Google has said it would be bringing in new additions to its Chrome browser to enhance users’ privacy.
The initiatives involves making cookies more private, & also adding new anti-fingerprinting technology to its browser.
Here’s the company announcement from Chromium blog:
Cookies and privacy
Cookies play an important part of the web experience today — they are used to keep you logged into email, save shipping addresses on a retail site, and remember your preferences on the websites you’ve visited. And they can also be used to track your browsing activity across the web to serve personalized content and ads.
Unfortunately, to browsers, all of these different types of cookies look the same, which makes it difficult to tell how each cookie is being used — limiting the usefulness of cookie controls. For instance, when you clear all of your cookies, you’re logged out of all sites and your online preferences are reset. Because of this, blunt solutions that block all cookies can significantly degrade the simple web experience that you know today, while heuristic-based approaches—where the browser guesses at a cookie’s purpose—make the web unpredictable for developers.
Improving cookie controls in Chrome
We announced at I/O that we will be updating Chrome to provide users with more transparency about how sites are using cookies, as well as simpler controls for cross-site cookies. We will preview these new features later this year.
We are making a number of upcoming changes to Chrome to enable these features, starting with modifying how cookies work so that developers need to explicitly specify which cookies are allowed to work across websites — and could be used to track users. The mechanism we use builds on the web’s SameSite cookie attribute, and you can find the technical details on web.dev.
In the coming months, Chrome will require developers to use this mechanism to access their cookies across sites. This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used.
This change also has a significant security benefit for users, protecting cookies from cross-site injection and data disclosure attacks like Spectre and CSRF by default. We also announced our plan to eventually limit cross-site cookies to HTTPS connections, providing additional important privacy protections for our users.
Developers can start to test their sites and see how these changes will affect behavior in the latest developer build of Chrome.
Protections against fingerprinting
Making changes to how the browser treats cookies requires us to consider the broader web ecosystem. Blunt approaches to cookie blocking have been tried, and in response we have seen some user-tracking efforts move underground, employing harder-to-detect methods that subvert cookie controls. These methods, known as ‘fingerprinting,’ rely on various techniques to examine what makes a given user’s browser unique.
Because fingerprinting is neither transparent nor under the user’s control, it results in tracking that doesn’t respect user choice. This is why Chrome plans to more aggressively restrict fingerprinting across the web. One way in which we’ll be doing this is reducing the ways in which browsers can be passively fingerprinted, so that we can detect and intervene against active fingerprinting efforts as they happen.
Content Credit: Chrome
