amp-consent: Expand the storage limit

[jawadst]

What's the issue?

When a CMP iframe sends consent information to AMP (consent-response message sent via postMessage), the maximum string length is 150.

The size of the IAB consent string can vary when users make more granular choices due to the encoding of the string and the difficulty of encoding granular choices (vs encoding a yes or a no for all vendors). See https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/Consent%20string%20and%20vendor%20list%20formats%20v1.1%20Final.md#vendor-consent-string-format- for the encoding of the consent string.

When encoding fully granular choices, a consent string has a size of 143 characters today. This grows with the number of vendors that are part of the IAB framework so we will soon be over 150 and not be able to store the IAB consent string in the allocated storage.
As is, the storage is too small to accommodate all variations of the current IAB consent strings (TCFv1) which means that the user choices might sometimes not be correctly stored and applied. When the string is too long, the consent UI keeps popping up on every page that the user visits.

With the new version of the IAB Transparency and Consent Framework (TCF v2) that Google has joined and should implement in its ad products, the string will get a little bit longer to accommodate for new signals (see https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20Consent%20string%20and%20vendor%20list%20formats%20v2.md#tc-string-format).

I'd recommend increasing the storage limit for the consent status to 300. That would be plenty for the current consent string. I am not completely sure about the size of the v2.

cc @janwinkler (I am sure you'll run into this issue soon enough!)
cc @zhouyx @torch2424

How do we reproduce the issue?

Run

window.parent.postMessage({
    type: 'consent-response',
    info: 'string longer than 150 characters',
}, '*');

from an iframe loaded by amp-consent

What browsers are affected?

The issue does not depend on the browser

Which AMP version is affected?

All versions are affected (since the addition of support for external CMPs)

[zhouyx]

Thank you @jawadst for reporting. This is a very solid request.
Can I ask about the 143 characters when encoding fully granular choices? Is that the maximum number that we can get today with tcf-v1 and the current vendor list? Thanks.

[andresilveirah]

@zhouyx do you have any update on this? I think a client of ours just faced the same issue.

[zhouyx]

@andresilveirah. Yes the AMP team agreed to loose the storage limit and improve the localStorage caching logic instead. Do you have an estimate on what is a good size limit? Thanks

[Shiron2302]

@zhouyx Any news on when this will be implemented? I would say around 200-250? At the moment I see we are going around 155

[zhouyx]

200 sounds good, it will take 200 * 2 (utf8Encode) * 4/3 (base64) = 533 bytes.

should be a minor change. I can work on a quick fix to this.

[janwinkler]

200 will only be sufficient for a very short time. some TCF v1 strings are already bigger than 200byte and with TCF v2 (march 2020) the strings will defenetly get bigger than 200.

[zhouyx]

Ideally we would be fine with the size if we improve the cache logic in the AMP viewer. However the team currently doesn't have bandwidth for the improvement in quarter.
Would increasing it to 250 bytes help?

[Facens]

@zhouyx I'm a contributor to Tech Lab, where the TCF specs are defined. You can play with the V2 string here: https://iabtcf.com/#/encode
This item is critical because right now using AMP+TCF breaks completely due to the above.

[janwinkler]

For my understanding AMP will always be service specific consent, hence the string wil be shorter. anyhow. 250 bytes are still "easy to reach" ...

[zhouyx]

I've increased the limit to 200 bytes for now.

Please let us know what is a desired limit? Due to the implementation of localStorage when AMP is embedded in AMP viewer, we have to have a threshold.

[jawadst]

@zhouyx Thanks for this change, very helpful!
Is this live in production yet or will it be released at a later date?

As for the ideal limit, I don't think we know yet. 300 would be more comfortable for the TCFv1 (as stated by @janwinkler , we already have v1 strings bigger in size than 200) and the TCF v2 will have increased size.

Here is an example of a TCFv2 string with size 409 (and that's a pretty standard string when the user says Yes to everything with the current vendor list): COvVQBZOvVQBZCAAAAENAPCAAP_AAP_AAAAAFoEUQQgAIQwgIwQABAEAAAAOIAACAIAAAAQAIAgEAACEAAAAAgAQBAAAAAAAGBAAgAAAAAAAFAAECAAAgAAQARAEQAAAAAJAAIAAgAAAYQEAAAQmAgBC3ZAYzUwLQIoghAAQhhARggACAIAAAAcQAAEAQAAAAgAQBAIAAEIAAAABAAgCAAAAAAAMCABAAAAAAAAKAAIEAABAAAgAiAIgAAAAASAAQABAAAAwgIAAAhMBACFuyAxmpgAA.IFoEUQQgAIQwgIwQABAEAAAAOIAACAIAAAAQAIAgEAACEAAAAAgAQBAAAAAAAGBAAgAAAAAAAFAAECAAAgAAQARAEQAAAAAJAAIAAgAAAYQEAAAQmAgBC3ZAYzUw

I'd say 600-700 would be more comfortable for the v2 but it's hard to be sure at this point.