From 4c90bbae4e30bdace399985833a931b44371dba7 Mon Sep 17 00:00:00 2001
From: Matt Menke <mmenke@google.com>
Date: Wed, 14 Feb 2024 14:26:15 -0500
Subject: [PATCH 1/4] Spec: Move k-anon updates to async finish reporting step.

Browsers should only update k-anonymity when an ad is actually used, as a mitigation against running bogus auctions to game k-anon logic.

Note that this is also where bid counts are updated (when there's a winner) and when prevWins are updated.  I'll update those after this lands.
---
 spec.bs | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/spec.bs b/spec.bs
index 8d69ece9f..ddd8f7b61 100644
--- a/spec.bs
+++ b/spec.bs
@@ -678,7 +678,7 @@ The <dfn for=Navigator method>runAdAuction(|config|)</dfn> method steps are:
   1. Otherwise:
     1. Let |winner| be |winnerInfo|'s [=leading bid info/leading bid=].
     1. Let |fencedFrameConfig| be the result of [=filling in a pending fenced frame config=] with
-       |pendingConfig|, |auctionConfig|, |winnerInfo|, and |auctionReportInfo|.
+       |pendingConfig|, |auctionConfig|, |winnerInfo|, |auctionReportInfo|, .
     1. [=fenced frame config mapping/Finalize a pending config=] on |configMapping| with |urn| and
        |fencedFrameConfig|.
     1. Wait until |auctionConfig|'s [=auction config/resolve to config=] is a boolean.
@@ -686,16 +686,6 @@ The <dfn for=Navigator method>runAdAuction(|config|)</dfn> method steps are:
     1. If |auctionConfig|'s [=auction config/resolve to config=] is false, then set |result| to |urn|.
     1. [=Queue a global task=] on the [=DOM manipulation task source=], given |global|, to
        resolve |p| with |result|.
-    1. [=Increment ad k-anonymity count=] given |winner|'s [=generated bid/interest group=] and
-      |winner|'s [=generated bid/ad descriptor=]'s [=ad descriptor/url=].
-    1. If |winner|'s [=generated bid/ad component descriptors=] is not null:
-      1. [=set/For each=] |adComponentDescriptor| in |winner|'s
-        [=generated bid/ad component descriptors=]:
-        1. [=Increment component ad k-anonymity count=] given |adComponentDescriptor|'s
-          [=ad descriptor/url=].
-    1. [=Increment reporting ID k-anonymity count=] given |winner|'s
-      [=generated bid/interest group=] and |winner|'s [=generated bid/ad descriptor=]'s
-      [=ad descriptor/url=].
   1. Run [=interest group update=] with |auctionConfig|'s [=auction config/interest group buyers=].
   1. Run [=update bid counts=] with |bidIgs|.
   1. Run [=update previous wins=] with |winner|.
@@ -837,6 +827,17 @@ To <dfn>fill in a pending fenced frame config</dfn> given a [=fenced frame confi
 To <dfn>asynchronously finish reporting</dfn> given a
 [=fencedframetype/fenced frame reporting map=] |reportingMap|, [=leading bid info=] |leadingBidInfo|,
 and [=auction report info=] |auctionReportInfo|.
+1. Let |winner| be |leadingBidInfo|'s [=leading bid info/leading bid=].
+1. [=Increment ad k-anonymity count=] given |winner|'s [=generated bid/interest group=] and
+  |winner|'s [=generated bid/ad descriptor=]'s [=ad descriptor/url=].
+1. If |winner|'s [=generated bid/ad component descriptors=] is not null:
+  1. [=set/For each=] |adComponentDescriptor| in |winner|'s
+    [=generated bid/ad component descriptors=]:
+    1. [=Increment component ad k-anonymity count=] given |adComponentDescriptor|'s
+      [=ad descriptor/url=].
+1. [=Increment reporting ID k-anonymity count=] given |winner|'s
+  [=generated bid/interest group=] and |winner|'s [=generated bid/ad descriptor=]'s
+  [=ad descriptor/url=].
 1. Let |buyerDone|, |sellerDone|, and |componentSellerDone| be [=booleans=], initially false.
 1. If |leadingBidInfo|'s [=leading bid info/component seller=] is null, set |componentSellerDone|
    to true.

From 1c4fa2235d0cf682d21709f074dd962b15b0c18c Mon Sep 17 00:00:00 2001
From: Matt Menke <mmenke@google.com>
Date: Wed, 14 Feb 2024 14:27:50 -0500
Subject: [PATCH 2/4] Update spec.bs

Fix
---
 spec.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index ddd8f7b61..d272611e2 100644
--- a/spec.bs
+++ b/spec.bs
@@ -678,7 +678,7 @@ The <dfn for=Navigator method>runAdAuction(|config|)</dfn> method steps are:
   1. Otherwise:
     1. Let |winner| be |winnerInfo|'s [=leading bid info/leading bid=].
     1. Let |fencedFrameConfig| be the result of [=filling in a pending fenced frame config=] with
-       |pendingConfig|, |auctionConfig|, |winnerInfo|, |auctionReportInfo|, .
+       |pendingConfig|, |auctionConfig|, |winnerInfo|, and |auctionReportInfo|.
     1. [=fenced frame config mapping/Finalize a pending config=] on |configMapping| with |urn| and
        |fencedFrameConfig|.
     1. Wait until |auctionConfig|'s [=auction config/resolve to config=] is a boolean.

From c51d311e216cd8cf989d8cd3dfaf28a37c1f80a1 Mon Sep 17 00:00:00 2001
From: Matt Menke <mmenke@google.com>
Date: Thu, 29 Feb 2024 16:21:48 -0500
Subject: [PATCH 3/4] Update spec.bs

---
 spec.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index d272611e2..3cd0b10e8 100644
--- a/spec.bs
+++ b/spec.bs
@@ -17,7 +17,7 @@ Indent: 2
 Default Biblio Status: current
 Markup Shorthands: markdown yes
 Assume Explicit For: yes
-</pre>
+</pre> 
 
 <pre class="anchors">
 urlPrefix: https://fetch.spec.whatwg.org/; spec: Fetch

From a7efd5b9df369efc57fc60b5ed99e4dc96cb2141 Mon Sep 17 00:00:00 2001
From: Matt Menke <mmenke@google.com>
Date: Thu, 29 Feb 2024 16:22:00 -0500
Subject: [PATCH 4/4] Update spec.bs

---
 spec.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index 3cd0b10e8..d272611e2 100644
--- a/spec.bs
+++ b/spec.bs
@@ -17,7 +17,7 @@ Indent: 2
 Default Biblio Status: current
 Markup Shorthands: markdown yes
 Assume Explicit For: yes
-</pre> 
+</pre>
 
 <pre class="anchors">
 urlPrefix: https://fetch.spec.whatwg.org/; spec: Fetch