sb-au logo
Story image

Google Chrome postpones changing cookie policy in wake of COVID-19

Google Chrome has announced it is delaying a privacy update which was aimed at altering its cookie policy in the wake of COVID-19.

Google says it began enforcing secure-by-default handling of third-party cookies with its release of the Chrome 80 update in February this year in its ongoing effort to improve privacy and security across the web.

However, the work has been postponed due to the unprecedented pandemic the world is now facing. 

“We’ve been gradually rolling out this change since February and have been closely monitoring ecosystem impact, including reaching out to individual websites to ensure their cookies are labeled correctly,” says Google Chrome director of engineering Justin Schuh.

The new cookie policy, called SameSite Cookie, aimed to enforce secure-by-default handling of third-party cookies, effectively blocking third-party tracking on Chrome.

Third-party tracking has become an increasingly mainstream issue and talking point within wider conversations about internet security, with user backlash sparking efforts by many other browsers to block this type of tracking by default.

Both Safari and Firefox block third-party cookies by default, using Apple’s Intelligent Tracking Prevention (ITP) and Firefox’s Enhanced Tracking Protection (ETP), respectively. 

Google says its motivation to postpone the security update revolved around websites who may not have been prepared for the changes that banning third-party cookies would have brought. 

“While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time.” 

Google says the rollback of secure-by-default handling of third-party cookies would ensure organisations, users and sites ‘see no disruption’. 

Google also says that it will provide regular updates as to when the rollout would resume, with the company aiming for the summer (northern hemisphere).

This timeframe may change, however, due to the rapid and unpredictable proliferation of COVID-19’s spread, especially now in the United States.

ESET cybersecurity specialist Jake Moore says while the halt on the key privacy update on one of Google’s most popular products isn't ideal, it may be beneficial for some websites.

“This extraordinary pandemic has made the industry realise that the gold standard in security is difficult to adhere to in the current situation, and things have inevitably had to change,” says Moore.

“The argument will have been on the balance of which is more important: the functionality of the browser or its security – and, sadly, functionality won.

“As it happens, this delay may give more websites the time they require to better prepare for the changes.”

Link image
Driving cloud cost efficiency with performance monitoring
Cloud infrastructure sprawl sneaks up on organisations through a series of individual decisions that in aggregate become inefficient. Thomas Dittmer shares how performance monitoring helped TravelSupermarket reduce cloud costs by 50%More
Story image
Video: 10 Minute IT Jams – Who is Claroty?
Its focus is on simplifying OT availability, reliability, and safety for a more secure working environment – without requiring downtime or dedicated teams.More
Link image
Remote workforces can be a security hazard - but they don't have to be
Many companies have adjusted to a new reality: a workforce working from home. These workers need access to applications and files that sit inside the enterprise network, all while prioritising security. Here's how it can be done.More
Link image
In the world of IT strategies, data resilience is among the most critical
The value of data in 2020 cannot be overstated, with some businesses facing catastrophe if subject to a breach. Here's why having a robust strategy to prevent this is crucial.More
Story image
CrowdStrike announces two executive hires, with aim to expand in A/NZ
The endpoint protection company says both executives will be responsible for boosting customer experience (CX) while delivering success mutually with CrowdStrike’s partner team as part of their new roles.More
Story image
42% more plaintext HTTP servers than HTTPS counterparts - report
Rapid7 has released a report detailing the changing internet risk landscapes of 2020, and other issues facing cybersecurity teams.More