SlideShare a Scribd company logo

Alt-Cookies and Controversies in Ethics

K
Kazuhiro Kosaka

For The Ethical-Internet-Ad Era

Technology
1 of 40
Download to read offline
Alt-Cookies and Ethical Controversies Kazuhiro Kosaka Engineer, MDH, CyberAgent, Inc.
Kazuhiro Kosaka - Working for CyberAgent, Inc. since 2009. - Pigg [Java/Flash] - Feature-phone Browser Games [Java] - Core-technology for Games [A Flash Player written in HTML5/JavaScript/Java dubbed as “Swine”] - Smartphone Browser Games [JavaScript/HTML/Java] - Smartphone Native Games [Node.js/Java/Unity C#] - MDH Ad-technology [Scala/Golang] - @hyperdash
Kazuhiro Kosaka GOHIKE
Kazuhiro Kosaka GOCAMP
Kazuhiro Kosaka VJING
Kazuhiro Kosaka Mitaka.app In-house use only https://ghe.ca-tools.org/kosaka-kazuhiro/Mitaka.app
Alt-Cookies
Background
1. Intelligent Tracking Prevention - Apple, Inc. has announced “Intelligent Tracking Prevention [ITP]” at WWDC2017. - As a new WebKit feature. - Not a sort of ad-blocker. - Developers of other WebKit browsers than Safari might enable ITP on their products as well? - “They're gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong.” — Tim Cook, at the Electronic Privacy Information Center, 2015 - Third-party Cookie will be exterminated? Source: https://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy
How does ITP work? If the user has not interacted with example.com in the last 30 days, example.com website data and cookies are immediately purged and continue to be purged if new data is added. However, if the user interacts with example.com as the top domain, often referred to as a first- party domain, Intelligent Tracking Prevention considers it a signal that the user is interested in the website and temporarily adjusts its behavior as depicted in this timeline: Source: https://webkit.org/blog/7675/intelligent-tracking-prevention/
2. Better Ads Standards - Proposed by The Interactive Advertising Bureau [Google/Facebook/etc] - Google has announced that Chrome is going to start blocking ads which don’t meet it in early 2018. - Not directly affects cookies. - Ethical-Internet-Ad era is coming. - We need to grasp their actions or trends carefully. Source: https://www.betterads.org/
What kind of ads are out of the standards? Source: https://www.betterads.org/standards
What kind of ads are out of the standards? Source: https://www.betterads.org/standards
Alt-Cookies
Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
ETag
ETag - Part of HTTP to provide web cache validation. - Client: Requests a content to a web server. - Server: Responses the web content with an ETag as a HTTP response header value. - Client: The browser caches the ETag. - Client: Requests the content again with appending the ETag automatically by the browser. - Server: If the ETag value matches the value on the web server, the server responses with a HTTP 304 Not Modified. - Setting an identifier to the ETag makes it work like as a cookie. Source: https://en.wikipedia.org/wiki/HTTP_ETag
ETag
HTST
HTST [HTTP Strict Transport Security] - Allows web servers to declare that web browsers should only request using HTTPS connections. - HTST PIN for each domain is stored on browsers. - HTST PIN is a pattern of the domain and its subdomains with HTST availabilities as a series of bits [= binary]. - Reading the PIN by checking if requests to the domain and the subdomains are redirected or not. - HTST PIN can be read even in incognito mode. - Fixed on Firefox. - Safari stores HTST PIN on iCloud and unremovable, but the PIN changes regularly automatically? [unconfirmed] - Still available on Chrome. [unconfirmed] Sources: http://www.radicalresearch.co.uk/lab/hstssupercookies/ http://dev.classmethod.jp/client-side/browser/hsts-super-cookies/ http://dechnostick.hatenablog.com/entry/2015/01/09/003000
HTST [HTTP Strict Transport Security] Source: http://www.radicalresearch.co.uk/lab/hstssupercookies/
HTST [HTTP Strict Transport Security]
Image Cache + Canvas
Image Cache + Canvas - Using browser cache as a storage. - Using images as identifiers. - Server: Encode an identifier into a PNG’s chunk tEXt area or pixels. - Client: The browser caches the image . - Client: Decoding the image to the identifier by Canvas API and passing it to the server. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Fingerprintings
Fingerprintings - Fingerprinting = Taking fingerprints by hashing the characteristics of various properties. - Using fingerprints as cookies. - The entropies of each fingerprinting are not high enough to identify users. - The entropies can get increased by combining multiple fingerprints. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Fingerprintings - Browser Fingerprinting - Plugins/System Fonts/User Agent/Screen/HTTP Accept Headers/etc - Canvas Fingerprinting - Exploiting differences in the rendering of the same image with Canvas. - Font-based Fingerprinting - By Flash/Java/JavaScript, measuring the dimensions of rendered texts. - Device Fingerprinting - By Flash/Java/JavaScript/Plugins/Extensions, collecting device information. - etc Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc => Super Cookie
Evercookie
Evercookie - An OSS project by Samy Kamkar. - https://github.com/samyk/evercookie - Implements a Super Cookie. - 17+ Super Cookies in One JavaScript Library. - As long as one of them is alive at least, Evercookie keeps making all of them respawn. => Respawning Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Ethical Controversies
Super Cookies? Evercookie?
Looking Back to 2008
Rakuten ad4U
Rakuten ad4U - Developed by Drecom Co.,Ltd. in 2008. - Livedoor Co.,Ltd. [LINE Corporation] also launched it as livedoor ad4U. - Non-cookie-based targeting technology enabled by a vulnerability of browsers. - An article from NIKKEI NET revealed the technology enabled ad4U and made it controversial. - They only provided one-year opt-out. - Users and some players in the field blamed them on it. - The vulnerability has been fixed since 2010, and they had to stop their services. Source: https://ja.wikipedia.org/wiki/楽天ad4U
The vulnerability - Bug 147777 [Mozilla] - Bug 24300 [WebKit] Source: http://takagi-hiromitsu.jp/diary/20081211.html
Do the Ethically Right Things, or ruin internet ad.
Conclusion
Conclusion - Intelligent Tracking Prevention [Apple] - Better Ads Standards [Google/Facebook] - Alt-Cookies - Super Cookie - ad4U - Do the Ethically Right Things, or ruin internet ad. - For the future of internet ad, be more carefully with the matters.

Recommended

Introduction to QC
Introduction to QCIntroduction to QC
Introduction to QCKazuhiro Kosaka
 
Developers meetup sep-2017
Developers meetup sep-2017Developers meetup sep-2017
Developers meetup sep-2017Seif Ibrahim
 
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스민태 김
 
BP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPagesBP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPagesedm00se
 
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?MarkupBox
 
Blazor Full-Stack
Blazor Full-StackBlazor Full-Stack
Blazor Full-StackEd Charbeneau
 
Blazor v1.1
Blazor v1.1Blazor v1.1
Blazor v1.1Juan Luis Guerrero Minero
 
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)Eddie Lau
 

Recommended

Introduction to QC
Introduction to QCIntroduction to QC
Introduction to QCKazuhiro Kosaka
 
Developers meetup sep-2017
Developers meetup sep-2017Developers meetup sep-2017
Developers meetup sep-2017Seif Ibrahim
 
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스민태 김
 
BP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPagesBP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPagesedm00se
 
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?MarkupBox
 
Blazor Full-Stack
Blazor Full-StackBlazor Full-Stack
Blazor Full-StackEd Charbeneau
 
Blazor v1.1
Blazor v1.1Blazor v1.1
Blazor v1.1Juan Luis Guerrero Minero
 
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)Eddie Lau
 
Blazor introduction
Blazor introductionBlazor introduction
Blazor introductionChih-Yang Lee
 
JavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyJavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyChanghwan Yi
 
Lazy angular w/ webpack
Lazy angular w/ webpackLazy angular w/ webpack
Lazy angular w/ webpackRich Snapp
 
Play! 101
Play! 101Play! 101
Play! 101José Rivera
 
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingjQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingVlad Filippov
 
Sfk13
Sfk13Sfk13
Sfk13Flamur Mavraj
 
Electron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptElectron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptAustin Ogilvie
 
JavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceJavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceDmitry Sheiko
 
Blazor
BlazorBlazor
BlazorEd Charbeneau
 
JS Days Mobile Meow
JS Days Mobile MeowJS Days Mobile Meow
JS Days Mobile MeowGreg Schechter
 
.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!Rodrigo Kono
 
Hands on web development with play 2.0
Hands on web development with play 2.0Hands on web development with play 2.0
Hands on web development with play 2.0Abbas Raza
 
Goodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorGoodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorEd Charbeneau
 
Angular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxAngular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxDimcho Tsanov
 
Blazor
BlazorBlazor
BlazorSandun Perera
 
Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Stéphane Bégaudeau
 
Web Policies & Reporting
Web Policies & ReportingWeb Policies & Reporting
Web Policies & ReportingFelix Arntz
 
WebAssembly Fundamentals
WebAssembly FundamentalsWebAssembly Fundamentals
WebAssembly FundamentalsKnoldus Inc.
 
Electron
ElectronElectron
ElectronVirginia Rodriguez
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneDeepu S Nath
 
Don't touch the mobile parts
Don't touch the mobile partsDon't touch the mobile parts
Don't touch the mobile partsFrancesco Fullone
 
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketbrent bucci
 

More Related Content

What's hot

JavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyJavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyChanghwan Yi
 
Lazy angular w/ webpack
Lazy angular w/ webpackLazy angular w/ webpack
Lazy angular w/ webpackRich Snapp
 
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingjQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingVlad Filippov
 
Electron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptElectron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptAustin Ogilvie
 
JavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceJavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceDmitry Sheiko
 
.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!Rodrigo Kono
 
Hands on web development with play 2.0
Hands on web development with play 2.0Hands on web development with play 2.0
Hands on web development with play 2.0Abbas Raza
 
Goodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorGoodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorEd Charbeneau
 
Angular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxAngular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxDimcho Tsanov
 
Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Stéphane Bégaudeau
 
Web Policies & Reporting
Web Policies & ReportingWeb Policies & Reporting
Web Policies & ReportingFelix Arntz
 
WebAssembly Fundamentals
WebAssembly FundamentalsWebAssembly Fundamentals
WebAssembly FundamentalsKnoldus Inc.
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneDeepu S Nath
 

What's hot (20)

Blazor introduction
Blazor introductionBlazor introduction
Blazor introduction
 
JavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyJavaScript Engine and WebAssembly
JavaScript Engine and WebAssembly
 
Lazy angular w/ webpack
Lazy angular w/ webpackLazy angular w/ webpack
Lazy angular w/ webpack
 
Play! 101
Play! 101Play! 101
Play! 101
 
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingjQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript Testing
 
Sfk13
Sfk13Sfk13
Sfk13
 
Electron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptElectron - Build desktop apps using javascript
Electron - Build desktop apps using javascript
 
JavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceJavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right Choice
 
Blazor
BlazorBlazor
Blazor
 
JS Days Mobile Meow
JS Days Mobile MeowJS Days Mobile Meow
JS Days Mobile Meow
 
.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!
 
Hands on web development with play 2.0
Hands on web development with play 2.0Hands on web development with play 2.0
Hands on web development with play 2.0
 
Goodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorGoodbye JavaScript Hello Blazor
Goodbye JavaScript Hello Blazor
 
Angular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxAngular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFx
 
Blazor
BlazorBlazor
Blazor
 
Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014
 
Web Policies & Reporting
Web Policies & ReportingWeb Policies & Reporting
Web Policies & Reporting
 
WebAssembly Fundamentals
WebAssembly FundamentalsWebAssembly Fundamentals
WebAssembly Fundamentals
 
Electron
ElectronElectron
Electron
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
 

Similar to Alt-Cookies and Controversies in Ethics

Don't touch the mobile parts
Don't touch the mobile partsDon't touch the mobile parts
Don't touch the mobile partsFrancesco Fullone
 
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketbrent bucci
 
HTML5 and CSS3 refresher
HTML5 and CSS3 refresherHTML5 and CSS3 refresher
HTML5 and CSS3 refresherIvano Malavolta
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5Todd Anglin
 
AD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeedAD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeededm00se
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS UniverseStefano Di Paola
 
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkBuilding a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkSt. Petersburg College
 
HTML5 Intoduction for Web Developers
HTML5 Intoduction for Web DevelopersHTML5 Intoduction for Web Developers
HTML5 Intoduction for Web DevelopersSascha Corti
 
soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5soft-shake.ch
 
Phonegap android angualr material design
Phonegap android angualr material designPhonegap android angualr material design
Phonegap android angualr material designSrinadh Kanugala
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3Pravasini Sahoo
 
Mobile web-debug
Mobile web-debugMobile web-debug
Mobile web-debugFINN.no
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programminghotrannam
 

Similar to Alt-Cookies and Controversies in Ethics (20)

Don't touch the mobile parts
Don't touch the mobile partsDon't touch the mobile parts
Don't touch the mobile parts
 
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
 
HTML5와 모바일
HTML5와 모바일HTML5와 모바일
HTML5와 모바일
 
HTML5 and CSS3 refresher
HTML5 and CSS3 refresherHTML5 and CSS3 refresher
HTML5 and CSS3 refresher
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design
 
The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5
 
AD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeedAD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeed
 
Html5
Html5Html5
Html5
 
HTML 5
HTML 5HTML 5
HTML 5
 
Web assembly with PWA
Web assembly with PWA Web assembly with PWA
Web assembly with PWA
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe
 
GWT and PWA
GWT and PWAGWT and PWA
GWT and PWA
 
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkBuilding a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
 
HTML5 Intoduction for Web Developers
HTML5 Intoduction for Web DevelopersHTML5 Intoduction for Web Developers
HTML5 Intoduction for Web Developers
 
soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5
 
Phonegap android angualr material design
Phonegap android angualr material designPhonegap android angualr material design
Phonegap android angualr material design
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3
 
Mobile web-debug
Mobile web-debugMobile web-debug
Mobile web-debug
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programming
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Alt-Cookies and Controversies in Ethics

  • 1. Alt-Cookies and Ethical Controversies Kazuhiro Kosaka Engineer, MDH, CyberAgent, Inc.
  • 2. Kazuhiro Kosaka - Working for CyberAgent, Inc. since 2009. - Pigg [Java/Flash] - Feature-phone Browser Games [Java] - Core-technology for Games [A Flash Player written in HTML5/JavaScript/Java dubbed as “Swine”] - Smartphone Browser Games [JavaScript/HTML/Java] - Smartphone Native Games [Node.js/Java/Unity C#] - MDH Ad-technology [Scala/Golang] - @hyperdash
  • 6. Kazuhiro Kosaka Mitaka.app In-house use only https://ghe.ca-tools.org/kosaka-kazuhiro/Mitaka.app
  • 9. 1. Intelligent Tracking Prevention - Apple, Inc. has announced “Intelligent Tracking Prevention [ITP]” at WWDC2017. - As a new WebKit feature. - Not a sort of ad-blocker. - Developers of other WebKit browsers than Safari might enable ITP on their products as well? - “They're gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong.” — Tim Cook, at the Electronic Privacy Information Center, 2015 - Third-party Cookie will be exterminated? Source: https://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy
  • 10. How does ITP work? If the user has not interacted with example.com in the last 30 days, example.com website data and cookies are immediately purged and continue to be purged if new data is added. However, if the user interacts with example.com as the top domain, often referred to as a first- party domain, Intelligent Tracking Prevention considers it a signal that the user is interested in the website and temporarily adjusts its behavior as depicted in this timeline: Source: https://webkit.org/blog/7675/intelligent-tracking-prevention/
  • 11. 2. Better Ads Standards - Proposed by The Interactive Advertising Bureau [Google/Facebook/etc] - Google has announced that Chrome is going to start blocking ads which don’t meet it in early 2018. - Not directly affects cookies. - Ethical-Internet-Ad era is coming. - We need to grasp their actions or trends carefully. Source: https://www.betterads.org/
  • 12. What kind of ads are out of the standards? Source: https://www.betterads.org/standards
  • 13. What kind of ads are out of the standards? Source: https://www.betterads.org/standards
  • 15. Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
  • 16. Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
  • 17. ETag
  • 18. ETag - Part of HTTP to provide web cache validation. - Client: Requests a content to a web server. - Server: Responses the web content with an ETag as a HTTP response header value. - Client: The browser caches the ETag. - Client: Requests the content again with appending the ETag automatically by the browser. - Server: If the ETag value matches the value on the web server, the server responses with a HTTP 304 Not Modified. - Setting an identifier to the ETag makes it work like as a cookie. Source: https://en.wikipedia.org/wiki/HTTP_ETag
  • 19. ETag
  • 20. HTST
  • 21. HTST [HTTP Strict Transport Security] - Allows web servers to declare that web browsers should only request using HTTPS connections. - HTST PIN for each domain is stored on browsers. - HTST PIN is a pattern of the domain and its subdomains with HTST availabilities as a series of bits [= binary]. - Reading the PIN by checking if requests to the domain and the subdomains are redirected or not. - HTST PIN can be read even in incognito mode. - Fixed on Firefox. - Safari stores HTST PIN on iCloud and unremovable, but the PIN changes regularly automatically? [unconfirmed] - Still available on Chrome. [unconfirmed] Sources: http://www.radicalresearch.co.uk/lab/hstssupercookies/ http://dev.classmethod.jp/client-side/browser/hsts-super-cookies/ http://dechnostick.hatenablog.com/entry/2015/01/09/003000
  • 22. HTST [HTTP Strict Transport Security] Source: http://www.radicalresearch.co.uk/lab/hstssupercookies/
  • 23. HTST [HTTP Strict Transport Security]
  • 24. Image Cache + Canvas
  • 25. Image Cache + Canvas - Using browser cache as a storage. - Using images as identifiers. - Server: Encode an identifier into a PNG’s chunk tEXt area or pixels. - Client: The browser caches the image . - Client: Decoding the image to the identifier by Canvas API and passing it to the server. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 27. Fingerprintings - Fingerprinting = Taking fingerprints by hashing the characteristics of various properties. - Using fingerprints as cookies. - The entropies of each fingerprinting are not high enough to identify users. - The entropies can get increased by combining multiple fingerprints. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 28. Fingerprintings - Browser Fingerprinting - Plugins/System Fonts/User Agent/Screen/HTTP Accept Headers/etc - Canvas Fingerprinting - Exploiting differences in the rendering of the same image with Canvas. - Font-based Fingerprinting - By Flash/Java/JavaScript, measuring the dimensions of rendered texts. - Device Fingerprinting - By Flash/Java/JavaScript/Plugins/Extensions, collecting device information. - etc Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 29. Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc => Super Cookie
  • 31. Evercookie - An OSS project by Samy Kamkar. - https://github.com/samyk/evercookie - Implements a Super Cookie. - 17+ Super Cookies in One JavaScript Library. - As long as one of them is alive at least, Evercookie keeps making all of them respawn. => Respawning Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 36. Rakuten ad4U - Developed by Drecom Co.,Ltd. in 2008. - Livedoor Co.,Ltd. [LINE Corporation] also launched it as livedoor ad4U. - Non-cookie-based targeting technology enabled by a vulnerability of browsers. - An article from NIKKEI NET revealed the technology enabled ad4U and made it controversial. - They only provided one-year opt-out. - Users and some players in the field blamed them on it. - The vulnerability has been fixed since 2010, and they had to stop their services. Source: https://ja.wikipedia.org/wiki/楽天ad4U
  • 37. The vulnerability - Bug 147777 [Mozilla] - Bug 24300 [WebKit] Source: http://takagi-hiromitsu.jp/diary/20081211.html
  • 38. Do the Ethically Right Things, or ruin internet ad.
  • 40. Conclusion - Intelligent Tracking Prevention [Apple] - Better Ads Standards [Google/Facebook] - Alt-Cookies - Super Cookie - ad4U - Do the Ethically Right Things, or ruin internet ad. - For the future of internet ad, be more carefully with the matters.