.

Abstract: This disclosure relates to using trust tokens to verify the integrity of devices and applications from which data is received. In one aspects, a method includes receiving, from a client device, a request for one or more trust tokens. The request includes at least one of one or more device-level fraud detection signals obtained from the client device or data representing code of an application that initiated the request. The request also includes a respective nonce for each of the one or more trust tokens. A determination is made, based on at least one of the one or more device-level fraud signals or the data representing the code of the application, to issue the one or more trust tokens to the client device. Each trust token is generated using the nonce for the trust token. The one or more trust tokens are provided to the client device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, facilitate cross-platform content muting. Methods include detecting a request from a user to remove, from a user interface, a media item that is provided by a first content source and presented on a first platform. One or more tags that represent the media item are determined. These tags, which indicate that the user removed the media item represented by the one or more tags from presentation on the first platform, are stored in a storage device. Subsequently, content provided by a second content source (different from the first content source) on a second platform (different from the first platform) is prevented from being presented. This content is prevented from being presented based on a tag representing the content matching the one or more tags stored in the storage device.

Abstract: This disclosure relates to using additive and subtractive noise for preserving the privacy of users. In one aspects, a method includes obtaining a first set of genuine user group identifiers that identify user groups that include a user as a member. A second set of user group identifiers is generated for the user by removing zero or more genuine user group identifiers from the first set to generate the second set and adding, to the second set, one or more fake user group identifiers for user groups that do not include the user as a member. A probabilistic data structure is generated based on the second set of user group identifiers. The probabilistic data structure is transmitted to a recipient computing system. Data indicating a set of digital components including at least one digital component selected based on the probabilistic data structure is received. A given digital component is presented.

Abstract: This describes a privacy preserving machine learning platform. In one aspect, a method includes receiving, by a first computing system of multiple multi-party computation (MPC) systems, an inference request including a first share of a given user profile. A predicted label for the given user profile is determined based at least in part on a first machine learning model. A predicted residue value for the given user profile indicating a predicted error in the predicted label is determined. The first computing system determines the first share of the predicted residue value for the given user profile based at least in part on the first share of the given user profile and a second machine learning model. The first computing system receives, from a second computing system of the MPC computing systems, data indicating the second share of the predicted residue value for the given user profile.

Abstract: Methods, systems, and computer media provide attestation tokens that protect the integrity of communications transmitted from client devices, while at the same time avoiding the use of stable device identifiers that could be used to track client devices or their users. In one approach, client devices can receive batches of N device integrity elements from a device integrity computing system, each corresponding to a different public key. The N device elements can be signed by a device integrity computing system. The signing by the device integrity computing system can be signing with a blind signature scheme. Client devices can include throttlers imposing limits on the quantity of attestation tokens created by the client device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for transmitting/processing requests to control information stored at multiple content platforms/servers. In one aspect, a client device can send a request to verify the device's trustworthiness to a device trustworthiness server. The client device can receive, from the device trustworthiness server, data indicating that the client device is trustworthy, in response to which, the client device can send, to a relay server, a request to control user data stored at a plurality of servers. The client device can receive, via the relay server, a response from each of the plurality of servers. Based on the responses, the client device can determine that at least a subset of the plurality of servers that included the user data has performed the action specified in the request to control the user data.

Abstract: This disclosure relates to a privacy preserving machine learning platform. In one aspect, a method includes receiving, from a client device and by a computing system of multiple multi-party computation (MPC) systems, a first request for user group identifiers that identify user groups to which to add a user. The first request includes a model identifier for a centroid model, first user profile data for a user profile of the user, and a threshold distance. For each user group in a set of user groups corresponding to the model identifier, a centroid for the user group that is determined using a centroid model corresponding to the model identifier is identified. The computing system determines a user group result based at least on the first user profile data, the centroids, and the threshold distance. The user group result is indicative of user group(s) to which to add the user.

Abstract: Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server receives, from each of at least a portion of the multiple client devices, encrypted conversion data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data. Each portion of decrypted impression data and each portion of decrypted conversion data is sent to a respective reporting system.

Abstract: A method includes receiving, by a data processing apparatus and from a content distribution system, a message comprising a probabilistic data structure representing a set of content items that should not be provided to a user device, content item data for content items available to be provided, and a request to determine whether any content item data is invalid, determining that the content item data for a given content item is invalid because the given content item may be in the set of content items represented by the probabilistic data structure, including removing the content item data for the given content item that was determined to be invalid; and preventing distribution of content items including the given content item.

Abstract: Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server received from each of at least a portion of the multiple client devices, conversion data that includes, for each conversion recorded by the client device, encrypted conversion value data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data.

Abstract: This disclosure relates to preserving the privacy of users and preventing access to information of other entities. In one aspect, a method includes receiving, from a client device, a content request including request signals specifying user group identifiers that each identify a user group that includes a user of the client device. One or more user group identifiers that satisfy a first k-anonymity process are identified. Selection parameter elements that each include data indicating a respective digital component and a selection parameter for the respective digital component are received from one or more first content platforms. At least a portion of the selection parameters and, for each selection parameter, data identifying the first content platform from which the selection parameter was received are transmitted to a second content platform. Data specifying a given first content platform selected based on the selection parameters is received from the second content platform.

Abstract: Systems, methods, devices, and other techniques for preserving privacy when comparing private datasets from first and second computing systems. The second computing system identifies a first set of identifiers corresponding to records in a private database of the second computing system. The second computing system receives blinded versions of a set of identifiers corresponding to records in a private database of the first computing system. The second computing system determines an intersection or characteristic thereof of the records in the private database of the first computing system and the records in the private database of the second computing system based on matches between the blinded versions of the first and second sets of identifiers.

Abstract: Methods, systems, and apparatus, including a method for preventing fraud. In some aspects, a method includes: receiving, from multiple client devices, a measurement data element that includes a respective group member key and a group identifier for a given conversion as a result of displaying a digital component. Each client device uses a threshold encryption scheme to generate, based at least on network data that includes one or more of impression data or conversion data for the conversion, a group key that defines a secret for encrypting the network data and generate, based on data related to the application, the respective group member key that includes a respective share of the secret. In response to determining that at least the threshold number of measurement data elements having the same group identifier have been received, the network data is decrypted using the group member keys in the received measurement data elements.