Google Chrome To Boost User Privacy by Improving Cookies Handling Procedure

Catalin Cimpanu, writing for BleepingComputer: Google engineers plan to improve user privacy and security by putting a short lifespan on cookies delivered via HTTP connections. Google hopes that the move will force website developers and advertisers to send cookies via HTTPS, which "provides significant confidentiality protections against [pervasive monitoring] attacks."

Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker. Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.

They're cutting out the competition

[Anonymous Coward]

You're still using a browser published by an ad company.

Re:

[thebryce]

mod parent up!

Re:

[AHuxley]

The ads are now direct and more encrypted :)

Re:

[the_B0fh]

Someone just built one for FaceBook, on FireFox.

Software freedom boosts privacy

[jbn-o]

Actually the browser's author or what that author does is both inaccurate (Google is not just about advertising) and irrelevant. If Google Chrome were published as free software—software that respected a user's freedom to run, inspect, modify, and share published software—users could inspect the source code, change what they didn't like, run the variant they prefer, and share their improved version. Users don't have these freedoms with Google Chrome, Chrome is proprietary (nonfree, user-subjugat

Just let us have cookie control

[Anonymous Coward]

Let us manage cookies without making us have extensions and let us choose which sites are allowed to have cookies. All web browsers have been crippling their cookie management recently.

Easy way to boost privacy

[Moldiver]

Easy way to boost privacy - Stop using Chrome and google services...

Re:

[hcs_$reboot]

and for starters, replace DNS servers 8.8.8.8 and 8.8.4.4 with 1.1.1.1 / 1.0.0.1 ...

Re:

[thegarbz]

Easy way to boost privacy - Stop using Chrome and google services...

Depends on what you mean by privacy. There are people I trust with my data. There are many more that I don't. Just because I use Chrome and Google Services doesn't mean I don't want a secure method of communicating with people, them specifically.

https

[hcs_$reboot]

Google has been pushing https a lot already, for a few years, and cookies exchanged over an https site are secure. Websites using http to send/set/read session (...) cookies deserve to be hacked.

Then your router/printer deserves to be hacked

[tepples]

Websites using http to send/set/read session (...) cookies deserve to be hacked.

Does this include of your home router, printer, or NAS box? The login page of home network devices like these probably uses cleartext HTTP because several usability problems with running a private HTTPS server still have not been solved for less-technical users.

In mainstream web browsers, the warning for a cleartext HTTP connection is still not as scary as the warning for an HTTPS certificate from an unknown issuer. And when displaying this warning, mainstream web browsers make no distinction among the same

Cookies are obsolete now. Fingerprinting is in.

[denis-The-menace]

https://duckduckgo.com/?q=brow... [duckduckgo.com]

When chrome is able to evade browser fingerprinting, we'll talk.

Is there even a browser out there that does this?

Re:

[phantomfive]

Is there any company that actually uses browser fingerprinting? I haven't seen it used anywhere (but obv that doesn't mean it's unused). Other methods are still too practical, and easier to work with.

Re: Cookies are obsolete now. Fingerprinting is in

[phantomfive]

That's a nice, pithy statement, but it's not really accurate. For example, it's possible to throw bricks through my living room window but so far that hasn't been used against me.

Re:

[EndlessNameless]

For example, it's possible to throw bricks through my living room window but so far that hasn't been used against me.

That's a nice, pithy example, but it's not really relevant. There is no benefit to throwing bricks through your living room window, but there are well-established means of monetizing user data.

This is especially true since fingerprinting can offer data that cookies don't. For example, fingerprinting may expose a user who has cleared his cookies, switched browsers to segregate his activity, or used Incognito Mode. Fingerprinting can link an unknown/new user to a preexisting cookie or advertising profile in s

Chrome privacy?

[GeekWithAKnife]

Ohhhhh, google means they are the only one to store, sell and analyse the data.

"privacy" -Gotcha!

Even easier method

[smooth wombat]

Delete your cookies every night. Clear everything so you start fresh in the morning.

Make web sites and advertisers work to figure out who you are.