Google announced at the I/O developer conference that a new set of privacy controls will be introduced in the new versions of its Chrome web browser.
Google are setting plans to add two new features – SameSite Cookies and Fingerprinting Protection, to provide users with more control over how data is shared, and allowing them to block online tracking.
Using the SameSite cookie attribute, Google will implement modifications which will require developers to explicitly opt in to make their cookies available to others. The SameSite attribute of ‘strict’ will only allow cookies to be loaded on the ‘same site’, a ‘lax’ attribute limits a cookie to same-site requests, whilst ‘none’ which will allow the cookies to be loaded on other sites as well. SameSite will become the default in Chrome.
The update will also limit cross-site cookies to HTTPS connections, and thus making it more difficult for malicious sites to exploit vulnerabilities.
“This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used.”
Google also announced that Chrome would make have more anti-fingerprinting protection.
“Because fingerprinting is neither transparent nor under the user’s control, it results in tracking that doesn’t respect user choice,” added Google. It is for this reason that Chrome plans to “aggressively restrict” fingerprinting across the web.
Google will aim to “detect and intervene against active fingerprinting efforts as they happen.”
Google acknowledged that both cross-site cookies and fingerprinting have other uses and are not just there to track users online. However they are committed to “working with the web ecosystems to understand how Chrome can continue to support these positive use cases and to build a better web.”
No deadline data has been confirmed, however, the extension is said to be going live in the near future.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/