Upgrade to Pro — share decks privately, control downloads, hide ads and more …

最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

Yosuke Furukawa
PRO
February 13, 2020
Programming
69
31k

 最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

2020/02/13 DevSumi 発表資料

Yosuke Furukawa
PRO

February 13, 2020
Tweet

More Decks by Yosuke Furukawa

See All by Yosuke Furukawa
new_urlparser.pdf
yosuke_furukawa
PRO
1
250
キャリアの悩みについて
yosuke_furukawa
PRO
21
9k
Bun first impressions techfeed
yosuke_furukawa
PRO
1
81
MPA化するSPAとSPA化するMPA
yosuke_furukawa
PRO
13
8.4k
プログラミング教育について(公開版)
yosuke_furukawa
PRO
6
6.9k
Bun first impressions
yosuke_furukawa
PRO
9
3.3k
React Server Components について
yosuke_furukawa
PRO
2
2.7k
A Philosophy of Software Design 後半
yosuke_furukawa
PRO
13
3.6k
Node.js 最新動向 TFCon 2022
yosuke_furukawa
PRO
7
8k

Other Decks in Programming

See All in Programming
Yla's #Kaigieffect
little_rubyist
0
1k
AWS CDKのあるあるお悩みに答えたい
tmokmss
5
1.4k
Composing a Design System
stewemetal
0
180
Semantic Kernel(C#)でAzure OpenAI ServiceのGPT-4を使ってみる
tomokusaba
1
150
良い開発生産性を目指せば採用もうまくいく
rinchsan
1
380
Modern and Lightweight Cloud Application Development with Jakarta EE 10
ivargrimstad
0
400
Implementing "++" operator, stepping into parse.y
coe401_
3
6.1k
Goのメモリ管理 / Memory management in Go
ymotongpoo
4
3.1k
Kotlin Multiplatform Library 배포하기
fornewid
0
200
From Mobile to Backend with Kotlin and Ktor - plDroid
prof18
0
140
実践 AWS CDK 〜 いろいろな参照のカタチと使い分け 〜
konokenj
12
2k
コンテナ環境でのJavaチューニング
kazumura
1
270

Featured

See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
29k
Design by the Numbers
sachag
272
18k
Testing 201, or: Great Expectations
jmmastey
26
5.9k
Intergalactic Javascript Robots from Outer Space
tanoku
263
26k
How to train your dragon (web standard)
notwaldorf
69
4.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
In The Pink: A Labor of Love
frogandcode
133
21k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.6k
The World Runs on Bad Software
bkeepers
PRO
59
5.9k
What the flash - Photography Introduction
edds
64
10k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
The Invisible Customer
myddelton
113
12k

Transcript

  1. ࠷৽ͷϒϥ΢βͰมΘ
    ΔCookieͷऔѻ͍΍
    ϓϥΠόγʔͷߟ͑ํ
    2020/02/13 @ Developers Summit 2020

    View Slide

  2. Twitter: @yosuke_furukawa
    Github: yosuke-furukawa
    ࠷ۙͷ׆ಈ
    $ISPNF"EWJTPSZ#PBSE
    +4$POG+1PSHBOJ[FSFUD

    View Slide

  3. ͜͜࠷ۙɺϒϥ΢βͷมߋ͕
    ଟ͍ɻಛʹηΩϡϦςΟɾ

    ϓϥΠόγʔपΓɻ

    View Slide

  4. 'JSFGPY
    4BGBSJ
    ɾ*OUFMMJHFOU5SBDLJOH1SFWFOUJPO
    τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ
    SEQBSUZDPPLJFΛอଘ͠ͳ͍
    +BWB4DSJQU͔ΒͷDPPLJF΋೔͔͠อଘ͠ͳ͍
    શͯͷΫϩεαΠτϦΫΤετͷ3FGFSFSΛ0SJHJO͚ͩʹ
    ɾ&OIBODFE5SBDLJOH1SPUFDUJPO
    τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ *51ͱ΄΅Ұॹ

    ϒϥοΫϦετܗࣜͷϦετ͕͋ΓɺͦͷϦετʹϚον͢Δͱอଘ͞
    Εͳ͍
    ϒϥοΫϦετʹࡌ͍ͬͯΔυϝΠϯ͔Β͸'JOHFSQSJOUJOHTDSJQU
    Λಈ࡞ͤ͞ͳ͍ɻ6"ͳͲͷจࣈྻΛऔΒͤͳ͍ɻ
    ɾ%/40WFS)5514
    %/4RVFSZ΋IUUQTʹͯ͠҉߸ԽɺӾཡઌΛ൑ผͰ͖ͳ͍Α͏ʹ͢Δ

    View Slide

  5. $ISPNF
    ɾ4BNF4JUF$PPLJFͷಋೖ
    ΫϩεαΠτͰͷϦΫΤετ࣌ʹ$PPLJFΛ౉͢͜ͱΛݪଇېࢭ͍ͯ͘͠ํ޲ʹɻ
    ΫϩεαΠτͰͷϦΫΤετͰ$PPLJFΛ౉͔ͨͬͨ͠Β4BNF4JUF/POFΛ͚ͭɺ
    4FDVSFଐੑͭ·Γ)5514ʹ͢Δ
    ɾ.JYFE$POUFOUTΛϒϩοΫ͢Δ
    )5514ͷίϯςΩετ͔Β)551ͷϦιʔεΛಡΉ͜ͱΛ.JYFE$POUFOUTͱݺͼɺ
    ͜ΕΛϒϩοΫ͢Δ
    ɾ6TFS"HFOUจࣈྻΛݻఆԽ
    6"͸৘ใͷղ૾౓͕ߴ͗ͯ͢pOHFSQSJOUJOHʹ࢖͑ΔͨΊɺݻఆԽ͠ඇਪ঑΁

    ɾSEQBSUZDPPLJFഇࢭ΁
    ΑΓQSJWBUFͳXFCΛಋೖ͢Δํ޲΁ͷؾ࣋ͪද໌

    IUUQTCMPHDISPNJVNPSHCVJMEJOHNPSFQSJWBUFXFCQBUI
    UPXBSETIUNM


    View Slide

  6. Intelligent Tracking Prevention
    • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

    View Slide

  7. Enhanced Tracking Protection
    • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

    View Slide

  8. SameSite Cookie
    • Cookie ΛΫϩεαΠτͰૹΒͳ͍࢓૊Έ

    View Slide

  9. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    View Slide

  10. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF

    View Slide

  11. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG

    View Slide

  12. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG
    ֤ϒϥ΢βಈ͖͕ඍົʹҟͳΔ͕ɺجຊతʹSEQBSUZDPPLJFࣗମ͸࢖͍෺ʹ
    ͳΒͳ͘ͳΔɻ4BGBSJ͸ͦ΋ͦ΋อଘ͞Εͳ͍ɺ'JSFGPY͸ϒϥοΫϦετʹ
    ࡌͬͯͨΒอଘ͠ͳ͍ɺ$ISPNF͸$PPLJFͷଐੑ 4BNF4JUF
    ͰରԠ

    View Slide

  13. ͦ΋ͦ΋ Cookie ͷ࢓૊Έ

    View Slide

  14. • a.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ b.com ͷ޿
    ࠂΛݟͨͱ͢Δɻ
    • ͦͷ৔߹ཪͰ͸ɺ `Set-Cookie` ϔομͰ
    Cookie͕ొ࿥͞ΕΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN$PPLJF4UPSF
    JE
    CDPN΁ͷJE͕ه࿥͞ΕΔ
    4FU$PPLJFJE

    View Slide

  15. • Cookie ͕ొ࿥͞ΕΔͱ࣍ճҎ߱ͷϦΫΤετ
    ࣌ʹॻ͖ࠐ·Εͨ৘ใ͕ϦΫΤετϔομʹ
    ࡌͬͯαʔόʹ఻ΘΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN΁ͷϦΫΤετ
    $PPLJFJE

    View Slide

  16. • ͜ͷ࣌ɺ b.com Ͱ͸ id=123456789; ͷਓ͕
    a.com ͔Βདྷͨ͜ͱ͕͋Δࣄɺ࠶౓ b.com ͷ
    ޿ࠂΛݟ͍ͯΔ͜ͱͳͲΛࣗ෼ͷDBʹه࿥͢
    Δ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN΁ͷϦΫΤετ
    $PPLJFJE
    ϦΫΤετʹج͖ͮɺϢʔ
    βʔͷߦಈΛه࿥͢Δ

    View Slide

  17. • ࣍ʹ c.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ΋ಉ༷
    ʹ b.com ͷ޿ࠂΛݟͨͱ͢Δɻ
    • ͦ͏͢Δͱ a.com དྷͨ͜ͱ͋Δࣄ͕޿ࠂදࣔ
    ࣌ʹ b.com ʹ఻ΘΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTDDPNJOEFYIUNM
    DPPLJFʹJE͕࢒͍ͬͯΕ͹Ͳ͔͜Ͱ
    ޿ࠂදࣔ͞Εͨ͜ͱ͕͋Δ͜ͱ͕CDPNʹ఻ΘΔɻ
    ࣄલͷཤྺΛݟΕ͹BDPN͔Βདྷͨ͜ͱ΋Θ͔Δ

    View Slide

  18. ͦ͜Ͱ ITP౳Ͱ 3rd party
    cookie Λblock͢Δ࢓૊Έ͕
    Ͱ͖͍ͯΔ

    View Slide

  19. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG
    ͡Ό͋ͦ΋ͦ΋͜ͷ࣌ͷCDPNϨεϙϯε࣌ʹॻ͔ΕͯΔ4FU$PPLJFΛແޮʹ
    ͢Δͱ͍͏ͷ͕*51ॳΊͱ͢ΔSEQBSUZDPPLJFΛഉআ͢Δߟ͑ํ

    View Slide

  20. ͨͩ͜Ε͚ͩͩͱ࣮͸·ͩ
    tracking͸Ͱ͖ͯ͠·͏

    View Slide

  21. • Set-Cookieϔομܦ༝Ͱ͸ͳ͘ɺJavaScriptΛμ΢ϯϩʔυͨ͠
    ޙɺ `document.cookie` ܦ༝Ͱॻ͚͹ɺCookieʹه࿥͸Մೳ
    • ͜ͷ৔߹3rd party ͷJSͰ͋ͬͯ

    ΋1st party cookieͱͳΔͨΊɺ

    ઌͷ੍໿ΛճආͰ͖Δ
    • ϦΫΤετ࣌ʹAjax౳Λܦ༝ͯ͠

    idΛ b.com ʹ΋ૹΔɺ͜ΕͰ

    trackingͰ͖Δɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN͸+BWB4DSJQUΛμ΢
    ϯϩʔυ͠ɺ+4ܦ༝ͰDPPLJF
    Λॻ͘ɻ

    View Slide

  22. ITP / ETP ͷ৔߹͸ document.cookie
    ࣗମʹ΋੍ݶ͕ՃΘ͍ͬͯΔ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FU$PPLJF
    EPDVNFOUDPPLJF
    ✓ OK
    ˚ 1day only
    EPDVNFOUDPPLJFͰॻ͍ͨ৔߹͸4BGBSJͷ৔߹ɺ೔͔͠อͨͳ͍ɻ
    ·ͨɺ'JSFGPYͷ৔߹͸SEQBSUZTDSJQU͕ CMBDLMJTUʹࡌͬͯΔͱ
    ಈ͔ͳ͍ɻ

    View Slide

  23. • Chrome ͷ৔߹͸ Cookie ʹଐੑΛ෇༩͢ΔܗͰ 3rd party cookie
    ͷtrackingΛ੍ݶ͢Δ
    • σϑΥϧτͰൃߦ͞ΕΔ cookie ʹ͸ SameSite=Lax ͱݺ͹ΕΔଐ
    ੑ͕෇༩͞ΕΔɻ
    • ͜ΕʹΑΓɺΫϩεαΠτͰͷϦΫΤετ͸τοϓϨϕϧυϝΠϯ
    ͕ಉ͡΋ͷͷΈʹ੍ݶ͞ΕΔɻ
    • ΋͠΋ΫϩεϦΫΤετͰ΋ૹΓ͍ͨ৔߹͸SameSite=None;
    Secure; ͱ͍͏ଐੑʹ͢Δඞཁ͕͋Δɻ
    Chrome SameSite Cookie

    View Slide

  24. • Chrome ͷ৔߹ɺ document.cookie Ͱ͸
    SameSite=NoneଐੑΛ෇༩ͤ͞Δ͜ͱ͕ෆՄ
    ೳʹͳͬͯΔɻ
    // ஫ҙ: ͜͏͍͏ࢦఆ͸Ͱ͖ͳ͍ɻ
    document.cookie="id=123456789;secure;samesite=none"
    Chrome SameSite Cookie
    ௥هɿɹ$ISPNF͔Β͸4BNF4JUFOPOF4FDVSF

    Λ+4Ͱॻ͚ΔͨΊɺ͜ͷϖʔδ͸ޡΓɻ5IBOLT!LZPUPOJP

    View Slide

  25. ͜ΕͰtrackingͰ͖ͳ͍͔ɺ
    ͱ͍͏ͱͦ͏Ͱ΋ͳ͍ɻ

    View Slide

  26. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    View Slide

  27. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN

    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN

    View Slide

  28. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN

    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN

    SEQBSUZDPPLJF͸SEQBSUZʹରͯ͠ߦ͏͔Β/(ͳͷͰ͋ͬͯɺTUQBSUZ
    ѻ͍ͯ͠͠·͑͹੍ݶΛղআͰ͖Δ

    View Slide

  29. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN

    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN

    ͨͩ͠ɺ͜ͷ৔߹ɺ$PPLJFࣗ਎͸BEBDPNʹ੍ݶ͞ΕΔͨΊɺSEQBSUZ
    DPPLJFͷΑ͏ʹɺϢʔβʔΛҰҙʹಛఆ͢ΔJEΛൃߦͰ͖ͳ͍ɻαΠτ಺Ͱ
    USBDLJOHͰ͖Δ͚ͩͰɺಛఆ͸ࠔ೉

    View Slide

  30. ͨͩ͜Εʹରͯ͠ DNSͰ໊લ
    ղܾ࣌ʹ੍ݶ͢Δํ๏΋͋Δ

    View Slide

  31. DNSͰ੍ݶ͢Δ
    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    %/44FSWFS
    query: ad.a.com
    cname: b.com
    %/4ʹ໊લղܾ͢Δࡍʹ
    $/".&Ͱผ໊ʹͳͬͯΔ͜
    ͱ͕Θ͔ͬͨΒͦ͜ͰCMPDL͢
    Δ࢓૊ΈΛݕ౼த
    ✗ NG
    %/4ղܾΛϒϥ΢βຊମଆͰߦ͏͜ͱͰɺ੍ݶͰ͖ΔΑ͏ʹͳΔʢͨͩ͠ɺ·ͩ
    Ͳͷϒϥ΢β΋%/4Ͱ$/".&ܦ༝ͰͷUSBDLJOH੍ݶ͸ະ࣮૷ʣ
    IUUQTCVH[JMMBNP[[email protected] JE

    View Slide

  32. ͭ·ΓɺͣͬͱΠλνͬ͜͝
    ͷ༷૬Λఄ͍ͯ͠Δɻ

    View Slide

  33. ͜ͷϓϥΠόγʔͷಈ͖͸୹
    ظతͳ΋ͷͰ͸ͳ͘ɺத௕ظ
    తͳಈ͖ɻ
    ϒϥ΢βۀքɺ΢Σϒۀքશ
    ମͷ࿩ʹͳ͍ͬͯΔɻ

    View Slide

  34. ͨͩ Tracking શ͕ͯNGʹͳΔͱͦ΋
    ͦ΋΢ΣϒͷऩӹϞσϧ΋่Εͯ͘Δ
    SEQBSUZDPPLJFUSBDLJOHΛഉআͨ͠ࡍʹUPQͷQVCMJTIFSͷฏۉϨϕχϡʔ͕Ҏ্௿Լ
    ͢Δͱ͍͏άϥϑ
    [email protected]@[email protected]@SFWFOVFQEG

    View Slide

  35. ࣮͸Ͳͷϒϥ΢β΋Tracking
    ͷશ͕ͯμϝͱݴ͍ͬͯΔΘ
    ͚Ͱ͸ͳ͍ɻ

    View Slide

  36. Cookieͱ͍͏ศརͳശʹͳΜ
    Ͱ΋͔ΜͰ΋པΔͷͰ͸ͳ
    ͘ɺ
    4FTTJPO 1FSTPOBMJ[BUJPO 5SBDLJOH

    View Slide

  37. ৽͍͠࢓૊ΈͰϓϥΠόγʔ
    ʹ഑ྀͭͭ͠ɺརศੑ΋ߟྀ
    ͨ͠৽͍͠Ϟσϧʹ͠Α͏ͱ
    ͍͏औΓ૊Έ͕ࠓى͖͍ͯΔ

    View Slide

  38. Private Click Measurement
    (Ad click attribution)
    ޿ࠂΛΫϦοΫ͔ͯ͠Β໨తΛୡ੒͔ͨ͠Ͳ͏͔ʢίϯ
    όʔδϣϯ͕ୡ੒Ͱ͖͔ͨʣΛDPPLJFʹཔΒͣʹߦ͏ɹ

    View Slide

  39. Private Click Measurement
    (Ad click attribution)
    ޿ࠂܝࡌઌ͔ΒΫϦοΫ͢Δࡍʹ޿ࠂܝࡌݩʹ఻͑Δ৘ใΛBEଐੑͰهड़͓͖ͯ͠ɺΫϦοΫͨ͠Βͦ
    Ε͕ܝࡌݩʹ఻ΘΔɻͨͩͷϦϯΫཁૉʹ͢Δඞཁ͕͋ΔʢBλάͰॻ͘ʣ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

    View Slide

  40. Private Click Measurement
    (Ad click attribution)
    ࣮ࡍʹίϯόʔδϣϯͨ͠Βɺܝࡌઌʹ)551ϦμΠϨΫτ͕ߦΘΕΔɻ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

    View Slide

  41. Private Click Measurement
    (Ad click attribution)
    ࣌ؒҎ಺ʹΫϦοΫͨ͠΋ͷͰ͋Ε͹ಉ͘͡ίϯόʔδϣϯͷλΠϛϯάͰܝࡌઌʹ1045ͷϦ
    ΫΤετ͕૸Δɻ໌Β͔ʹ౉ͤΔ৘ใ͕ߜΒΕ͓ͯΓɺϢʔβʔ͕ԿΛങ͔ͬͨɺͲ͏͍͏ܦ࿏Λܦͨ
    ͷ͔ͷ৘ใ͸࡟ΒΕ͍ͯΔ΋ͷͷɺίϯόʔδϣϯ͔ͨ͠Ͳ͏͔͚ͩ͸൑ผͰ͖Δɻ

    View Slide

  42. Privacy Sandbox
    • Chrome Ͱఏএ͍ͯ͠ΔΑΓ privacy ʹ഑ྀͨ͠৽͍͠Ϟ
    σϧ
    • 3ͭͷͦΕͧΕಠཱͨ͠औΓ૊Έ͕͋Δɻ
    • Cross-Site Tracking ͷ࠶ఆٛ
    • 3rd Party Cookie ͷഇࢭ
    • ৽͍͠ํ๏΁ͷҠߦखஈͷఏڙ
    IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

    View Slide

  43. Privacy Sandbox
    • શͯΛ঺հ͢Δ࣌ؒ͸ͳ͍ͷͰ3ͭ΄Ͳ঺հ
    • Privacy Budget
    • Trust Tokens API
    • Federated Learning of Cohorts
    IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

    View Slide

  44. • ݸਓΛࣝผՄೳͳ৘ใʹ Budget (༧ࢉ)Λ༩͑
    ͯ༧ࢉΛ௒͑ͨΒͦΕҎ্ͷ৘ใΛ౉͞ͳ͍Α
    ͏ʹ͢Δ࢓૊Έ
    • UserAgent ͕ݻఆԽ͞ΕΔͷ΋༧ࢉ੍ݶͷͨΊ
    • ·ͣ͸ͲΕ͚ͩͷ৘ใ͕ݸਓࣝผՄೳͳͷ͔Λ
    ௐࠪɺܭଌ͍ͯ͠Δͱ͜Ζ͔Β
    Privacy Budget

    View Slide

  45. Privacy Budget
    ॳظϦΫΤετ: Sec-CH-UA: "Chrome"; v="73"
    Ϩεϙϯε: Accept-CH: UA, Platform
    Sec-CH-UA: "Chrome"; v="73.3R8.2H.1"
    Sec-CH-UA-Platform: "Windows"; v="10"
    6TFS"HFOUจࣈྻ΋ैདྷͷΑ͏ʹ͸౉͞ͳ͍ɻΤϯτϩϐʔ͕ଟ͘ɺpOHFSQSJOUʹ࢖͑ΔͨΊɻ
    ͜ΕΛαʔόଆͱΫϥΠΞϯτଆͰ$MJFOU)JOUTͱݺ͹ΕΔ࢓༷Ͱަব͠ͳ͕Β৘ใΛ΋Β͏ɻ

    View Slide

  46. Trust Tokens API
    #PUͰ͸౴͑ΒΕͳ͍໰୊Λग़ͯ͠ɺճ౴͢Δ͜ͱͰ࣮ࡍʹਓ͕࢖͍ͬͯΔ΋ͷͳͷ͔ͦ͏͡Όͳ͍ͷ͔
    Λ൑ผ͢Δ࢓૊Έɻ$"15$)"ʹΠϝʔδͱͯ͠͸͍ۙɻ$PPLJFΛਓ͔Ͳ͏͔ͷ൑ผʹར༻ͯͨ͠ͱ
    ͜ΖͰ׆༻͢Δɻ
    4FSWFS
    8IJDIJTEPH
    PS

    View Slide

  47. Federated Learning of
    Cohorts
    ػցֶशΛσʔληϯλʔ಺Ͱ΍ΔͷͰ͸ͳ͘ɺϒϥ΢β಺ͰΤοδ͔Βػցֶश͢Δ͜ͱͰݸਓͷझ
    ຯᅂ޷ͷ൑ఆΛݸਓ৘ใΛऩू͢Δ͜ͱͳ͘ߦ͏࢓૊Έ
    #SPXTFS
    %BUB$FOUFS
    ͜Ε͔Β͸ϒϥ΢β಺Ͱܭࢉ͠ɺ
    ݸਓ৘ใऩूΛෆཁʹ͢Δ
    ैདྷ͸σʔληϯλʔ಺Ͱݸਓ৘
    ใΛܭࢉ͢Δඞཁ͕͋ͬͨ

    View Slide

  48. DNS over https
    04ʹઃఆ͞Εͨ%/4αʔό͔Β໊લղܾ͢ΔͷͰ͸ͳ͘ɺϒϥ΢β಺͔Β௚઀)5514ϦΫΤετͰɹ
    %/4αʔόʹ໊લղܾϦΫΤετΛૹΔɻ͜͏͢Δ͜ͱͰɺࠓ·Ͱฏจͩͬͨ%/4ΫΤϦΛ҉߸Խͨ͠
    ঢ়ଶͰૹΔ͜ͱ͕Ͱ͖ɺΞΫηεઌΛதؒऀ͔ΒӅṭͰ͖Δɻ
    #SPXTFS %/4

    View Slide

  49. Mozilla͕villain ͱͯ͠ೝࣝ
    ͞ΕΔࣄҊ

    View Slide

  50. DNS-over-https ࣗମ͕ѱͩͱ͢Δಈ͖
    ͕ΠΪϦεͰى͍ͬͯ͜Δɻ͜Ε͸ɺ
    ISP͕ΞμϧτϑΟϧλʔ੍ݶΛ͔͚ͨ
    ͍(͔͚ͳ͍ͱ๏ྩҧ൓ʹͳΔ)͔Β
    ΞμϧτϑΟϧλʔ੍ݶࣗ਎͸ࢠͲ΋ͨ
    ͪΛकΔͨΊʹඞཁͳ΋ͷͰ͸͋Δ΋
    ͷͷɺ΍ͬͯΔ͜ͱ͸޿Ҭతͳ౪ௌͱ
    ಉ͡

    View Slide

  51. ຊདྷળҙͱͯ͠΍ͬͯΔࣄ
    ʢΞμϧτϑΟϧλʔʣͰ
    ͋ͬͯ΋ɺѱҙΛ࣮࣋ͬͯࢪ
    ͞ΕΔࣄʢ౪ௌʣͱ۠ผ͕ͭ
    ͔ͳ͍ঢ়گ

    View Slide

  52. ࠓ࣌఺ͩͱ·ͩ๏੔උ͢Β௥
    ͍͍ͭͯͳ͍ॴ΋͋Δ

    View Slide

  53. զʑ͸Ͳ͏͢Δ΂͖͔

    View Slide

  54. CookieͷऔΓѻ͍ʹؔͯ͠
    • αʔϏεͰ࢖͏৔߹͸ηογϣϯͱͯ͠ͷѻ͍ʹ
    ͱͲΊΔ͜ͱɻ
    • ѻ͏৔߹͸ Secureଐੑͱ HttpOnlyଐੑͷ྆ํΛ
    ͖ͪΜͱ෇͚ͯɺαʔόͰηογϣϯΫοΩʔΛ
    ൃߦͯ͠࢖͏ɻ
    • JavaScriptͰॻ͖ࠐΈΛͯ͠ΔՕॴ͸ۃྗݮΒ͢ɻ

    View Slide

  55. CookieͷऔΓѻ͍ʹؔͯ͠
    • 3rd party cookie Λج४ʹͨ͠tracking͸Πλνͬ͜͝Ͱ
    ίϩίϩํ๏͕มΘΔ
    • trackingͦͷ΋ͷΛఘΊΔ͔
    • ৔౰ͨΓతʹରॲ͠ɺΠλνͬ͜͝ʹͳΔ͔
    • ͪΌΜͱಉҙΛಘΔ͔
    • ͷ3୒ʹͳ͍ͬͯΔɻ

    View Slide

  56. CookieͷऔΓѻ͍ʹؔͯ͠
    • ͪΌΜͱಉҙΛಘͨܗͰΘ͔Γ΍͍͢΋ͷΛ
    Ϣʔβʔʹఏࣔ͢Δ͜ͱ΋ࢹ໺ʹݕ౼
    • ·ͨɺSafari΋ಉҙΛಘΕ͹localͳstorageͷ
    ؅ཧΛͤͯ͘͞ΕΔɻ
    https://www.philips.co.jp/a-w/cookie-notice.html

    View Slide

  57. CookieͷऔΓѻ͍ʹؔͯ͠
    • ҰํͰtrackingʹؔͯ͠͸EU͸ࣄલʹಉҙΛऔΔ΂͖
    ͱ͍ͯ͠Δ(͍ΘΏΔGDPR)ɻ
    • ೔ຊͰ΋ݸਓ৘ใอޢ๏ͷվਖ਼Ҋ͕ݕ౼தɻ

    https://www.ppc.go.jp/files/pdf/
    200110_seidokaiseitaiko.pdf
    • CookieͷऔΓѻ͍ʹݶΒͣɺtrackingΛ͢Δ৔߹͸ࣄ
    લͷಉҙΛಘͳ͍ͱ͍͚ͳ͘ͳΔՄೳੑ΋ɻ

    View Slide

  58. ·ͱΊ

    View Slide

  59. ·ͱΊ
    • Cookieʹؔͯ͠͸͜Ε͔Β͓ͦΒ͘ͲΜͲΜѻ͍͕ݫ͘͠ͳ͍ͬͯ͘ɻಛʹtracking
    ʹ͍ͭͯ͸͜Ε·Ͱͷ΍Γํ͸ਪ঑͞Εͳ͍ํ޲ʹɻ
    • CookieʹมΘΔํ๏ͱͯ͠৽͍͠tracking, conversion measurementͷ΍Γํ͕ߟ͑
    ΒΕͯΔɻPrivacy Sandbox΍Private Click Measurementͷಈ޲ΛཁνΣοΫ
    • ҰํͰ·ͩ๏ྩؚΊͯ௥͍͍͍ͭͯͳ͍ͱ͜Ζ΋ͨ͘͞Μ͋Δɻ΋͘͠͸๏཯͔Βઌ
    ʹڧ੍తʹCookieͷऔΓѻ͍Λݟ௚͢ํ޲ʹͳ͍ͬͯ͘Մೳੑ΋ɻ
    • Cookieࣗ਎ͷѻ͍ʹؔͯ͠͸ηογϣϯͱͯ͠࢖͏ʹͱͲΊɺtracking͸ผͳํ๏Ͱ
    ͷݕ౼Λ͍ͯ͘͠ඞཁ͕͋Δݟ௨͠ɻ
    • ·ͩϒϥ΢βϕϯμʔؒͰ΋଍ฒΈ͸ἧ͍ͬͯͳ͍༷ࢠɺۀքશମΛר͖ࠐΉ࿩ͳͷ
    ͰɺۀքશମͰϑΥϩʔΞοϓ͍͖ͯ͠·͠ΐ͏ɻ

    View Slide

  60. ࢀߟࢿྉ

    View Slide

  61. ࢀߟࢿྉ
    • Safari
    • https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/
    • https://webkit.org/tracking-prevention-policy/
    • https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/
    • https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf
    • Firefox
    • https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-preview
    • https://support.mozilla.org/en-US/kb/firefox-dns-over-https
    • https://bugzilla.mozilla.org/show_bug.cgi?id=1598969
    • https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-
    cryptomining-by-default/
    • https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/
    • Chrome
    • https://services.google.com/fh/files/misc/disabling_third-party_cookies_publisher_revenue.pdf
    • https://blog.chromium.org/2020/01/building-more-private-web-path-towards.htmls

    View Slide

  62. ࢀߟࢿྉ
    • Chrome
    • https://security.googleblog.com/2019/10/no-more-mixed-messages-about-
    https_3.html
    • https://developer.mozilla.org/ja/docs/Web/API/Document/cookie
    • https://www.chromium.org/Home/chromium-privacy/privacy-sandbox
    • https://github.com/bslassey/privacy-budget
    • https://github.com/jkarlin/floc
    • https://github.com/WICG/ua-client-hints
    • ͦͷଞ
    • https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-
    trackers-195205dc522a
    • https://wicg.github.io/ad-click-attribution/index.html
    • https://note.com/martech/n/n3d79c59e41be

    View Slide