►
From YouTube: SES Meeting: Google ArcsJS
Description
Wherein we meet the Google ArcsJS team, who use the ses Hardened JavaScript as a foundation for mitigating user fingerprinting.
A
B
B
A
E
B
D
B
B
B
B
All
right,
so,
what's
our
overall
goal,
so
you
have
heard
both
Bernie
and
Sarah
mentioned
approvable
privacy,
which
is
the
broader
group
that
we
are
a
part
of
at
Google,
and
our
whole
goal
is
to
have
privacy
preservation
on
the
open
web.
So,
instead
of
and
one
of
our
big
principles
is
user
sovereignty.
So,
instead
of
a
traditional
programming
model,
where
you
have
your
data,
your
user
data
come
to
the
code
we
flip
that
around
and
instead
we
have
the
data.
B
B
Paradigm
there's
one
of
the
things
we're
going
to
show
you
a
demo
of
here
is
a
picker
for
fingerprintable
data,
so
in
particular,
we've
been
looking
at
fonts,
but
we
also
have
a
demo
for
photos
these
days,
your
permission,
pop-ups
well,
first
off
there's,
so
many
of
them
users
often
get
overwhelmed
and
just
say
yes
to
everything,
especially
now
that
we
have
to
say
yes
to
cookies
on
every
website,
but
they're,
also
overly
generic.
So
when
I
logged
into
Zoom
here
today,
Zoom
asked
for
permission
to
see
my
camera
and
I'm.
B
The
key
to
the
lightweight
components
is
that
they
are
executed
in
a
secure
environment
and
that's
what
allows
us
to
then
do
policy
language,
because
they
can't
interact
with
things
unless
they've
declared
it.
You
can
also
mix
and
match
them.
We
like
to
call
this
Choose
Your,
Own
Adventure,
so
in
the
little
example
I
have
here,
we
have
this
data,
which
is
your
date
of
birth
and
we're
calculating
your
age,
but
we
could
also
change
it.
So
maybe
it's
going
to
calculate
your
birthstone.
B
Those
would
both
be
different
things
and
you
can
kind
of
mix
and
match
them
in
this
way.
They're
also
a
mutable
function
based
which
is
really
important,
and
a
lot
of
why
we're
using
cess
and
we'll
be
talking
a
lot
more
about
this,
but
here's
just
an
example
of
what
a
birthstone
calculator
might
look
like.
You
can
update
to
the
date
of
birth.
It's
going
to
figure
out
what
your
gemstone
is
based
on
the
month.
B
We're
gonna,
try
very
hard
to
not
use
these
words,
but
they
might
slip
out
so
I
wanted
to
very
briefly
touch
on
them.
These
are
what
we
call
them
internally
and
then
our
code
and
all
those
kinds
of
things.
So
if
you
go
on
GitHub
you'll
see
these
words
used
a
lot.
A
particle
is
what
we
call
one
of
these
lightweight
code
components
store
is
just
where
your
data
is
stored.
It's
fairly
easy,
but
a
recipe
is
a
combination
of
these
particles
in
stores.
B
B
All
right
the
policy
language,
as
we've
mentioned,
we
are
approvable
privacy.
That's
what
we're
interested
in
in
the
policy
language
is.
What
lets
us
do
that
it
lets.
You
say:
hey
some
parts
of
our
code
are
trusted
and
some
parts
are
untrusted
and
we
want
them
all
to
declare
data
access
and
any
egress
of
that
data,
and
we
can
enforce
all
of
that.
B
This
allows
the
different
particles
or
code
components
to
delegate
rendering
they
can
either
render
themselves
or
they
can
say,
hey
I
want
to
pass
this
rendering
off.
Let
another
code
component
handle
it
and
is
what
allows
us
to
have
that
user
driven
experience
where
things
can
be
mixed
and
matched
because
we
can
compose
these
experiences
on
the
Fly.
We
can
also
combine
trusted
and
untrusted
components.
B
This
is
much
better
understood
with
an
example,
so
I'm
just
going
to
explain
the
screenshot
really
quickly
and
then
hand
it
off
to
Ray
for
the
actual
demo,
but
you're
going
to
see
in
the
demo.
You're
gonna
see
this,
which
is
a
it's
based
on
quill,
which
is
an
open
source
document
editor
and
we've
replaced
the
font
picker
with
our
own.
So
this
is
actually
the
font.
Picker
is
being
run
in
arch.js,
it's
a
its
own
code
component
or
a
few
of
them,
and
so
this
green
box
tool
is
safe.
B
E
E
E
If
it
wanted
to
oh
wait,
I
should
highlight
something:
first,
you
can
see
the
effects
so
here
I'll
highlight
something
I'll
bring
up
the
font
picker.
This
is
the
area
in
green.
You
saw
before
and
you
can
see,
there's
like
thousands
of
fonts
here.
If
I
scroll
down,
it's
like
every
font
is
still
on
my
system,
and
so
if
I
choose
choose
that,
of
course,
I
can
highlight
it
now.
E
The
interesting
thing
here
is
that
so
this
whole
thing
is
running
inside
of
SCS,
which
will
describe
like
exactly
like
how
we're
using
SAS
for
this
later,
but
I
also
bring
up
the
dev
tools.
It's
just
like
a
little
slide
up
thing
here.
Just
to
show
you
a
little
taste,
you
can
see
that
there's
a
policy
tab
here,
oh
okay,
didn't
load
that
time.
Let
me
do
it
again:
you
can
see
it
says.
E
Policy
is
valid
and
then
here
we
have
sort
of
like
this
little,
what
we
call
IR
internal
representation
of
the
what's
happening,
and
this
uses
this
project
rocksha,
which
basically
evaluates
this
little
policy
language,
which
verifies
that
data
can't
be
properly.
Data
can't
be
egressed
unless
you
actually
click
on
it,
and
so
the
key
thing
here
is
that
the
the
fonts
that
are
rendered
here
on
the
screen,
basically
there's
an
event
handler
like
an
on
click
and
the
on
click.
E
Handler
is
not
permitted
to
exfiltrate
data
unless
it's
the
result
of
a
user
action
and
that's
specified
in
the
policy.
So
if
I
click
on
this
impact,
then
it
can,
you
know,
write
data
outside
the
system.
Back
to
the
quill
font
editor,
however,
if
I
tried
to
trigger
that
font,
click
artificially
or
via
just
some
other,
just
straight
up
method
called
the
policy
verifier
would
not
permit
it,
and
so
you
can
like
rest
the
data.
E
E
The
key
point
is
that
the
map
function
is
like
running
immutable
like
SES
space
and
it's
it
runs
the
untrusted
code,
but
the
reduced
part
stamps
to
template
actually
is
not
under
the
user
control
that
actually
happens
as
part
of
the
system
and
so
during
the
actual,
rendering
there's
no
untrusted
code
that
sees
more
than
one
font
at
a
time
it.
Never
no
one
ever
gets
to
see
the
entire
list
of
fonts.
They
can't
they
can't
create
any
external
mutable
States.
H
Do
I
have
a
question
about
that
yeah.
So
when
you
say
immutable
SCS
without
any
further
mechanism
cannot
verify
that
a
function
is
immutable,
but
it
can
ensure
that
any
mutable
state
it
has
is
confined
to
that
function.
Instance
is
so.
Can
you
explain
what
you
mean
by
immutable
when
you
talk
about
immutable
functions.
E
H
E
H
E
And-
and
that's
actually
kind
of
one
of
the
reasons
we
would
like
we,
we
actually
wanted
to
have
this
discussion
today,
because
we
are
not
100
sure
what
we're
doing
is
safe
and
it
would
kind
of
be
cool
as
if
there
was
like
a
sort
of
built-in
sort
of
add-on
for
SCS
or
some
other
kind
of
like
Shadow
Realms,
or
something
where
we
could
say.
Hey
we'd
like
this
to
be
an
immutable
context
right.
That
kind
of
thing.
F
H
I
E
There's
one
called
sort
key,
that's
like
to
control
the
font
sorting
but,
most
importantly,
there's
a
display
style
attribute
that
it
creates
you,
see,
font,
family
font,
weight
and
so
on,
and
that's
actually
used
to
set
a
style
attribute
on
the
template.
If
you
look
down
at
the
very
bottom,
you'll
see
a
span
sample
and
then
style
is
equal
to
display
style.
E
So
what
happens
is
is
that
this
immutable
function
called
decorator,
creates
this
extra
property
called
display
style,
which
is
basically
some
CSS
and
that's
actually
stamped
into
that
template
there
with
the
sample.
And
so
that's
that's
how,
when
you
see
the
font
drop
down,
it
actually
will
say
it
will
actually
have
the
the
font
styled
its
name
styled
in
the
actual
font
itself.
So
you
can
see
what
the
font
looks
like.
So
you
see
it
says
like
if
impact
as
a
sample.
That's
what
that's
why
it
looks
like
that.
E
Otherwise
it
would
just
be
a
plain
list
of
fonts.
So
that's
that's
one
example
now
this
looks
this
looks
and
feels
like
it's
quite
it
might
be
too
restrictive,
but
actually
we
have
a
lot
of
apps.
We
could
show
where
this
is
quite
powerful
and
you
can
write
quite
powerful
apps
just
using
immutable
functions
and
Transformations
like
this.
D
Like
that,
you
say,
I
want
to
take
questions
later.
I
have
a
question
on
the
bootstrap,
so
in
I
I
mean
you
can
answer
it
later.
So
you,
you
said
your
the
application,
the
outside
application,
the
editor
is
untrusted.
So
how
do
you
initialize
success
in
or
where
it
says
loaded
exactly
so
that
that
editor
application
doesn't
cannot
compromise,
cess
or
or
the
the
prime
modules
so
that
it
can
get
access
to?
Actually
what
you're
trying
to
hide
from
it.
F
Everything's
done
in
layers
because
there's
no
one-size-fits,
all
every
customer
is
different,
so
some
apps
are
trusted.
Some
aren't
in
this
case.
If
you're
producing
a
plug-in,
it
gets
tricky
I
mean
I.
Sorry,
this
is
hard,
but
essentially
at
some
level.
What
we'll
do
is
make
a
worker
and
lock
down
the
worker.
Okay,.
A
F
Just
in
general,
because
it's
a
good
idea
and
I
can
so
far
we've
been
able
to
make
this
work.
My
only
concern
was
there's
libraries
that
do
bad
stuff.
We
use
tensorflow.
We
use
a
lot
of
these
big
big
gnarly
libraries
that
like
to
mess
with
prototypes
and
primordials,
but
so
far
we've
been
able
to
make
them
play
nice
with
SASS
and
so
yeah.
D
C
I
just
want
to
drive
since
Scott
was
bringing
up
I've
trusted
and
unplustered
apps,
like
one
use
case
we
didn't
put
in
the
slides,
is
someone
would
have
a
website
wants
to
host
on
trusted
code.
So
in
this
case
the
web,
the
container
is
trusted,
I
could
be
I,
don't
think,
or
something
like
that
Salesforce
and
would
load
untrusted
code
and
then
Things
become
a
lot
simpler
because
then
the
entire
content
is
trusted
and
you
don't
just
need
to
compartmentalize
these
things.
H
F
Yeah
so
100
this.
What
looks
like
HTML
templates
in
the
context
where
SAS
is
where
all
the
danger
is
is
virtualized
completely
so
I
mean
it
doesn't
even
have
to
be
Dom.
We
can
render
to
any
kind
of
rendering
environment.
It's
just
there's
a
template
and
then
a
model
system.
So
yeah
it's
arm's
length.
So
we
do
is
say
it's
it's
just
more
data
output
from
the
particles
from
this
code
standpoint:
here's
some
data-
hopefully
you
will
render
this
I-
would
like
you
to
render
this.
F
Please
it's
kind
of
always
what
this
untrusted
code
can
do.
It
makes
requests
so
yeah.
This
goes
through
a
system
we
have
so
we
use
Shadow
Dom,
all
the
styles
are
locked
down
and
then
the
events
that
come
back
are
cleansed.
We
don't
send
events
back,
we
send
eventlets
or
just
have
these
little
sniblets
of
data
like
this
key
is
another
play.
F
Ray
mentioned
this
I
don't
mean
to
wax
too
much,
but
that
we
reduce
the
amount
of
data
coming
back
so
much
I
assumed
it
wouldn't
be
useful,
but
it
turns
out,
it's
actually
really
useful,
so
yeah
we're
very
careful
to
use
Dom
similar
to
how
we're
using
ecmascript
is
even
this
just
last
thing.
This
use
of
template
is
very
much
on
purpose.
Is
a
platform
primitive
that
once
we
put
this
into
Dom,
these
things
are
inert
until
we've
had
a
chance
to
check
that
right
is.
H
D
D
E
E
I
I
use
this
terminology,
I,
don't
know
if
Scott
does
but
I
I
say
that
the
way
the
event
system
works
is
you
can
only
practically
be
given
back
what
you
gave
in
the
first
place.
So
when
you
set
like
a
let's
say,
one
click
Handler
on
a
Dom
element,
the
event
that
you
get
back
when
someone
clicks
on
it,
basically
is
only
data
that
you
gave
to
the
template
in
the
first
place.
E
So
if
you,
you
know,
if
you
want
like
when
you,
when
you
say,
like
you
know,
div
like
on
click
equals
on
font
click,
you
you
give
it
a
value
attribute
like
value
equals
impact
is
the
name
of
the
font,
and
so,
when
you
click
on
the
the
font
on
the
Dom,
what
the
arcs
runtime
sends
back
to
this
untrusted
code
is
only
the
value
that
came
out
of
that
mapping
function,
which
is
like,
let's
say
the
name
of
the
font.
You
can't
you
can't
send
back.
E
I
F
It
yeah
I'm
sort
of
a
I'm
sort
of
lit's
grandfather,
so
I
I'm,
not
just
me,
but
my
a
team
and
I
invented
polymer,
which
is
sort
of
the
precursor
to
lit
so
the
Palmer
team
evolved
into
lit
and
I
ran
off
with
Bernie
to
do
this,
this
fun
stuff.
Instead,
so
yeah
I'm
only
mentioning
DNA
a
lot
of
people
go
wow.
This
looks
kind
of
like
lit
it's
just
because
yeah
the
same,
there's
shared
DNA
yeah,
but
it
is.
It
is
custom.
I
Yeah
I
I,
so
I,
so
it
it
feels
to
me
that
this
is
just
a
side
comment.
So
it
feels
to
me
that
this
has
a
a
similar
problem
that
the
similar
problem
of
other
systems,
including
some
from
Google,
where
authors
has
to
write
the
code
in
a
very,
very
peculiar
way,
obviously
that
that
goes
against
the
grain
in
terms
of
adoption.
I
This
structure
that
you
have
in
here
now
that
that's
the
deal
breaker,
but
it's
a
very,
very
big
limitation
in
terms
of
adoption,
so
I
wonder
if
you
the
fact
that
this
is
the
all
the
information
that
you
can
have
inside
these
functions,
and
so
on
is
immutable.
So
there's
no
really
much
that
you
can
do
there
to
do
a
program
that
has
on
stage
statefulness
on
it.
If
it's
I
I
wonder
at
least
two
restrict
it
like.
C
It's
not
a
non-goal
to
say
any
arbitrary
code
on
the
web
can
can
be
plugged
in
here,
and
it
will
just
work.
I
do
have
to
change
the
style.
That's
it
I
think
it's
sort
of
the
long
run
where
I
would
see
this
project
go
is
sort
of
a
layering
where
this
is
like
a
one
of
the
Frameworks
that
sits
on
top
of
some
Basics
like
SCS
and
the
policy
enforcement,
and
so
on.
C
But
but
they
are
not
that
different
from
how
modern
Frameworks
tend
to
look
today
like
this
sort
of
function,
reactive
style
that
we've
seen
become
very
popular
recently
tends
to
break
things
down
in
very
small
bits
that
are
often
just
pure
functions
and
I'll
get
back
to
the
statefulness
in
a
second.
So
that's
how
that's?
How
sort
of
over
a
long,
Arc
I
would
see?
C
You
know
pun
intended
this
thing
evolved
where
we
get
the
layering
right,
which
we
haven't
gotten
by
yet
we're
still
experimenting
with
these
things
and
like
have
really
few
bits
that
have
to
be
trusted
and
right
now
here
the
template
language,
for
example,
is
trusted.
That's
like
one
of
the
pieces
that
is
trusted,
but
you
could
imagine
extending
Dom
standards
like
web
standards
so
that
the
Dom
becomes
right.
Only
like
you
can
only
take
the
principle
that
Ray
spelled
out.
C
They
can
only
ever
read
out
of
the
Dom
what
you
put
in,
and
you
can't
Traverse
out
of
a
barrier
income
and
read
computed
Style
Elements.
If
you
had
that,
for
example,
you
would
you're
a
lot
more
flexible
again.
So
there's
all
these
kinds
of
things
that
we
could
be
doing.
We
just
don't
haven't
done
it
on
the
cell
phone
list.
The
way
you
we
do,
sales
statefulness
is
by
essentially
having
yourself
a
parameter.
The
state
parameter
that
we
just
return
and
then
it
gets
passed
to
you
the
next
time.
C
You
call
it
yourself,
so
we
just
make
it
very
explicit,
and
here
again
the
goal
is
just
to
make
it
explicit
in
the
code
so
that
we
can
do
explicit
policy
enforcement
and
go
like
okay.
This
thing
is
stateful.
It
will
remember
we
have
to
assume
it
will
remember
all
its
inputs,
but
that
can
be
fine
like
it's
not
fine
for
the
scoring
function
in
The
Decorator
here,
because
that
would
be
for
fingerprinting,
but
for
many
other
cases
it's
fine.
You
just
need
to
distinguish
it.
C
E
We
pass
you,
but
in
other
contexts
like
let's
say
you
want
to
favorite
a
font
or
something
a
user
wants
to
click
on
something
and
say
like
I'm
going
to
mark
this,
as
like
one
of
my
favorite
fonts,
the
state
capability,
you
have
becomes
mutable
and
you
can
actually
like
put
into
it
like.
Oh,
this
is
one
of
the
favorited
fonts,
so
that,
like
Pro,
that
prohibits
fingerprinting
where
you
can
just
accumulate
a
state.
E
You
know
over
the
entire
thing,
but
if
a
user
is
actually
clicking
on
the
font,
you
are
allowed
to
mutate
the
state
via
the
state
capability.
So
it's
when
we
say
it's,
we
don't
allow
States.
Basically,
we
don't
allow
Java
arbitrary,
JavaScript
State
for
the
language
level,
but
we
do
have
like
a
state
capability
that
you
can
acquire,
depending
on
the
the
recipe
and
the
policy.
I
Yeah
I
know
all
these
resonates
well.
I
think
I
think
the
the
biggest
issue
is
going
to
be
it's
very
similar
to
what
what
happened
with
am
from
Google
as
well
like
being
able
to
bring
existing
libraries
like
let's
say:
oh
I
want
to
bring
this
library
that
is
doing
this
computational
piece
of
it.
How
can
I
do
that
and
how
can
I
depend
on
that?
I
I
suspect
that
you
don't
have
a
module
system
here
to
do
you?
Can
you
do
Imports
here
and
what
kind
of
interaction
can
you
have
between
different
untrusted
pieces
or
even
between
untrusted
pieces
and
trusted
pieces?
It
becomes
very
limiting
in
what
they
can
do
and
yeah
they
can
build
a
version,
but
they
have
to
go
all
the
way
in.
F
Yeah
I
mean
these
are
valid
concerns
for
sure
I
think
some
of
them
are
just
table.
Stakes
like
you
just
you
have
things
that
are
trusted
and
things
that
aren't
trusted
and
you
have
to
deal
with
it.
So
we
try
to
manage
everything
with
the
budgetary
concept
so
and
that
the
other
observation
that
we
have
is
that
a
lot
of
the
difficult
things,
the
high
power
things
so
I
think
I
mentioned
tensorflow
media
pipes,
webgl
webrtc,
like
these
big
gnarly
things
are
in
a
separate
layer
where
they're
trusted,
so
we
have
to.
F
There
is
a
place
where
you
go:
okay,
I'm
going
to
apply,
give
you
a
library
of
stuff
I'm
going
to
say
this
is
trusted
and
we
usually
try
to
make
those
things
a
different.
You
know,
stateless
whatever,
to
improve,
make
it
more
likely
that
they're
trusted,
but
those
tend
to
be
Leaf
nodes.
And
then
what
happens?
Is
you
know?
F
You
only
need
one
webgl
thing
so
once
that's
kind
of
locked
in
where
all
the
novelty
and
creativity
occurs
is
sort
of
at
this
higher
level,
and
we
can
do
that
in
the
particle
space
and
because
it's
safe
and
plugable
it's
hyper
modular
and
all
that
the
evolution
rate
is
just
much
higher,
so
I
mean
I'm,
not
claiming
this
is
mathematical.
This
is
just
sort
of
emerged.
What
we've
seen
but
I
mean
it's
definitely
happened
in
the
media.
F
States
like
image
guys
said:
well
we're
going
to
need
all
these
services
to
do
all
this
stuff
and
it
turned
out.
Well,
they
kind
of
need
some
com,
certain
convolutions,
and
you
can
parameterize
a
lot
of
this
stuff
and
then
build
those
trusted
blocks,
and
it
just
becomes
power
that
you
can
invoke
through
the
safety
lens
of
the
policy
and
these
particles
to
keep
the
creative
part
in
the
untrusted
zone.
I
hope
that
was
Koji,
but
anyway
I'm
not
saying
we
have
the
answers.
I
want
to
just
say
yeah.
This
is
really
cool.
F
E
I
was
going
to
say
that
if,
if
we
had
a
a
much
more
powerful
code,
static
code
analysis
and
like
rewriting
system,
some
of
the
pain
could
be
removed
by
transformation.
Things
like
Imports
might
actually
be
supportable
lately
static,
Imports
by
some
transformation
which
actually
like
reassembles
them
via
our
recipe
system
where
they're,
basically
like
you,
know,
automatically
extracted
and
put
into
separate
particles
or
put
into
or
there's
like
capability
or
a
service
created.
That's
then
passed
into
your
particle
for
use.
H
Import
specifically
I
mean.
Certainly
there
are
certain
things
you
can
do
with
with
Transformations
that
you
can't
do
assess
without
Transformations,
but
for
imports
specifically
I.
They.
Our
whole
compartment
system
is
so
that
you
can
provide
custom
import
environments
on
a
per
compartment
basis,
if
there's
anything
that
you're
doing
on
remapping
Imports
that
you
need
transformation
for
rather
than
just
using
the
compartment
API,
as
is
I,
would
actually
be
surprised.
I
Right,
I
I
think
at
least
even
even
with
layer
0
of
the
module.
How
many
f
word
you
you
take
back
the
control
over
the
import.
What
does
static
or
dynamic
doesn't
really
matter.
You
take
back
the
control
there
and
then
you
can
do
all
sort
of
things
to
connect
the
two
pieces
that
are
non-trusted
and
it's
still
preserving
the
the
module,
the
module
system
and
the
module
capability.
A
If
you
haven't
looked
at
law
remote,
yet
it
would
be.
That
would
be
a
good
thing
to
look
at
we're
a
little
bit
past
half
time
the
I'd
like
to
see
through
to
the
end
of
the
deck
personally
and
I
think
that
I'd
and
if
we
have
time
after
that,
I
think
that
we
ought
to
revisit
the
topic
of
Purity
since
I
think
that
would
be
the
functional
Purity
since
I
think
that
would
be
valuable
to
this
group.
G
G
One
is
like
have
an
understanding
of
the
data,
it
could
be
things
like
jsons
or
like
data
classes
or
like
the
Java
classes
and
stuff
for
that,
and
the
other
thing
is
like
you
need
to
understand
how
the
data
is
being
used
like
what
is
the?
What
is
the
behavior
of
the
system
in
terms
of
like
how
is
the
data
being
accessed?
G
What
sort
of
processing
happens
and
stuff
like
that
and
I
think
you
also
need
some
sort
of,
like
data
flow
analysis,
to
track
the
properties
of
interest
on
the
on
the
on
the
gravity
of
the
world
on
the
description
of
the
behavior?
And
finally,
you
want
to
have
some
sort
of
like
policy
that
says:
okay.
What
is
a
lot
of?
What's
not
allowed
I'll
just
dive
a
little
bit
into
all
of
these
things
in
the
coming
slides.
G
What
sort
of
act,
processing
or
accesses
happens
to
the
data
you
want
to
be
able
to
describe
all
these
systems
and
that's
where
the
notion
of
ir
comes
in
can
go
to
the
next
slide,
please
so
so
the
idea
is
like
this
is
kind
of
like
borrowed
from
compilers.
The
compilers.
You
have
different
language
front
ends
that
actually
generate
an
IR
and
all
the
I
mean
optimizations
and
and
error
handling
and
stuff
happens
on
the
IR.
So
the
idea
is
very
similar
here,
so
you
have
different
data
processing
systems.
G
If
you
have
a
common
intubated
representation
that
can
be
used
describe
the
beard
of
the
different
systems,
then
we
can
actually
translate
the
data
processing
into
the
common
ir
and
reason
about
all
of
them
together.
So
that's
how
we
would
actually
be
able
to
reason
about
a
system
that
actually
has
different
data
processing
pipelines
like
the
one
that
I
showed
them
previously
and
there's
actually
a
very
well
known
idea
and
compilers
and
following
drugs.
So
yeah
next
slide.
Please.
G
So
here
is
a
snapshot
of
all
the
aspects
that
I
talked
about
so
on
the
and
here
I'm,
just
showing
it
for
how
we're
doing
this
for
a
SQL
query.
So
on
the
leftmost
left
top
you
have
the
SQL
query,
which
is
actually
the
data
processing
and
then
below.
We
actually
have
an
IR
which,
if
you're
familiar
with
llvm
or
mlar,
it's
a
it's
a
representation
of
what's
happening.
G
So
basically
some
data
is
being
read,
two
columns
are
being
written
and
some
sort
of
anonymization
is
happening
and
finally,
we
have
a
description
of
what
is
allowed.
So
basically,
we're
saying
you'll
allow
the
degrees
of
the
data
if
it
has
a
differential
privacy
of
some
some
Epsilon,
which
is
long
three
and
on
the
right.
You
just
see
the
basically
the
IR
represent
as
a
graph
and
then
like
the
the
annotations
like
use.
The
data
and
not
DPR,
are
actually
the
data
for
properties
that
we're
actually
tracking.
G
So,
basically,
what
we're
tracking
is,
who
who
has
stake
on
the
data,
which
is
the
user
data
and
what
sort
of
properties
in
terms
of
differential
privacy
does
it
have?
So?
Basically,
we
assume
that
there
is
no
differential
privacy
to
start
with
and
as
the
data
goes
to,
the
system
and
various
processing
happens,
the
the
properties
change.
For
example,
if
you
feed
the
the
something
with
without
data
differential
privacy
into
anonymized
function,
it
gets
a
differential
privacy.
G
But
then,
if
you
combine
it
with
something
like
that,
doesn't
have
differential
privacy,
then
the
final
result
is
not
differentially
private.
So
then
we
just
like
in
they
build
the
IR
the
graph
and
then
do
propagation
of
these
properties
and
then
compare
and
then
use
a
policy
to
see.
If,
if
it's
satisfying
all
the
properties
that
we
need
in
this
case,
we
want
to
make
sure
that
the
data
is
differentially
private,
but
that's
not
what
we
inferred
so
we'll
actually
not
allow
this
query
to
run.
Can
you
go
to
the.
H
G
It
is
actually
a
single
single
SSA,
it's
actually
SSA
form,
but
it
doesn't
have
all
the
features
of
llvm
so
llvm
is
like
is
a
much
gentle
system.
So
this
one
it's
inspired
by
llvm
and
something
called
mlir,
but
it's
actually
a
very,
very
simpler
IR
ate
okay,
yeah
and
here's
previously
yeah.
Here's
an
example
where
the
query
passes,
because
the
properties
that
we
inferred
are
satisfy
what
we
wanted.
What
the
policy
says,
I
think
that's
pretty
much.
It
is
the.
B
As
Scott
mentioned.
Our
goal
is
to
have
isolation
through
depth
and
we
want
to
do
this
by
removing
side
channels.
I
think
we've
talked
about
all
of
these
already,
but
in
particular
Dom
access,
Global
variables
and
prototypes.
We
do
this
removable
functions
with
ses.
We
also
have
an
ongoing
research
area
looking
into
side
channels
more,
and
this
is
how
we
achieve
it
again.
B
H
E
F
B
I
So
the
values
that
are
returned
on
the
function-
well,
I
suspect
you
just
serialize
that
using
the
regular
worker
in
interaction,
so
you
don't
do
any
any
massage.
On
top
of
these,
it's
just
like
a
extra
clone
of
the
data
that
they
provide
structured,
clone,
that's
right,
and
so
what
happened?
Even
these
bucket,
you
have
what
are,
and
maybe
maybe
you're,
already
disabling
a
few
things
in
SCS
like
share
right
buffer
or
something
like
that.
F
So
I
mean
there's
intent
and
then
there's
like
specific
so
and
if
shared
array
buffers
allowed
through
structure
clone
and
it's
Shinji,
that's
just
something:
I
missed
and
we'll
just
fix
it.
So
our
intent
is
that
you
can't
pass
anything
but
concrete
non-cyclical
Json
data
to
the
agree.
I've
made
an
error,
then
you
know
we'll
have
to
work
on
that,
but
yeah.
The
intent
is
that
this
is
all
serializable.
Occasionally
I
mean,
depending
on
the
bus
structure.
We
might
realize
it
and
send
it
over
any
bus.
F
F
H
I
F
So
I
mean
honestly
the
reason
we
create
the
worker
is
just
to
isolate
ourselves
from
so
we
can
operate
in
environments.
We
don't
control
at
the
top
level,
but
primarily
well,
I,
guess
at
this
point
we
use
the
worker
also
to
just
have
the
other
thread
so
we're
off
the
UI
thread,
because
most
often
we
work
in
browser
environments,
but
I
mean
for
a
long
time.
We
just
worked
in
the
main
context
and
essentially
a
shadow
Round
We
hardened
the
main
context
and
create
a
compartment
right
there.
F
D
F
But
yeah,
just
on
that
theme,
I
just
want
to
say,
I
mean
get
on
the
weirdness
budget,
because
we
are
aware
that
everything
we
do
that's
like
not.
This
is
not
standard.
This
weirdness
budget,
pure
JavaScript
and
pure
HTML
and
platform
stuff
web
components
shadowed
on
like
we
try
not
to
invent
anything
that
we
can
get
straight
out
of
the
sauce
anyway.
I
D
I
I
H
You
yeah
I,
see
on
see
on
this
slide
with
regard
to
fingerprinting
local,
compare
Locale,
compare
is
already
I
believe
denied
by
default
or
made
or
made
non-locale
specific
by
default
by
set
by
the
session.
Fp
math
functions
are
not.
We
have
not
paid
any
attention
to
that.
What
what
are
the
fingerprinting
worries
with
regard
to
FP
math
functions?
Yeah.
E
This
is
just
something
I
threw
in
there,
because
it's
just
kind
of
interesting
there's
a
there's,
a
library
called
fingerprint.js.
You
can
take
a
look
at
it's
on
GitHub,
I,
think
and
there
are
I
was
looking
for,
like
fingerprint
vectors,
which
are
not
part
of
let's
say
capabilities.
The
browser
is
giving
you
like.
E
You
know
pal
function
and
math.s
sine
and
cosine
return
things,
because
there
there
have
been
subtle
differences
in
those
Library
functions
and
also
because
of
the
jit
compiler
JavaScript
jit,
that's
happening
differences
in
the
way
the
FP
math
would
get
evaluated
and
so
they've
built
actual
fingerprinting
around,
like
you
know,
doing
like
cosine
on
some
angle
and
then
checking
the
result
against
a
known
thing
and
say:
oh
well,
I
know
this
is
Firefox
and
not
chroma.
I
know
this
is
a
certain
version,
but
it's
kind
of
an
interesting.
E
B
H
F
E
H
Yeah,
the
the
that's
one
of
the
reasons
why
I
was
specifically
particularly
sensitive
with
regard
to
seeing
Dom
issues,
which
is
kaha,
did
the
whole
problem.
So
we
had
D'amato
as
the
Dom
taming,
and
that
was
stuck
in
in
html4
days,
because
we
were
just
not
able
to
keep
up
with
dom
Evolution
and
taming.
The
Dom
was
actually
harder
than
taming
JavaScript
and
was
never
as
reliable
as
attaining
JavaScript,
and
we
tried
to
collaborate
at
the
time.
H
Some
of
us,
I,
suspect
Scott,
will
remember
at
the
time
with
the
shadow
realm
efforts
inside
Google
and
the
polymer
efforts
to
try
to
create
to
to
have
them
be
a
security
boundary
that
could
support
the
security
goals
of
kaha.
When
we
spun
out
the
SAS
effort
into
agoric
and
re,
you
know
redid
it
at
a
gorg.
We
just
gave
up
on
the
Dom,
because
the
Couric
didn't
need
to,
but
a
lot
of
agorkorics.
You
know
a
lot
of
our
partners
using
SAS,
of
course,
do
need
to
like
metamask.
I
Yeah,
certainly
there's
this
is
very
interesting.
That's
why
I
wanted
to
have
you
guys
around
presenting
here
getting
getting
us
aware
of
what
you're
doing
asking
more
questions
about?
What
exactly
are
you
doing
and
so
on,
because
from
the
use
cases
standpoint,
that's
important
for
us
to
continue
rathering
more
and
more
because
we
have
all
these
efforts
now
the
module
system
that
we
want
to
allow
more
control
on
the
compartments,
API,
the
shadow
Ram.
Obviously,
almost
there
we
have
implementations
in
all
browser
now,
some
of
them
behind
a
flag.
I
Another
area
that
would
like
to
I
would
like
to
understand
better
and
see
what
so
you
talk
about
a
lot
of
capabilities
that
you
can,
that
you
have
that
you
can
pivot
and
do
a
lot
more
things
that
were
you
present
here.
That's
the
area
that
I
want
to
explore
more
see
what
else
is
possible
with
what
you
have.
A
I
Having
someone
from
having
someone
from
the
team
like
popping
in
from
that
from
time
to
time,
we
do
it
every
week,
but
we
know
some
people
cannot
come
every
week,
but
it's
an
hour
and
sometimes
the
topic
are
relevant.
Sometimes
they
are
not
but
just
being
aware
of,
what's
going
on
directly,
not
just
by
looking
at
the
repos
and
what
people
are
talking
about
out
there
but
being
on
the
front
line
here,
I'm
bringing
use
cases
and
and
racing
questions.
E
Yeah
we'd
be
happy
to
give
cooler.
Demos
like
actually
one
of
the
things
I
would
be
really
interested
in
the
future
is
picking
people's
brains
over
this
immutable
function
stuff
and
to
what
extent
the
SES
or
Shadow
Realms
environments
could
provide
sort
of
like
if
not
out
of
the
box.
You
know
support
for
it.
They
at
least
evaluate
the
way,
we're
doing
it
and
make
sure
we're
not
doing
it
in
in
a
stupid
way.
Yeah.
I
That's
definitely
a
question.
I
I
have
that
question
like
when
you
parse
the
function.
How
do
you
know
that
the
function
can
be
used
and
what
what
are
the
kind
of
issues
that
we
can
observe
there
with
certain
functions
and
the
goal
always
had
to
be
like
again
in
your
case
I
think
the
goal
is
always
the
function
has
to
be
mutable,
but
at
the
same
time
you
want
to
allow
more
and
more
function
to
be
able
to
run
inside
the
system.
I
E
E
F
G
F
H
H
H
The
thing
about
function,
Prototype,
2
string-
is
that
the
language
spec
is
quite
explicit
that
an
engine
might
not
provide
the
source
code,
it
might
decline
to
provide
the
source
code
and,
in
fact,
the
XS
engine
for
reasons
of
memory.
Compactness
on
on
devices
chooses
not
to
provide
source
code,
so
that
technique
will
not
work.