$30 off During Our Annual Pro Sale. View Details »

最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

Yosuke Furukawa
PRO
February 13, 2020
Programming
69
31k

 最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

2020/02/13 DevSumi 発表資料

Yosuke Furukawa
PRO

February 13, 2020
Tweet

More Decks by Yosuke Furukawa

See All by Yosuke Furukawa
Bun first impressions techfeed
yosuke_furukawa
PRO
1
24
MPA化するSPAとSPA化するMPA
yosuke_furukawa
PRO
12
5.8k
プログラミング教育について(公開版)
yosuke_furukawa
PRO
4
5.1k
Bun first impressions
yosuke_furukawa
PRO
7
1.5k
React Server Components について
yosuke_furukawa
PRO
0
890
A Philosophy of Software Design 後半
yosuke_furukawa
PRO
12
3.4k
Node.js 最新動向 TFCon 2022
yosuke_furukawa
PRO
7
4.9k
Node.js / Deno 徹底討論の時のスライド
yosuke_furukawa
PRO
3
3.7k
Browser の話
yosuke_furukawa
PRO
4
290

Other Decks in Programming

See All in Programming
AWS発デザインシステム「Cloudscape」を使ってUI爆速開発
j_3woo86
1
130
コルーチン〜Androidと非同期処理〜
nyafunta9858
0
100
Hive Distributed Profiling System in Treasure Data - English version #tdtechtalk
okumin
0
130
Javaの入門が終わったら何の勉強をすればいいの? / what should we study after language
kishida
6
38k
Composing an API with Kotlin vol 2 (Advanced Kotlin Dev Day 2022)
zsmb
1
260
37年前の Sun 3/60 のために最新のNetBSDと最新のX.orgをメンテする話 / KOF2022
tsutsui
1
130
【初心者向け】アウトプットが自分の性格をも変化させた話
lemonmanno39
0
480
Modern Web Apps with Spring Boot & Angular
toedter
13
15k
GDG DevFest2022 Songdo - KMM(Kotlin Multiplatform Mobile)
taehwandev
0
240
JavaOne 2022 報告会(パターンマッチングとString Templatesの話)
takasyou
0
100
Micro Frontends with Module Federation: Beyond the Basics
manfredsteyer
PRO
0
330
Git 未経験者 が GitHub Actions で CICD できるようになるまで / 20221127-JJUGCCC-2022-Fall-Git-beginner-built-CICD-pipeline-with-GitHubActions
mackey0225
2
150

Featured

See All Featured
How GitHub (no longer) Works
holman
298
140k
Side Projects
sachag
451
37k
Raft: Consensus for Rubyists
vanstee
128
5.6k
Docker and Python
trallard
28
1.8k
The Invisible Customer
myddelton
111
12k
Reflections from 52 weeks, 52 projects
jeffersonlam
337
18k
Statistics for Hackers
jakevdp
782
210k
Atom: Resistance is Futile
akmur
256
24k
A designer walks into a library…
pauljervisheath
197
16k
Practical Orchestrator
shlominoach
178
8.9k
Bootstrapping a Software Product
garrettdimon
299
110k
For a Future-Friendly Web
brad_frost
166
7.7k

Transcript

  1. ࠷৽ͷϒϥ΢βͰมΘ ΔCookieͷऔѻ͍΍ ϓϥΠόγʔͷߟ͑ํ 2020/02/13 @ Developers Summit 2020

  2. Twitter: @yosuke_furukawa Github: yosuke-furukawa ࠷ۙͷ׆ಈ $ISPNF"EWJTPSZ#PBSE +4$POG+1PSHBOJ[FSFUD

  3. ͜͜࠷ۙɺϒϥ΢βͷมߋ͕ ଟ͍ɻಛʹηΩϡϦςΟɾ
 ϓϥΠόγʔपΓɻ

  4. 'JSFGPY 4BGBSJ ɾ*OUFMMJHFOU5SBDLJOH1SFWFOUJPO τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ SEQBSUZDPPLJFΛอଘ͠ͳ͍ +BWB4DSJQU͔ΒͷDPPLJF΋೔͔͠อଘ͠ͳ͍ શͯͷΫϩεαΠτϦΫΤετͷ3FGFSFSΛ0SJHJO͚ͩʹ ɾ&OIBODFE5SBDLJOH1SPUFDUJPO τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ *51ͱ΄΅Ұॹ

     ϒϥοΫϦετܗࣜͷϦετ͕͋ΓɺͦͷϦετʹϚον͢Δͱอଘ͞ Εͳ͍ ϒϥοΫϦετʹࡌ͍ͬͯΔυϝΠϯ͔Β͸'JOHFSQSJOUJOHTDSJQU Λಈ࡞ͤ͞ͳ͍ɻ6"ͳͲͷจࣈྻΛऔΒͤͳ͍ɻ ɾ%/40WFS)5514 %/4RVFSZ΋IUUQTʹͯ͠҉߸ԽɺӾཡઌΛ൑ผͰ͖ͳ͍Α͏ʹ͢Δ

  5. $ISPNF ɾ4BNF4JUF$PPLJFͷಋೖ ΫϩεαΠτͰͷϦΫΤετ࣌ʹ$PPLJFΛ౉͢͜ͱΛݪଇېࢭ͍ͯ͘͠ํ޲ʹɻ ΫϩεαΠτͰͷϦΫΤετͰ$PPLJFΛ౉͔ͨͬͨ͠Β4BNF4JUF/POFΛ͚ͭɺ 4FDVSFଐੑͭ·Γ)5514ʹ͢Δ ɾ.JYFE$POUFOUTΛϒϩοΫ͢Δ )5514ͷίϯςΩετ͔Β)551ͷϦιʔεΛಡΉ͜ͱΛ.JYFE$POUFOUTͱݺͼɺ ͜ΕΛϒϩοΫ͢Δ ɾ6TFS"HFOUจࣈྻΛݻఆԽ 6"͸৘ใͷղ૾౓͕ߴ͗ͯ͢pOHFSQSJOUJOHʹ࢖͑ΔͨΊɺݻఆԽ͠ඇਪ঑΁


    ɾSEQBSUZDPPLJFഇࢭ΁ ΑΓQSJWBUFͳXFCΛಋೖ͢Δํ޲΁ͷؾ࣋ͪද໌
 IUUQTCMPHDISPNJVNPSHCVJMEJOHNPSFQSJWBUFXFCQBUI UPXBSETIUNM


  6. Intelligent Tracking Prevention • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

  7. Enhanced Tracking Protection • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

  8. SameSite Cookie • Cookie ΛΫϩεαΠτͰૹΒͳ͍࢓૊Έ

  9. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM

    4FSWFS CDPN 4FSWFS DDPN

  10. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM

    4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF

  11. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM

    4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG

  12. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM

    4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ֤ϒϥ΢βಈ͖͕ඍົʹҟͳΔ͕ɺجຊతʹSEQBSUZDPPLJFࣗମ͸࢖͍෺ʹ ͳΒͳ͘ͳΔɻ4BGBSJ͸ͦ΋ͦ΋อଘ͞Εͳ͍ɺ'JSFGPY͸ϒϥοΫϦετʹ ࡌͬͯͨΒอଘ͠ͳ͍ɺ$ISPNF͸$PPLJFͷଐੑ 4BNF4JUF ͰରԠ

  13. ͦ΋ͦ΋ Cookie ͷ࢓૊Έ

  14. • a.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ b.com ͷ޿ ࠂΛݟͨͱ͢Δɻ • ͦͷ৔߹ཪͰ͸ɺ `Set-Cookie` ϔομͰ

    Cookie͕ొ࿥͞ΕΔɻ Cookie ͷ࢓૊Έ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPN$PPLJF4UPSF JE  CDPN΁ͷJE͕ه࿥͞ΕΔ 4FU$PPLJFJE

  15. • Cookie ͕ొ࿥͞ΕΔͱ࣍ճҎ߱ͷϦΫΤετ ࣌ʹॻ͖ࠐ·Εͨ৘ใ͕ϦΫΤετϔομʹ ࡌͬͯαʔόʹ఻ΘΔɻ Cookie ͷ࢓૊Έ 1BHF CDPN BE

    IUUQTBDPNJOEFYIUNM CDPN΁ͷϦΫΤετ $PPLJFJE

  16. • ͜ͷ࣌ɺ b.com Ͱ͸ id=123456789; ͷਓ͕ a.com ͔Βདྷͨ͜ͱ͕͋Δࣄɺ࠶౓ b.com ͷ

    ޿ࠂΛݟ͍ͯΔ͜ͱͳͲΛࣗ෼ͷDBʹه࿥͢ Δ Cookie ͷ࢓૊Έ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPN΁ͷϦΫΤετ $PPLJFJE ϦΫΤετʹج͖ͮɺϢʔ βʔͷߦಈΛه࿥͢Δ

  17. • ࣍ʹ c.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ΋ಉ༷ ʹ b.com ͷ޿ࠂΛݟͨͱ͢Δɻ • ͦ͏͢Δͱ a.com

    དྷͨ͜ͱ͋Δࣄ͕޿ࠂදࣔ ࣌ʹ b.com ʹ఻ΘΔɻ Cookie ͷ࢓૊Έ 1BHF CDPN BE IUUQTDDPNJOEFYIUNM DPPLJFʹJE͕࢒͍ͬͯΕ͹Ͳ͔͜Ͱ ޿ࠂදࣔ͞Εͨ͜ͱ͕͋Δ͜ͱ͕CDPNʹ఻ΘΔɻ ࣄલͷཤྺΛݟΕ͹BDPN͔Βདྷͨ͜ͱ΋Θ͔Δ

  18. ͦ͜Ͱ ITP౳Ͱ 3rd party cookie Λblock͢Δ࢓૊Έ͕ Ͱ͖͍ͯΔ

  19. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM

    4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ͡Ό͋ͦ΋ͦ΋͜ͷ࣌ͷCDPNϨεϙϯε࣌ʹॻ͔ΕͯΔ4FU$PPLJFΛແޮʹ ͢Δͱ͍͏ͷ͕*51ॳΊͱ͢ΔSEQBSUZDPPLJFΛഉআ͢Δߟ͑ํ

  20. ͨͩ͜Ε͚ͩͩͱ࣮͸·ͩ tracking͸Ͱ͖ͯ͠·͏

  21. • Set-Cookieϔομܦ༝Ͱ͸ͳ͘ɺJavaScriptΛμ΢ϯϩʔυͨ͠ ޙɺ `document.cookie` ܦ༝Ͱॻ͚͹ɺCookieʹه࿥͸Մೳ • ͜ͷ৔߹3rd party ͷJSͰ͋ͬͯ
 ΋1st

    party cookieͱͳΔͨΊɺ
 ઌͷ੍໿ΛճආͰ͖Δ • ϦΫΤετ࣌ʹAjax౳Λܦ༝ͯ͠
 idΛ b.com ʹ΋ૹΔɺ͜ΕͰ
 trackingͰ͖Δɻ Cookie ͷ࢓૊Έ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPN͸+BWB4DSJQUΛμ΢ ϯϩʔυ͠ɺ+4ܦ༝ͰDPPLJF Λॻ͘ɻ

  22. ITP / ETP ͷ৔߹͸ document.cookie ࣗମʹ΋੍ݶ͕ՃΘ͍ͬͯΔ 4FSWFS BDPN 1BHF DDPN

    CDPN IUUQTBDPNJOEFYIUNM 4FSWFS CDPN 4FU$PPLJF EPDVNFOUDPPLJF ✓ OK ˚ 1day only EPDVNFOUDPPLJFͰॻ͍ͨ৔߹͸4BGBSJͷ৔߹ɺ೔͔͠อͨͳ͍ɻ ·ͨɺ'JSFGPYͷ৔߹͸SEQBSUZTDSJQU͕ CMBDLMJTUʹࡌͬͯΔͱ ಈ͔ͳ͍ɻ

  23. • Chrome ͷ৔߹͸ Cookie ʹଐੑΛ෇༩͢ΔܗͰ 3rd party cookie ͷtrackingΛ੍ݶ͢Δ •

    σϑΥϧτͰൃߦ͞ΕΔ cookie ʹ͸ SameSite=Lax ͱݺ͹ΕΔଐ ੑ͕෇༩͞ΕΔɻ • ͜ΕʹΑΓɺΫϩεαΠτͰͷϦΫΤετ͸τοϓϨϕϧυϝΠϯ ͕ಉ͡΋ͷͷΈʹ੍ݶ͞ΕΔɻ • ΋͠΋ΫϩεϦΫΤετͰ΋ૹΓ͍ͨ৔߹͸SameSite=None; Secure; ͱ͍͏ଐੑʹ͢Δඞཁ͕͋Δɻ Chrome SameSite Cookie

  24. • Chrome ͷ৔߹ɺ document.cookie Ͱ͸ SameSite=NoneଐੑΛ෇༩ͤ͞Δ͜ͱ͕ෆՄ ೳʹͳͬͯΔɻ // ஫ҙ: ͜͏͍͏ࢦఆ͸Ͱ͖ͳ͍ɻ

    document.cookie="id=123456789;secure;samesite=none" Chrome SameSite Cookie ௥هɿɹ$ISPNF͔Β͸4BNF4JUFOPOF4FDVSF
 Λ+4Ͱॻ͚ΔͨΊɺ͜ͷϖʔδ͸ޡΓɻ5IBOLT!LZPUPOJP

  25. ͜ΕͰtrackingͰ͖ͳ͍͔ɺ ͱ͍͏ͱͦ͏Ͱ΋ͳ͍ɻ

  26. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM 4FSWFS

    CDPN 4FSWFS DDPN

  27. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS

    BEBDPNத਎͸ CDPN 4FSWFS BOBMZUJDTBDPNத ਎͸DDPN

  28. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS

    BEBDPNத਎͸ CDPN 4FSWFS BOBMZUJDTBDPNத ਎͸DDPN SEQBSUZDPPLJF͸SEQBSUZʹରͯ͠ߦ͏͔Β/(ͳͷͰ͋ͬͯɺTUQBSUZ ѻ͍ͯ͠͠·͑͹੍ݶΛղআͰ͖Δ

  29. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS

    BEBDPNத਎͸ CDPN 4FSWFS BOBMZUJDTBDPNத ਎͸DDPN ͨͩ͠ɺ͜ͷ৔߹ɺ$PPLJFࣗ਎͸BEBDPNʹ੍ݶ͞ΕΔͨΊɺSEQBSUZ DPPLJFͷΑ͏ʹɺϢʔβʔΛҰҙʹಛఆ͢ΔJEΛൃߦͰ͖ͳ͍ɻαΠτ಺Ͱ USBDLJOHͰ͖Δ͚ͩͰɺಛఆ͸ࠔ೉

  30. ͨͩ͜Εʹରͯ͠ DNSͰ໊લ ղܾ࣌ʹ੍ݶ͢Δํ๏΋͋Δ

  31. DNSͰ੍ݶ͢Δ 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM %/44FSWFS query: ad.a.com cname: b.com

    %/4ʹ໊લղܾ͢Δࡍʹ $/".&Ͱผ໊ʹͳͬͯΔ͜ ͱ͕Θ͔ͬͨΒͦ͜ͰCMPDL͢ Δ࢓૊ΈΛݕ౼த ✗ NG %/4ղܾΛϒϥ΢βຊମଆͰߦ͏͜ͱͰɺ੍ݶͰ͖ΔΑ͏ʹͳΔʢͨͩ͠ɺ·ͩ Ͳͷϒϥ΢β΋%/4Ͱ$/".&ܦ༝ͰͷUSBDLJOH੍ݶ͸ະ࣮૷ʣ IUUQTCVH[JMMBNP[JMMBPSHTIPX@CVHDHJ JE

  32. ͭ·ΓɺͣͬͱΠλνͬ͜͝ ͷ༷૬Λఄ͍ͯ͠Δɻ

  33. ͜ͷϓϥΠόγʔͷಈ͖͸୹ ظతͳ΋ͷͰ͸ͳ͘ɺத௕ظ తͳಈ͖ɻ ϒϥ΢βۀքɺ΢Σϒۀքશ ମͷ࿩ʹͳ͍ͬͯΔɻ

  34. ͨͩ Tracking શ͕ͯNGʹͳΔͱͦ΋ ͦ΋΢ΣϒͷऩӹϞσϧ΋่Εͯ͘Δ SEQBSUZDPPLJFUSBDLJOHΛഉআͨ͠ࡍʹUPQͷQVCMJTIFSͷฏۉϨϕχϡʔ͕Ҏ্௿Լ ͢Δͱ͍͏άϥϑ IUUQTTFSWJDFTHPPHMFDPNGIpMFTNJTDEJTBCMJOH@UIJSEQBSUZ@DPPLJFT@QVCMJTIFS@SFWFOVFQEG

  35. ࣮͸Ͳͷϒϥ΢β΋Tracking ͷશ͕ͯμϝͱݴ͍ͬͯΔΘ ͚Ͱ͸ͳ͍ɻ

  36. Cookieͱ͍͏ศརͳശʹͳΜ Ͱ΋͔ΜͰ΋པΔͷͰ͸ͳ ͘ɺ 4FTTJPO 1FSTPOBMJ[BUJPO 5SBDLJOH

  37. ৽͍͠࢓૊ΈͰϓϥΠόγʔ ʹ഑ྀͭͭ͠ɺརศੑ΋ߟྀ ͨ͠৽͍͠Ϟσϧʹ͠Α͏ͱ ͍͏औΓ૊Έ͕ࠓى͖͍ͯΔ

  38. Private Click Measurement (Ad click attribution) ޿ࠂΛΫϦοΫ͔ͯ͠Β໨తΛୡ੒͔ͨ͠Ͳ͏͔ʢίϯ όʔδϣϯ͕ୡ੒Ͱ͖͔ͨʣΛDPPLJFʹཔΒͣʹߦ͏ɹ

  39. Private Click Measurement (Ad click attribution) ޿ࠂܝࡌઌ͔ΒΫϦοΫ͢Δࡍʹ޿ࠂܝࡌݩʹ఻͑Δ৘ใΛBEଐੑͰهड़͓͖ͯ͠ɺΫϦοΫͨ͠Βͦ Ε͕ܝࡌݩʹ఻ΘΔɻͨͩͷϦϯΫཁૉʹ͢Δඞཁ͕͋ΔʢBλάͰॻ͘ʣ IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

  40. Private Click Measurement (Ad click attribution) ࣮ࡍʹίϯόʔδϣϯͨ͠Βɺܝࡌઌʹ)551ϦμΠϨΫτ͕ߦΘΕΔɻ IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

  41. Private Click Measurement (Ad click attribution) ࣌ؒҎ಺ʹΫϦοΫͨ͠΋ͷͰ͋Ε͹ಉ͘͡ίϯόʔδϣϯͷλΠϛϯάͰܝࡌઌʹ1045ͷϦ ΫΤετ͕૸Δɻ໌Β͔ʹ౉ͤΔ৘ใ͕ߜΒΕ͓ͯΓɺϢʔβʔ͕ԿΛങ͔ͬͨɺͲ͏͍͏ܦ࿏Λܦͨ ͷ͔ͷ৘ใ͸࡟ΒΕ͍ͯΔ΋ͷͷɺίϯόʔδϣϯ͔ͨ͠Ͳ͏͔͚ͩ͸൑ผͰ͖Δɻ

  42. Privacy Sandbox • Chrome Ͱఏএ͍ͯ͠ΔΑΓ privacy ʹ഑ྀͨ͠৽͍͠Ϟ σϧ • 3ͭͷͦΕͧΕಠཱͨ͠औΓ૊Έ͕͋Δɻ

    • Cross-Site Tracking ͷ࠶ఆٛ • 3rd Party Cookie ͷഇࢭ • ৽͍͠ํ๏΁ͷҠߦखஈͷఏڙ IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

  43. Privacy Sandbox • શͯΛ঺հ͢Δ࣌ؒ͸ͳ͍ͷͰ3ͭ΄Ͳ঺հ • Privacy Budget • Trust Tokens

    API • Federated Learning of Cohorts IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

  44. • ݸਓΛࣝผՄೳͳ৘ใʹ Budget (༧ࢉ)Λ༩͑ ͯ༧ࢉΛ௒͑ͨΒͦΕҎ্ͷ৘ใΛ౉͞ͳ͍Α ͏ʹ͢Δ࢓૊Έ • UserAgent ͕ݻఆԽ͞ΕΔͷ΋༧ࢉ੍ݶͷͨΊ •

    ·ͣ͸ͲΕ͚ͩͷ৘ใ͕ݸਓࣝผՄೳͳͷ͔Λ ௐࠪɺܭଌ͍ͯ͠Δͱ͜Ζ͔Β Privacy Budget

  45. Privacy Budget ॳظϦΫΤετ: Sec-CH-UA: "Chrome"; v="73" Ϩεϙϯε: Accept-CH: UA, Platform

    Sec-CH-UA: "Chrome"; v="73.3R8.2H.1" Sec-CH-UA-Platform: "Windows"; v="10" 6TFS"HFOUจࣈྻ΋ैདྷͷΑ͏ʹ͸౉͞ͳ͍ɻΤϯτϩϐʔ͕ଟ͘ɺpOHFSQSJOUʹ࢖͑ΔͨΊɻ ͜ΕΛαʔόଆͱΫϥΠΞϯτଆͰ$MJFOU)JOUTͱݺ͹ΕΔ࢓༷Ͱަব͠ͳ͕Β৘ใΛ΋Β͏ɻ

  46. Trust Tokens API #PUͰ͸౴͑ΒΕͳ͍໰୊Λग़ͯ͠ɺճ౴͢Δ͜ͱͰ࣮ࡍʹਓ͕࢖͍ͬͯΔ΋ͷͳͷ͔ͦ͏͡Όͳ͍ͷ͔ Λ൑ผ͢Δ࢓૊Έɻ$"15$)"ʹΠϝʔδͱͯ͠͸͍ۙɻ$PPLJFΛਓ͔Ͳ͏͔ͷ൑ผʹར༻ͯͨ͠ͱ ͜ΖͰ׆༻͢Δɻ 4FSWFS 8IJDIJTEPH  PS

  47. Federated Learning of Cohorts ػցֶशΛσʔληϯλʔ಺Ͱ΍ΔͷͰ͸ͳ͘ɺϒϥ΢β಺ͰΤοδ͔Βػցֶश͢Δ͜ͱͰݸਓͷझ ຯᅂ޷ͷ൑ఆΛݸਓ৘ใΛऩू͢Δ͜ͱͳ͘ߦ͏࢓૊Έ #SPXTFS %BUB$FOUFS ͜Ε͔Β͸ϒϥ΢β಺Ͱܭࢉ͠ɺ ݸਓ৘ใऩूΛෆཁʹ͢Δ

    ैདྷ͸σʔληϯλʔ಺Ͱݸਓ৘ ใΛܭࢉ͢Δඞཁ͕͋ͬͨ

  48. DNS over https 04ʹઃఆ͞Εͨ%/4αʔό͔Β໊લղܾ͢ΔͷͰ͸ͳ͘ɺϒϥ΢β಺͔Β௚઀)5514ϦΫΤετͰɹ %/4αʔόʹ໊લղܾϦΫΤετΛૹΔɻ͜͏͢Δ͜ͱͰɺࠓ·Ͱฏจͩͬͨ%/4ΫΤϦΛ҉߸Խͨ͠ ঢ়ଶͰૹΔ͜ͱ͕Ͱ͖ɺΞΫηεઌΛதؒऀ͔ΒӅṭͰ͖Δɻ #SPXTFS %/4

  49. Mozilla͕villain ͱͯ͠ೝࣝ ͞ΕΔࣄҊ

  50. DNS-over-https ࣗମ͕ѱͩͱ͢Δಈ͖ ͕ΠΪϦεͰى͍ͬͯ͜Δɻ͜Ε͸ɺ ISP͕ΞμϧτϑΟϧλʔ੍ݶΛ͔͚ͨ ͍(͔͚ͳ͍ͱ๏ྩҧ൓ʹͳΔ)͔Β ΞμϧτϑΟϧλʔ੍ݶࣗ਎͸ࢠͲ΋ͨ ͪΛकΔͨΊʹඞཁͳ΋ͷͰ͸͋Δ΋ ͷͷɺ΍ͬͯΔ͜ͱ͸޿Ҭతͳ౪ௌͱ ಉ͡

  51. ຊདྷળҙͱͯ͠΍ͬͯΔࣄ ʢΞμϧτϑΟϧλʔʣͰ ͋ͬͯ΋ɺѱҙΛ࣮࣋ͬͯࢪ ͞ΕΔࣄʢ౪ௌʣͱ۠ผ͕ͭ ͔ͳ͍ঢ়گ

  52. ࠓ࣌఺ͩͱ·ͩ๏੔උ͢Β௥ ͍͍ͭͯͳ͍ॴ΋͋Δ

  53. զʑ͸Ͳ͏͢Δ΂͖͔

  54. CookieͷऔΓѻ͍ʹؔͯ͠ • αʔϏεͰ࢖͏৔߹͸ηογϣϯͱͯ͠ͷѻ͍ʹ ͱͲΊΔ͜ͱɻ • ѻ͏৔߹͸ Secureଐੑͱ HttpOnlyଐੑͷ྆ํΛ ͖ͪΜͱ෇͚ͯɺαʔόͰηογϣϯΫοΩʔΛ ൃߦͯ͠࢖͏ɻ

    • JavaScriptͰॻ͖ࠐΈΛͯ͠ΔՕॴ͸ۃྗݮΒ͢ɻ

  55. CookieͷऔΓѻ͍ʹؔͯ͠ • 3rd party cookie Λج४ʹͨ͠tracking͸Πλνͬ͜͝Ͱ ίϩίϩํ๏͕มΘΔ • trackingͦͷ΋ͷΛఘΊΔ͔ •

    ৔౰ͨΓతʹରॲ͠ɺΠλνͬ͜͝ʹͳΔ͔ • ͪΌΜͱಉҙΛಘΔ͔ • ͷ3୒ʹͳ͍ͬͯΔɻ

  56. CookieͷऔΓѻ͍ʹؔͯ͠ • ͪΌΜͱಉҙΛಘͨܗͰΘ͔Γ΍͍͢΋ͷΛ Ϣʔβʔʹఏࣔ͢Δ͜ͱ΋ࢹ໺ʹݕ౼ • ·ͨɺSafari΋ಉҙΛಘΕ͹localͳstorageͷ ؅ཧΛͤͯ͘͞ΕΔɻ https://www.philips.co.jp/a-w/cookie-notice.html

  57. CookieͷऔΓѻ͍ʹؔͯ͠ • ҰํͰtrackingʹؔͯ͠͸EU͸ࣄલʹಉҙΛऔΔ΂͖ ͱ͍ͯ͠Δ(͍ΘΏΔGDPR)ɻ • ೔ຊͰ΋ݸਓ৘ใอޢ๏ͷվਖ਼Ҋ͕ݕ౼தɻ
 https://www.ppc.go.jp/files/pdf/ 200110_seidokaiseitaiko.pdf • CookieͷऔΓѻ͍ʹݶΒͣɺtrackingΛ͢Δ৔߹͸ࣄ

    લͷಉҙΛಘͳ͍ͱ͍͚ͳ͘ͳΔՄೳੑ΋ɻ

  58. ·ͱΊ

  59. ·ͱΊ • Cookieʹؔͯ͠͸͜Ε͔Β͓ͦΒ͘ͲΜͲΜѻ͍͕ݫ͘͠ͳ͍ͬͯ͘ɻಛʹtracking ʹ͍ͭͯ͸͜Ε·Ͱͷ΍Γํ͸ਪ঑͞Εͳ͍ํ޲ʹɻ • CookieʹมΘΔํ๏ͱͯ͠৽͍͠tracking, conversion measurementͷ΍Γํ͕ߟ͑ ΒΕͯΔɻPrivacy Sandbox΍Private

    Click Measurementͷಈ޲ΛཁνΣοΫ • ҰํͰ·ͩ๏ྩؚΊͯ௥͍͍͍ͭͯͳ͍ͱ͜Ζ΋ͨ͘͞Μ͋Δɻ΋͘͠͸๏཯͔Βઌ ʹڧ੍తʹCookieͷऔΓѻ͍Λݟ௚͢ํ޲ʹͳ͍ͬͯ͘Մೳੑ΋ɻ • Cookieࣗ਎ͷѻ͍ʹؔͯ͠͸ηογϣϯͱͯ͠࢖͏ʹͱͲΊɺtracking͸ผͳํ๏Ͱ ͷݕ౼Λ͍ͯ͘͠ඞཁ͕͋Δݟ௨͠ɻ • ·ͩϒϥ΢βϕϯμʔؒͰ΋଍ฒΈ͸ἧ͍ͬͯͳ͍༷ࢠɺۀքશମΛר͖ࠐΉ࿩ͳͷ ͰɺۀքશମͰϑΥϩʔΞοϓ͍͖ͯ͠·͠ΐ͏ɻ

  60. ࢀߟࢿྉ

  61. ࢀߟࢿྉ • Safari • https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/ • https://webkit.org/tracking-prevention-policy/ • https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/ •

    https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf • Firefox • https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-preview • https://support.mozilla.org/en-US/kb/firefox-dns-over-https • https://bugzilla.mozilla.org/show_bug.cgi?id=1598969 • https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and- cryptomining-by-default/ • https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/ • Chrome • https://services.google.com/fh/files/misc/disabling_third-party_cookies_publisher_revenue.pdf • https://blog.chromium.org/2020/01/building-more-private-web-path-towards.htmls

  62. ࢀߟࢿྉ • Chrome • https://security.googleblog.com/2019/10/no-more-mixed-messages-about- https_3.html • https://developer.mozilla.org/ja/docs/Web/API/Document/cookie • https://www.chromium.org/Home/chromium-privacy/privacy-sandbox

    • https://github.com/bslassey/privacy-budget • https://github.com/jkarlin/floc • https://github.com/WICG/ua-client-hints • ͦͷଞ • https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party- trackers-195205dc522a • https://wicg.github.io/ad-click-attribution/index.html • https://note.com/martech/n/n3d79c59e41be