SlideShare a Scribd company logo

Alt-Cookies and Controversies in Ethics

K
Kazuhiro Kosaka

This document discusses alternative cookies known as "alt-cookies" and related ethical controversies. It provides background on Apple's Intelligent Tracking Prevention and the Better Ads Standards. It then describes various types of alt-cookies that can be used for tracking, including ETags, HSTS, image caching with Canvas, and different fingerprinting techniques. The document also discusses Evercookie, which implements multiple alt-cookies. It looks back at the 2008 Rakuten ad4U controversy where non-cookie tracking was used. The conclusion emphasizes the need to handle user tracking and advertising ethically to avoid undermining the future of online advertising.

Technology
1 of 40
Download to read offline
Alt-Cookies and Ethical Controversies Kazuhiro Kosaka Engineer, MDH, CyberAgent, Inc.
Kazuhiro Kosaka - Working for CyberAgent, Inc. since 2009. - Pigg [Java/Flash] - Feature-phone Browser Games [Java] - Core-technology for Games [A Flash Player written in HTML5/JavaScript/Java dubbed as “Swine”] - Smartphone Browser Games [JavaScript/HTML/Java] - Smartphone Native Games [Node.js/Java/Unity C#] - MDH Ad-technology [Scala/Golang] - @hyperdash
Kazuhiro Kosaka GOHIKE
Kazuhiro Kosaka GOCAMP
Kazuhiro Kosaka VJING
Kazuhiro Kosaka Mitaka.app In-house use only https://ghe.ca-tools.org/kosaka-kazuhiro/Mitaka.app
Alt-Cookies
Background
1. Intelligent Tracking Prevention - Apple, Inc. has announced “Intelligent Tracking Prevention [ITP]” at WWDC2017. - As a new WebKit feature. - Not a sort of ad-blocker. - Developers of other WebKit browsers than Safari might enable ITP on their products as well? - “They're gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong.” — Tim Cook, at the Electronic Privacy Information Center, 2015 - Third-party Cookie will be exterminated? Source: https://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy
How does ITP work? If the user has not interacted with example.com in the last 30 days, example.com website data and cookies are immediately purged and continue to be purged if new data is added. However, if the user interacts with example.com as the top domain, often referred to as a first- party domain, Intelligent Tracking Prevention considers it a signal that the user is interested in the website and temporarily adjusts its behavior as depicted in this timeline: Source: https://webkit.org/blog/7675/intelligent-tracking-prevention/
2. Better Ads Standards - Proposed by The Interactive Advertising Bureau [Google/Facebook/etc] - Google has announced that Chrome is going to start blocking ads which don’t meet it in early 2018. - Not directly affects cookies. - Ethical-Internet-Ad era is coming. - We need to grasp their actions or trends carefully. Source: https://www.betterads.org/
What kind of ads are out of the standards? Source: https://www.betterads.org/standards
What kind of ads are out of the standards? Source: https://www.betterads.org/standards
Alt-Cookies
Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
ETag
ETag - Part of HTTP to provide web cache validation. - Client: Requests a content to a web server. - Server: Responses the web content with an ETag as a HTTP response header value. - Client: The browser caches the ETag. - Client: Requests the content again with appending the ETag automatically by the browser. - Server: If the ETag value matches the value on the web server, the server responses with a HTTP 304 Not Modified. - Setting an identifier to the ETag makes it work like as a cookie. Source: https://en.wikipedia.org/wiki/HTTP_ETag
ETag
HTST
HTST [HTTP Strict Transport Security] - Allows web servers to declare that web browsers should only request using HTTPS connections. - HTST PIN for each domain is stored on browsers. - HTST PIN is a pattern of the domain and its subdomains with HTST availabilities as a series of bits [= binary]. - Reading the PIN by checking if requests to the domain and the subdomains are redirected or not. - HTST PIN can be read even in incognito mode. - Fixed on Firefox. - Safari stores HTST PIN on iCloud and unremovable, but the PIN changes regularly automatically? [unconfirmed] - Still available on Chrome. [unconfirmed] Sources: http://www.radicalresearch.co.uk/lab/hstssupercookies/ http://dev.classmethod.jp/client-side/browser/hsts-super-cookies/ http://dechnostick.hatenablog.com/entry/2015/01/09/003000
HTST [HTTP Strict Transport Security] Source: http://www.radicalresearch.co.uk/lab/hstssupercookies/
HTST [HTTP Strict Transport Security]
Image Cache + Canvas
Image Cache + Canvas - Using browser cache as a storage. - Using images as identifiers. - Server: Encode an identifier into a PNG’s chunk tEXt area or pixels. - Client: The browser caches the image . - Client: Decoding the image to the identifier by Canvas API and passing it to the server. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Fingerprintings
Fingerprintings - Fingerprinting = Taking fingerprints by hashing the characteristics of various properties. - Using fingerprints as cookies. - The entropies of each fingerprinting are not high enough to identify users. - The entropies can get increased by combining multiple fingerprints. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Fingerprintings - Browser Fingerprinting - Plugins/System Fonts/User Agent/Screen/HTTP Accept Headers/etc - Canvas Fingerprinting - Exploiting differences in the rendering of the same image with Canvas. - Font-based Fingerprinting - By Flash/Java/JavaScript, measuring the dimensions of rendered texts. - Device Fingerprinting - By Flash/Java/JavaScript/Plugins/Extensions, collecting device information. - etc Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc => Super Cookie
Evercookie
Evercookie - An OSS project by Samy Kamkar. - https://github.com/samyk/evercookie - Implements a Super Cookie. - 17+ Super Cookies in One JavaScript Library. - As long as one of them is alive at least, Evercookie keeps making all of them respawn. => Respawning Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
Ethical Controversies
Super Cookies? Evercookie?
Looking Back to 2008
Rakuten ad4U
Rakuten ad4U - Developed by Drecom Co.,Ltd. in 2008. - Livedoor Co.,Ltd. [LINE Corporation] also launched it as livedoor ad4U. - Non-cookie-based targeting technology enabled by a vulnerability of browsers. - An article from NIKKEI NET revealed the technology enabled ad4U and made it controversial. - They only provided one-year opt-out. - Users and some players in the field blamed them on it. - The vulnerability has been fixed since 2010, and they had to stop their services. Source: https://ja.wikipedia.org/wiki/楽天ad4U
The vulnerability - Bug 147777 [Mozilla] - Bug 24300 [WebKit] Source: http://takagi-hiromitsu.jp/diary/20081211.html
Do the Ethically Right Things, or ruin internet ad.
Conclusion
Conclusion - Intelligent Tracking Prevention [Apple] - Better Ads Standards [Google/Facebook] - Alt-Cookies - Super Cookie - ad4U - Do the Ethically Right Things, or ruin internet ad. - For the future of internet ad, be more carefully with the matters.

Recommended

Introduction to QC
Introduction to QCIntroduction to QC
Introduction to QC
Kazuhiro Kosaka
 
Developers meetup sep-2017
Developers meetup sep-2017Developers meetup sep-2017
Developers meetup sep-2017
Seif Ibrahim
 
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
민태 김
 
BP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPagesBP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPages
edm00se
 
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
MarkupBox
 
Blazor Full-Stack
Blazor Full-StackBlazor Full-Stack
Blazor Full-Stack
Ed Charbeneau
 
Blazor v1.1
Blazor v1.1Blazor v1.1
Blazor v1.1
Juan Luis Guerrero Minero
 
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Eddie Lau
 

Recommended

Introduction to QC
Introduction to QCIntroduction to QC
Introduction to QC
Kazuhiro Kosaka
 
Developers meetup sep-2017
Developers meetup sep-2017Developers meetup sep-2017
Developers meetup sep-2017
Seif Ibrahim
 
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
웹을 지탱하는 차세대 기술 @한국웹20주년 컨퍼런스
민태 김
 
BP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPagesBP101: A Modernized Workflow w/ Domino/XPages
BP101: A Modernized Workflow w/ Domino/XPages
edm00se
 
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
AngularJS vs React JS vs Node JS: Which is Best For Web Development ?
MarkupBox
 
Blazor Full-Stack
Blazor Full-StackBlazor Full-Stack
Blazor Full-Stack
Ed Charbeneau
 
Blazor v1.1
Blazor v1.1Blazor v1.1
Blazor v1.1
Juan Luis Guerrero Minero
 
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Native Desktop App with Node.js Webkit (HTML, CSS & Javascript)
Eddie Lau
 
Blazor introduction
Blazor introductionBlazor introduction
Blazor introduction
Chih-Yang Lee
 
JavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyJavaScript Engine and WebAssembly
JavaScript Engine and WebAssembly
Changhwan Yi
 
Lazy angular w/ webpack
Lazy angular w/ webpackLazy angular w/ webpack
Lazy angular w/ webpack
Rich Snapp
 
Play! 101
Play! 101Play! 101
Play! 101
José Rivera
 
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingjQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript Testing
Vlad Filippov
 
Sfk13
Sfk13Sfk13
Sfk13
Flamur Mavraj
 
Electron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptElectron - Build desktop apps using javascript
Electron - Build desktop apps using javascript
Austin Ogilvie
 
JavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceJavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right Choice
Dmitry Sheiko
 
Blazor
BlazorBlazor
Blazor
Ed Charbeneau
 
JS Days Mobile Meow
JS Days Mobile MeowJS Days Mobile Meow
JS Days Mobile Meow
Greg Schechter
 
.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!
Rodrigo Kono
 
Hands on web development with play 2.0
Hands on web development with play 2.0Hands on web development with play 2.0
Hands on web development with play 2.0
Abbas Raza
 
Goodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorGoodbye JavaScript Hello Blazor
Goodbye JavaScript Hello Blazor
Ed Charbeneau
 
Angular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxAngular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFx
Dimcho Tsanov
 
Blazor
BlazorBlazor
Blazor
Sandun Perera
 
Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014
Stéphane Bégaudeau
 
Web Policies & Reporting
Web Policies & ReportingWeb Policies & Reporting
Web Policies & Reporting
Felix Arntz
 
WebAssembly Fundamentals
WebAssembly FundamentalsWebAssembly Fundamentals
WebAssembly Fundamentals
Knoldus Inc.
 
Electron
ElectronElectron
Electron
Virginia Rodriguez
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Deepu S Nath
 
Don't touch the mobile parts
Don't touch the mobile partsDon't touch the mobile parts
Don't touch the mobile parts
Francesco Fullone
 
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
brent bucci
 

More Related Content

What's hot

Blazor introduction
Blazor introductionBlazor introduction
Blazor introduction
Chih-Yang Lee
 
JavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyJavaScript Engine and WebAssembly
JavaScript Engine and WebAssembly
Changhwan Yi
 
Lazy angular w/ webpack
Lazy angular w/ webpackLazy angular w/ webpack
Lazy angular w/ webpack
Rich Snapp
 
Play! 101
Play! 101Play! 101
Play! 101
José Rivera
 
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingjQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript Testing
Vlad Filippov
 
Sfk13
Sfk13Sfk13
Sfk13
Flamur Mavraj
 
Electron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptElectron - Build desktop apps using javascript
Electron - Build desktop apps using javascript
Austin Ogilvie
 
JavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceJavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right Choice
Dmitry Sheiko
 
Blazor
BlazorBlazor
Blazor
Ed Charbeneau
 
JS Days Mobile Meow
JS Days Mobile MeowJS Days Mobile Meow
JS Days Mobile Meow
Greg Schechter
 
.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!
Rodrigo Kono
 
Hands on web development with play 2.0
Hands on web development with play 2.0Hands on web development with play 2.0
Hands on web development with play 2.0
Abbas Raza
 
Goodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorGoodbye JavaScript Hello Blazor
Goodbye JavaScript Hello Blazor
Ed Charbeneau
 
Angular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxAngular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFx
Dimcho Tsanov
 
Blazor
BlazorBlazor
Blazor
Sandun Perera
 
Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014
Stéphane Bégaudeau
 
Web Policies & Reporting
Web Policies & ReportingWeb Policies & Reporting
Web Policies & Reporting
Felix Arntz
 
WebAssembly Fundamentals
WebAssembly FundamentalsWebAssembly Fundamentals
WebAssembly Fundamentals
Knoldus Inc.
 
Electron
ElectronElectron
Electron
Virginia Rodriguez
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Deepu S Nath
 

What's hot (20)

Blazor introduction
Blazor introductionBlazor introduction
Blazor introduction
 
JavaScript Engine and WebAssembly
JavaScript Engine and WebAssemblyJavaScript Engine and WebAssembly
JavaScript Engine and WebAssembly
 
Lazy angular w/ webpack
Lazy angular w/ webpackLazy angular w/ webpack
Lazy angular w/ webpack
 
Play! 101
Play! 101Play! 101
Play! 101
 
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingjQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript Testing
 
Sfk13
Sfk13Sfk13
Sfk13
 
Electron - Build desktop apps using javascript
Electron - Build desktop apps using javascriptElectron - Build desktop apps using javascript
Electron - Build desktop apps using javascript
 
JavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right ChoiceJavaScript MV* Framework - Making the Right Choice
JavaScript MV* Framework - Making the Right Choice
 
Blazor
BlazorBlazor
Blazor
 
JS Days Mobile Meow
JS Days Mobile MeowJS Days Mobile Meow
JS Days Mobile Meow
 
.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!.NET no Browser - Webassembly com Blazor!
.NET no Browser - Webassembly com Blazor!
 
Hands on web development with play 2.0
Hands on web development with play 2.0Hands on web development with play 2.0
Hands on web development with play 2.0
 
Goodbye JavaScript Hello Blazor
Goodbye JavaScript Hello BlazorGoodbye JavaScript Hello Blazor
Goodbye JavaScript Hello Blazor
 
Angular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFxAngular vs React: Building modern SharePoint interfaces with SPFx
Angular vs React: Building modern SharePoint interfaces with SPFx
 
Blazor
BlazorBlazor
Blazor
 
Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014Modern Web Application Development Workflow - EclipseCon France 2014
Modern Web Application Development Workflow - EclipseCon France 2014
 
Web Policies & Reporting
Web Policies & ReportingWeb Policies & Reporting
Web Policies & Reporting
 
WebAssembly Fundamentals
WebAssembly FundamentalsWebAssembly Fundamentals
WebAssembly Fundamentals
 
Electron
ElectronElectron
Electron
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
 

Similar to Alt-Cookies and Controversies in Ethics

Don't touch the mobile parts
Don't touch the mobile partsDon't touch the mobile parts
Don't touch the mobile parts
Francesco Fullone
 
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
brent bucci
 
HTML5와 모바일
HTML5와 모바일HTML5와 모바일
HTML5와 모바일
ACCESS
 
HTML5 and CSS3 refresher
HTML5 and CSS3 refresherHTML5 and CSS3 refresher
HTML5 and CSS3 refresher
Ivano Malavolta
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design
Christopher Schmitt
 
The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5
Todd Anglin
 
AD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeedAD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeed
edm00se
 
Html5
Html5Html5
Html5
Zahin Omar Alwa
 
HTML 5
HTML 5HTML 5
HTML 5
Rajan Pal
 
Web assembly with PWA
Web assembly with PWA Web assembly with PWA
Web assembly with PWA
Shashank Sharma
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe
Stefano Di Paola
 
GWT and PWA
GWT and PWAGWT and PWA
GWT and PWA
Manuel Carrasco Moñino
 
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkBuilding a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
St. Petersburg College
 
HTML5 Intoduction for Web Developers
HTML5 Intoduction for Web DevelopersHTML5 Intoduction for Web Developers
HTML5 Intoduction for Web Developers
Sascha Corti
 
soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5
soft-shake.ch
 
Phonegap android angualr material design
Phonegap android angualr material designPhonegap android angualr material design
Phonegap android angualr material design
Srinadh Kanugala
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3
Pravasini Sahoo
 
Mobile web-debug
Mobile web-debugMobile web-debug
Mobile web-debug
FINN.no
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programming
hotrannam
 

Similar to Alt-Cookies and Controversies in Ethics (20)

Don't touch the mobile parts
Don't touch the mobile partsDon't touch the mobile parts
Don't touch the mobile parts
 
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
 
HTML5와 모바일
HTML5와 모바일HTML5와 모바일
HTML5와 모바일
 
HTML5 and CSS3 refresher
HTML5 and CSS3 refresherHTML5 and CSS3 refresher
HTML5 and CSS3 refresher
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design
 
The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5The Rich Standard: Getting Familiar with HTML5
The Rich Standard: Getting Familiar with HTML5
 
AD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeedAD113 Speed Up Your Applications w/ Nginx and PageSpeed
AD113 Speed Up Your Applications w/ Nginx and PageSpeed
 
Html5
Html5Html5
Html5
 
HTML 5
HTML 5HTML 5
HTML 5
 
Web assembly with PWA
Web assembly with PWA Web assembly with PWA
Web assembly with PWA
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe
 
GWT and PWA
GWT and PWAGWT and PWA
GWT and PWA
 
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkBuilding a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
 
HTML5 Intoduction for Web Developers
HTML5 Intoduction for Web DevelopersHTML5 Intoduction for Web Developers
HTML5 Intoduction for Web Developers
 
soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5soft-shake.ch - Introduction to HTML5
soft-shake.ch - Introduction to HTML5
 
Phonegap android angualr material design
Phonegap android angualr material designPhonegap android angualr material design
Phonegap android angualr material design
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3Introduction to HTML5 & CSS3
Introduction to HTML5 & CSS3
 
Mobile web-debug
Mobile web-debugMobile web-debug
Mobile web-debug
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programming
 

Recently uploaded

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 

Recently uploaded (20)

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 

Alt-Cookies and Controversies in Ethics

  • 1. Alt-Cookies and Ethical Controversies Kazuhiro Kosaka Engineer, MDH, CyberAgent, Inc.
  • 2. Kazuhiro Kosaka - Working for CyberAgent, Inc. since 2009. - Pigg [Java/Flash] - Feature-phone Browser Games [Java] - Core-technology for Games [A Flash Player written in HTML5/JavaScript/Java dubbed as “Swine”] - Smartphone Browser Games [JavaScript/HTML/Java] - Smartphone Native Games [Node.js/Java/Unity C#] - MDH Ad-technology [Scala/Golang] - @hyperdash
  • 6. Kazuhiro Kosaka Mitaka.app In-house use only https://ghe.ca-tools.org/kosaka-kazuhiro/Mitaka.app
  • 9. 1. Intelligent Tracking Prevention - Apple, Inc. has announced “Intelligent Tracking Prevention [ITP]” at WWDC2017. - As a new WebKit feature. - Not a sort of ad-blocker. - Developers of other WebKit browsers than Safari might enable ITP on their products as well? - “They're gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong.” — Tim Cook, at the Electronic Privacy Information Center, 2015 - Third-party Cookie will be exterminated? Source: https://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy
  • 10. How does ITP work? If the user has not interacted with example.com in the last 30 days, example.com website data and cookies are immediately purged and continue to be purged if new data is added. However, if the user interacts with example.com as the top domain, often referred to as a first- party domain, Intelligent Tracking Prevention considers it a signal that the user is interested in the website and temporarily adjusts its behavior as depicted in this timeline: Source: https://webkit.org/blog/7675/intelligent-tracking-prevention/
  • 11. 2. Better Ads Standards - Proposed by The Interactive Advertising Bureau [Google/Facebook/etc] - Google has announced that Chrome is going to start blocking ads which don’t meet it in early 2018. - Not directly affects cookies. - Ethical-Internet-Ad era is coming. - We need to grasp their actions or trends carefully. Source: https://www.betterads.org/
  • 12. What kind of ads are out of the standards? Source: https://www.betterads.org/standards
  • 13. What kind of ads are out of the standards? Source: https://www.betterads.org/standards
  • 15. Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
  • 16. Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc
  • 17. ETag
  • 18. ETag - Part of HTTP to provide web cache validation. - Client: Requests a content to a web server. - Server: Responses the web content with an ETag as a HTTP response header value. - Client: The browser caches the ETag. - Client: Requests the content again with appending the ETag automatically by the browser. - Server: If the ETag value matches the value on the web server, the server responses with a HTTP 304 Not Modified. - Setting an identifier to the ETag makes it work like as a cookie. Source: https://en.wikipedia.org/wiki/HTTP_ETag
  • 19. ETag
  • 20. HTST
  • 21. HTST [HTTP Strict Transport Security] - Allows web servers to declare that web browsers should only request using HTTPS connections. - HTST PIN for each domain is stored on browsers. - HTST PIN is a pattern of the domain and its subdomains with HTST availabilities as a series of bits [= binary]. - Reading the PIN by checking if requests to the domain and the subdomains are redirected or not. - HTST PIN can be read even in incognito mode. - Fixed on Firefox. - Safari stores HTST PIN on iCloud and unremovable, but the PIN changes regularly automatically? [unconfirmed] - Still available on Chrome. [unconfirmed] Sources: http://www.radicalresearch.co.uk/lab/hstssupercookies/ http://dev.classmethod.jp/client-side/browser/hsts-super-cookies/ http://dechnostick.hatenablog.com/entry/2015/01/09/003000
  • 22. HTST [HTTP Strict Transport Security] Source: http://www.radicalresearch.co.uk/lab/hstssupercookies/
  • 23. HTST [HTTP Strict Transport Security]
  • 24. Image Cache + Canvas
  • 25. Image Cache + Canvas - Using browser cache as a storage. - Using images as identifiers. - Server: Encode an identifier into a PNG’s chunk tEXt area or pixels. - Client: The browser caches the image . - Client: Decoding the image to the identifier by Canvas API and passing it to the server. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 27. Fingerprintings - Fingerprinting = Taking fingerprints by hashing the characteristics of various properties. - Using fingerprints as cookies. - The entropies of each fingerprinting are not high enough to identify users. - The entropies can get increased by combining multiple fingerprints. Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 28. Fingerprintings - Browser Fingerprinting - Plugins/System Fonts/User Agent/Screen/HTTP Accept Headers/etc - Canvas Fingerprinting - Exploiting differences in the rendering of the same image with Canvas. - Font-based Fingerprinting - By Flash/Java/JavaScript, measuring the dimensions of rendered texts. - Device Fingerprinting - By Flash/Java/JavaScript/Plugins/Extensions, collecting device information. - etc Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 29. Alt-Cookies - Flash Local Shared Objects / Silverlight Isolated Storage - HTTP ETags [ETag] - HTTP Strict Transport Security [HSTS] - Image Cache + HTTP Canvas - Browser Fingerprinting/Canvas Fingerprinting/Font-based Fingerprinting/Device Fingerprinting - etc => Super Cookie
  • 31. Evercookie - An OSS project by Samy Kamkar. - https://github.com/samyk/evercookie - Implements a Super Cookie. - 17+ Super Cookies in One JavaScript Library. - As long as one of them is alive at least, Evercookie keeps making all of them respawn. => Respawning Source: https://www.esat.kuleuven.be/cosic/publications/thesis-289.pdf
  • 36. Rakuten ad4U - Developed by Drecom Co.,Ltd. in 2008. - Livedoor Co.,Ltd. [LINE Corporation] also launched it as livedoor ad4U. - Non-cookie-based targeting technology enabled by a vulnerability of browsers. - An article from NIKKEI NET revealed the technology enabled ad4U and made it controversial. - They only provided one-year opt-out. - Users and some players in the field blamed them on it. - The vulnerability has been fixed since 2010, and they had to stop their services. Source: https://ja.wikipedia.org/wiki/楽天ad4U
  • 37. The vulnerability - Bug 147777 [Mozilla] - Bug 24300 [WebKit] Source: http://takagi-hiromitsu.jp/diary/20081211.html
  • 38. Do the Ethically Right Things, or ruin internet ad.
  • 40. Conclusion - Intelligent Tracking Prevention [Apple] - Better Ads Standards [Google/Facebook] - Alt-Cookies - Super Cookie - ad4U - Do the Ethically Right Things, or ruin internet ad. - For the future of internet ad, be more carefully with the matters.