最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

Transcript

1. ࠷৽ͷϒϥ΢βͰมΘ
   ΔCookieͷऔѻ͍΍
   ϓϥΠόγʔͷߟ͑ํ
   2020/02/13 @ Developers Summit 2020
   

   View Slide

2. Twitter: @yosuke_furukawa
   Github: yosuke-furukawa
   ࠷ۙͷ׆ಈ
   $ISPNF"EWJTPSZ#PBSE
   +4$POG+1PSHBOJ[FSFUD
   

   View Slide

3. ͜͜࠷ۙɺϒϥ΢βͷมߋ͕
   ଟ͍ɻಛʹηΩϡϦςΟɾ

   ϓϥΠόγʔपΓɻ
   

   View Slide

4. 'JSFGPY
   4BGBSJ
   ɾ*OUFMMJHFOU5SBDLJOH1SFWFOUJPO
   τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ
   SEQBSUZDPPLJFΛอଘ͠ͳ͍
   +BWB4DSJQU͔ΒͷDPPLJF΋೔͔͠อଘ͠ͳ͍
   શͯͷΫϩεαΠτϦΫΤετͷ3FGFSFSΛ0SJHJO͚ͩʹ
   ɾ&OIBODFE5SBDLJOH1SPUFDUJPO
   τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ *51ͱ΄΅Ұॹ
   
   ϒϥοΫϦετܗࣜͷϦετ͕͋ΓɺͦͷϦετʹϚον͢Δͱอଘ͞
   Εͳ͍
   ϒϥοΫϦετʹࡌ͍ͬͯΔυϝΠϯ͔Β͸'JOHFSQSJOUJOHTDSJQU
   Λಈ࡞ͤ͞ͳ͍ɻ6"ͳͲͷจࣈྻΛऔΒͤͳ͍ɻ
   ɾ%/40WFS)5514
   %/4RVFSZ΋IUUQTʹͯ͠҉߸ԽɺӾཡઌΛ൑ผͰ͖ͳ͍Α͏ʹ͢Δ
   

   View Slide

5. $ISPNF
   ɾ4BNF4JUF$PPLJFͷಋೖ
   ΫϩεαΠτͰͷϦΫΤετ࣌ʹ$PPLJFΛ౉͢͜ͱΛݪଇېࢭ͍ͯ͘͠ํ޲ʹɻ
   ΫϩεαΠτͰͷϦΫΤετͰ$PPLJFΛ౉͔ͨͬͨ͠Β4BNF4JUF/POFΛ͚ͭɺ
   4FDVSFଐੑͭ·Γ)5514ʹ͢Δ
   ɾ.JYFE$POUFOUTΛϒϩοΫ͢Δ
   )5514ͷίϯςΩετ͔Β)551ͷϦιʔεΛಡΉ͜ͱΛ.JYFE$POUFOUTͱݺͼɺ
   ͜ΕΛϒϩοΫ͢Δ
   ɾ6TFS"HFOUจࣈྻΛݻఆԽ
   6"͸৘ใͷղ૾౓͕ߴ͗ͯ͢pOHFSQSJOUJOHʹ࢖͑ΔͨΊɺݻఆԽ͠ඇਪ঑΁

   ɾSEQBSUZDPPLJFഇࢭ΁
   ΑΓQSJWBUFͳXFCΛಋೖ͢Δํ޲΁ͷؾ࣋ͪද໌

   IUUQTCMPHDISPNJVNPSHCVJMEJOHNPSFQSJWBUFXFCQBUI
   UPXBSETIUNM

   

   View Slide

6. Intelligent Tracking Prevention
   • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢
   

   View Slide

7. Enhanced Tracking Protection
   • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢
   

   View Slide

8. SameSite Cookie
   • Cookie ΛΫϩεαΠτͰૹΒͳ͍࢓૊Έ
   

   View Slide

9. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
   Δ࢓૊Έ
   4FSWFS
   BDPN
   
   1BHF
   DDPN
   CDPN
   IUUQTBDPNJOEFYIUNM
   4FSWFS
   CDPN
   
   4FSWFS
   DDPN
   
   

   View Slide

10. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN
    
    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN
    
    4FSWFS
    DDPN
    
    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    

    View Slide

11. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN
    
    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN
    
    4FSWFS
    DDPN
    
    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG
    

    View Slide

12. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN
    
    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN
    
    4FSWFS
    DDPN
    
    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG
    ֤ϒϥ΢βಈ͖͕ඍົʹҟͳΔ͕ɺجຊతʹSEQBSUZDPPLJFࣗମ͸࢖͍෺ʹ
    ͳΒͳ͘ͳΔɻ4BGBSJ͸ͦ΋ͦ΋อଘ͞Εͳ͍ɺ'JSFGPY͸ϒϥοΫϦετʹ
    ࡌͬͯͨΒอଘ͠ͳ͍ɺ$ISPNF͸$PPLJFͷଐੑ 4BNF4JUF
    ͰରԠ
    

    View Slide

13. ͦ΋ͦ΋ Cookie ͷ࢓૊Έ
    

    View Slide

14. • a.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ b.com ͷ޿
    ࠂΛݟͨͱ͢Δɻ
    • ͦͷ৔߹ཪͰ͸ɺ `Set-Cookie` ϔομͰ
    Cookie͕ొ࿥͞ΕΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN$PPLJF4UPSF
    JE
    CDPN΁ͷJE͕ه࿥͞ΕΔ
    4FU$PPLJFJE
    

    View Slide

15. • Cookie ͕ొ࿥͞ΕΔͱ࣍ճҎ߱ͷϦΫΤετ
    ࣌ʹॻ͖ࠐ·Εͨ৘ใ͕ϦΫΤετϔομʹ
    ࡌͬͯαʔόʹ఻ΘΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN΁ͷϦΫΤετ
    $PPLJFJE
    

    View Slide

16. • ͜ͷ࣌ɺ b.com Ͱ͸ id=123456789; ͷਓ͕
    a.com ͔Βདྷͨ͜ͱ͕͋Δࣄɺ࠶౓ b.com ͷ
    ޿ࠂΛݟ͍ͯΔ͜ͱͳͲΛࣗ෼ͷDBʹه࿥͢
    Δ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN΁ͷϦΫΤετ
    $PPLJFJE
    ϦΫΤετʹج͖ͮɺϢʔ
    βʔͷߦಈΛه࿥͢Δ
    

    View Slide

17. • ࣍ʹ c.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ΋ಉ༷
    ʹ b.com ͷ޿ࠂΛݟͨͱ͢Δɻ
    • ͦ͏͢Δͱ a.com དྷͨ͜ͱ͋Δࣄ͕޿ࠂදࣔ
    ࣌ʹ b.com ʹ఻ΘΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTDDPNJOEFYIUNM
    DPPLJFʹJE͕࢒͍ͬͯΕ͹Ͳ͔͜Ͱ
    ޿ࠂදࣔ͞Εͨ͜ͱ͕͋Δ͜ͱ͕CDPNʹ఻ΘΔɻ
    ࣄલͷཤྺΛݟΕ͹BDPN͔Βདྷͨ͜ͱ΋Θ͔Δ
    

    View Slide

18. ͦ͜Ͱ ITP౳Ͱ 3rd party
    cookie Λblock͢Δ࢓૊Έ͕
    Ͱ͖͍ͯΔ
    

    View Slide

19. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN
    
    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN
    
    4FSWFS
    DDPN
    
    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG
    ͡Ό͋ͦ΋ͦ΋͜ͷ࣌ͷCDPNϨεϙϯε࣌ʹॻ͔ΕͯΔ4FU$PPLJFΛແޮʹ
    ͢Δͱ͍͏ͷ͕*51ॳΊͱ͢ΔSEQBSUZDPPLJFΛഉআ͢Δߟ͑ํ
    

    View Slide

20. ͨͩ͜Ε͚ͩͩͱ࣮͸·ͩ
    tracking͸Ͱ͖ͯ͠·͏
    

    View Slide

21. • Set-Cookieϔομܦ༝Ͱ͸ͳ͘ɺJavaScriptΛμ΢ϯϩʔυͨ͠
    ޙɺ `document.cookie` ܦ༝Ͱॻ͚͹ɺCookieʹه࿥͸Մೳ
    • ͜ͷ৔߹3rd party ͷJSͰ͋ͬͯ

    ΋1st party cookieͱͳΔͨΊɺ

    ઌͷ੍໿ΛճආͰ͖Δ
    • ϦΫΤετ࣌ʹAjax౳Λܦ༝ͯ͠

    idΛ b.com ʹ΋ૹΔɺ͜ΕͰ

    trackingͰ͖Δɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN͸+BWB4DSJQUΛμ΢
    ϯϩʔυ͠ɺ+4ܦ༝ͰDPPLJF
    Λॻ͘ɻ
    

    View Slide

22. ITP / ETP ͷ৔߹͸ document.cookie
    ࣗମʹ΋੍ݶ͕ՃΘ͍ͬͯΔ
    4FSWFS
    BDPN
    
    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN
    
    4FU$PPLJF
    EPDVNFOUDPPLJF
    ✓ OK
    ˚ 1day only
    EPDVNFOUDPPLJFͰॻ͍ͨ৔߹͸4BGBSJͷ৔߹ɺ೔͔͠อͨͳ͍ɻ
    ·ͨɺ'JSFGPYͷ৔߹͸SEQBSUZTDSJQU͕ CMBDLMJTUʹࡌͬͯΔͱ
    ಈ͔ͳ͍ɻ
    

    View Slide

23. • Chrome ͷ৔߹͸ Cookie ʹଐੑΛ෇༩͢ΔܗͰ 3rd party cookie
    ͷtrackingΛ੍ݶ͢Δ
    • σϑΥϧτͰൃߦ͞ΕΔ cookie ʹ͸ SameSite=Lax ͱݺ͹ΕΔଐ
    ੑ͕෇༩͞ΕΔɻ
    • ͜ΕʹΑΓɺΫϩεαΠτͰͷϦΫΤετ͸τοϓϨϕϧυϝΠϯ
    ͕ಉ͡΋ͷͷΈʹ੍ݶ͞ΕΔɻ
    • ΋͠΋ΫϩεϦΫΤετͰ΋ૹΓ͍ͨ৔߹͸SameSite=None;
    Secure; ͱ͍͏ଐੑʹ͢Δඞཁ͕͋Δɻ
    Chrome SameSite Cookie
    

    View Slide

24. • Chrome ͷ৔߹ɺ document.cookie Ͱ͸
    SameSite=NoneଐੑΛ෇༩ͤ͞Δ͜ͱ͕ෆՄ
    ೳʹͳͬͯΔɻ
    // ஫ҙ: ͜͏͍͏ࢦఆ͸Ͱ͖ͳ͍ɻ
    document.cookie="id=123456789;secure;samesite=none"
    Chrome SameSite Cookie
    ௥هɿɹ$ISPNF͔Β͸4BNF4JUFOPOF4FDVSF

    Λ+4Ͱॻ͚ΔͨΊɺ͜ͷϖʔδ͸ޡΓɻ5IBOLT!LZPUPOJP
    

    View Slide

25. ͜ΕͰtrackingͰ͖ͳ͍͔ɺ
    ͱ͍͏ͱͦ͏Ͱ΋ͳ͍ɻ
    

    View Slide

26. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN
    
    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN
    
    4FSWFS
    DDPN
    
    

    View Slide

27. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN
    
    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN
    
    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN
    
    

    View Slide

28. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN
    
    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN
    
    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN
    
    SEQBSUZDPPLJF͸SEQBSUZʹରͯ͠ߦ͏͔Β/(ͳͷͰ͋ͬͯɺTUQBSUZ
    ѻ͍ͯ͠͠·͑͹੍ݶΛղআͰ͖Δ
    

    View Slide

29. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN
    
    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN
    
    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN
    
    ͨͩ͠ɺ͜ͷ৔߹ɺ$PPLJFࣗ਎͸BEBDPNʹ੍ݶ͞ΕΔͨΊɺSEQBSUZ
    DPPLJFͷΑ͏ʹɺϢʔβʔΛҰҙʹಛఆ͢ΔJEΛൃߦͰ͖ͳ͍ɻαΠτ಺Ͱ
    USBDLJOHͰ͖Δ͚ͩͰɺಛఆ͸ࠔ೉
    

    View Slide

30. ͨͩ͜Εʹରͯ͠ DNSͰ໊લ
    ղܾ࣌ʹ੍ݶ͢Δํ๏΋͋Δ
    

    View Slide

31. DNSͰ੍ݶ͢Δ
    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    %/44FSWFS
    query: ad.a.com
    cname: b.com
    %/4ʹ໊લղܾ͢Δࡍʹ
    $/".&Ͱผ໊ʹͳͬͯΔ͜
    ͱ͕Θ͔ͬͨΒͦ͜ͰCMPDL͢
    Δ࢓૊ΈΛݕ౼த
    ✗ NG
    %/4ղܾΛϒϥ΢βຊମଆͰߦ͏͜ͱͰɺ੍ݶͰ͖ΔΑ͏ʹͳΔʢͨͩ͠ɺ·ͩ
    Ͳͷϒϥ΢β΋%/4Ͱ$/".&ܦ༝ͰͷUSBDLJOH੍ݶ͸ະ࣮૷ʣ
    IUUQTCVH[JMMBNP[JMMBPSHTIPX@CVHDHJ JE
    

    View Slide

32. ͭ·ΓɺͣͬͱΠλνͬ͜͝
    ͷ༷૬Λఄ͍ͯ͠Δɻ
    

    View Slide

33. ͜ͷϓϥΠόγʔͷಈ͖͸୹
    ظతͳ΋ͷͰ͸ͳ͘ɺத௕ظ
    తͳಈ͖ɻ
    ϒϥ΢βۀքɺ΢Σϒۀքશ
    ମͷ࿩ʹͳ͍ͬͯΔɻ
    

    View Slide

34. ͨͩ Tracking શ͕ͯNGʹͳΔͱͦ΋
    ͦ΋΢ΣϒͷऩӹϞσϧ΋่Εͯ͘Δ
    SEQBSUZDPPLJFUSBDLJOHΛഉআͨ͠ࡍʹUPQͷQVCMJTIFSͷฏۉϨϕχϡʔ͕Ҏ্௿Լ
    ͢Δͱ͍͏άϥϑ
    IUUQTTFSWJDFTHPPHMFDPNGIpMFTNJTDEJTBCMJOH@UIJSEQBSUZ@DPPLJFT@QVCMJTIFS@SFWFOVFQEG
    

    View Slide

35. ࣮͸Ͳͷϒϥ΢β΋Tracking
    ͷશ͕ͯμϝͱݴ͍ͬͯΔΘ
    ͚Ͱ͸ͳ͍ɻ
    

    View Slide

36. Cookieͱ͍͏ศརͳശʹͳΜ
    Ͱ΋͔ΜͰ΋པΔͷͰ͸ͳ
    ͘ɺ
    4FTTJPO 1FSTPOBMJ[BUJPO 5SBDLJOH
    

    View Slide

37. ৽͍͠࢓૊ΈͰϓϥΠόγʔ
    ʹ഑ྀͭͭ͠ɺརศੑ΋ߟྀ
    ͨ͠৽͍͠Ϟσϧʹ͠Α͏ͱ
    ͍͏औΓ૊Έ͕ࠓى͖͍ͯΔ
    

    View Slide

38. Private Click Measurement
    (Ad click attribution)
    ޿ࠂΛΫϦοΫ͔ͯ͠Β໨తΛୡ੒͔ͨ͠Ͳ͏͔ʢίϯ
    όʔδϣϯ͕ୡ੒Ͱ͖͔ͨʣΛDPPLJFʹཔΒͣʹߦ͏ɹ
    

    View Slide

39. Private Click Measurement
    (Ad click attribution)
    ޿ࠂܝࡌઌ͔ΒΫϦοΫ͢Δࡍʹ޿ࠂܝࡌݩʹ఻͑Δ৘ใΛBEଐੑͰهड़͓͖ͯ͠ɺΫϦοΫͨ͠Βͦ
    Ε͕ܝࡌݩʹ఻ΘΔɻͨͩͷϦϯΫཁૉʹ͢Δඞཁ͕͋ΔʢBλάͰॻ͘ʣ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC
    

    View Slide

40. Private Click Measurement
    (Ad click attribution)
    ࣮ࡍʹίϯόʔδϣϯͨ͠Βɺܝࡌઌʹ)551ϦμΠϨΫτ͕ߦΘΕΔɻ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC
    

    View Slide

41. Private Click Measurement
    (Ad click attribution)
    ࣌ؒҎ಺ʹΫϦοΫͨ͠΋ͷͰ͋Ε͹ಉ͘͡ίϯόʔδϣϯͷλΠϛϯάͰܝࡌઌʹ1045ͷϦ
    ΫΤετ͕૸Δɻ໌Β͔ʹ౉ͤΔ৘ใ͕ߜΒΕ͓ͯΓɺϢʔβʔ͕ԿΛങ͔ͬͨɺͲ͏͍͏ܦ࿏Λܦͨ
    ͷ͔ͷ৘ใ͸࡟ΒΕ͍ͯΔ΋ͷͷɺίϯόʔδϣϯ͔ͨ͠Ͳ͏͔͚ͩ͸൑ผͰ͖Δɻ
    

    View Slide

42. Privacy Sandbox
    • Chrome Ͱఏএ͍ͯ͠ΔΑΓ privacy ʹ഑ྀͨ͠৽͍͠Ϟ
    σϧ
    • 3ͭͷͦΕͧΕಠཱͨ͠औΓ૊Έ͕͋Δɻ
    • Cross-Site Tracking ͷ࠶ఆٛ
    • 3rd Party Cookie ͷഇࢭ
    • ৽͍͠ํ๏΁ͷҠߦखஈͷఏڙ
    IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY
    

    View Slide

43. Privacy Sandbox
    • શͯΛ঺հ͢Δ࣌ؒ͸ͳ͍ͷͰ3ͭ΄Ͳ঺հ
    • Privacy Budget
    • Trust Tokens API
    • Federated Learning of Cohorts
    IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY
    

    View Slide

44. • ݸਓΛࣝผՄೳͳ৘ใʹ Budget (༧ࢉ)Λ༩͑
    ͯ༧ࢉΛ௒͑ͨΒͦΕҎ্ͷ৘ใΛ౉͞ͳ͍Α
    ͏ʹ͢Δ࢓૊Έ
    • UserAgent ͕ݻఆԽ͞ΕΔͷ΋༧ࢉ੍ݶͷͨΊ
    • ·ͣ͸ͲΕ͚ͩͷ৘ใ͕ݸਓࣝผՄೳͳͷ͔Λ
    ௐࠪɺܭଌ͍ͯ͠Δͱ͜Ζ͔Β
    Privacy Budget
    

    View Slide

45. Privacy Budget
    ॳظϦΫΤετ: Sec-CH-UA: "Chrome"; v="73"
    Ϩεϙϯε: Accept-CH: UA, Platform
    Sec-CH-UA: "Chrome"; v="73.3R8.2H.1"
    Sec-CH-UA-Platform: "Windows"; v="10"
    6TFS"HFOUจࣈྻ΋ैདྷͷΑ͏ʹ͸౉͞ͳ͍ɻΤϯτϩϐʔ͕ଟ͘ɺpOHFSQSJOUʹ࢖͑ΔͨΊɻ
    ͜ΕΛαʔόଆͱΫϥΠΞϯτଆͰ$MJFOU)JOUTͱݺ͹ΕΔ࢓༷Ͱަব͠ͳ͕Β৘ใΛ΋Β͏ɻ
    

    View Slide

46. Trust Tokens API
    #PUͰ͸౴͑ΒΕͳ͍໰୊Λग़ͯ͠ɺճ౴͢Δ͜ͱͰ࣮ࡍʹਓ͕࢖͍ͬͯΔ΋ͷͳͷ͔ͦ͏͡Όͳ͍ͷ͔
    Λ൑ผ͢Δ࢓૊Έɻ$"15$)"ʹΠϝʔδͱͯ͠͸͍ۙɻ$PPLJFΛਓ͔Ͳ͏͔ͷ൑ผʹར༻ͯͨ͠ͱ
    ͜ΖͰ׆༻͢Δɻ
    4FSWFS
    8IJDIJTEPH
    PS
    

    View Slide

47. Federated Learning of
    Cohorts
    ػցֶशΛσʔληϯλʔ಺Ͱ΍ΔͷͰ͸ͳ͘ɺϒϥ΢β಺ͰΤοδ͔Βػցֶश͢Δ͜ͱͰݸਓͷझ
    ຯᅂ޷ͷ൑ఆΛݸਓ৘ใΛऩू͢Δ͜ͱͳ͘ߦ͏࢓૊Έ
    #SPXTFS
    %BUB$FOUFS
    ͜Ε͔Β͸ϒϥ΢β಺Ͱܭࢉ͠ɺ
    ݸਓ৘ใऩूΛෆཁʹ͢Δ
    ैདྷ͸σʔληϯλʔ಺Ͱݸਓ৘
    ใΛܭࢉ͢Δඞཁ͕͋ͬͨ
    

    View Slide

48. DNS over https
    04ʹઃఆ͞Εͨ%/4αʔό͔Β໊લղܾ͢ΔͷͰ͸ͳ͘ɺϒϥ΢β಺͔Β௚઀)5514ϦΫΤετͰɹ
    %/4αʔόʹ໊લղܾϦΫΤετΛૹΔɻ͜͏͢Δ͜ͱͰɺࠓ·Ͱฏจͩͬͨ%/4ΫΤϦΛ҉߸Խͨ͠
    ঢ়ଶͰૹΔ͜ͱ͕Ͱ͖ɺΞΫηεઌΛதؒऀ͔ΒӅṭͰ͖Δɻ
    #SPXTFS %/4
    
    

    View Slide

49. Mozilla͕villain ͱͯ͠ೝࣝ
    ͞ΕΔࣄҊ
    

    View Slide

50. DNS-over-https ࣗମ͕ѱͩͱ͢Δಈ͖
    ͕ΠΪϦεͰى͍ͬͯ͜Δɻ͜Ε͸ɺ
    ISP͕ΞμϧτϑΟϧλʔ੍ݶΛ͔͚ͨ
    ͍(͔͚ͳ͍ͱ๏ྩҧ൓ʹͳΔ)͔Β
    ΞμϧτϑΟϧλʔ੍ݶࣗ਎͸ࢠͲ΋ͨ
    ͪΛकΔͨΊʹඞཁͳ΋ͷͰ͸͋Δ΋
    ͷͷɺ΍ͬͯΔ͜ͱ͸޿Ҭతͳ౪ௌͱ
    ಉ͡
    

    View Slide

51. ຊདྷળҙͱͯ͠΍ͬͯΔࣄ
    ʢΞμϧτϑΟϧλʔʣͰ
    ͋ͬͯ΋ɺѱҙΛ࣮࣋ͬͯࢪ
    ͞ΕΔࣄʢ౪ௌʣͱ۠ผ͕ͭ
    ͔ͳ͍ঢ়گ
    

    View Slide

52. ࠓ࣌఺ͩͱ·ͩ๏੔උ͢Β௥
    ͍͍ͭͯͳ͍ॴ΋͋Δ
    

    View Slide

53. զʑ͸Ͳ͏͢Δ΂͖͔
    

    View Slide

54. CookieͷऔΓѻ͍ʹؔͯ͠
    • αʔϏεͰ࢖͏৔߹͸ηογϣϯͱͯ͠ͷѻ͍ʹ
    ͱͲΊΔ͜ͱɻ
    • ѻ͏৔߹͸ Secureଐੑͱ HttpOnlyଐੑͷ྆ํΛ
    ͖ͪΜͱ෇͚ͯɺαʔόͰηογϣϯΫοΩʔΛ
    ൃߦͯ͠࢖͏ɻ
    • JavaScriptͰॻ͖ࠐΈΛͯ͠ΔՕॴ͸ۃྗݮΒ͢ɻ
    

    View Slide

55. CookieͷऔΓѻ͍ʹؔͯ͠
    • 3rd party cookie Λج४ʹͨ͠tracking͸Πλνͬ͜͝Ͱ
    ίϩίϩํ๏͕มΘΔ
    • trackingͦͷ΋ͷΛఘΊΔ͔
    • ৔౰ͨΓతʹରॲ͠ɺΠλνͬ͜͝ʹͳΔ͔
    • ͪΌΜͱಉҙΛಘΔ͔
    • ͷ3୒ʹͳ͍ͬͯΔɻ
    

    View Slide

56. CookieͷऔΓѻ͍ʹؔͯ͠
    • ͪΌΜͱಉҙΛಘͨܗͰΘ͔Γ΍͍͢΋ͷΛ
    Ϣʔβʔʹఏࣔ͢Δ͜ͱ΋ࢹ໺ʹݕ౼
    • ·ͨɺSafari΋ಉҙΛಘΕ͹localͳstorageͷ
    ؅ཧΛͤͯ͘͞ΕΔɻ
    https://www.philips.co.jp/a-w/cookie-notice.html
    

    View Slide

57. CookieͷऔΓѻ͍ʹؔͯ͠
    • ҰํͰtrackingʹؔͯ͠͸EU͸ࣄલʹಉҙΛऔΔ΂͖
    ͱ͍ͯ͠Δ(͍ΘΏΔGDPR)ɻ
    • ೔ຊͰ΋ݸਓ৘ใอޢ๏ͷվਖ਼Ҋ͕ݕ౼தɻ

    https://www.ppc.go.jp/files/pdf/
    200110_seidokaiseitaiko.pdf
    • CookieͷऔΓѻ͍ʹݶΒͣɺtrackingΛ͢Δ৔߹͸ࣄ
    લͷಉҙΛಘͳ͍ͱ͍͚ͳ͘ͳΔՄೳੑ΋ɻ
    

    View Slide

58. ·ͱΊ
    

    View Slide

59. ·ͱΊ
    • Cookieʹؔͯ͠͸͜Ε͔Β͓ͦΒ͘ͲΜͲΜѻ͍͕ݫ͘͠ͳ͍ͬͯ͘ɻಛʹtracking
    ʹ͍ͭͯ͸͜Ε·Ͱͷ΍Γํ͸ਪ঑͞Εͳ͍ํ޲ʹɻ
    • CookieʹมΘΔํ๏ͱͯ͠৽͍͠tracking, conversion measurementͷ΍Γํ͕ߟ͑
    ΒΕͯΔɻPrivacy Sandbox΍Private Click Measurementͷಈ޲ΛཁνΣοΫ
    • ҰํͰ·ͩ๏ྩؚΊͯ௥͍͍͍ͭͯͳ͍ͱ͜Ζ΋ͨ͘͞Μ͋Δɻ΋͘͠͸๏཯͔Βઌ
    ʹڧ੍తʹCookieͷऔΓѻ͍Λݟ௚͢ํ޲ʹͳ͍ͬͯ͘Մೳੑ΋ɻ
    • Cookieࣗ਎ͷѻ͍ʹؔͯ͠͸ηογϣϯͱͯ͠࢖͏ʹͱͲΊɺtracking͸ผͳํ๏Ͱ
    ͷݕ౼Λ͍ͯ͘͠ඞཁ͕͋Δݟ௨͠ɻ
    • ·ͩϒϥ΢βϕϯμʔؒͰ΋଍ฒΈ͸ἧ͍ͬͯͳ͍༷ࢠɺۀքશମΛר͖ࠐΉ࿩ͳͷ
    ͰɺۀքશମͰϑΥϩʔΞοϓ͍͖ͯ͠·͠ΐ͏ɻ
    

    View Slide

60. ࢀߟࢿྉ
    

    View Slide

61. ࢀߟࢿྉ
    • Safari
    • https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/
    • https://webkit.org/tracking-prevention-policy/
    • https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/
    • https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf
    • Firefox
    • https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-preview
    • https://support.mozilla.org/en-US/kb/firefox-dns-over-https
    • https://bugzilla.mozilla.org/show_bug.cgi?id=1598969
    • https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-
    cryptomining-by-default/
    • https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/
    • Chrome
    • https://services.google.com/fh/files/misc/disabling_third-party_cookies_publisher_revenue.pdf
    • https://blog.chromium.org/2020/01/building-more-private-web-path-towards.htmls
    

    View Slide

62. ࢀߟࢿྉ
    • Chrome
    • https://security.googleblog.com/2019/10/no-more-mixed-messages-about-
    https_3.html
    • https://developer.mozilla.org/ja/docs/Web/API/Document/cookie
    • https://www.chromium.org/Home/chromium-privacy/privacy-sandbox
    • https://github.com/bslassey/privacy-budget
    • https://github.com/jkarlin/floc
    • https://github.com/WICG/ua-client-hints
    • ͦͷଞ
    • https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-
    trackers-195205dc522a
    • https://wicg.github.io/ad-click-attribution/index.html
    • https://note.com/martech/n/n3d79c59e41be
    

    View Slide