Google plans to add in its browser two new functions – support of cookie-files from same websites and protection from taking digital fingerprints.
Company announced both functions on the annual I/O 2019 conference. In what version of Chrome will arrive additional protection, is not reported.The most significant change will touch cookies-files processing and will base on IETF standard that Chrome and Mozilla specialists were developing for more than three years. IETF describes new attributes for implementation in HTTP headings. “SameSite” heading attribute should be adjusted by the site owner and describe situations when cookie-files can be uploaded.
Attribute “strict” will mean that cookie-files can be downloaded on the same site only, while “lax” and “none” – on other websites. In other words, cookie-files will be divided on “one-sited” and “multi-sited”.
Google hopes that owners will update their websites and will convert outdates cookie-files that are used for sensitive operations (authorization, site settings etc). For outdated cookie-files without “SameSite” headings will be automatically used “none” attribute and Chrome by default will evaluate them as “multi-sited”, so, used for tracing.
“As an added benefit, websites that use same-site cookies are also protected against a series of attacks, such as cross-site request forgery (CSRF) attacks. Using same-site cookies means malicious code loaded on a third-party website can’t pull and read a cookie on another domain — because the “SameSite: strict” attribute in the cookie’s header will block this from happening”, — reported Google representatives.
Google engineers also announced a second major new privacy feature for Chrome today at the I/O 2019 developer conference. The company plans to add support for blocking certain types of “user fingerprinting” techniques that are being abused by online advertisers.
“Because fingerprinting is neither transparent nor under the user’s control, it results in tracking that doesn’t respect user choice”, — argue in Google.
It may be strange that Google is earning on context advertisement and studying of users’ behavior and implements blockers of this advertisement and supports confidentiality. However, this is another way to control market: not to allow side anonymizers decide, what information to block and what is not.
Source: https://www.zdnet.com