Google is van plan om toe te voegen in zijn browser twee nieuwe functies – ondersteuning van de cookie-bestanden van dezelfde websites en bescherming van het nemen van digitale vingerafdrukken.Company announced both functions on the annual I/O 2019 conferentie. In welke versie van Chrome zal extra bescherming aankomen, wordt niet gemeld.
The most significant change will touch cookies-files processing and will base on IETF standard that Chrome and Mozilla specialists were developing for more than three years. IETF describes new attributes for implementation in HTTP headings. “SameSite” heading attribute should be adjusted by the site owner and describe situations when cookie-files can be uploaded.
Attribute “strict” will mean that cookie-files can be downloaded on the same site only, while “lax”En“none” – on other websites. Met andere woorden, cookie-files will be divided on “one-sited”En“multi-sited”.
Google hopes that owners will update their websites and will convert outdates cookie-files that are used for sensitive operations (authorization, site settings etc). For outdated cookie-files without “SameSite” headings will be automatically used “none” attribute and Chrome by default will evaluate them as “multi-sited”, Zo, used for tracing.
“Als een extra voordeel, websites that use same-site cookies are also protected against a series of attacks, such as cross-site request forgery (CSRF) attacks. Using same-site cookies means malicious code loaded on a third-party website can’t pull and read a cookie on another domain — because the “SameSite: strict” attribute in the cookie’s header will block this from happening”, — reported Google representatives.
Google engineers also announced a second major new privacy feature for Chrome today at the I/O 2019 developer conference. The company plans to add support for blocking certain types of “user fingerprinting” techniques that are being abused by online advertisers.
“Because fingerprinting is neither transparent nor under the user’s control, it results in tracking that doesn’t respect user choice”, — argue in Google.
It may be strange that Google is earning on context advertisement and studying of users’ behavior and implements blockers of this advertisement and supports confidentiality. Echter, this is another way to control market: not to allow side anonymizers decide, what information to block and what is not.