latest
Google is downplaying a glaring API vulnerability in Chrome
Malware can exploit the vulnerability and steal authentication cookies
Chrome is the preferred browser of many, and with an abundance of add-ons and customizable features available on desktop, it’s hard to deny its many benefits. That being said, bad actors are all too aware of how many people rely on Chrome for everyday web browsing — and this makes it an unfortunate target. Now, it seems that a fully functional API is being exploited by malware, and little is being done about it.
What is a cookie on the web?
What are web cookies? You may know these bits of data can track you, but here's the full story
Web browser cookies taught a world of internet users that too many cookies could be a bad thing. Today, we're accustomed to seeing all sorts of popups telling us the website uses cookies and asking us what kind of cookies we want to allow on computers and mobile Android devices. Those policy popups and associated privacy concerns often give cookies a bad name but don't give these little bits of inserted data too bad a name. They can also save you time and make your favorite sites easier to use without interfering with your personal data. Let's look at the duality of cookies and how they work.
Google's scheme to kill cookies needs a little more time in the oven
Privacy Sandbox's "phasing out" of third-party cookies has been delayed until the second half of 2024
It's not clear if this is a good sign or a bad sign for Google, but today the company announced that it is delaying its plans (again) to kill cookies as part of the upcoming Privacy Sandbox changes. Under the newly revised schedule, an extension of the testing period will see Google phase out support for third-party cookies in Chrome starting in the second half of 2024.
Don't give away your email address on the internet willy-nilly, especially if you live in the US
Latest research finds lots of previously unidentified trackers that even pick up on passwords
If you participate in society to any extent, you've got data out there and it's more than what you think you've put out there. On the web, it's no different and no settings toggle will help you bring it all back. Some sites like to haunt users who initiate but don't finish signing up for a membership by catching the email address they put in —maybe even the password, too — and then send them reminders or other spammier messages. They suck, but they're a fact of life and, according to a new whitepaper, moreso in the U.S. than Europe.
DuckDuckGo rallies users against Google's latest replacement for cookies
The privacy advocate urges Chrome users to block the Topics and FLEDGE APIs
The way big businesses make money on the internet, by and large, is to track your activity across the web with cookies and sell ads against that information. Google has been looking for something better than cookies to enable that tracking — the company hasn't found it yet. Privacy advocates, though, would really like to see the search giant just give up. Short of that, competitor DuckDuckGo looks to empower users with its updated tracker blocker.
Google's new cookie banner will finally let you 'reject all' in the EU
It will offer more granular choices for Search and YouTube
European lawmakers have been working to make it easier to stay in control of your personal data on the internet, and keep track of what info sites are getting from you. The landmark General Data Protection Regulation (or GDPR) has had a pronounced impact on how we use the internet and helped increase public awareness of how sites handle our data — even if you don't live in Europe. In order to better comply with updated regulatory guidance, and in an effort to give users more control, Google is changing how it handles cookies in Europe across its services.
Google has announced it won't be replacing cookies with FLoC, the web browser tracking protocol it created to help deliver users personalized ad content — and had been maligned by privacy advocates — after all. Instead, the company will attempt to fulfill the same mission without as much intrusion with a new API dubbed Topics.
Google gives its cookie replacement FLoC a more precise timeline
The current plan is to transition Chrome users by the end of 2023
Last month Google revised its target timeframe for FLoC, the new privacy-focused replacement technology for advertising and other tracking cookies, into 2023. Now the company has a more precise timeline of events for its multi-staged plan to implement the Federated Learning of Cohorts tool for Chrome, which is now in the early stages of testing.
Google says it's hanging on to cookies for a while longer
FLoC is now scheduled to replace tracking cookies by late 2023. Maybe.
It turns out that reinventing one of the cornerstones of the modern web is, um, hard. Google initially promised that it would stop using cookies to track users for advertising purposes in Chrome by early 2022 as part of the Privacy Sandbox initiative. So yeah, that's not happening: Google is now updating its target to "late 2023."
Google's latest Android ad tracking changes still aren't enough
An updated policy document panders to Apple's "Do not track" functionality, but doesn't go nearly far enough
It's no secret that Google is the world's largest advertising company. It's also clear which way the wind is blowing on ad trackers and cookies (even Google concedes the latter), and Apple has jumped out ahead of most other tech companies in proactively asking users of iOS products if they wish to disable personalized tracking entirely. As part of iOS 14, the company introduced a simple prompt for any app which wishes to track your activity for the purpose of advertising. And, unsurprisingly, the overwhelming majority people have taken Apple up on the opportunity, with over 95% of iOS users allegedly blocking ad tracking when asked by an app for permission.
Google FLoC toggle is now appearing in early versions of Chrome — here's how to find it
The FLoC system is now being tested on users in the US and other countries
Read update
Google's Federated Learning of Cohorts (FLoC) is a part of its Privacy Sandbox, a new suite of tools aiming to replace and improve upon the conventional third-party cookie tracking that enables modern advertising on the web. The company has been working on it for more than a year, and this week it's set to start using the system on a small portion of Chrome users in the United States and other countries.
Google is facing even more flack for FLoC from the EU
Regulators are unsure what to make of Google's proposed third-party cookie replacement
Google knows that third-party cookies tracking users around the web are on the way out, as even the company itself is planning on phasing out support for them in its own Chrome browser. But the online ad business is only as lucrative as it is due to extensive tracking practices, so Google is looking for an alternative to cookies. Enter FLoC, or Federated Learning of Cohorts. The technology is supposed to make tracking less privacy-invasive by assigning people to random groups with similar interests, instead of following every individual around. But many other companies think that FLoC will still be pretty invasive, and now, even some European regulators are chiming in, voicing their concerns.
Google doubles down on its commitment to get rid of targeted tracking in Chrome
The company pinkie swears it won't use alternate methods of targeting users once third-party cookies are gone
Google's Privacy Sandbox is a program that aims to phase out third-party cookies in Chrome entirely over the next year, making the web a more secure and private place without completely destroying the way that targeted advertising works. And, you know, wrecking the business model for most of the web's free content, including the words you're reading now.
Firefox now supports multiple PiP windows and improved cookie protection
Each website will now have its own cookie jar
Mozilla's Firefox is among the most popular desktop browsers out there and it offers good privacy protection — its last update cracked down on supercookies. In a bid to further improve in this area, Firefox 86 is introducing a new measure called Total Cookie Protection (TCP) which will be available for both desktop and Android clients.
Chrome 86 was a fairly massive update, with support for the Native File System API, various interface improvements, and new experiments to try out. Almost exactly one month later, Chrome 87 is starting to roll out to desktop and mobile platforms. There are more than a few exciting changes in store, so let's dive in!
Chrome exempts Google sites from user data settings — but supposedly it's just a bug
Sites like YouTube and Google Search appear to be storing data in Chrome that should have been deleted
Earlier this month, software developer Jeff Johnson wrote about a strange issue he'd discovered that allowed Chrome to keep certain data stored from Google sites like YouTube and Search even after it was supposed to be deleted. This isn't a good look from Google, especially in light of recent events — but the company has responded with an explanation.
Mozilla rolled out the new Firefox for Android to everyone two months ago, and while it was missing many features compared to the older version at first, the app is slowly improving. Firefox 82 has just reached Release Candidate status (meaning it's close to release), and the update includes an easier way to get your closed tabs back.
Chrome dials back cookie privacy changes to keep sites accessible during coronavirus outbreak
Now is probably not the best time to break websites
Read update
The coronavirus outbreak, and the resulting changes to many peoples' schedules, has led to everything from movies to retail sales being delayed. Chrome's release schedule has already been disrupted, but now Google is rolling back a recent change to how the browser handles cookies, so all websites will continue to function as they do now.
Read update
- According to the latest information published this week on the Chromium blog, Google expects to meet the needs of web users (readers, advertisers, and content creators), as well as phase out third-party cookie support in just two years. In the interim, Google plans to limit unsecure cross-site tracking starting in February, followed by new anti-fingerprinting measures that will launch later this year.
There's a very delicate balance when it comes to targeted advertising and violating user privacy — some folks even think it isn't possible to have both at all — but Google would like to establish a new set of standards for browsers that can allow the former without too much concern about the latter. The company is calling this initiative "Privacy Sandbox," and the company hopes it might help prevent privacy-violating workarounds like so-called "fingerprinting."
It's open season on email hackers, tracking cookies and Facebook shadow profiling as our favorite open-source software makers at Mozilla have released a series of updates for its Firefox web browser, Firefox Monitor service, and its Facebook Container, as well as rounding out a series of mobile password managers with a new extension called Firefox Lockwise.