Google Chrome To Boost User Privacy by Improving Cookies Handling Procedure (bleepingcomputer.com) 19
Catalin Cimpanu, writing for BleepingComputer: Google engineers plan to improve user privacy and security by putting a short lifespan on cookies delivered via HTTP connections. Google hopes that the move will force website developers and advertisers to send cookies via HTTPS, which "provides significant confidentiality protections against [pervasive monitoring] attacks."
Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker. Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.
Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker. Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.
They're cutting out the competition (Score:3, Insightful)
You're still using a browser published by an ad company.
Re: (Score:1)
Re: (Score:2)
Just let us have cookie control (Score:1)
Easy way to boost privacy (Score:3, Insightful)
Easy way to boost privacy - Stop using Chrome and google services...
Re: (Score:2)
Re: (Score:2)
Easy way to boost privacy - Stop using Chrome and google services...
Depends on what you mean by privacy. There are people I trust with my data. There are many more that I don't. Just because I use Chrome and Google Services doesn't mean I don't want a secure method of communicating with people, them specifically.
https (Score:2)
Then your router/printer deserves to be hacked (Score:2)
Websites using http to send/set/read session (...) cookies deserve to be hacked.
Does this include of your home router, printer, or NAS box? The login page of home network devices like these probably uses cleartext HTTP because several usability problems with running a private HTTPS server still have not been solved for less-technical users.
In mainstream web browsers, the warning for a cleartext HTTP connection is still not as scary as the warning for an HTTPS certificate from an unknown issuer. And when displaying this warning, mainstream web browsers make no distinction among the same
Cookies are obsolete now. Fingerprinting is in. (Score:3)
https://duckduckgo.com/?q=brow... [duckduckgo.com]
When chrome is able to evade browser fingerprinting, we'll talk.
Is there even a browser out there that does this?
Chrome privacy? (Score:2)
Ohhhhh, google means they are the only one to store, sell and analyse the data.
"privacy" -Gotcha!