Xreach: Privacy-Preserving Ad Attribution
Measure ad conversions without tracking individual users. XorIDA splits attribution events across independent nodes, enabling aggregate measurement with information-theoretic privacy.
The Problem
Ad attribution requires tracking individual users across websites and apps. Central surveillance profiles violate privacy regulations (GDPR, CCPA, DMA). Cookie deprecation and ATT are breaking existing measurement infrastructure.
The $600B digital advertising industry depends on knowing which ad exposure led to which conversion. Today this requires linking user identities across publishers and advertisers -- building the surveillance profiles that regulators are now prohibiting.
The measurement gap is widening. Third-party cookie deprecation, Apple ATT, and browser privacy features are eliminating cross-site tracking. Advertisers are losing visibility into campaign effectiveness. Privacy-preserving alternatives like Google's Privacy Sandbox still require trusting a single platform.
The Old Way
The PRIVATE.ME Solution
Xreach splits conversion events into N shares using XorIDA before they leave the user's device. Independent attribution nodes aggregate shares without ever seeing individual user behavior. Only aggregate campaign metrics are reconstructable.
When a user converts (purchase, signup, app install), the conversion event is split into N shares. Each share goes to an independent attribution node. Nodes perform partial aggregation on their shares. The advertiser reconstructs aggregate metrics from K nodes -- total conversions, ROAS, channel effectiveness -- without any node seeing individual user data.
Regulation-proof by design. No individual user profile is ever constructed. No cross-site identifier exists. GDPR, CCPA, and DMA compliance is achieved through architecture, not policy.
The New Way
How It Works
Conversion events are split on-device, distributed to independent attribution nodes, aggregated in share-space, and reconstructed into campaign-level metrics. Individual user behavior is never visible to any party.
Use Cases
Measure campaign effectiveness across publishers without sharing user data between them. Each publisher receives only partial attribution shares.
multi-publisherTrack ad-to-purchase conversions without cross-site cookies. On-device splitting ensures no third-party surveillance of purchase behavior.
cookie-freeEnable interest-based ad targeting using aggregate cohort data. No individual user profiles. GDPR and CCPA compliant by architecture.
regulation-proofGenerate aggregate audience demographics and interests without tracking individuals. Statistical significance from threshold aggregation.
aggregate-onlyIntegration
import { recordConversion, measureAttribution } from '@private.me/adsplit'; // Record a conversion event (split on-device) const result = await recordConversion({ campaignId: 'camp_abc123', eventType: 'purchase', value: 49.99, }, { n: 3, k: 2 }); // Measure aggregate campaign performance const metrics = await measureAttribution('camp_abc123'); if (metrics.ok) { // metrics.value.conversions — total count // metrics.value.roas — return on ad spend }
Security Properties
| Property | Mechanism | Guarantee |
|---|---|---|
| Confidentiality | XorIDA threshold sharing | Information-theoretic |
| Integrity | HMAC-SHA256 per share | Tamper-evident |
| Availability | K-of-N reconstruction | Fault tolerant |
| User Privacy | On-device splitting | No individual profiles |
| Regulatory | Aggregate-only output | GDPR/CCPA compliant |
Cryptographic Proof of Correctness
This ACI's computations can be cryptographically verified by xProve — so regulators, auditors, and counterparties can confirm results without re-running the computation or accessing the underlying data.
Tier 2: Commit-and-reveal — anti-equivocation for Beaver triples.
Tier 3: IT-MACs — malicious-security detection between parties.
Tier 4: KKW zero-knowledge proofs — publicly verifiable, ~50 KB, post-quantum.
Read the xProve white paper →
Ready to deploy Xreach?
Talk to Ren, our AI sales engineer, or book a live demo with our team.
Ship Proofs, Not Source
xReach generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.
- Tier 1 HMAC (~0.7KB)
- Tier 2 Commit-Reveal (~0.5KB)
- Tier 3 IT-MAC (~0.3KB)
- Tier 4 KKW ZK (~0.4KB)