Google plans to add support for two new privacy and security features to Chrome. Same-site cookies and anti-fingerprinting.
Both features were announced today at the company's I / O 2019 Developers Conference and no release dates have been announced yet. But let's see what the new functions will do
Same-site cookies
The biggest change Google plans to make is how it manages cookies.
The new controls will be based on a new IETF standard proposed by Chrome developers and Mozilla for more than three years.
This new IETF specification describes a new feature that can be defined through HTTP headers. It is called “SameSite”, and should be set by the site owner. New header it should describe how a site's cookies can be loaded.
For example, a SameSite header that is set to "strict" will mean that the cookie can only be uploaded to the "same site". The definitions "Lax" or "none" (loose or none) will allow cookies to be loaded on other websites.
Simply put. the above attribute will create a dividing line between cookies, which can be cookies of the same site or cross-site cookies.
Google hopes that website owners will update their websites and convert old cookies they use for sensitive functions such as login functions and management settings per site, in same-site cookies.
All old cookies that do not have a SameSite header will be automatically set to "none" and Chrome will consider them as cross-site cookies or tracking cookies.
Google also announced plans to add options to Chrome settings to allow users to see "how websites use cookies" and "simpler controls for same-site cookies".
We don't know if these "simpler controls" will allow users to block all cookies in general, but Google has promised to release a preview of these functions later in 2019.
Firefox has added support for cross-site cookies from April 2018, with the release of Firefox 60. Chrome supports same-site cookies from 2016, but the browser will start to require this feature later this year.
Please note that websites using same-site cookies will be protected by a series attacks, such as cross-site request forgery (CSRF) attacks. Using same-site cookies means that malicious code placed on a third-party site will not be able to pick up and read a cookie from another domain – because the “SameSite: strict” attribute in the page header will prevents.
Anti-fingerprinting protection
Google's engineers also announced a second feature to protect privacy in Chrome at the 2019 I / O Developer Conference.
According to Google, the company plans to add support to prevent some types of fingerprinting being abused by advertisers on the internet.
Google did not mention many details about the types of fingerprinting that it plans to block. It is worth mentioning that there are many, by scanning locally installed system fonts, abuse of the HTML5 canvas element, measuring the screen size of the user's device, and recognizing installed extensions.
The first browser to block fingerprinting scripts was the Tor browser, which it had to do to hide the identity of its users. This feature was later used by the Firefox browser.
So at this year's I / O, Google announced that Chrome will also use an anti-fingerprinting feature.
Why
Many may wonder why Google - a company whose major revenue comes from advertising and user tracking - wants to add these privacy features, which are expected to have a big impact on its profits.
The answer is simple. Ad blockers extensions use a "scorched earth" approach to block tracking scripts, as they block them all. Google will give the new security features to Chrome, but will also try to control the possible reduction of profits from online advertising.
The company already offers a basic ad blocking on Chrome, while avoiding the global blocking of ad blockers.
This is a Google opportunity that allows them to reduce their damage by offering a consistent control over the privacy and ad blocking features through Chrome's settings.
