Upgrade to Pro — share decks privately, control downloads, hide ads and more …

最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

 最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

2020/02/13 DevSumi 発表資料

Yosuke Furukawa
PRO

February 13, 2020
Tweet

More Decks by Yosuke Furukawa

Other Decks in Programming

Transcript

  1. ࠷৽ͷϒϥ΢βͰมΘ
    ΔCookieͷऔѻ͍΍
    ϓϥΠόγʔͷߟ͑ํ
    2020/02/13 @ Developers Summit 2020

    View Slide

  2. Twitter: @yosuke_furukawa
    Github: yosuke-furukawa
    ࠷ۙͷ׆ಈ
    $ISPNF"EWJTPSZ#PBSE
    +4$POG+1PSHBOJ[FSFUD

    View Slide

  3. ͜͜࠷ۙɺϒϥ΢βͷมߋ͕
    ଟ͍ɻಛʹηΩϡϦςΟɾ

    ϓϥΠόγʔपΓɻ

    View Slide

  4. 'JSFGPY
    4BGBSJ
    ɾ*OUFMMJHFOU5SBDLJOH1SFWFOUJPO
    τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ
    SEQBSUZDPPLJFΛอଘ͠ͳ͍
    +BWB4DSJQU͔ΒͷDPPLJF΋೔͔͠อଘ͠ͳ͍
    શͯͷΫϩεαΠτϦΫΤετͷ3FGFSFSΛ0SJHJO͚ͩʹ
    ɾ&OIBODFE5SBDLJOH1SPUFDUJPO
    τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ *51ͱ΄΅Ұॹ

    ϒϥοΫϦετܗࣜͷϦετ͕͋ΓɺͦͷϦετʹϚον͢Δͱอଘ͞
    Εͳ͍
    ϒϥοΫϦετʹࡌ͍ͬͯΔυϝΠϯ͔Β͸'JOHFSQSJOUJOHTDSJQU
    Λಈ࡞ͤ͞ͳ͍ɻ6"ͳͲͷจࣈྻΛऔΒͤͳ͍ɻ
    ɾ%/40WFS)5514
    %/4RVFSZ΋IUUQTʹͯ͠҉߸ԽɺӾཡઌΛ൑ผͰ͖ͳ͍Α͏ʹ͢Δ

    View Slide

  5. $ISPNF
    ɾ4BNF4JUF$PPLJFͷಋೖ
    ΫϩεαΠτͰͷϦΫΤετ࣌ʹ$PPLJFΛ౉͢͜ͱΛݪଇېࢭ͍ͯ͘͠ํ޲ʹɻ
    ΫϩεαΠτͰͷϦΫΤετͰ$PPLJFΛ౉͔ͨͬͨ͠Β4BNF4JUF/POFΛ͚ͭɺ
    4FDVSFଐੑͭ·Γ)5514ʹ͢Δ
    ɾ.JYFE$POUFOUTΛϒϩοΫ͢Δ
    )5514ͷίϯςΩετ͔Β)551ͷϦιʔεΛಡΉ͜ͱΛ.JYFE$POUFOUTͱݺͼɺ
    ͜ΕΛϒϩοΫ͢Δ
    ɾ6TFS"HFOUจࣈྻΛݻఆԽ
    6"͸৘ใͷղ૾౓͕ߴ͗ͯ͢pOHFSQSJOUJOHʹ࢖͑ΔͨΊɺݻఆԽ͠ඇਪ঑΁

    ɾSEQBSUZDPPLJFഇࢭ΁
    ΑΓQSJWBUFͳXFCΛಋೖ͢Δํ޲΁ͷؾ࣋ͪද໌

    IUUQTCMPHDISPNJVNPSHCVJMEJOHNPSFQSJWBUFXFCQBUI
    UPXBSETIUNM


    View Slide

  6. Intelligent Tracking Prevention
    • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

    View Slide

  7. Enhanced Tracking Protection
    • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

    View Slide

  8. SameSite Cookie
    • Cookie ΛΫϩεαΠτͰૹΒͳ͍࢓૊Έ

    View Slide

  9. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    View Slide

  10. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF

    View Slide

  11. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG

    View Slide

  12. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG
    ֤ϒϥ΢βಈ͖͕ඍົʹҟͳΔ͕ɺجຊతʹSEQBSUZDPPLJFࣗମ͸࢖͍෺ʹ
    ͳΒͳ͘ͳΔɻ4BGBSJ͸ͦ΋ͦ΋อଘ͞Εͳ͍ɺ'JSFGPY͸ϒϥοΫϦετʹ
    ࡌͬͯͨΒอଘ͠ͳ͍ɺ$ISPNF͸$PPLJFͷଐੑ 4BNF4JUF
    ͰରԠ

    View Slide

  13. ͦ΋ͦ΋ Cookie ͷ࢓૊Έ

    View Slide

  14. • a.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ b.com ͷ޿
    ࠂΛݟͨͱ͢Δɻ
    • ͦͷ৔߹ཪͰ͸ɺ `Set-Cookie` ϔομͰ
    Cookie͕ొ࿥͞ΕΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN$PPLJF4UPSF
    JE
    CDPN΁ͷJE͕ه࿥͞ΕΔ
    4FU$PPLJFJE

    View Slide

  15. • Cookie ͕ొ࿥͞ΕΔͱ࣍ճҎ߱ͷϦΫΤετ
    ࣌ʹॻ͖ࠐ·Εͨ৘ใ͕ϦΫΤετϔομʹ
    ࡌͬͯαʔόʹ఻ΘΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN΁ͷϦΫΤετ
    $PPLJFJE

    View Slide

  16. • ͜ͷ࣌ɺ b.com Ͱ͸ id=123456789; ͷਓ͕
    a.com ͔Βདྷͨ͜ͱ͕͋Δࣄɺ࠶౓ b.com ͷ
    ޿ࠂΛݟ͍ͯΔ͜ͱͳͲΛࣗ෼ͷDBʹه࿥͢
    Δ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN΁ͷϦΫΤετ
    $PPLJFJE
    ϦΫΤετʹج͖ͮɺϢʔ
    βʔͷߦಈΛه࿥͢Δ

    View Slide

  17. • ࣍ʹ c.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ΋ಉ༷
    ʹ b.com ͷ޿ࠂΛݟͨͱ͢Δɻ
    • ͦ͏͢Δͱ a.com དྷͨ͜ͱ͋Δࣄ͕޿ࠂදࣔ
    ࣌ʹ b.com ʹ఻ΘΔɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTDDPNJOEFYIUNM
    DPPLJFʹJE͕࢒͍ͬͯΕ͹Ͳ͔͜Ͱ
    ޿ࠂදࣔ͞Εͨ͜ͱ͕͋Δ͜ͱ͕CDPNʹ఻ΘΔɻ
    ࣄલͷཤྺΛݟΕ͹BDPN͔Βདྷͨ͜ͱ΋Θ͔Δ

    View Slide

  18. ͦ͜Ͱ ITP౳Ͱ 3rd party
    cookie Λblock͢Δ࢓૊Έ͕
    Ͱ͖͍ͯΔ

    View Slide

  19. 3rd Party Cookie͕ಈ͔ͳ͘ͳ
    Δ࢓૊Έ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    4FU$PPLJF
    4FU$PPLJF
    4FU$PPLJF
    ✓ OK
    ✗ NG
    ✗ NG
    ͡Ό͋ͦ΋ͦ΋͜ͷ࣌ͷCDPNϨεϙϯε࣌ʹॻ͔ΕͯΔ4FU$PPLJFΛແޮʹ
    ͢Δͱ͍͏ͷ͕*51ॳΊͱ͢ΔSEQBSUZDPPLJFΛഉআ͢Δߟ͑ํ

    View Slide

  20. ͨͩ͜Ε͚ͩͩͱ࣮͸·ͩ
    tracking͸Ͱ͖ͯ͠·͏

    View Slide

  21. • Set-Cookieϔομܦ༝Ͱ͸ͳ͘ɺJavaScriptΛμ΢ϯϩʔυͨ͠
    ޙɺ `document.cookie` ܦ༝Ͱॻ͚͹ɺCookieʹه࿥͸Մೳ
    • ͜ͷ৔߹3rd party ͷJSͰ͋ͬͯ

    ΋1st party cookieͱͳΔͨΊɺ

    ઌͷ੍໿ΛճආͰ͖Δ
    • ϦΫΤετ࣌ʹAjax౳Λܦ༝ͯ͠

    idΛ b.com ʹ΋ૹΔɺ͜ΕͰ

    trackingͰ͖Δɻ
    Cookie ͷ࢓૊Έ
    1BHF
    CDPN
    BE
    IUUQTBDPNJOEFYIUNM
    CDPN͸+BWB4DSJQUΛμ΢
    ϯϩʔυ͠ɺ+4ܦ༝ͰDPPLJF
    Λॻ͘ɻ

    View Slide

  22. ITP / ETP ͷ৔߹͸ document.cookie
    ࣗମʹ΋੍ݶ͕ՃΘ͍ͬͯΔ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FU$PPLJF
    EPDVNFOUDPPLJF
    ✓ OK
    ˚ 1day only
    EPDVNFOUDPPLJFͰॻ͍ͨ৔߹͸4BGBSJͷ৔߹ɺ೔͔͠อͨͳ͍ɻ
    ·ͨɺ'JSFGPYͷ৔߹͸SEQBSUZTDSJQU͕ CMBDLMJTUʹࡌͬͯΔͱ
    ಈ͔ͳ͍ɻ

    View Slide

  23. • Chrome ͷ৔߹͸ Cookie ʹଐੑΛ෇༩͢ΔܗͰ 3rd party cookie
    ͷtrackingΛ੍ݶ͢Δ
    • σϑΥϧτͰൃߦ͞ΕΔ cookie ʹ͸ SameSite=Lax ͱݺ͹ΕΔଐ
    ੑ͕෇༩͞ΕΔɻ
    • ͜ΕʹΑΓɺΫϩεαΠτͰͷϦΫΤετ͸τοϓϨϕϧυϝΠϯ
    ͕ಉ͡΋ͷͷΈʹ੍ݶ͞ΕΔɻ
    • ΋͠΋ΫϩεϦΫΤετͰ΋ૹΓ͍ͨ৔߹͸SameSite=None;
    Secure; ͱ͍͏ଐੑʹ͢Δඞཁ͕͋Δɻ
    Chrome SameSite Cookie

    View Slide

  24. • Chrome ͷ৔߹ɺ document.cookie Ͱ͸
    SameSite=NoneଐੑΛ෇༩ͤ͞Δ͜ͱ͕ෆՄ
    ೳʹͳͬͯΔɻ
    // ஫ҙ: ͜͏͍͏ࢦఆ͸Ͱ͖ͳ͍ɻ
    document.cookie="id=123456789;secure;samesite=none"
    Chrome SameSite Cookie
    ௥هɿɹ$ISPNF͔Β͸4BNF4JUFOPOF4FDVSF

    Λ+4Ͱॻ͚ΔͨΊɺ͜ͷϖʔδ͸ޡΓɻ5IBOLT!LZPUPOJP

    View Slide

  25. ͜ΕͰtrackingͰ͖ͳ͍͔ɺ
    ͱ͍͏ͱͦ͏Ͱ΋ͳ͍ɻ

    View Slide

  26. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    DDPN
    CDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    CDPN

    4FSWFS
    DDPN

    View Slide

  27. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN

    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN

    View Slide

  28. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN

    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN

    SEQBSUZDPPLJF͸SEQBSUZʹରͯ͠ߦ͏͔Β/(ͳͷͰ͋ͬͯɺTUQBSUZ
    ѻ͍ͯ͠͠·͑͹੍ݶΛղআͰ͖Δ

    View Slide

  29. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋
    Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ
    4FSWFS
    BDPN

    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    4FSWFS
    BEBDPNத਎͸
    CDPN

    4FSWFS
    BOBMZUJDTBDPNத
    ਎͸DDPN

    ͨͩ͠ɺ͜ͷ৔߹ɺ$PPLJFࣗ਎͸BEBDPNʹ੍ݶ͞ΕΔͨΊɺSEQBSUZ
    DPPLJFͷΑ͏ʹɺϢʔβʔΛҰҙʹಛఆ͢ΔJEΛൃߦͰ͖ͳ͍ɻαΠτ಺Ͱ
    USBDLJOHͰ͖Δ͚ͩͰɺಛఆ͸ࠔ೉

    View Slide

  30. ͨͩ͜Εʹରͯ͠ DNSͰ໊લ
    ղܾ࣌ʹ੍ݶ͢Δํ๏΋͋Δ

    View Slide

  31. DNSͰ੍ݶ͢Δ
    1BHF
    BOBMZUJDTBDPN
    BEBDPN
    IUUQTBDPNJOEFYIUNM
    %/44FSWFS
    query: ad.a.com
    cname: b.com
    %/4ʹ໊લղܾ͢Δࡍʹ
    $/".&Ͱผ໊ʹͳͬͯΔ͜
    ͱ͕Θ͔ͬͨΒͦ͜ͰCMPDL͢
    Δ࢓૊ΈΛݕ౼த
    ✗ NG
    %/4ղܾΛϒϥ΢βຊମଆͰߦ͏͜ͱͰɺ੍ݶͰ͖ΔΑ͏ʹͳΔʢͨͩ͠ɺ·ͩ
    Ͳͷϒϥ΢β΋%/4Ͱ$/".&ܦ༝ͰͷUSBDLJOH੍ݶ͸ະ࣮૷ʣ
    IUUQTCVH[JMMBNP[[email protected] JE

    View Slide

  32. ͭ·ΓɺͣͬͱΠλνͬ͜͝
    ͷ༷૬Λఄ͍ͯ͠Δɻ

    View Slide

  33. ͜ͷϓϥΠόγʔͷಈ͖͸୹
    ظతͳ΋ͷͰ͸ͳ͘ɺத௕ظ
    తͳಈ͖ɻ
    ϒϥ΢βۀքɺ΢Σϒۀքશ
    ମͷ࿩ʹͳ͍ͬͯΔɻ

    View Slide

  34. ͨͩ Tracking શ͕ͯNGʹͳΔͱͦ΋
    ͦ΋΢ΣϒͷऩӹϞσϧ΋่Εͯ͘Δ
    SEQBSUZDPPLJFUSBDLJOHΛഉআͨ͠ࡍʹUPQͷQVCMJTIFSͷฏۉϨϕχϡʔ͕Ҏ্௿Լ
    ͢Δͱ͍͏άϥϑ
    [email protected]@[email protected]@SFWFOVFQEG

    View Slide

  35. ࣮͸Ͳͷϒϥ΢β΋Tracking
    ͷશ͕ͯμϝͱݴ͍ͬͯΔΘ
    ͚Ͱ͸ͳ͍ɻ

    View Slide

  36. Cookieͱ͍͏ศརͳശʹͳΜ
    Ͱ΋͔ΜͰ΋པΔͷͰ͸ͳ
    ͘ɺ
    4FTTJPO 1FSTPOBMJ[BUJPO 5SBDLJOH

    View Slide

  37. ৽͍͠࢓૊ΈͰϓϥΠόγʔ
    ʹ഑ྀͭͭ͠ɺརศੑ΋ߟྀ
    ͨ͠৽͍͠Ϟσϧʹ͠Α͏ͱ
    ͍͏औΓ૊Έ͕ࠓى͖͍ͯΔ

    View Slide

  38. Private Click Measurement
    (Ad click attribution)
    ޿ࠂΛΫϦοΫ͔ͯ͠Β໨తΛୡ੒͔ͨ͠Ͳ͏͔ʢίϯ
    όʔδϣϯ͕ୡ੒Ͱ͖͔ͨʣΛDPPLJFʹཔΒͣʹߦ͏ɹ

    View Slide

  39. Private Click Measurement
    (Ad click attribution)
    ޿ࠂܝࡌઌ͔ΒΫϦοΫ͢Δࡍʹ޿ࠂܝࡌݩʹ఻͑Δ৘ใΛBEଐੑͰهड़͓͖ͯ͠ɺΫϦοΫͨ͠Βͦ
    Ε͕ܝࡌݩʹ఻ΘΔɻͨͩͷϦϯΫཁૉʹ͢Δඞཁ͕͋ΔʢBλάͰॻ͘ʣ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

    View Slide

  40. Private Click Measurement
    (Ad click attribution)
    ࣮ࡍʹίϯόʔδϣϯͨ͠Βɺܝࡌઌʹ)551ϦμΠϨΫτ͕ߦΘΕΔɻ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

    View Slide

  41. Private Click Measurement
    (Ad click attribution)
    ࣌ؒҎ಺ʹΫϦοΫͨ͠΋ͷͰ͋Ε͹ಉ͘͡ίϯόʔδϣϯͷλΠϛϯάͰܝࡌઌʹ1045ͷϦ
    ΫΤετ͕૸Δɻ໌Β͔ʹ౉ͤΔ৘ใ͕ߜΒΕ͓ͯΓɺϢʔβʔ͕ԿΛങ͔ͬͨɺͲ͏͍͏ܦ࿏Λܦͨ
    ͷ͔ͷ৘ใ͸࡟ΒΕ͍ͯΔ΋ͷͷɺίϯόʔδϣϯ͔ͨ͠Ͳ͏͔͚ͩ͸൑ผͰ͖Δɻ

    View Slide

  42. Privacy Sandbox
    • Chrome Ͱఏএ͍ͯ͠ΔΑΓ privacy ʹ഑ྀͨ͠৽͍͠Ϟ
    σϧ
    • 3ͭͷͦΕͧΕಠཱͨ͠औΓ૊Έ͕͋Δɻ
    • Cross-Site Tracking ͷ࠶ఆٛ
    • 3rd Party Cookie ͷഇࢭ
    • ৽͍͠ํ๏΁ͷҠߦखஈͷఏڙ
    IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

    View Slide

  43. Privacy Sandbox
    • શͯΛ঺հ͢Δ࣌ؒ͸ͳ͍ͷͰ3ͭ΄Ͳ঺հ
    • Privacy Budget
    • Trust Tokens API
    • Federated Learning of Cohorts
    IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

    View Slide

  44. • ݸਓΛࣝผՄೳͳ৘ใʹ Budget (༧ࢉ)Λ༩͑
    ͯ༧ࢉΛ௒͑ͨΒͦΕҎ্ͷ৘ใΛ౉͞ͳ͍Α
    ͏ʹ͢Δ࢓૊Έ
    • UserAgent ͕ݻఆԽ͞ΕΔͷ΋༧ࢉ੍ݶͷͨΊ
    • ·ͣ͸ͲΕ͚ͩͷ৘ใ͕ݸਓࣝผՄೳͳͷ͔Λ
    ௐࠪɺܭଌ͍ͯ͠Δͱ͜Ζ͔Β
    Privacy Budget

    View Slide

  45. Privacy Budget
    ॳظϦΫΤετ: Sec-CH-UA: "Chrome"; v="73"
    Ϩεϙϯε: Accept-CH: UA, Platform
    Sec-CH-UA: "Chrome"; v="73.3R8.2H.1"
    Sec-CH-UA-Platform: "Windows"; v="10"
    6TFS"HFOUจࣈྻ΋ैདྷͷΑ͏ʹ͸౉͞ͳ͍ɻΤϯτϩϐʔ͕ଟ͘ɺpOHFSQSJOUʹ࢖͑ΔͨΊɻ
    ͜ΕΛαʔόଆͱΫϥΠΞϯτଆͰ$MJFOU)JOUTͱݺ͹ΕΔ࢓༷Ͱަব͠ͳ͕Β৘ใΛ΋Β͏ɻ

    View Slide

  46. Trust Tokens API
    #PUͰ͸౴͑ΒΕͳ͍໰୊Λग़ͯ͠ɺճ౴͢Δ͜ͱͰ࣮ࡍʹਓ͕࢖͍ͬͯΔ΋ͷͳͷ͔ͦ͏͡Όͳ͍ͷ͔
    Λ൑ผ͢Δ࢓૊Έɻ$"15$)"ʹΠϝʔδͱͯ͠͸͍ۙɻ$PPLJFΛਓ͔Ͳ͏͔ͷ൑ผʹར༻ͯͨ͠ͱ
    ͜ΖͰ׆༻͢Δɻ
    4FSWFS
    8IJDIJTEPH
    PS

    View Slide

  47. Federated Learning of
    Cohorts
    ػցֶशΛσʔληϯλʔ಺Ͱ΍ΔͷͰ͸ͳ͘ɺϒϥ΢β಺ͰΤοδ͔Βػցֶश͢Δ͜ͱͰݸਓͷझ
    ຯᅂ޷ͷ൑ఆΛݸਓ৘ใΛऩू͢Δ͜ͱͳ͘ߦ͏࢓૊Έ
    #SPXTFS
    %BUB$FOUFS
    ͜Ε͔Β͸ϒϥ΢β಺Ͱܭࢉ͠ɺ
    ݸਓ৘ใऩूΛෆཁʹ͢Δ
    ैདྷ͸σʔληϯλʔ಺Ͱݸਓ৘
    ใΛܭࢉ͢Δඞཁ͕͋ͬͨ

    View Slide

  48. DNS over https
    04ʹઃఆ͞Εͨ%/4αʔό͔Β໊લղܾ͢ΔͷͰ͸ͳ͘ɺϒϥ΢β಺͔Β௚઀)5514ϦΫΤετͰɹ
    %/4αʔόʹ໊લղܾϦΫΤετΛૹΔɻ͜͏͢Δ͜ͱͰɺࠓ·Ͱฏจͩͬͨ%/4ΫΤϦΛ҉߸Խͨ͠
    ঢ়ଶͰૹΔ͜ͱ͕Ͱ͖ɺΞΫηεઌΛதؒऀ͔ΒӅṭͰ͖Δɻ
    #SPXTFS %/4

    View Slide

  49. Mozilla͕villain ͱͯ͠ೝࣝ
    ͞ΕΔࣄҊ

    View Slide

  50. DNS-over-https ࣗମ͕ѱͩͱ͢Δಈ͖
    ͕ΠΪϦεͰى͍ͬͯ͜Δɻ͜Ε͸ɺ
    ISP͕ΞμϧτϑΟϧλʔ੍ݶΛ͔͚ͨ
    ͍(͔͚ͳ͍ͱ๏ྩҧ൓ʹͳΔ)͔Β
    ΞμϧτϑΟϧλʔ੍ݶࣗ਎͸ࢠͲ΋ͨ
    ͪΛकΔͨΊʹඞཁͳ΋ͷͰ͸͋Δ΋
    ͷͷɺ΍ͬͯΔ͜ͱ͸޿Ҭతͳ౪ௌͱ
    ಉ͡

    View Slide

  51. ຊདྷળҙͱͯ͠΍ͬͯΔࣄ
    ʢΞμϧτϑΟϧλʔʣͰ
    ͋ͬͯ΋ɺѱҙΛ࣮࣋ͬͯࢪ
    ͞ΕΔࣄʢ౪ௌʣͱ۠ผ͕ͭ
    ͔ͳ͍ঢ়گ

    View Slide

  52. ࠓ࣌఺ͩͱ·ͩ๏੔උ͢Β௥
    ͍͍ͭͯͳ͍ॴ΋͋Δ

    View Slide

  53. զʑ͸Ͳ͏͢Δ΂͖͔

    View Slide

  54. CookieͷऔΓѻ͍ʹؔͯ͠
    • αʔϏεͰ࢖͏৔߹͸ηογϣϯͱͯ͠ͷѻ͍ʹ
    ͱͲΊΔ͜ͱɻ
    • ѻ͏৔߹͸ Secureଐੑͱ HttpOnlyଐੑͷ྆ํΛ
    ͖ͪΜͱ෇͚ͯɺαʔόͰηογϣϯΫοΩʔΛ
    ൃߦͯ͠࢖͏ɻ
    • JavaScriptͰॻ͖ࠐΈΛͯ͠ΔՕॴ͸ۃྗݮΒ͢ɻ

    View Slide

  55. CookieͷऔΓѻ͍ʹؔͯ͠
    • 3rd party cookie Λج४ʹͨ͠tracking͸Πλνͬ͜͝Ͱ
    ίϩίϩํ๏͕มΘΔ
    • trackingͦͷ΋ͷΛఘΊΔ͔
    • ৔౰ͨΓతʹରॲ͠ɺΠλνͬ͜͝ʹͳΔ͔
    • ͪΌΜͱಉҙΛಘΔ͔
    • ͷ3୒ʹͳ͍ͬͯΔɻ

    View Slide

  56. CookieͷऔΓѻ͍ʹؔͯ͠
    • ͪΌΜͱಉҙΛಘͨܗͰΘ͔Γ΍͍͢΋ͷΛ
    Ϣʔβʔʹఏࣔ͢Δ͜ͱ΋ࢹ໺ʹݕ౼
    • ·ͨɺSafari΋ಉҙΛಘΕ͹localͳstorageͷ
    ؅ཧΛͤͯ͘͞ΕΔɻ
    https://www.philips.co.jp/a-w/cookie-notice.html

    View Slide

  57. CookieͷऔΓѻ͍ʹؔͯ͠
    • ҰํͰtrackingʹؔͯ͠͸EU͸ࣄલʹಉҙΛऔΔ΂͖
    ͱ͍ͯ͠Δ(͍ΘΏΔGDPR)ɻ
    • ೔ຊͰ΋ݸਓ৘ใอޢ๏ͷվਖ਼Ҋ͕ݕ౼தɻ

    https://www.ppc.go.jp/files/pdf/
    200110_seidokaiseitaiko.pdf
    • CookieͷऔΓѻ͍ʹݶΒͣɺtrackingΛ͢Δ৔߹͸ࣄ
    લͷಉҙΛಘͳ͍ͱ͍͚ͳ͘ͳΔՄೳੑ΋ɻ

    View Slide

  58. ·ͱΊ

    View Slide

  59. ·ͱΊ
    • Cookieʹؔͯ͠͸͜Ε͔Β͓ͦΒ͘ͲΜͲΜѻ͍͕ݫ͘͠ͳ͍ͬͯ͘ɻಛʹtracking
    ʹ͍ͭͯ͸͜Ε·Ͱͷ΍Γํ͸ਪ঑͞Εͳ͍ํ޲ʹɻ
    • CookieʹมΘΔํ๏ͱͯ͠৽͍͠tracking, conversion measurementͷ΍Γํ͕ߟ͑
    ΒΕͯΔɻPrivacy Sandbox΍Private Click Measurementͷಈ޲ΛཁνΣοΫ
    • ҰํͰ·ͩ๏ྩؚΊͯ௥͍͍͍ͭͯͳ͍ͱ͜Ζ΋ͨ͘͞Μ͋Δɻ΋͘͠͸๏཯͔Βઌ
    ʹڧ੍తʹCookieͷऔΓѻ͍Λݟ௚͢ํ޲ʹͳ͍ͬͯ͘Մೳੑ΋ɻ
    • Cookieࣗ਎ͷѻ͍ʹؔͯ͠͸ηογϣϯͱͯ͠࢖͏ʹͱͲΊɺtracking͸ผͳํ๏Ͱ
    ͷݕ౼Λ͍ͯ͘͠ඞཁ͕͋Δݟ௨͠ɻ
    • ·ͩϒϥ΢βϕϯμʔؒͰ΋଍ฒΈ͸ἧ͍ͬͯͳ͍༷ࢠɺۀքશମΛר͖ࠐΉ࿩ͳͷ
    ͰɺۀքશମͰϑΥϩʔΞοϓ͍͖ͯ͠·͠ΐ͏ɻ

    View Slide

  60. ࢀߟࢿྉ

    View Slide

  61. ࢀߟࢿྉ
    • Safari
    • https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/
    • https://webkit.org/tracking-prevention-policy/
    • https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/
    • https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf
    • Firefox
    • https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-preview
    • https://support.mozilla.org/en-US/kb/firefox-dns-over-https
    • https://bugzilla.mozilla.org/show_bug.cgi?id=1598969
    • https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-
    cryptomining-by-default/
    • https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/
    • Chrome
    • https://services.google.com/fh/files/misc/disabling_third-party_cookies_publisher_revenue.pdf
    • https://blog.chromium.org/2020/01/building-more-private-web-path-towards.htmls

    View Slide

  62. ࢀߟࢿྉ
    • Chrome
    • https://security.googleblog.com/2019/10/no-more-mixed-messages-about-
    https_3.html
    • https://developer.mozilla.org/ja/docs/Web/API/Document/cookie
    • https://www.chromium.org/Home/chromium-privacy/privacy-sandbox
    • https://github.com/bslassey/privacy-budget
    • https://github.com/jkarlin/floc
    • https://github.com/WICG/ua-client-hints
    • ͦͷଞ
    • https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-
    trackers-195205dc522a
    • https://wicg.github.io/ad-click-attribution/index.html
    • https://note.com/martech/n/n3d79c59e41be

    View Slide