sb-nz logo
Story image

Google Chrome postpones changing cookie policy in wake of COVID-19

Google Chrome has announced it is delaying a privacy update which was aimed at altering its cookie policy in the wake of COVID-19.

Google says it began enforcing secure-by-default handling of third-party cookies with its release of the Chrome 80 update in February this year in its ongoing effort to improve privacy and security across the web.

However, the work has been postponed due to the unprecedented pandemic the world is now facing. 

“We’ve been gradually rolling out this change since February and have been closely monitoring ecosystem impact, including reaching out to individual websites to ensure their cookies are labeled correctly,” says Google Chrome director of engineering Justin Schuh.

The new cookie policy, called SameSite Cookie, aimed to enforce secure-by-default handling of third-party cookies, effectively blocking third-party tracking on Chrome.

Third-party tracking has become an increasingly mainstream issue and talking point within wider conversations about internet security, with user backlash sparking efforts by many other browsers to block this type of tracking by default.

Both Safari and Firefox block third-party cookies by default, using Apple’s Intelligent Tracking Prevention (ITP) and Firefox’s Enhanced Tracking Protection (ETP), respectively. 

Google says its motivation to postpone the security update revolved around websites who may not have been prepared for the changes that banning third-party cookies would have brought. 

“While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time.” 

Google says the rollback of secure-by-default handling of third-party cookies would ensure organisations, users and sites ‘see no disruption’. 

Google also says that it will provide regular updates as to when the rollout would resume, with the company aiming for the summer (northern hemisphere).

This timeframe may change, however, due to the rapid and unpredictable proliferation of COVID-19’s spread, especially now in the United States.

ESET cybersecurity specialist Jake Moore says while the halt on the key privacy update on one of Google’s most popular products isn't ideal, it may be beneficial for some websites.

“This extraordinary pandemic has made the industry realise that the gold standard in security is difficult to adhere to in the current situation, and things have inevitably had to change,” says Moore.

“The argument will have been on the balance of which is more important: the functionality of the browser or its security – and, sadly, functionality won.

“As it happens, this delay may give more websites the time they require to better prepare for the changes.”

Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More