最新のブラウザで変わるCookieの取り扱いやPrivacyの考え方

Transcript

1. ࠷৽ͷϒϥ΢βͰมΘ ΔCookieͷऔѻ͍΍ ϓϥΠόγʔͷߟ͑ํ 2020/02/13 @ Developers Summit 2020

2. Twitter: @yosuke_furukawa Github: yosuke-furukawa ࠷ۙͷ׆ಈ
   $ISPNF
   "EWJTPSZ
   #PBSE
   
   +4$POG+1
   PSHBOJ[FS
   FUD

3. ͜͜࠷ۙɺϒϥ΢βͷมߋ͕ ଟ͍ɻಛʹηΩϡϦςΟɾ
 ϓϥΠόγʔपΓɻ

4. 'JSFGPY 4BGBSJ ɾ*OUFMMJHFOU
   5SBDLJOH
   1SFWFOUJPO
   
   
   
   τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ
   
   
   
   SE
   QBSUZ
   DPPLJF
   Λอଘ͠ͳ͍
   
   
   
   +BWB4DSJQU
   ͔Βͷ
   DPPLJF
   ΋೔͔͠อଘ͠ͳ͍
   
   
   
   શͯͷΫϩεαΠτϦΫΤετͷ3FGFSFSΛ0SJHJO͚ͩʹ
   ɾ&OIBODFE
   5SBDLJOH
   1SPUFDUJPO
   
   
   
   τϥοΩϯάΛ๷ࢭ͢Δ࢓૊Έ
   *51ͱ΄΅Ұॹ

   
   
   
   
   ϒϥοΫϦετܗࣜͷϦετ͕͋ΓɺͦͷϦετʹϚον͢Δͱอଘ͞ Εͳ͍
   
   
   
   ϒϥοΫϦετʹࡌ͍ͬͯΔυϝΠϯ͔Β͸'JOHFSQSJOUJOH
   TDSJQU
   Λಈ࡞ͤ͞ͳ͍ɻ6"ͳͲͷจࣈྻΛऔΒͤͳ͍ɻ
   ɾ%/4
   0WFS
   )5514
   
   
   
   %/4
   RVFSZ΋
   IUUQT
   ʹͯ͠҉߸ԽɺӾཡઌΛ൑ผͰ͖ͳ͍Α͏ʹ͢Δ

5. $ISPNF ɾ4BNF4JUF
   $PPLJF
   ͷಋೖ
   
   
   
   ΫϩεαΠτͰͷϦΫΤετ࣌ʹ
   $PPLJF
   Λ౉͢͜ͱΛݪଇېࢭ͍ͯ͘͠ํ޲ʹɻ
   
   
   
   ΫϩεαΠτͰͷϦΫΤετͰ
   $PPLJF
   Λ౉͔ͨͬͨ͠Β
   4BNF4JUF/POFΛ͚ͭɺ
   4FDVSF
   ଐੑͭ·Γ
   )5514
   ʹ͢Δ
   ɾ.JYFE
   $POUFOUT
   ΛϒϩοΫ͢Δ
   
   
   
   )5514ͷίϯςΩετ͔Β)551ͷϦιʔεΛಡΉ͜ͱΛ
   .JYFE
   $POUFOUT
   ͱݺͼɺ ͜ΕΛϒϩοΫ͢Δ
   ɾ6TFS"HFOU
   จࣈྻΛݻఆԽ
   
   
   
   6"
   ͸৘ใͷղ૾౓͕ߴ͗ͯ͢
   pOHFSQSJOUJOH
   ʹ࢖͑ΔͨΊɺݻఆԽ͠ඇਪ঑΁


   ɾSE
   QBSUZ
   DPPLJF
   ഇࢭ΁
   
   
   
   ΑΓ
   QSJWBUF
   ͳ
   XFC
   Λಋೖ͢Δํ޲΁ͷؾ࣋ͪද໌

   
   
   IUUQTCMPHDISPNJVNPSHCVJMEJOHNPSFQSJWBUFXFCQBUI UPXBSETIUNM


6. Intelligent Tracking Prevention • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

7. Enhanced Tracking Protection • τϥοΩϯά๷ࢭΛ͢ΔҰ࿈ͷ࢓૊ΈΛࢦ͢

8. SameSite Cookie • Cookie ΛΫϩεαΠτͰૹΒͳ͍࢓૊Έ

9. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS
   
   BDPN 1BHF DDPN CDPN
   IUUQTBDPNJOEFYIUNM

   4FSWFS
   
   CDPN 4FSWFS
   
   DDPN

10. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS
    
    BDPN 1BHF DDPN CDPN
    IUUQTBDPNJOEFYIUNM

    4FSWFS
    
    CDPN 4FSWFS
    
    DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF

11. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS
    
    BDPN 1BHF DDPN CDPN
    IUUQTBDPNJOEFYIUNM

    4FSWFS
    
    CDPN 4FSWFS
    
    DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG

12. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS
    
    BDPN 1BHF DDPN CDPN
    IUUQTBDPNJOEFYIUNM

    4FSWFS
    
    CDPN 4FSWFS
    
    DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ֤ϒϥ΢βಈ͖͕ඍົʹҟͳΔ͕ɺجຊతʹ
    SE
    QBSUZ
    DPPLJF
    ࣗମ͸࢖͍෺ʹ ͳΒͳ͘ͳΔɻ
    4BGBSJ
    ͸ͦ΋ͦ΋อଘ͞Εͳ͍ɺ
    'JSFGPY
    ͸ϒϥοΫϦετʹ ࡌͬͯͨΒอଘ͠ͳ͍ɺ$ISPNF͸$PPLJFͷଐੑ 4BNF4JUF ͰରԠ

13. ͦ΋ͦ΋ Cookie ͷ࢓૊Έ

14. • a.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ b.com ͷ޿ ࠂΛݟͨͱ͢Δɻ • ͦͷ৔߹ཪͰ͸ɺ `Set-Cookie` ϔομͰ

    Cookie͕ొ࿥͞ΕΔɻ Cookie ͷ࢓૊Έ 1BHF CDPN
    BE
    IUUQTBDPNJOEFYIUNM CDPN
    $PPLJF
    4UPSF JE 
    CDPN
    ΁ͷ
    JE
    ͕ه࿥͞ΕΔ
    4FU$PPLJF
    JE

15. • Cookie ͕ొ࿥͞ΕΔͱ࣍ճҎ߱ͷϦΫΤετ ࣌ʹॻ͖ࠐ·Εͨ৘ใ͕ϦΫΤετϔομʹ ࡌͬͯαʔόʹ఻ΘΔɻ Cookie ͷ࢓૊Έ 1BHF CDPN
    BE

    
    IUUQTBDPNJOEFYIUNM 
    CDPN
    ΁ͷϦΫΤετ
    $PPLJF
    JE

16. • ͜ͷ࣌ɺ b.com Ͱ͸ id=123456789; ͷਓ͕ a.com ͔Βདྷͨ͜ͱ͕͋Δࣄɺ࠶౓ b.com ͷ

    ޿ࠂΛݟ͍ͯΔ͜ͱͳͲΛࣗ෼ͷDBʹه࿥͢ Δ Cookie ͷ࢓૊Έ 1BHF CDPN
    BE
    IUUQTBDPNJOEFYIUNM 
    CDPN
    ΁ͷϦΫΤετ
    $PPLJF
    JE
    ϦΫΤετʹج͖ͮɺϢʔ βʔͷߦಈΛه࿥͢Δ

17. • ࣍ʹ c.com ʹ๚໰ͨ͠ͱ͢Δɻͦ͜Ͱ΋ಉ༷ ʹ b.com ͷ޿ࠂΛݟͨͱ͢Δɻ • ͦ͏͢Δͱ a.com

    དྷͨ͜ͱ͋Δࣄ͕޿ࠂදࣔ ࣌ʹ b.com ʹ఻ΘΔɻ Cookie ͷ࢓૊Έ 1BHF CDPN
    BE
    IUUQTDDPNJOEFYIUNM DPPLJF
    ʹ
    JE
    ͕࢒͍ͬͯΕ͹Ͳ͔͜Ͱ ޿ࠂදࣔ͞Εͨ͜ͱ͕͋Δ͜ͱ͕
    CDPN
    ʹ఻ΘΔɻ
    ࣄલͷཤྺΛݟΕ͹BDPN͔Βདྷͨ͜ͱ΋Θ͔Δ

18. ͦ͜Ͱ ITP౳Ͱ 3rd party cookie Λblock͢Δ࢓૊Έ͕ Ͱ͖͍ͯΔ

19. 3rd Party Cookie͕ಈ͔ͳ͘ͳ Δ࢓૊Έ 4FSWFS
    
    BDPN 1BHF DDPN CDPN
    IUUQTBDPNJOEFYIUNM

    4FSWFS
    
    CDPN 4FSWFS
    
    DDPN 4FU$PPLJF 4FU$PPLJF 4FU$PPLJF ✓ OK ✗ NG ✗ NG ͡Ό͋ͦ΋ͦ΋͜ͷ࣌ͷCDPNϨεϙϯε࣌ʹॻ͔ΕͯΔ
    4FU$PPLJF
    Λແޮʹ ͢Δͱ͍͏ͷ͕
    *51ॳΊͱ͢Δ
    SE
    QBSUZ
    DPPLJF
    Λഉআ͢Δߟ͑ํ

20. ͨͩ͜Ε͚ͩͩͱ࣮͸·ͩ tracking͸Ͱ͖ͯ͠·͏

21. • Set-Cookieϔομܦ༝Ͱ͸ͳ͘ɺJavaScriptΛμ΢ϯϩʔυͨ͠ ޙɺ `document.cookie` ܦ༝Ͱॻ͚͹ɺCookieʹه࿥͸Մೳ • ͜ͷ৔߹3rd party ͷJSͰ͋ͬͯ
 ΋1st

    party cookieͱͳΔͨΊɺ
 ઌͷ੍໿ΛճආͰ͖Δ • ϦΫΤετ࣌ʹAjax౳Λܦ༝ͯ͠
 idΛ b.com ʹ΋ૹΔɺ͜ΕͰ
 trackingͰ͖Δɻ Cookie ͷ࢓૊Έ 1BHF CDPN
    BE
    IUUQTBDPNJOEFYIUNM CDPN
    ͸
    +BWB4DSJQUΛμ΢ ϯϩʔυ͠ɺ+4ܦ༝ͰDPPLJF Λॻ͘ɻ

22. ITP / ETP ͷ৔߹͸ document.cookie ࣗମʹ΋੍ݶ͕ՃΘ͍ͬͯΔ 4FSWFS
    
    BDPN 1BHF DDPN

    CDPN
    IUUQTBDPNJOEFYIUNM 4FSWFS
    
    CDPN 4FU$PPLJF EPDVNFOUDPPLJF ✓ OK ˚ 1day only EPDVNFOUDPPLJF
    Ͱॻ͍ͨ৔߹͸
    4BGBSJ
    ͷ৔߹ɺ೔͔͠อͨͳ͍ɻ
    ·ͨɺ'JSFGPYͷ৔߹͸SE
    QBSUZ
    TDSJQU͕ CMBDLMJTUʹࡌͬͯΔͱ ಈ͔ͳ͍ɻ

23. • Chrome ͷ৔߹͸ Cookie ʹଐੑΛ෇༩͢ΔܗͰ 3rd party cookie ͷtrackingΛ੍ݶ͢Δ •

    σϑΥϧτͰൃߦ͞ΕΔ cookie ʹ͸ SameSite=Lax ͱݺ͹ΕΔଐ ੑ͕෇༩͞ΕΔɻ • ͜ΕʹΑΓɺΫϩεαΠτͰͷϦΫΤετ͸τοϓϨϕϧυϝΠϯ ͕ಉ͡΋ͷͷΈʹ੍ݶ͞ΕΔɻ • ΋͠΋ΫϩεϦΫΤετͰ΋ૹΓ͍ͨ৔߹͸SameSite=None; Secure; ͱ͍͏ଐੑʹ͢Δඞཁ͕͋Δɻ Chrome SameSite Cookie

24. • Chrome ͷ৔߹ɺ document.cookie Ͱ͸ SameSite=NoneଐੑΛ෇༩ͤ͞Δ͜ͱ͕ෆՄ ೳʹͳͬͯΔɻ // ஫ҙ: ͜͏͍͏ࢦఆ͸Ͱ͖ͳ͍ɻ

    document.cookie="id=123456789;secure;samesite=none" Chrome SameSite Cookie ௥هɿɹ
    $ISPNF
    
    ͔Β͸4BNF4JUFOPOF4FDVSF
 Λ+4Ͱॻ͚ΔͨΊɺ͜ͷϖʔδ͸ޡΓɻ
    5IBOLT
    
    !LZPUPOJP

25. ͜ΕͰtrackingͰ͖ͳ͍͔ɺ ͱ͍͏ͱͦ͏Ͱ΋ͳ͍ɻ

26. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS
    
    BDPN 1BHF DDPN CDPN
    IUUQTBDPNJOEFYIUNM 4FSWFS
    
    

    CDPN 4FSWFS
    
    DDPN

27. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS
    
    BDPN 1BHF BOBMZUJDTBDPN BEBDPN
    IUUQTBDPNJOEFYIUNM 4FSWFS
    
    

    BEBDPN
    த਎͸
    CDPN 4FSWFS
    
    BOBMZUJDTBDPN
    த ਎͸
    DDPN

28. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS
    
    BDPN 1BHF BOBMZUJDTBDPN BEBDPN
    IUUQTBDPNJOEFYIUNM 4FSWFS
    
    

    BEBDPN
    த਎͸
    CDPN 4FSWFS
    
    BOBMZUJDTBDPN
    த ਎͸
    DDPN SE
    QBSUZ
    DPPLJF
    ͸
    SE
    QBSUZ
    ʹରͯ͠ߦ͏͔Β/(ͳͷͰ͋ͬͯɺTU
    QBSUZ
    ѻ͍ͯ͠͠·͑͹੍ݶΛղআͰ͖Δ

29. DNSͷCNAMEϨίʔυʹυϝΠϯΛ௥Ճͯ͠΋ Β͍ɺυϝΠϯΛ1st partyѻ͍ʹ͢Δํ๏͕͋Δ 4FSWFS
    
    BDPN 1BHF BOBMZUJDTBDPN BEBDPN
    IUUQTBDPNJOEFYIUNM 4FSWFS
    
    

    BEBDPN
    த਎͸
    CDPN 4FSWFS
    
    BOBMZUJDTBDPN
    த ਎͸
    DDPN ͨͩ͠ɺ͜ͷ৔߹ɺ$PPLJFࣗ਎͸
    BEBDPN
    ʹ੍ݶ͞ΕΔͨΊɺ
    SE
    QBSUZ
    DPPLJF
    ͷΑ͏ʹɺϢʔβʔΛҰҙʹಛఆ͢ΔJEΛൃߦͰ͖ͳ͍ɻαΠτ಺Ͱ USBDLJOHͰ͖Δ͚ͩͰɺಛఆ͸ࠔ೉

30. ͨͩ͜Εʹରͯ͠ DNSͰ໊લ ղܾ࣌ʹ੍ݶ͢Δํ๏΋͋Δ

31. DNSͰ੍ݶ͢Δ 1BHF BOBMZUJDTBDPN BEBDPN
    IUUQTBDPNJOEFYIUNM %/4
    4FSWFS query: ad.a.com cname: b.com

    %/4ʹ໊લղܾ͢Δࡍʹ $/".&Ͱผ໊ʹͳͬͯΔ͜ ͱ͕Θ͔ͬͨΒͦ͜ͰCMPDL͢ Δ࢓૊ΈΛݕ౼த ✗ NG %/4ղܾΛϒϥ΢βຊମଆͰߦ͏͜ͱͰɺ੍ݶͰ͖ΔΑ͏ʹͳΔʢͨͩ͠ɺ·ͩ Ͳͷϒϥ΢β΋%/4Ͱ$/".&ܦ༝ͰͷUSBDLJOH੍ݶ͸ະ࣮૷ʣ
    IUUQTCVH[JMMBNP[JMMBPSHTIPX@CVHDHJ JE

32. ͭ·ΓɺͣͬͱΠλνͬ͜͝ ͷ༷૬Λఄ͍ͯ͠Δɻ

33. ͜ͷϓϥΠόγʔͷಈ͖͸୹ ظతͳ΋ͷͰ͸ͳ͘ɺத௕ظ తͳಈ͖ɻ ϒϥ΢βۀքɺ΢Σϒۀքશ ମͷ࿩ʹͳ͍ͬͯΔɻ

34. ͨͩ Tracking શ͕ͯNGʹͳΔͱͦ΋ ͦ΋΢ΣϒͷऩӹϞσϧ΋่Εͯ͘Δ SE
    QBSUZ
    DPPLJF
    USBDLJOH
    Λഉআͨ͠ࡍʹ
    UPQ
    
    ͷ
    QVCMJTIFS
    ͷฏۉϨϕχϡʔ͕Ҏ্௿Լ ͢Δͱ͍͏άϥϑ
    IUUQTTFSWJDFTHPPHMFDPNGIpMFTNJTDEJTBCMJOH@UIJSEQBSUZ@DPPLJFT@QVCMJTIFS@SFWFOVFQEG

35. ࣮͸Ͳͷϒϥ΢β΋Tracking ͷશ͕ͯμϝͱݴ͍ͬͯΔΘ ͚Ͱ͸ͳ͍ɻ

36. Cookieͱ͍͏ศརͳശʹͳΜ Ͱ΋͔ΜͰ΋པΔͷͰ͸ͳ ͘ɺ 4FTTJPO 1FSTPOBMJ[BUJPO 5SBDLJOH

37. ৽͍͠࢓૊ΈͰϓϥΠόγʔ ʹ഑ྀͭͭ͠ɺརศੑ΋ߟྀ ͨ͠৽͍͠Ϟσϧʹ͠Α͏ͱ ͍͏औΓ૊Έ͕ࠓى͖͍ͯΔ

38. Private Click Measurement (Ad click attribution) ޿ࠂΛΫϦοΫ͔ͯ͠Β໨తΛୡ੒͔ͨ͠Ͳ͏͔ʢίϯ όʔδϣϯ͕ୡ੒Ͱ͖͔ͨʣΛDPPLJFʹཔΒͣʹߦ͏ɹ

39. Private Click Measurement (Ad click attribution) ޿ࠂܝࡌઌ͔ΒΫϦοΫ͢Δࡍʹ޿ࠂܝࡌݩʹ఻͑Δ৘ใΛBEଐੑͰهड़͓͖ͯ͠ɺΫϦοΫͨ͠Βͦ Ε͕ܝࡌݩʹ఻ΘΔɻͨͩͷϦϯΫཁૉʹ͢Δඞཁ͕͋ΔʢBλάͰॻ͘ʣ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

40. Private Click Measurement (Ad click attribution) ࣮ࡍʹίϯόʔδϣϯͨ͠Βɺܝࡌઌʹ)551ϦμΠϨΫτ͕ߦΘΕΔɻ
    IUUQTXFCLJUPSHCMPHQSJWBDZQSFTFSWJOHBEDMJDLBUUSJCVUJPOGPSUIFXFC

41. Private Click Measurement (Ad click attribution) ࣌ؒҎ಺ʹΫϦοΫͨ͠΋ͷͰ͋Ε͹ಉ͘͡ίϯόʔδϣϯͷλΠϛϯάͰܝࡌઌʹ1045ͷϦ ΫΤετ͕૸Δɻ໌Β͔ʹ౉ͤΔ৘ใ͕ߜΒΕ͓ͯΓɺϢʔβʔ͕ԿΛങ͔ͬͨɺͲ͏͍͏ܦ࿏Λܦͨ ͷ͔ͷ৘ใ͸࡟ΒΕ͍ͯΔ΋ͷͷɺίϯόʔδϣϯ͔ͨ͠Ͳ͏͔͚ͩ͸൑ผͰ͖Δɻ
    

42. Privacy Sandbox • Chrome Ͱఏএ͍ͯ͠ΔΑΓ privacy ʹ഑ྀͨ͠৽͍͠Ϟ σϧ • 3ͭͷͦΕͧΕಠཱͨ͠औΓ૊Έ͕͋Δɻ

    • Cross-Site Tracking ͷ࠶ఆٛ • 3rd Party Cookie ͷഇࢭ • ৽͍͠ํ๏΁ͷҠߦखஈͷఏڙ IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

43. Privacy Sandbox • શͯΛ঺հ͢Δ࣌ؒ͸ͳ͍ͷͰ3ͭ΄Ͳ঺հ • Privacy Budget • Trust Tokens

    API • Federated Learning of Cohorts IUUQTXXXDISPNJVNPSH)PNFDISPNJVNQSJWBDZQSJWBDZTBOECPY

44. • ݸਓΛࣝผՄೳͳ৘ใʹ Budget (༧ࢉ)Λ༩͑ ͯ༧ࢉΛ௒͑ͨΒͦΕҎ্ͷ৘ใΛ౉͞ͳ͍Α ͏ʹ͢Δ࢓૊Έ • UserAgent ͕ݻఆԽ͞ΕΔͷ΋༧ࢉ੍ݶͷͨΊ •

    ·ͣ͸ͲΕ͚ͩͷ৘ใ͕ݸਓࣝผՄೳͳͷ͔Λ ௐࠪɺܭଌ͍ͯ͠Δͱ͜Ζ͔Β Privacy Budget

45. Privacy Budget ॳظϦΫΤετ: Sec-CH-UA: "Chrome"; v="73" Ϩεϙϯε: Accept-CH: UA, Platform

    Sec-CH-UA: "Chrome"; v="73.3R8.2H.1" Sec-CH-UA-Platform: "Windows"; v="10" 6TFS"HFOU
    จࣈྻ΋
    ैདྷͷΑ͏ʹ͸౉͞ͳ͍ɻΤϯτϩϐʔ͕ଟ͘ɺpOHFSQSJOUʹ࢖͑ΔͨΊɻ
    ͜ΕΛαʔόଆͱΫϥΠΞϯτଆͰ$MJFOU
    )JOUTͱݺ͹ΕΔ࢓༷Ͱަব͠ͳ͕Β৘ใΛ΋Β͏ɻ

46. Trust Tokens API #PUͰ͸౴͑ΒΕͳ͍໰୊Λग़ͯ͠ɺճ౴͢Δ͜ͱͰ࣮ࡍʹਓ͕࢖͍ͬͯΔ΋ͷͳͷ͔ͦ͏͡Όͳ͍ͷ͔ Λ൑ผ͢Δ࢓૊Έɻ$"15$)"ʹΠϝʔδͱͯ͠͸͍ۙɻ$PPLJFΛਓ͔Ͳ͏͔ͷ൑ผʹར༻ͯͨ͠ͱ ͜ΖͰ׆༻͢Δɻ 4FSWFS
    8IJDI
    JT
    EPH
    
    PS
    

47. Federated Learning of Cohorts ػցֶशΛσʔληϯλʔ಺Ͱ΍ΔͷͰ͸ͳ͘ɺϒϥ΢β಺ͰΤοδ͔Βػցֶश͢Δ͜ͱͰݸਓͷझ ຯᅂ޷ͷ൑ఆΛݸਓ৘ใΛऩू͢Δ͜ͱͳ͘ߦ͏࢓૊Έ #SPXTFS %BUB
    $FOUFS ͜Ε͔Β͸ϒϥ΢β಺Ͱܭࢉ͠ɺ ݸਓ৘ใऩूΛෆཁʹ͢Δ

    ैདྷ͸σʔληϯλʔ಺Ͱݸਓ৘ ใΛܭࢉ͢Δඞཁ͕͋ͬͨ

48. DNS over https 04ʹઃఆ͞Εͨ%/4αʔό͔Β໊લղܾ͢ΔͷͰ͸ͳ͘ɺϒϥ΢β಺͔Β௚઀)5514ϦΫΤετͰɹ %/4αʔόʹ໊લղܾϦΫΤετΛૹΔɻ͜͏͢Δ͜ͱͰɺࠓ·Ͱฏจͩͬͨ%/4ΫΤϦΛ҉߸Խͨ͠ ঢ়ଶͰૹΔ͜ͱ͕Ͱ͖ɺΞΫηεઌΛதؒऀ͔ΒӅṭͰ͖Δɻ #SPXTFS %/4

49. Mozilla͕villain ͱͯ͠ೝࣝ ͞ΕΔࣄҊ

50. DNS-over-https ࣗମ͕ѱͩͱ͢Δಈ͖ ͕ΠΪϦεͰى͍ͬͯ͜Δɻ͜Ε͸ɺ ISP͕ΞμϧτϑΟϧλʔ੍ݶΛ͔͚ͨ ͍(͔͚ͳ͍ͱ๏ྩҧ൓ʹͳΔ)͔Β ΞμϧτϑΟϧλʔ੍ݶࣗ਎͸ࢠͲ΋ͨ ͪΛकΔͨΊʹඞཁͳ΋ͷͰ͸͋Δ΋ ͷͷɺ΍ͬͯΔ͜ͱ͸޿Ҭతͳ౪ௌͱ ಉ͡

51. ຊདྷળҙͱͯ͠΍ͬͯΔࣄ ʢΞμϧτϑΟϧλʔʣͰ ͋ͬͯ΋ɺѱҙΛ࣮࣋ͬͯࢪ ͞ΕΔࣄʢ౪ௌʣͱ۠ผ͕ͭ ͔ͳ͍ঢ়گ

52. ࠓ࣌఺ͩͱ·ͩ๏੔උ͢Β௥ ͍͍ͭͯͳ͍ॴ΋͋Δ

53. զʑ͸Ͳ͏͢Δ΂͖͔

54. CookieͷऔΓѻ͍ʹؔͯ͠ • αʔϏεͰ࢖͏৔߹͸ηογϣϯͱͯ͠ͷѻ͍ʹ ͱͲΊΔ͜ͱɻ • ѻ͏৔߹͸ Secureଐੑͱ HttpOnlyଐੑͷ྆ํΛ ͖ͪΜͱ෇͚ͯɺαʔόͰηογϣϯΫοΩʔΛ ൃߦͯ͠࢖͏ɻ

    • JavaScriptͰॻ͖ࠐΈΛͯ͠ΔՕॴ͸ۃྗݮΒ͢ɻ

55. CookieͷऔΓѻ͍ʹؔͯ͠ • 3rd party cookie Λج४ʹͨ͠tracking͸Πλνͬ͜͝Ͱ ίϩίϩํ๏͕มΘΔ • trackingͦͷ΋ͷΛఘΊΔ͔ •

    ৔౰ͨΓతʹରॲ͠ɺΠλνͬ͜͝ʹͳΔ͔ • ͪΌΜͱಉҙΛಘΔ͔ • ͷ3୒ʹͳ͍ͬͯΔɻ

56. CookieͷऔΓѻ͍ʹؔͯ͠ • ͪΌΜͱಉҙΛಘͨܗͰΘ͔Γ΍͍͢΋ͷΛ Ϣʔβʔʹఏࣔ͢Δ͜ͱ΋ࢹ໺ʹݕ౼ • ·ͨɺSafari΋ಉҙΛಘΕ͹localͳstorageͷ ؅ཧΛͤͯ͘͞ΕΔɻ https://www.philips.co.jp/a-w/cookie-notice.html

57. CookieͷऔΓѻ͍ʹؔͯ͠ • ҰํͰtrackingʹؔͯ͠͸EU͸ࣄલʹಉҙΛऔΔ΂͖ ͱ͍ͯ͠Δ(͍ΘΏΔGDPR)ɻ • ೔ຊͰ΋ݸਓ৘ใอޢ๏ͷվਖ਼Ҋ͕ݕ౼தɻ
 https://www.ppc.go.jp/files/pdf/ 200110_seidokaiseitaiko.pdf • CookieͷऔΓѻ͍ʹݶΒͣɺtrackingΛ͢Δ৔߹͸ࣄ

    લͷಉҙΛಘͳ͍ͱ͍͚ͳ͘ͳΔՄೳੑ΋ɻ

58. ·ͱΊ

59. ·ͱΊ • Cookieʹؔͯ͠͸͜Ε͔Β͓ͦΒ͘ͲΜͲΜѻ͍͕ݫ͘͠ͳ͍ͬͯ͘ɻಛʹtracking ʹ͍ͭͯ͸͜Ε·Ͱͷ΍Γํ͸ਪ঑͞Εͳ͍ํ޲ʹɻ • CookieʹมΘΔํ๏ͱͯ͠৽͍͠tracking, conversion measurementͷ΍Γํ͕ߟ͑ ΒΕͯΔɻPrivacy Sandbox΍Private

    Click Measurementͷಈ޲ΛཁνΣοΫ • ҰํͰ·ͩ๏ྩؚΊͯ௥͍͍͍ͭͯͳ͍ͱ͜Ζ΋ͨ͘͞Μ͋Δɻ΋͘͠͸๏཯͔Βઌ ʹڧ੍తʹCookieͷऔΓѻ͍Λݟ௚͢ํ޲ʹͳ͍ͬͯ͘Մೳੑ΋ɻ • Cookieࣗ਎ͷѻ͍ʹؔͯ͠͸ηογϣϯͱͯ͠࢖͏ʹͱͲΊɺtracking͸ผͳํ๏Ͱ ͷݕ౼Λ͍ͯ͘͠ඞཁ͕͋Δݟ௨͠ɻ • ·ͩϒϥ΢βϕϯμʔؒͰ΋଍ฒΈ͸ἧ͍ͬͯͳ͍༷ࢠɺۀքશମΛר͖ࠐΉ࿩ͳͷ ͰɺۀքશମͰϑΥϩʔΞοϓ͍͖ͯ͠·͠ΐ͏ɻ

60. ࢀߟࢿྉ

61. ࢀߟࢿྉ • Safari • https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/ • https://webkit.org/tracking-prevention-policy/ • https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/ •

    https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf • Firefox • https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-preview • https://support.mozilla.org/en-US/kb/firefox-dns-over-https • https://bugzilla.mozilla.org/show_bug.cgi?id=1598969 • https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and- cryptomining-by-default/ • https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/ • Chrome • https://services.google.com/fh/files/misc/disabling_third-party_cookies_publisher_revenue.pdf • https://blog.chromium.org/2020/01/building-more-private-web-path-towards.htmls

62. ࢀߟࢿྉ • Chrome • https://security.googleblog.com/2019/10/no-more-mixed-messages-about- https_3.html • https://developer.mozilla.org/ja/docs/Web/API/Document/cookie • https://www.chromium.org/Home/chromium-privacy/privacy-sandbox

    • https://github.com/bslassey/privacy-budget • https://github.com/jkarlin/floc • https://github.com/WICG/ua-client-hints • ͦͷଞ • https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party- trackers-195205dc522a • https://wicg.github.io/ad-click-attribution/index.html • https://note.com/martech/n/n3d79c59e41be