Webkit 的「反追蹤反追蹤」功能...

第一次看到標題的時候的確是 WTF 的感覺,愈來愈感覺到大戰的開始:「Preventing Tracking Prevention Tracking」。

在蘋果的平台上有 Intelligent Tracking Prevention (ITP) 功能,但先前這個功能比較簡單,所以還是有很多地方可以被當作 browser fingerprint 的一部份分析,所以蘋果決定改善,然後在新版的軟體裡引入:

This blog post covers enhancements to Intelligent Tracking Prevention (ITP) included in Safari on iOS and iPadOS 13.3, Safari 13.0.4 on macOS Catalina, Mojave, and High Sierra.

包括了跨站台時 Referer 的省略:

ITP now downgrades all cross-site request referrer headers to just the page’s origin. Previously, this was only done for cross-site requests to classified domains.

然後後面三個改善都跟 3rd-party cookie 有關,其中預設擋掉帶 cookie 的 3rd-party requests 應該會讓一些網站掛掉:

ITP will now block all third-party requests from seeing their cookies, regardless of the classification status of the third-party domain, unless the first-party website has already received user interaction.

早期自己做自家 SSO 的奇技淫巧中,會設計出透過 ajax 打多個不同的網域自動登入,看起來應該會需要檢查了...

Apple 對 Tracking 機制的宣言 (宣戰)

Apple 透過 WebKit 的 blog 公佈了對 tracking 技術的宣言 (或者說「宣戰」):「Announcing the WebKit Tracking Prevention Policy」,完整的文件在「WebKit Tracking Prevention Policy」可以看到。

相關的報導可以參考「Apple will soon treat online web tracking the same as a security vulnerability」。這篇會這樣下標題主要是這點:

We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.

不過技術上還是很困難,現在在瀏覽氣上有太多方式可以被拿來追蹤分析。

另外也不用認為蘋果是什麼善類,他只是不太靠廣告賺錢,所以會決定站出來把隱私保護當產品在推銷,哪天有什麼奇怪的特例跑出來的時候也不用太意外...

Google Cloud Platform 的 DLP API

在「New ways to manage sensitive data with the Data Loss Prevention API」這邊提到三月的時候就推出了 DLP API (在「Discover and redact sensitive data with the Data Loss Prevention API」這邊提到的),不過沒什麼印象:

The Data Loss Prevention (DLP) API, which went beta in March, can help you quickly find and protect over 50 types of sensitive data such as credit card numbers, names and national ID numbers.

這次看了一下範例,可以直接對圖片上面分析:

先記起來,看起來之後應該有機會用到?(像是分析使用者上傳的圖片)

偵測信用卡交易是否為盜刷的服務

翻資料的時候發現 Sift Science 這家公司,直接看官網提供的範例程式碼會比較清楚,PHP code 長這樣:(在 single quote 裡面放變數,看起來不會動 XDDD)

require 'sift-php/lib/Services_JSON-1.0.3/JSON.php';
require 'sift-php/lib/SiftRequest.php';
require 'sift-php/lib/SiftResponse.php';
require 'sift-php/lib/SiftClient.php';

$sift = new SiftClient('my_api_key');
$response = $sift->track('$transaction', array(
  '$user_id' => '$billy_jones_301',
  '$user_email' => '$bill@gmail.com',
  '$transaction_type' => '$sale',
  '$transaction_status' => '$success',
  '$amount' => '100000000',
  '$currency_code' => 'USD',
  '$billing_address' => array(
    '$name'         => 'Bill Jones',
    '$phone'        => '1-415-555-6041',
    '$address_1'    => '2100 Main Street',
    '$address_2'    => 'Apt 3B',
    '$city'         => 'New London',
    '$region'       => 'New Hampshire',
    '$country'      => 'US',
    '$zipcode'      => '03257'
  ),
  '$payment_method' => array(
    '$payment_type'    => '$credit_card',
    '$payment_gateway' => '$braintree',
    '$card_bin'        => '542486',
    '$card_last4'      => '4444'
  )
));

https://packagist.org/search/?q=Sift 這邊也有看到一些東西,應該也可以用 Composer 掛起來用...

費用的部份,量夠大的時候,平均下來就是一筆 USD$0.01 (前一萬筆不用錢,接下來一萬筆 USD$0.02,然後都是 USD$0.01),約 NTD$0.3:

First 10,000 transactions per month Free!
Next 10,000 transactions 2¢ each
Every transaction above that 1¢ each