Google Chrome 80 Arrives Today With These Major Changes To Cookies
Homer Simpson spoke for all of us when he said, "Mmm...crumbled-up cookie things" in Lisa the Greek (Season 3, Episode 14). I mean really, who does not like cookies? Or cookie things? Be that as it may, cookies in browsers are not always so delectable, and so Google is changing the recipe for developers with the release of Chrome 80.
Chrome 80 will begin rolling out today, and then starting later in the month, Google will be enforcing a new cookie classification system within the latest stable browser build. This will start with a "small population of users" and then gradually increase to include more Chrome users over time (though Google doesn't specify how fast it plans to ramp things up).
So, what exactly is going on? In short, some third-party cookies will begin to crumble. Cookies contains snippets of information that can help websites 'remember' a user who has logged in and other things that make browsing better. They can also be abused, usually for advertising purposes, and aggressively track users across sites.
Google is essentially attempting to walk a fine line between still allowing web developers to benefit from targeted ads, while offering a higher level of privacy and security to users. That's no easy task. Part of Google's solution is to only allow third-party cookies over HTTPS in Chrome. Google has been testing this for several months, and is not ready to slowly roll it out to users
"This will make third-party cookies more secure and give users more precise browser cookie controls. At the same time, we’re developing techniques to detect and mitigate covert tracking and workarounds by launching new anti-fingerprinting measures to discourage these kinds of deceptive and intrusive techniques, and we hope to launch these measures later this year," Google explained a few weeks ago.
Starting with Chrome 80, the browser will zero in on the SameSite attribute. Web developers have three options: SameSite=None, SameSite=Strict, and SameSite=Lax. If using the SameSite=None label, developers will have to add a Secure flag, or else the cookies will be blocked.
There is the potential for this policy to bork some websites, which is probably why Google is going with a gradual roll out. To see if you're one of the early adopters, you can visit this site.