Google Chrome To Boost User Privacy by Improving Cookies Handling Procedure (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Google Chrome To Boost User Privacy by Improving Cookies Handling Procedure (bleepingcomputer.com)

Posted by msmash on Friday April 13, 2018 @02:43AM from the better-than-nothing dept.

Catalin Cimpanu, writing for BleepingComputer: Google engineers plan to improve user privacy and security by putting a short lifespan on cookies delivered via HTTP connections. Google hopes that the move will force website developers and advertisers to send cookies via HTTPS, which "provides significant confidentiality protections against [pervasive monitoring] attacks."

Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker. Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.

6 of 37 comments (clear)

Min score:

Reason:

Sort:

They're cutting out the competition by Anonymous Coward · 2018-04-13 02:54 · Score: 5, Insightful

You're still using a browser published by an ad company.
1. Re:They're cutting out the competition by AHuxley · 2018-04-13 03:28 · Score: 2
  
  The ads are now direct and more encrypted :)
  
  --
  Domestic spying is now "Benign Information Gathering"
Just let us have cookie control by Anonymous Coward · 2018-04-13 02:55 · Score: 4, Insightful

Let us manage cookies without making us have extensions and let us choose which sites are allowed to have cookies. All web browsers have been crippling their cookie management recently.
Easy way to boost privacy by Moldiver · 2018-04-13 02:57 · Score: 4, Insightful

Easy way to boost privacy - Stop using Chrome and google services...
Cookies are obsolete now. Fingerprinting is in. by denis-The-menace · 2018-04-13 03:22 · Score: 2

https://duckduckgo.com/?q=brow...
When chrome is able to evade browser fingerprinting, we'll talk.
Is there even a browser out there that does this?

--
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Re: Cookies are obsolete now. Fingerprinting is in by EndlessNameless · 2018-04-13 06:55 · Score: 2

For example, it's possible to throw bricks through my living room window but so far that hasn't been used against me.
That's a nice, pithy example, but it's not really relevant. There is no benefit to throwing bricks through your living room window, but there are well-established means of monetizing user data.
This is especially true since fingerprinting can offer data that cookies don't. For example, fingerprinting may expose a user who has cleared his cookies, switched browsers to segregate his activity, or used Incognito Mode. Fingerprinting can link an unknown/new user to a preexisting cookie or advertising profile in some cases. It circumvents existing privacy measures and exposes information that was never available before.
It is both bad and difficult to stop. Most fingerprinting metrics are exposed by the browser because they were useful to web developers for legitimate reasons. Almost any attempt to stop fingerprinting will break something else. Legal prohibitions are probably necessary, and even that won't stop some people.

--

---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.