Google Chrome is one of the most popular web browsers of all platforms. It’s fast, powerful and secured, so it earned quite a good reputation in the market. In the future, Chrome is implementing a new measure to secure the privacy of users more.
In the future, Google is thinking of implementing faster HTTP cookie expiration to force web admins to switch to HTTPS cookies. HTTP cookies are really dangerous as anyone can intercept the cookies really easily and change it in the middle. It’s even more dangerous when distributed via advertising networks.
However, the usage of HTTP cookies are quite high, so there’s no chance of banning them. Instead, a forced shorter lifespan will force site admins to switch to HTTPS. Not to mention the benefits of HTTPS cookies – they provide significant protection against lots of attacks.
Cookie lifespan capping for Chrome 70
The capping of HTTP cookie lifespan is not coming faster, though. It’s scheduled to reach users with Chrome 70. That’s nearly late October.
The lifespan capping is going to be even tighter gradually, according to Google. The initial cap will limit it within 1 year and ultimately it will go down to several days. That’s a great impact on the web admins. Data collected from Chrome’s Telemetry shows that most of the HTTP cookies currently have a longer lifespan (more than a year).
The lifespan capping won’t be a big bang
Google’s engineer Mike West doesn’t believe that the lifespan capping is going to be a huge deal to break down websites or web apps when Chrome continues shrinking the cookie lifespan.
However, we all know that site admins that depend on long-lived non-HTTPS cookies are going to be unhappy and that’s a great news. This way, they’ll gradually switch towards HTTPS cookie system.
This enforcement won’t completely disable web admins’ client tracking. But with a better security, there will be less chance for unauthorized parties from accessing the data (active/passive cookie flow observation).
For improving the security of the internet, Mozilla is gradually implementing TLS 1.3 to Firefox users. Learn more about TLS 1.3 on Firefox.