Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方
Yosuke Furukawa
PRO
February 13, 2020
Programming
69
23k
最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方
2020/02/13 DevSumi 発表資料
Yosuke Furukawa
PRO
February 13, 2020
Tweet
Share
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
yosuke_furukawa
PRO
58
18k
yosuke_furukawa
PRO
15
5.1k
yosuke_furukawa
PRO
3
2.8k
yosuke_furukawa
PRO
0
2.2k
yosuke_furukawa
PRO
0
84
yosuke_furukawa
PRO
0
37
yosuke_furukawa
PRO
0
2.1k
yosuke_furukawa
PRO
24
13k
yosuke_furukawa
PRO
2
340
Other Decks in Programming
See All in Programming
meemeelab
0
300
pirosikick
4
960
yotuba088
2
600
christianweyer
PRO
0
300
manfredsteyer
PRO
0
230
xrdnk
0
170
nkjzm
1
200
grapecity_dev
0
180
sters
2
140
takahi5
3
160
makomakok
1
260
yoshinoriiiii
0
110
Featured
See All Featured
denniskardys
219
120k
schacon
145
6.6k
destraynor
222
47k
reverentgeek
167
7.3k
jensimmons
207
10k
caitiem20
308
17k
chriscoyier
683
180k
bryan
100
11k
shpigford
369
42k
reverentgeek
27
2k
sachag
446
36k
lara
590
61k
Transcript
࠷৽ͷϒϥβͰมΘ ΔCookieͷऔѻ͍ ϓϥΠόγʔͷߟ͑ํ 2020/02/13 @ Developers Summit 2020
Twitter: @yosuke_furukawa Github: yosuke-furukawa ࠷ۙͷ׆ಈ $ISPNF"EWJTPSZ#PBSE +4$POG+1PSHBOJ[FSFUD
͜͜࠷ۙɺϒϥβͷมߋ͕ ଟ͍ɻಛʹηΩϡϦςΟɾ ϓϥΠόγʔपΓɻ
'JSFGPY 4BGBSJ ɾ*OUFMMJHFOU5SBDLJOH1SFWFOUJPO τϥοΩϯάΛࢭ͢ΔΈ SEQBSUZDPPLJFΛอଘ͠ͳ͍ +BWB4DSJQU͔ΒͷDPPLJF͔͠อଘ͠ͳ͍ શͯͷΫϩεαΠτϦΫΤετͷ3FGFSFSΛ0SJHJO͚ͩʹ ɾ&OIBODFE5SBDLJOH1SPUFDUJPO τϥοΩϯάΛࢭ͢ΔΈ *51ͱ΄΅Ұॹ
ϒϥοΫϦετܗࣜͷϦετ͕͋ΓɺͦͷϦετʹϚον͢Δͱอଘ͞ Εͳ͍ ϒϥοΫϦετʹࡌ͍ͬͯΔυϝΠϯ͔Β'JOHFSQSJOUJOHTDSJQU Λಈ࡞ͤ͞ͳ͍ɻ6"ͳͲͷจࣈྻΛऔΒͤͳ͍ɻ ɾ%/40WFS)5514 %/4RVFSZIUUQTʹͯ͠҉߸ԽɺӾཡઌΛผͰ͖ͳ͍Α͏ʹ͢Δ
$ISPNF ɾ4BNF4JUF$PPLJFͷಋೖ ΫϩεαΠτͰͷϦΫΤετ࣌ʹ$PPLJFΛ͢͜ͱΛݪଇېࢭ͍ͯ͘͠ํʹɻ ΫϩεαΠτͰͷϦΫΤετͰ$PPLJFΛ͔ͨͬͨ͠Β4BNF4JUF/POFΛ͚ͭɺ 4FDVSFଐੑͭ·Γ)5514ʹ͢Δ ɾ.JYFE$POUFOUTΛϒϩοΫ͢Δ )5514ͷίϯςΩετ͔Β)551ͷϦιʔεΛಡΉ͜ͱΛ.JYFE$POUFOUTͱݺͼɺ ͜ΕΛϒϩοΫ͢Δ ɾ6TFS"HFOUจࣈྻΛݻఆԽ 6"ใͷղ૾͕ߴ͗ͯ͢pOHFSQSJOUJOHʹ͑ΔͨΊɺݻఆԽ͠ඇਪ
ɾSEQBSUZDPPLJFഇࢭ ΑΓQSJWBUFͳXFCΛಋೖ͢Δํͷؾ࣋ͪද໌ IUUQTCMPHDISPNJVNPSHCVJMEJOHNPSFQSJWBUFXFCQBUI UPXBSETIUNM
Intelligent Tracking Prevention • τϥοΩϯάࢭΛ͢ΔҰ࿈ͷΈΛࢦ͢
Enhanced Tracking Protection • τϥοΩϯάࢭΛ͢ΔҰ࿈ͷΈΛࢦ͢
SameSite Cookie • Cookie ΛΫϩεαΠτͰૹΒͳ͍Έ
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ֤ϒϥβಈ͖͕ඍົʹҟͳΔ͕ɺجຊతʹSEQBSUZDPPLJFࣗମ͍ʹ ͳΒͳ͘ͳΔɻ4BGBSJͦͦอଘ͞Εͳ͍ɺ'JSFGPYϒϥοΫϦετʹ ࡌͬͯͨΒอଘ͠ͳ͍ɺ$ISPNF$PPLJFͷଐੑ 4BNF4JUF ͰରԠ
ͦͦ Cookie ͷΈ
• a.com ʹ๚ͨ͠ͱ͢Δɻͦ͜Ͱ b.com ͷ ࠂΛݟͨͱ͢Δɻ • ͦͷ߹ཪͰɺ `Set-Cookie` ϔομͰ
Cookie͕ొ͞ΕΔɻ Cookie ͷΈ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPN$PPLJF4UPSF JE CDPNͷJE͕ه͞ΕΔ 4FU$PPLJFJE
• Cookie ͕ొ͞ΕΔͱ࣍ճҎ߱ͷϦΫΤετ ࣌ʹॻ͖ࠐ·Εͨใ͕ϦΫΤετϔομʹ ࡌͬͯαʔόʹΘΔɻ Cookie ͷΈ 1BHF CDPN BE
IUUQTBDPNJOEFYIUNM CDPNͷϦΫΤετ $PPLJFJE
• ͜ͷ࣌ɺ b.com Ͱ id=123456789; ͷਓ͕ a.com ͔Βདྷͨ͜ͱ͕͋Δࣄɺ࠶ b.com ͷ
ࠂΛݟ͍ͯΔ͜ͱͳͲΛࣗͷDBʹه͢ Δ Cookie ͷΈ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPNͷϦΫΤετ $PPLJFJE ϦΫΤετʹج͖ͮɺϢʔ βʔͷߦಈΛه͢Δ
• ࣍ʹ c.com ʹ๚ͨ͠ͱ͢Δɻͦ͜Ͱಉ༷ ʹ b.com ͷࠂΛݟͨͱ͢Δɻ • ͦ͏͢Δͱ a.com
དྷͨ͜ͱ͋Δࣄ͕ࠂදࣔ ࣌ʹ b.com ʹΘΔɻ Cookie ͷΈ 1BHF CDPN BE IUUQTDDPNJOEFYIUNM DPPLJFʹJE͕͍ͬͯΕͲ͔͜Ͱ ࠂදࣔ͞Εͨ͜ͱ͕͋Δ͜ͱ͕CDPNʹΘΔɻ ࣄલͷཤྺΛݟΕBDPN͔Βདྷͨ͜ͱΘ͔Δ
ͦ͜Ͱ ITPͰ 3rd party cookie Λblock͢ΔΈ͕ Ͱ͖͍ͯΔ
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ͡Ό͋ͦͦ͜ͷ࣌ͷCDPNϨεϙϯε࣌ʹॻ͔ΕͯΔ4FU$PPLJFΛແޮʹ ͢Δͱ͍͏ͷ͕*51ॳΊͱ͢ΔSEQBSUZDPPLJFΛഉআ͢Δߟ͑ํ
ͨͩ͜Ε͚ͩͩͱ࣮·ͩ trackingͰ͖ͯ͠·͏
• Set-Cookieϔομܦ༝Ͱͳ͘ɺJavaScriptΛμϯϩʔυͨ͠ ޙɺ `document.cookie` ܦ༝Ͱॻ͚ɺCookieʹهՄೳ • ͜ͷ߹3rd party ͷJSͰ͋ͬͯ 1st
party cookieͱͳΔͨΊɺ ઌͷ੍ΛճආͰ͖Δ • ϦΫΤετ࣌ʹAjaxΛܦ༝ͯ͠ idΛ b.com ʹૹΔɺ͜ΕͰ trackingͰ͖Δɻ Cookie ͷΈ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPN+BWB4DSJQUΛμ ϯϩʔυ͠ɺ+4ܦ༝ͰDPPLJF Λॻ͘ɻ
ITP / ETP ͷ߹ document.cookie ࣗମʹ੍ݶ͕ՃΘ͍ͬͯΔ 4FSWFS BDPN 1BHF DDPN
CDPN IUUQTBDPNJOEFYIUNM 4FSWFS CDPN 4FU$PPLJF EPDVNFOUDPPLJF ✓ OK ˚ 1day only EPDVNFOUDPPLJFͰॻ͍ͨ߹4BGBSJͷ߹ɺ͔͠อͨͳ͍ɻ ·ͨɺ'JSFGPYͷ߹SEQBSUZTDSJQU͕ CMBDLMJTUʹࡌͬͯΔͱ ಈ͔ͳ͍ɻ
• Chrome ͷ߹ Cookie ʹଐੑΛ༩͢ΔܗͰ 3rd party cookie ͷtrackingΛ੍ݶ͢Δ •
σϑΥϧτͰൃߦ͞ΕΔ cookie ʹ SameSite=Lax ͱݺΕΔଐ ੑ͕༩͞ΕΔɻ • ͜ΕʹΑΓɺΫϩεαΠτͰͷϦΫΤεττοϓϨϕϧυϝΠϯ ͕ಉ͡ͷͷΈʹ੍ݶ͞ΕΔɻ • ͠ΫϩεϦΫΤετͰૹΓ͍ͨ߹SameSite=None; Secure; ͱ͍͏ଐੑʹ͢Δඞཁ͕͋Δɻ Chrome SameSite Cookie
• Chrome ͷ߹ɺ document.cookie Ͱ SameSite=NoneଐੑΛ༩ͤ͞Δ͜ͱ͕ෆՄ ೳʹͳͬͯΔɻ // ҙ: ͜͏͍͏ࢦఆͰ͖ͳ͍ɻ
document.cookie="id=123456789;secure;samesite=none" Chrome SameSite Cookie هɿɹ$ISPNF͔Β4BNF4JUFOPOF4FDVSF Λ+4Ͱॻ͚ΔͨΊɺ͜ͷϖʔδޡΓɻ5IBOLT!LZPUPOJP
͜ΕͰtrackingͰ͖ͳ͍͔ɺ ͱ͍͏ͱͦ͏Ͱͳ͍ɻ
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM 4FSWFS
CDPN 4FSWFS DDPN
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS
BEBDPNத CDPN 4FSWFS BOBMZUJDTBDPNத DDPN
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS
BEBDPNத CDPN 4FSWFS BOBMZUJDTBDPNத DDPN SEQBSUZDPPLJFSEQBSUZʹରͯ͠ߦ͏͔Β/(ͳͷͰ͋ͬͯɺTUQBSUZ ѻ͍ͯ͠͠·੍͑ݶΛղআͰ͖Δ
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS
BEBDPNத CDPN 4FSWFS BOBMZUJDTBDPNத DDPN ͨͩ͠ɺ͜ͷ߹ɺ$PPLJFࣗBEBDPNʹ੍ݶ͞ΕΔͨΊɺSEQBSUZ DPPLJFͷΑ͏ʹɺϢʔβʔΛҰҙʹಛఆ͢ΔJEΛൃߦͰ͖ͳ͍ɻαΠτͰ USBDLJOHͰ͖Δ͚ͩͰɺಛఆࠔ
ͨͩ͜Εʹରͯ͠ DNSͰ໊લ ղܾ࣌ʹ੍ݶ͢Δํ๏͋Δ
DNSͰ੍ݶ͢Δ 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM %/44FSWFS query: ad.a.com cname: b.com
%/4ʹ໊લղܾ͢Δࡍʹ $/".&Ͱผ໊ʹͳͬͯΔ͜ ͱ͕Θ͔ͬͨΒͦ͜ͰCMPDL͢ ΔΈΛݕ౼த ✗ NG %/4ղܾΛϒϥβຊମଆͰߦ͏͜ͱͰɺ੍ݶͰ͖ΔΑ͏ʹͳΔʢͨͩ͠ɺ·ͩ Ͳͷϒϥβ%/4Ͱ$/".&ܦ༝ͰͷUSBDLJOH੍ݶະ࣮ʣ IUUQTCVH[JMMBNP[JMMBPSHTIPX@CVHDHJ JE
ͭ·ΓɺͣͬͱΠλνͬ͜͝ ͷ༷૬Λఄ͍ͯ͠Δɻ
͜ͷϓϥΠόγʔͷಈ͖ ظతͳͷͰͳ͘ɺதظ తͳಈ͖ɻ ϒϥβۀքɺΣϒۀքશ ମͷʹͳ͍ͬͯΔɻ
ͨͩ Tracking શ͕ͯNGʹͳΔͱͦ ͦΣϒͷऩӹϞσϧ่Εͯ͘Δ SEQBSUZDPPLJFUSBDLJOHΛഉআͨ͠ࡍʹUPQͷQVCMJTIFSͷฏۉϨϕχϡʔ͕Ҏ্Լ ͢Δͱ͍͏άϥϑ IUUQTTFSWJDFTHPPHMFDPNGIpMFTNJTDEJTBCMJOH@UIJSEQBSUZ@DPPLJFT@QVCMJTIFS@SFWFOVFQEG
࣮ͲͷϒϥβTracking ͷશ͕ͯμϝͱݴ͍ͬͯΔΘ ͚Ͱͳ͍ɻ
Cookieͱ͍͏ศརͳശʹͳΜ Ͱ͔ΜͰཔΔͷͰͳ ͘ɺ 4FTTJPO 1FSTPOBMJ[BUJPO 5SBDLJOH
৽͍͠ΈͰϓϥΠόγʔ ʹྀͭͭ͠ɺརศੑߟྀ ͨ͠৽͍͠Ϟσϧʹ͠Α͏ͱ ͍͏औΓΈ͕ࠓى͖͍ͯΔ
Private Click Measurement (Ad click attribution) ࠂΛΫϦοΫ͔ͯ͠ΒతΛୡ͔ͨ͠Ͳ͏͔ʢίϯ όʔδϣϯ͕ୡͰ͖͔ͨʣΛDPPLJFʹཔΒͣʹߦ͏ɹ
Private Click Measurement (Ad click attribution) ࠂܝࡌઌ͔ΒΫϦοΫ͢Δࡍʹࠂܝࡌݩʹ͑ΔใΛBEଐੑͰهड़͓͖ͯ͠ɺΫϦοΫͨ͠Βͦ Ε͕ܝࡌݩʹΘΔɻͨͩͷϦϯΫཁૉʹ͢Δඞཁ͕͋ΔʢBλάͰॻ͘ʣ IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC
Private Click Measurement (Ad click attribution) ࣮ࡍʹίϯόʔδϣϯͨ͠Βɺܝࡌઌʹ)551ϦμΠϨΫτ͕ߦΘΕΔɻ IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC
Private Click Measurement (Ad click attribution) ࣌ؒҎʹΫϦοΫͨ͠ͷͰ͋Εಉ͘͡ίϯόʔδϣϯͷλΠϛϯάͰܝࡌઌʹ1045ͷϦ ΫΤετ͕Δɻ໌Β͔ʹͤΔใ͕ߜΒΕ͓ͯΓɺϢʔβʔ͕ԿΛങ͔ͬͨɺͲ͏͍͏ܦ࿏Λܦͨ ͷ͔ͷใΒΕ͍ͯΔͷͷɺίϯόʔδϣϯ͔ͨ͠Ͳ͏͔͚ͩผͰ͖Δɻ
Privacy Sandbox • Chrome Ͱఏএ͍ͯ͠ΔΑΓ privacy ʹྀͨ͠৽͍͠Ϟ σϧ • 3ͭͷͦΕͧΕಠཱͨ͠औΓΈ͕͋Δɻ
• Cross-Site Tracking ͷ࠶ఆٛ • 3rd Party Cookie ͷഇࢭ • ৽͍͠ํ๏ͷҠߦखஈͷఏڙ IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY
Privacy Sandbox • શͯΛհ͢Δ࣌ؒͳ͍ͷͰ3ͭ΄Ͳհ • Privacy Budget • Trust Tokens
API • Federated Learning of Cohorts IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY
• ݸਓΛࣝผՄೳͳใʹ Budget (༧ࢉ)Λ༩͑ ͯ༧ࢉΛ͑ͨΒͦΕҎ্ͷใΛ͞ͳ͍Α ͏ʹ͢ΔΈ • UserAgent ͕ݻఆԽ͞ΕΔͷ༧ࢉ੍ݶͷͨΊ •
·ͣͲΕ͚ͩͷใ͕ݸਓࣝผՄೳͳͷ͔Λ ௐࠪɺܭଌ͍ͯ͠Δͱ͜Ζ͔Β Privacy Budget
Privacy Budget ॳظϦΫΤετ: Sec-CH-UA: "Chrome"; v="73" Ϩεϙϯε: Accept-CH: UA, Platform
Sec-CH-UA: "Chrome"; v="73.3R8.2H.1" Sec-CH-UA-Platform: "Windows"; v="10" 6TFS"HFOUจࣈྻैདྷͷΑ͏ʹ͞ͳ͍ɻΤϯτϩϐʔ͕ଟ͘ɺpOHFSQSJOUʹ͑ΔͨΊɻ ͜ΕΛαʔόଆͱΫϥΠΞϯτଆͰ$MJFOU)JOUTͱݺΕΔ༷Ͱަব͠ͳ͕ΒใΛΒ͏ɻ
Trust Tokens API #PUͰ͑ΒΕͳ͍Λग़ͯ͠ɺճ͢Δ͜ͱͰ࣮ࡍʹਓ͕͍ͬͯΔͷͳͷ͔ͦ͏͡Όͳ͍ͷ͔ Λผ͢ΔΈɻ$"15$)"ʹΠϝʔδͱ͍ͯۙ͠ɻ$PPLJFΛਓ͔Ͳ͏͔ͷผʹར༻ͯͨ͠ͱ ͜ΖͰ׆༻͢Δɻ 4FSWFS 8IJDIJTEPH PS
Federated Learning of Cohorts ػցֶशΛσʔληϯλʔͰΔͷͰͳ͘ɺϒϥβͰΤοδ͔Βػցֶश͢Δ͜ͱͰݸਓͷझ ຯᅂͷఆΛݸਓใΛऩू͢Δ͜ͱͳ͘ߦ͏Έ #SPXTFS %BUB$FOUFS ͜Ε͔ΒϒϥβͰܭࢉ͠ɺ ݸਓใऩूΛෆཁʹ͢Δ
ैདྷσʔληϯλʔͰݸਓ ใΛܭࢉ͢Δඞཁ͕͋ͬͨ
DNS over https 04ʹઃఆ͞Εͨ%/4αʔό͔Β໊લղܾ͢ΔͷͰͳ͘ɺϒϥβ͔Β)5514ϦΫΤετͰɹ %/4αʔόʹ໊લղܾϦΫΤετΛૹΔɻ͜͏͢Δ͜ͱͰɺࠓ·Ͱฏจͩͬͨ%/4ΫΤϦΛ҉߸Խͨ͠ ঢ়ଶͰૹΔ͜ͱ͕Ͱ͖ɺΞΫηεઌΛதؒऀ͔ΒӅṭͰ͖Δɻ #SPXTFS %/4
Mozilla͕villain ͱͯ͠ೝࣝ ͞ΕΔࣄҊ
DNS-over-https ࣗମ͕ѱͩͱ͢Δಈ͖ ͕ΠΪϦεͰى͍ͬͯ͜Δɻ͜Εɺ ISP͕ΞμϧτϑΟϧλʔ੍ݶΛ͔͚ͨ ͍(͔͚ͳ͍ͱ๏ྩҧʹͳΔ)͔Β ΞμϧτϑΟϧλʔ੍ݶࣗࢠͲͨ ͪΛकΔͨΊʹඞཁͳͷͰ͋Δ ͷͷɺͬͯΔ͜ͱҬతͳ౪ௌͱ ಉ͡
ຊདྷળҙͱͯͬͯ͠Δࣄ ʢΞμϧτϑΟϧλʔʣͰ ͋ͬͯɺѱҙΛ࣮࣋ͬͯࢪ ͞ΕΔࣄʢ౪ௌʣͱ۠ผ͕ͭ ͔ͳ͍ঢ়گ
ࠓ࣌ͩͱ·ͩ๏උ͢Β ͍͍ͭͯͳ͍ॴ͋Δ
զʑͲ͏͢Δ͖͔
CookieͷऔΓѻ͍ʹؔͯ͠ • αʔϏεͰ͏߹ηογϣϯͱͯ͠ͷѻ͍ʹ ͱͲΊΔ͜ͱɻ • ѻ͏߹ Secureଐੑͱ HttpOnlyଐੑͷ྆ํΛ ͖ͪΜͱ͚ͯɺαʔόͰηογϣϯΫοΩʔΛ ൃߦͯ͠͏ɻ
• JavaScriptͰॻ͖ࠐΈΛͯ͠ΔՕॴۃྗݮΒ͢ɻ
CookieͷऔΓѻ͍ʹؔͯ͠ • 3rd party cookie Λج४ʹͨ͠trackingΠλνͬ͜͝Ͱ ίϩίϩํ๏͕มΘΔ • trackingͦͷͷΛఘΊΔ͔ •
ͨΓతʹରॲ͠ɺΠλνͬ͜͝ʹͳΔ͔ • ͪΌΜͱಉҙΛಘΔ͔ • ͷ3ʹͳ͍ͬͯΔɻ
CookieͷऔΓѻ͍ʹؔͯ͠ • ͪΌΜͱಉҙΛಘͨܗͰΘ͔Γ͍͢ͷΛ Ϣʔβʔʹఏࣔ͢Δ͜ͱࢹʹݕ౼ • ·ͨɺSafariಉҙΛಘΕlocalͳstorageͷ ཧΛͤͯ͘͞ΕΔɻ https://www.philips.co.jp/a-w/cookie-notice.html
CookieͷऔΓѻ͍ʹؔͯ͠ • ҰํͰtrackingʹؔͯ͠EUࣄલʹಉҙΛऔΔ͖ ͱ͍ͯ͠Δ(͍ΘΏΔGDPR)ɻ • ຊͰݸਓใอޢ๏ͷվਖ਼Ҋ͕ݕ౼தɻ https://www.ppc.go.jp/files/pdf/ 200110_seidokaiseitaiko.pdf • CookieͷऔΓѻ͍ʹݶΒͣɺtrackingΛ͢Δ߹ࣄ
લͷಉҙΛಘͳ͍ͱ͍͚ͳ͘ͳΔՄೳੑɻ
·ͱΊ
·ͱΊ • Cookieʹؔͯ͜͠Ε͔Β͓ͦΒ͘ͲΜͲΜѻ͍͕ݫ͘͠ͳ͍ͬͯ͘ɻಛʹtracking ʹ͍ͭͯ͜Ε·ͰͷΓํਪ͞Εͳ͍ํʹɻ • CookieʹมΘΔํ๏ͱͯ͠৽͍͠tracking, conversion measurementͷΓํ͕ߟ͑ ΒΕͯΔɻPrivacy SandboxPrivate
Click MeasurementͷಈΛཁνΣοΫ • ҰํͰ·ͩ๏ྩؚΊ͍͍͍ͯͭͯͳ͍ͱ͜Ζͨ͘͞Μ͋Δɻ͘͠๏͔Βઌ ʹڧ੍తʹCookieͷऔΓѻ͍Λݟ͢ํʹͳ͍ͬͯ͘Մೳੑɻ • Cookieࣗͷѻ͍ʹؔͯ͠ηογϣϯͱͯ͠͏ʹͱͲΊɺtrackingผͳํ๏Ͱ ͷݕ౼Λ͍ͯ͘͠ඞཁ͕͋Δݟ௨͠ɻ • ·ͩϒϥβϕϯμʔؒͰฒΈἧ͍ͬͯͳ͍༷ࢠɺۀքશମΛר͖ࠐΉͳͷ ͰɺۀքશମͰϑΥϩʔΞοϓ͍͖ͯ͠·͠ΐ͏ɻ
ࢀߟࢿྉ
ࢀߟࢿྉ • Safari • https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/ • https://webkit.org/tracking-prevention-policy/ • https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/ •
https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf • Firefox • https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-preview • https://support.mozilla.org/en-US/kb/firefox-dns-over-https • https://bugzilla.mozilla.org/show_bug.cgi?id=1598969 • https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and- cryptomining-by-default/ • https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/ • Chrome • https://services.google.com/fh/files/misc/disabling_third-party_cookies_publisher_revenue.pdf • https://blog.chromium.org/2020/01/building-more-private-web-path-towards.htmls
ࢀߟࢿྉ • Chrome • https://security.googleblog.com/2019/10/no-more-mixed-messages-about- https_3.html • https://developer.mozilla.org/ja/docs/Web/API/Document/cookie • https://www.chromium.org/Home/chromium-privacy/privacy-sandbox
• https://github.com/bslassey/privacy-budget • https://github.com/jkarlin/floc • https://github.com/WICG/ua-client-hints • ͦͷଞ • https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party- trackers-195205dc522a • https://wicg.github.io/ad-click-attribution/index.html • https://note.com/martech/n/n3d79c59e41be