Chrome with same-site cookies and anti-fingerprinting protection

Google plans to add support for two new privacy and security features to Chrome. Same-site cookies and anti-fingerprinting protection.

Both features were announced today at the company's I / O 2019 Developers Conference and no release dates have been announced yet. But let's see what the new functions will do

Chrome

Same-site cookies

The biggest change Google plans to make is how it manages cookies.

The new controls will be based on a new IETF standard proposed by Chrome developers and Mozilla for more than three years.

This new IETF specification describes a new feature that can be defined through HTTP headers. It is called “SameSite”, and should be set by the site owner. New θα πρέπει να περιγράφει με ποιον τρόπο μπορούν να φορτωθούν τα cookies μιας s.

For example, a SameSite header that is set to "strict" will mean that the cookie can only be uploaded to the "same site". The definitions "Lax" or "none" (loose or none) will allow cookies to be loaded on other websites.

Simply put. the above attribute will create a dividing line between cookies, which can be cookies of the same site or cross-site cookies.

Google hopes that website owners will update their sites and convert old cookies they use for sensitive features such as login features and site-based management to same-site cookies.

All old cookies that do not have a SameSite header will be automatically set to "none" and Chrome will consider them as cross-site cookies or tracking cookies.

Google has also announced that it plans to add options to of Chrome, so that users can see "how websites use cookies", as well as "simpler controls for same-site cookies".

We do not know if these "simple controls" will allow users to block all cookies in general, but Google promised to release a preview of these features later in 2019.

Firefox has added support for cross-site cookies from April 2018, with the release of Firefox 60. Chrome supports same-site cookies from 2016, but the browser will start to require this feature later this year.

It should be mentioned that websites that use same-site cookies will be protected from a number of attacks, such as cross-site request forgery (CSRF) attacks. Using same-site cookies means that malicious code placed on a third-party site will not be able to pick up and read a cookie from another domain – because the “SameSite: strict” attribute in its header s will prevent him.

Anti-fingerprinting protection

Google's engineers also announced a second feature to protect privacy in Chrome at the 2019 I / O Developer Conference.

According to Google, the company plans to add support to prevent some types of fingerprinting being abused by advertisers on the internet.

Google did not mention many details about the types of fingerprinting that it plans to block. It is worth mentioning that there are many, by scanning locally installed system fonts, abuse of the HTML5 canvas element, measuring the screen size of the user's device, and recognizing installed extensions.

The first browser to block fingerprinting scripts was the Tor browser, which it had to do to hide the identity of its users. This feature was later used by the Firefox browser.

So at this year's I / O, Google announced that Chrome will also use an anti-fingerprinting feature.

Why

Many may wonder why Google - a company whose major revenue comes from advertising and user tracking - wants to add these privacy features, which are expected to have a big impact on its profits.

The answer is simple. The extensions use a "scorched earth" approach to blocking tracking scripts, since they block them all. Google will grant the new security features to Chrome, but it will also try to control the potential decrease in profits from online advertising.

The company already offers a basic ad blocking on Chrome, while avoiding the global blocking of ad blockers.

This is a Google opportunity that allows them to reduce their damage by offering a consistent control over the privacy and ad blocking features through Chrome's settings.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).