Beyond Per-Querier Budgets: Rigorous and Resilient Global Privacy Enforcement for the W3C Attribution API

We analyze the privacy guarantees of the Attribution API, an upcoming W3C standard for privacy-preserving advertising measurement. Its central guarantee--separate individual differential privacy (IDP) budgets per querier--proves unsound once data adaptivity across queriers is considered, a condition we argue is unavoidable in practice. The issue lies not with IDP or its device-epoch unit, but with the per-querier enforcement model, which has also appeared in other DP systems; we show formally that no per-querier accounting scheme, under either individual or traditional DP, remains sound under adaptivity, a gap missed by prior analyses. By contrast, a global device-epoch IDP guarantee remains sound, and we introduce Big Bird, a privacy budget manager for the Attribution API that enforces this guarantee. The challenge is that a global budget shared across many untrusted queriers creates denial-of-service (DoS) risks, undermining utility. Building on prior work that treats global budgets as a computing resource, we adapt resource isolation and scheduling techniques to the constraints of IDP, embedding DoS resilience into the budget management layer. Our Rust implementation with Firefox integration, evaluated on real-world ad data, shows that Big Bird supports benign workloads while mitigating DoS risks. Still, achieving both utility and robustness requires global budgets to be configured more loosely than per-site budgets; we therefore recommend that the Attribution API continue using tight per-site budgets but clarify their limited formal meaning, and complement them with global budgets tuned for benign load with added slack for DoS resilience.