Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方
Search
Yosuke Furukawa
PRO
February 13, 2020
Programming
32k
69
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方
2020/02/13 DevSumi 発表資料
Yosuke Furukawa
PRO
February 13, 2020
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
240
Node.js, Deno, Bun 最新動向とその所感について
yosuke_furukawa
PRO
10
5.2k
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
1
4.8k
tc39 x jsconf.jp Panel Discussion 2024
yosuke_furukawa
PRO
0
350
Removing Corepack
yosuke_furukawa
PRO
9
2k
JavaScript Runtime とはなにか
yosuke_furukawa
PRO
15
3.1k
Strip Types と Storage
yosuke_furukawa
PRO
4
520
Module Harmony について
yosuke_furukawa
PRO
4
1.9k
LTのやり方
yosuke_furukawa
PRO
16
3k
Other Decks in Programming
See All in Programming
Vite+ Unified Toolchain for the Web
naokihaba
0
740
「正の参照」と 「負の導出」で組む ハーネスエンジニアリング
cottpan
1
140
Embedded SREと共に達成した会員管理システムのAWS移行 - SRE NEXT 2026 ランチスポンサーセッション
niftycorp
PRO
1
2.3k
『コードを書く以外の』エンジニアリング〜課金基盤移行プロジェクト推進のためのTips4選
yuriko1211
0
310
継続モナドとリアクティブプログラミング
yukikurage
3
490
吝嗇家のためのAI活用 / AI development for miser - ChatGPT + Issue Driven Development
tooppoo
0
180
例外の正しい扱い方 そのエラー try-catchして大丈夫?
jinwatanabe
0
360
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
blueswen
0
190
Vue × Nuxt × Oxc どこまで使える?実運用の現在地
andpad
0
370
【やさしく解説 設計編 #0】DDDのコード、読めるのに分からない人へ
panda728
PRO
2
250
OSINT for SRE: 学術論文とポストモーテムから探る システム障害の共通パターン / SRE NEXT 2026
tomoyk
1
3.4k
symfony/aiとlaravel/boost
77web
0
120
Featured
See All Featured
Site-Speed That Sticks
csswizardry
13
1.2k
Designing Experiences People Love
moore
143
24k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
460
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Statistics for Hackers
jakevdp
799
230k
The Pragmatic Product Professional
lauravandoore
37
7.4k
Writing Fast Ruby
sferik
630
63k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.3k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.2k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.7k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4.1k
Transcript
࠷৽ͷϒϥβͰมΘ ΔCookieͷऔѻ͍ ϓϥΠόγʔͷߟ͑ํ 2020/02/13 @ Developers Summit 2020
Twitter: @yosuke_furukawa Github: yosuke-furukawa ࠷ۙͷ׆ಈ $ISPNF"EWJTPSZ#PBSE +4$POG+1PSHBOJ[FSFUD
͜͜࠷ۙɺϒϥβͷมߋ͕ ଟ͍ɻಛʹηΩϡϦςΟɾ ϓϥΠόγʔपΓɻ
'JSFGPY 4BGBSJ ɾ*OUFMMJHFOU5SBDLJOH1SFWFOUJPO τϥοΩϯάΛࢭ͢ΔΈ SEQBSUZDPPLJFΛอଘ͠ͳ͍ +BWB4DSJQU͔ΒͷDPPLJF͔͠อଘ͠ͳ͍ શͯͷΫϩεαΠτϦΫΤετͷ3FGFSFSΛ0SJHJO͚ͩʹ ɾ&OIBODFE5SBDLJOH1SPUFDUJPO τϥοΩϯάΛࢭ͢ΔΈ *51ͱ΄΅Ұॹ
ϒϥοΫϦετܗࣜͷϦετ͕͋ΓɺͦͷϦετʹϚον͢Δͱอଘ͞ Εͳ͍ ϒϥοΫϦετʹࡌ͍ͬͯΔυϝΠϯ͔Β'JOHFSQSJOUJOHTDSJQU Λಈ࡞ͤ͞ͳ͍ɻ6"ͳͲͷจࣈྻΛऔΒͤͳ͍ɻ ɾ%/40WFS)5514 %/4RVFSZIUUQTʹͯ͠҉߸ԽɺӾཡઌΛผͰ͖ͳ͍Α͏ʹ͢Δ
$ISPNF ɾ4BNF4JUF$PPLJFͷಋೖ ΫϩεαΠτͰͷϦΫΤετ࣌ʹ$PPLJFΛ͢͜ͱΛݪଇېࢭ͍ͯ͘͠ํʹɻ ΫϩεαΠτͰͷϦΫΤετͰ$PPLJFΛ͔ͨͬͨ͠Β4BNF4JUF/POFΛ͚ͭɺ 4FDVSFଐੑͭ·Γ)5514ʹ͢Δ ɾ.JYFE$POUFOUTΛϒϩοΫ͢Δ )5514ͷίϯςΩετ͔Β)551ͷϦιʔεΛಡΉ͜ͱΛ.JYFE$POUFOUTͱݺͼɺ ͜ΕΛϒϩοΫ͢Δ ɾ6TFS"HFOUจࣈྻΛݻఆԽ 6"ใͷղ૾͕ߴ͗ͯ͢pOHFSQSJOUJOHʹ͑ΔͨΊɺݻఆԽ͠ඇਪ
ɾSEQBSUZDPPLJFഇࢭ ΑΓQSJWBUFͳXFCΛಋೖ͢Δํͷؾ࣋ͪද໌ IUUQTCMPHDISPNJVNPSHCVJMEJOHNPSFQSJWBUFXFCQBUI UPXBSETIUNM
Intelligent Tracking Prevention • τϥοΩϯάࢭΛ͢ΔҰ࿈ͷΈΛࢦ͢
Enhanced Tracking Protection • τϥοΩϯάࢭΛ͢ΔҰ࿈ͷΈΛࢦ͢
SameSite Cookie • Cookie ΛΫϩεαΠτͰૹΒͳ͍Έ
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ֤ϒϥβಈ͖͕ඍົʹҟͳΔ͕ɺجຊతʹSEQBSUZDPPLJFࣗମ͍ʹ ͳΒͳ͘ͳΔɻ4BGBSJͦͦอଘ͞Εͳ͍ɺ'JSFGPYϒϥοΫϦετʹ ࡌͬͯͨΒอଘ͠ͳ͍ɺ$ISPNF$PPLJFͷଐੑ 4BNF4JUF ͰରԠ
ͦͦ Cookie ͷΈ
• a.com ʹ๚ͨ͠ͱ͢Δɻͦ͜Ͱ b.com ͷ ࠂΛݟͨͱ͢Δɻ • ͦͷ߹ཪͰɺ `Set-Cookie` ϔομͰ
Cookie͕ొ͞ΕΔɻ Cookie ͷΈ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPN$PPLJF4UPSF JE CDPNͷJE͕ه͞ΕΔ 4FU$PPLJFJE
• Cookie ͕ొ͞ΕΔͱ࣍ճҎ߱ͷϦΫΤετ ࣌ʹॻ͖ࠐ·Εͨใ͕ϦΫΤετϔομʹ ࡌͬͯαʔόʹΘΔɻ Cookie ͷΈ 1BHF CDPN BE
IUUQTBDPNJOEFYIUNM CDPNͷϦΫΤετ $PPLJFJE
• ͜ͷ࣌ɺ b.com Ͱ id=123456789; ͷਓ͕ a.com ͔Βདྷͨ͜ͱ͕͋Δࣄɺ࠶ b.com ͷ
ࠂΛݟ͍ͯΔ͜ͱͳͲΛࣗͷDBʹه͢ Δ Cookie ͷΈ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPNͷϦΫΤετ $PPLJFJE ϦΫΤετʹج͖ͮɺϢʔ βʔͷߦಈΛه͢Δ
• ࣍ʹ c.com ʹ๚ͨ͠ͱ͢Δɻͦ͜Ͱಉ༷ ʹ b.com ͷࠂΛݟͨͱ͢Δɻ • ͦ͏͢Δͱ a.com
དྷͨ͜ͱ͋Δࣄ͕ࠂදࣔ ࣌ʹ b.com ʹΘΔɻ Cookie ͷΈ 1BHF CDPN BE IUUQTDDPNJOEFYIUNM DPPLJFʹJE͕͍ͬͯΕͲ͔͜Ͱ ࠂදࣔ͞Εͨ͜ͱ͕͋Δ͜ͱ͕CDPNʹΘΔɻ ࣄલͷཤྺΛݟΕBDPN͔Βདྷͨ͜ͱΘ͔Δ
ͦ͜Ͱ ITPͰ 3rd party cookie Λblock͢ΔΈ͕ Ͱ͖͍ͯΔ
3rd Party Cookie͕ಈ͔ͳ͘ͳ ΔΈ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM
4FSWFS CDPN 4FSWFS DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ͡Ό͋ͦͦ͜ͷ࣌ͷCDPNϨεϙϯε࣌ʹॻ͔ΕͯΔ4FU$PPLJFΛແޮʹ ͢Δͱ͍͏ͷ͕*51ॳΊͱ͢ΔSEQBSUZDPPLJFΛഉআ͢Δߟ͑ํ
ͨͩ͜Ε͚ͩͩͱ࣮·ͩ trackingͰ͖ͯ͠·͏
• Set-Cookieϔομܦ༝Ͱͳ͘ɺJavaScriptΛμϯϩʔυͨ͠ ޙɺ `document.cookie` ܦ༝Ͱॻ͚ɺCookieʹهՄೳ • ͜ͷ߹3rd party ͷJSͰ͋ͬͯ 1st
party cookieͱͳΔͨΊɺ ઌͷ੍ΛճආͰ͖Δ • ϦΫΤετ࣌ʹAjaxΛܦ༝ͯ͠ idΛ b.com ʹૹΔɺ͜ΕͰ trackingͰ͖Δɻ Cookie ͷΈ 1BHF CDPN BE IUUQTBDPNJOEFYIUNM CDPN+BWB4DSJQUΛμ ϯϩʔυ͠ɺ+4ܦ༝ͰDPPLJF Λॻ͘ɻ
ITP / ETP ͷ߹ document.cookie ࣗମʹ੍ݶ͕ՃΘ͍ͬͯΔ 4FSWFS BDPN 1BHF DDPN
CDPN IUUQTBDPNJOEFYIUNM 4FSWFS CDPN 4FU$PPLJF EPDVNFOUDPPLJF ✓ OK ˚ 1day only EPDVNFOUDPPLJFͰॻ͍ͨ߹4BGBSJͷ߹ɺ͔͠อͨͳ͍ɻ ·ͨɺ'JSFGPYͷ߹SEQBSUZTDSJQU͕ CMBDLMJTUʹࡌͬͯΔͱ ಈ͔ͳ͍ɻ
• Chrome ͷ߹ Cookie ʹଐੑΛ༩͢ΔܗͰ 3rd party cookie ͷtrackingΛ੍ݶ͢Δ •
σϑΥϧτͰൃߦ͞ΕΔ cookie ʹ SameSite=Lax ͱݺΕΔଐ ੑ͕༩͞ΕΔɻ • ͜ΕʹΑΓɺΫϩεαΠτͰͷϦΫΤεττοϓϨϕϧυϝΠϯ ͕ಉ͡ͷͷΈʹ੍ݶ͞ΕΔɻ • ͠ΫϩεϦΫΤετͰૹΓ͍ͨ߹SameSite=None; Secure; ͱ͍͏ଐੑʹ͢Δඞཁ͕͋Δɻ Chrome SameSite Cookie
• Chrome ͷ߹ɺ document.cookie Ͱ SameSite=NoneଐੑΛ༩ͤ͞Δ͜ͱ͕ෆՄ ೳʹͳͬͯΔɻ // ҙ: ͜͏͍͏ࢦఆͰ͖ͳ͍ɻ
document.cookie="id=123456789;secure;samesite=none" Chrome SameSite Cookie هɿɹ$ISPNF͔Β4BNF4JUFOPOF4FDVSF Λ+4Ͱॻ͚ΔͨΊɺ͜ͷϖʔδޡΓɻ5IBOLT!LZPUPOJP
͜ΕͰtrackingͰ͖ͳ͍͔ɺ ͱ͍͏ͱͦ͏Ͱͳ͍ɻ
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF DDPN CDPN IUUQTBDPNJOEFYIUNM 4FSWFS
CDPN 4FSWFS DDPN
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS
BEBDPNத CDPN 4FSWFS BOBMZUJDTBDPNத DDPN
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS
BEBDPNத CDPN 4FSWFS BOBMZUJDTBDPNத DDPN SEQBSUZDPPLJFSEQBSUZʹରͯ͠ߦ͏͔Β/(ͳͷͰ͋ͬͯɺTUQBSUZ ѻ͍ͯ͠͠·੍͑ݶΛղআͰ͖Δ
DNSͷCNAMEϨίʔυʹυϝΠϯΛՃͯ͠ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS BDPN 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM 4FSWFS
BEBDPNத CDPN 4FSWFS BOBMZUJDTBDPNத DDPN ͨͩ͠ɺ͜ͷ߹ɺ$PPLJFࣗBEBDPNʹ੍ݶ͞ΕΔͨΊɺSEQBSUZ DPPLJFͷΑ͏ʹɺϢʔβʔΛҰҙʹಛఆ͢ΔJEΛൃߦͰ͖ͳ͍ɻαΠτͰ USBDLJOHͰ͖Δ͚ͩͰɺಛఆࠔ
ͨͩ͜Εʹରͯ͠ DNSͰ໊લ ղܾ࣌ʹ੍ݶ͢Δํ๏͋Δ
DNSͰ੍ݶ͢Δ 1BHF BOBMZUJDTBDPN BEBDPN IUUQTBDPNJOEFYIUNM %/44FSWFS query: ad.a.com cname: b.com
%/4ʹ໊લղܾ͢Δࡍʹ $/".&Ͱผ໊ʹͳͬͯΔ͜ ͱ͕Θ͔ͬͨΒͦ͜ͰCMPDL͢ ΔΈΛݕ౼த ✗ NG %/4ղܾΛϒϥβຊମଆͰߦ͏͜ͱͰɺ੍ݶͰ͖ΔΑ͏ʹͳΔʢͨͩ͠ɺ·ͩ Ͳͷϒϥβ%/4Ͱ$/".&ܦ༝ͰͷUSBDLJOH੍ݶະ࣮ʣ IUUQTCVH[JMMBNP[JMMBPSHTIPX@CVHDHJ JE
ͭ·ΓɺͣͬͱΠλνͬ͜͝ ͷ༷૬Λఄ͍ͯ͠Δɻ
͜ͷϓϥΠόγʔͷಈ͖ ظతͳͷͰͳ͘ɺதظ తͳಈ͖ɻ ϒϥβۀքɺΣϒۀքશ ମͷʹͳ͍ͬͯΔɻ
ͨͩ Tracking શ͕ͯNGʹͳΔͱͦ ͦΣϒͷऩӹϞσϧ่Εͯ͘Δ SEQBSUZDPPLJFUSBDLJOHΛഉআͨ͠ࡍʹUPQͷQVCMJTIFSͷฏۉϨϕχϡʔ͕Ҏ্Լ ͢Δͱ͍͏άϥϑ IUUQTTFSWJDFTHPPHMFDPNGIpMFTNJTDEJTBCMJOH@UIJSEQBSUZ@DPPLJFT@QVCMJTIFS@SFWFOVFQEG
࣮ͲͷϒϥβTracking ͷશ͕ͯμϝͱݴ͍ͬͯΔΘ ͚Ͱͳ͍ɻ
Cookieͱ͍͏ศརͳശʹͳΜ Ͱ͔ΜͰཔΔͷͰͳ ͘ɺ 4FTTJPO 1FSTPOBMJ[BUJPO 5SBDLJOH
৽͍͠ΈͰϓϥΠόγʔ ʹྀͭͭ͠ɺརศੑߟྀ ͨ͠৽͍͠Ϟσϧʹ͠Α͏ͱ ͍͏औΓΈ͕ࠓى͖͍ͯΔ
Private Click Measurement (Ad click attribution) ࠂΛΫϦοΫ͔ͯ͠ΒతΛୡ͔ͨ͠Ͳ͏͔ʢίϯ όʔδϣϯ͕ୡͰ͖͔ͨʣΛDPPLJFʹཔΒͣʹߦ͏ɹ
Private Click Measurement (Ad click attribution) ࠂܝࡌઌ͔ΒΫϦοΫ͢Δࡍʹࠂܝࡌݩʹ͑ΔใΛBEଐੑͰهड़͓͖ͯ͠ɺΫϦοΫͨ͠Βͦ Ε͕ܝࡌݩʹΘΔɻͨͩͷϦϯΫཁૉʹ͢Δඞཁ͕͋ΔʢBλάͰॻ͘ʣ IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC
Private Click Measurement (Ad click attribution) ࣮ࡍʹίϯόʔδϣϯͨ͠Βɺܝࡌઌʹ)551ϦμΠϨΫτ͕ߦΘΕΔɻ IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC
Private Click Measurement (Ad click attribution) ࣌ؒҎʹΫϦοΫͨ͠ͷͰ͋Εಉ͘͡ίϯόʔδϣϯͷλΠϛϯάͰܝࡌઌʹ1045ͷϦ ΫΤετ͕Δɻ໌Β͔ʹͤΔใ͕ߜΒΕ͓ͯΓɺϢʔβʔ͕ԿΛങ͔ͬͨɺͲ͏͍͏ܦ࿏Λܦͨ ͷ͔ͷใΒΕ͍ͯΔͷͷɺίϯόʔδϣϯ͔ͨ͠Ͳ͏͔͚ͩผͰ͖Δɻ
Privacy Sandbox • Chrome Ͱఏএ͍ͯ͠ΔΑΓ privacy ʹྀͨ͠৽͍͠Ϟ σϧ • 3ͭͷͦΕͧΕಠཱͨ͠औΓΈ͕͋Δɻ
• Cross-Site Tracking ͷ࠶ఆٛ • 3rd Party Cookie ͷഇࢭ • ৽͍͠ํ๏ͷҠߦखஈͷఏڙ IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY
Privacy Sandbox • શͯΛհ͢Δ࣌ؒͳ͍ͷͰ3ͭ΄Ͳհ • Privacy Budget • Trust Tokens
API • Federated Learning of Cohorts IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY
• ݸਓΛࣝผՄೳͳใʹ Budget (༧ࢉ)Λ༩͑ ͯ༧ࢉΛ͑ͨΒͦΕҎ্ͷใΛ͞ͳ͍Α ͏ʹ͢ΔΈ • UserAgent ͕ݻఆԽ͞ΕΔͷ༧ࢉ੍ݶͷͨΊ •
·ͣͲΕ͚ͩͷใ͕ݸਓࣝผՄೳͳͷ͔Λ ௐࠪɺܭଌ͍ͯ͠Δͱ͜Ζ͔Β Privacy Budget
Privacy Budget ॳظϦΫΤετ: Sec-CH-UA: "Chrome"; v="73" Ϩεϙϯε: Accept-CH: UA, Platform
Sec-CH-UA: "Chrome"; v="73.3R8.2H.1" Sec-CH-UA-Platform: "Windows"; v="10" 6TFS"HFOUจࣈྻैདྷͷΑ͏ʹ͞ͳ͍ɻΤϯτϩϐʔ͕ଟ͘ɺpOHFSQSJOUʹ͑ΔͨΊɻ ͜ΕΛαʔόଆͱΫϥΠΞϯτଆͰ$MJFOU)JOUTͱݺΕΔ༷Ͱަব͠ͳ͕ΒใΛΒ͏ɻ
Trust Tokens API #PUͰ͑ΒΕͳ͍Λग़ͯ͠ɺճ͢Δ͜ͱͰ࣮ࡍʹਓ͕͍ͬͯΔͷͳͷ͔ͦ͏͡Όͳ͍ͷ͔ Λผ͢ΔΈɻ$"15$)"ʹΠϝʔδͱ͍ͯۙ͠ɻ$PPLJFΛਓ͔Ͳ͏͔ͷผʹར༻ͯͨ͠ͱ ͜ΖͰ׆༻͢Δɻ 4FSWFS 8IJDIJTEPH PS
Federated Learning of Cohorts ػցֶशΛσʔληϯλʔͰΔͷͰͳ͘ɺϒϥβͰΤοδ͔Βػցֶश͢Δ͜ͱͰݸਓͷझ ຯᅂͷఆΛݸਓใΛऩू͢Δ͜ͱͳ͘ߦ͏Έ #SPXTFS %BUB$FOUFS ͜Ε͔ΒϒϥβͰܭࢉ͠ɺ ݸਓใऩूΛෆཁʹ͢Δ
ैདྷσʔληϯλʔͰݸਓ ใΛܭࢉ͢Δඞཁ͕͋ͬͨ
DNS over https 04ʹઃఆ͞Εͨ%/4αʔό͔Β໊લղܾ͢ΔͷͰͳ͘ɺϒϥβ͔Β)5514ϦΫΤετͰɹ %/4αʔόʹ໊લղܾϦΫΤετΛૹΔɻ͜͏͢Δ͜ͱͰɺࠓ·Ͱฏจͩͬͨ%/4ΫΤϦΛ҉߸Խͨ͠ ঢ়ଶͰૹΔ͜ͱ͕Ͱ͖ɺΞΫηεઌΛதؒऀ͔ΒӅṭͰ͖Δɻ #SPXTFS %/4
Mozilla͕villain ͱͯ͠ೝࣝ ͞ΕΔࣄҊ
DNS-over-https ࣗମ͕ѱͩͱ͢Δಈ͖ ͕ΠΪϦεͰى͍ͬͯ͜Δɻ͜Εɺ ISP͕ΞμϧτϑΟϧλʔ੍ݶΛ͔͚ͨ ͍(͔͚ͳ͍ͱ๏ྩҧʹͳΔ)͔Β ΞμϧτϑΟϧλʔ੍ݶࣗࢠͲͨ ͪΛकΔͨΊʹඞཁͳͷͰ͋Δ ͷͷɺͬͯΔ͜ͱҬతͳ౪ௌͱ ಉ͡
ຊདྷળҙͱͯͬͯ͠Δࣄ ʢΞμϧτϑΟϧλʔʣͰ ͋ͬͯɺѱҙΛ࣮࣋ͬͯࢪ ͞ΕΔࣄʢ౪ௌʣͱ۠ผ͕ͭ ͔ͳ͍ঢ়گ
ࠓ࣌ͩͱ·ͩ๏උ͢Β ͍͍ͭͯͳ͍ॴ͋Δ
զʑͲ͏͢Δ͖͔
CookieͷऔΓѻ͍ʹؔͯ͠ • αʔϏεͰ͏߹ηογϣϯͱͯ͠ͷѻ͍ʹ ͱͲΊΔ͜ͱɻ • ѻ͏߹ Secureଐੑͱ HttpOnlyଐੑͷ྆ํΛ ͖ͪΜͱ͚ͯɺαʔόͰηογϣϯΫοΩʔΛ ൃߦͯ͠͏ɻ
• JavaScriptͰॻ͖ࠐΈΛͯ͠ΔՕॴۃྗݮΒ͢ɻ
CookieͷऔΓѻ͍ʹؔͯ͠ • 3rd party cookie Λج४ʹͨ͠trackingΠλνͬ͜͝Ͱ ίϩίϩํ๏͕มΘΔ • trackingͦͷͷΛఘΊΔ͔ •
ͨΓతʹରॲ͠ɺΠλνͬ͜͝ʹͳΔ͔ • ͪΌΜͱಉҙΛಘΔ͔ • ͷ3ʹͳ͍ͬͯΔɻ
CookieͷऔΓѻ͍ʹؔͯ͠ • ͪΌΜͱಉҙΛಘͨܗͰΘ͔Γ͍͢ͷΛ Ϣʔβʔʹఏࣔ͢Δ͜ͱࢹʹݕ౼ • ·ͨɺSafariಉҙΛಘΕlocalͳstorageͷ ཧΛͤͯ͘͞ΕΔɻ https://www.philips.co.jp/a-w/cookie-notice.html
CookieͷऔΓѻ͍ʹؔͯ͠ • ҰํͰtrackingʹؔͯ͠EUࣄલʹಉҙΛऔΔ͖ ͱ͍ͯ͠Δ(͍ΘΏΔGDPR)ɻ • ຊͰݸਓใอޢ๏ͷվਖ਼Ҋ͕ݕ౼தɻ https://www.ppc.go.jp/files/pdf/ 200110_seidokaiseitaiko.pdf • CookieͷऔΓѻ͍ʹݶΒͣɺtrackingΛ͢Δ߹ࣄ
લͷಉҙΛಘͳ͍ͱ͍͚ͳ͘ͳΔՄೳੑɻ
·ͱΊ
·ͱΊ • Cookieʹؔͯ͜͠Ε͔Β͓ͦΒ͘ͲΜͲΜѻ͍͕ݫ͘͠ͳ͍ͬͯ͘ɻಛʹtracking ʹ͍ͭͯ͜Ε·ͰͷΓํਪ͞Εͳ͍ํʹɻ • CookieʹมΘΔํ๏ͱͯ͠৽͍͠tracking, conversion measurementͷΓํ͕ߟ͑ ΒΕͯΔɻPrivacy SandboxPrivate
Click MeasurementͷಈΛཁνΣοΫ • ҰํͰ·ͩ๏ྩؚΊ͍͍͍ͯͭͯͳ͍ͱ͜Ζͨ͘͞Μ͋Δɻ͘͠๏͔Βઌ ʹڧ੍తʹCookieͷऔΓѻ͍Λݟ͢ํʹͳ͍ͬͯ͘Մೳੑɻ • Cookieࣗͷѻ͍ʹؔͯ͠ηογϣϯͱͯ͠͏ʹͱͲΊɺtrackingผͳํ๏Ͱ ͷݕ౼Λ͍ͯ͘͠ඞཁ͕͋Δݟ௨͠ɻ • ·ͩϒϥβϕϯμʔؒͰฒΈἧ͍ͬͯͳ͍༷ࢠɺۀքશମΛר͖ࠐΉͳͷ ͰɺۀքશମͰϑΥϩʔΞοϓ͍͖ͯ͠·͠ΐ͏ɻ
ࢀߟࢿྉ
ࢀߟࢿྉ • Safari • https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/ • https://webkit.org/tracking-prevention-policy/ • https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/ •
https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf • Firefox • https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-preview • https://support.mozilla.org/en-US/kb/firefox-dns-over-https • https://bugzilla.mozilla.org/show_bug.cgi?id=1598969 • https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and- cryptomining-by-default/ • https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/ • Chrome • https://services.google.com/fh/files/misc/disabling_third-party_cookies_publisher_revenue.pdf • https://blog.chromium.org/2020/01/building-more-private-web-path-towards.htmls
ࢀߟࢿྉ • Chrome • https://security.googleblog.com/2019/10/no-more-mixed-messages-about- https_3.html • https://developer.mozilla.org/ja/docs/Web/API/Document/cookie • https://www.chromium.org/Home/chromium-privacy/privacy-sandbox
• https://github.com/bslassey/privacy-budget • https://github.com/jkarlin/floc • https://github.com/WICG/ua-client-hints • ͦͷଞ • https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party- trackers-195205dc522a • https://wicg.github.io/ad-click-attribution/index.html • https://note.com/martech/n/n3d79c59e41be