Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Google Chrome to Boost User Privacy by Improving Cookies Handling Procedure
#1
Quote:Google engineers plan to improve user privacy and security by putting a short lifespan on cookies delivered via HTTP connections.

Google hopes that the move will force website developers and advertisers to send cookies via HTTPS, which "provides significant confidentiality protections against [pervasive monitoring] attacks."

Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker.

Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.

HTTP cookie lifespan capping scheduled for Chrome 70
Chrome engineers wish to limit HTTP cookie lifetime at an initial maximum value of one year, which they later plan to slowly shrink to a few days.

The capping of HTTP cookies is currently scheduled for Chrome 70, slated to be released in late October 2018.

Telemetry data gathered by the Chrome team suggests that a large number of HTTP-transmitted cookies have a lifespan bigger than a year.

HTTP cookie lifespan capping won't visibly affect websites
Google engineer Mike West doesn't believe websites and web apps will break when Chrome starts forcing HTTP cookies to expire earlier and earlier.

"Cookies are somewhat fragile, and can be evicted at any time for reasons outside developers' control, so there is unlikely to be a high compatibility cost," West says. "Users are not likely to see breakage."

"On the other hand, services that use long-lived non-secure cookies are likely to be unhappy, which is good. There are distinct risks to sending cookies over non-secure channels, especially when done at scale as part of an advertising network," West adds.

This move won't stop user tracking on the Internet but will make it more secure and prevent unauthorized third-parties from accessing this data by actively or passively observing cookies flow through a network's traffic.

Mozilla experimented with deprecating HTTP cookies by adding a special "network.cookie.lifetime.httpSessionOnly" flag in Firefox 49, but the flag never made it into the Firefox stable release.

SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Chrome will summarize entire articles for you with built-in generative AI Imran 0 1,500 08-17-2023 , 03:29 AM
Last Post: Imran
  Google Chrome will stop working properly on millions of Windows PCs next week Imran 1 1,598 01-06-2023 , 05:46 PM
Last Post: Imran
  Update Google Announces a New Version of Google Chrome tarekma7 0 1,220 12-24-2022 , 04:24 PM
Last Post: tarekma7
  Update Google Chrome Mohammad.Poorya 40 20,095 10-19-2022 , 08:37 PM
Last Post: Martirosyan
  Google is now testing passkey support for Chrome and Android Imran 0 1,154 10-19-2022 , 11:45 AM
Last Post: Imran



Users browsing this thread: 3 Guest(s)