
17 Jan SameSite Cookies – Google Forces the Disclaimer
We were wondering if we would ever be forced to have a cookie disclaimer in South Africa. Looks like the day has come, thanks to Google.
Google recently announced that Chrome has updated its features and improved cookie controls; making the communication between browser and site more secure. However, in this case, they are forcing our hand. If action isn’t taken, say goodbye to your audience’s data.
“It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used,” said a Chrome spokesman.
What is a (first-party) cookie?
By default, first-party cookies are approved in every Web browser in South Africa. If you disable these cookies, a website can not keep track of your activity as you go from page to page. This means, for example, when shopping online, each time you add an item to your basket, from another page within the same website, the website will read it as a new order.
SameSite Cookies Explained
Every website domain has associated cookies that match it.
For example, when one visits Pirate Bay, multiple other (malicious) websites pop up in the windows tab. These websites are not authenticated and have a different URL.
SameSite prevents the browser from sending the cookie to this unauthenticated, and sometimes malicious, site.
Examples of malicious unauthenticated sites
What is CSRF?
CSRF (Cross-site Request forgery) occurs when a browser sends a cookie to an unauthenticated website automatically – exposing the data associated with the cookie. For example: If you are logged into your online banking, and at the same time logged into Facebook, in another tab, but in the same browser. A hacker is able to embed malicious code. If you accidentally click on this embedded link, the hacker is able to perform a transfer from your bank account, in the background, even though you entered from the Facebook tab.
Preventing CSRF
By using the SameSite cookie attribute, developers have more control over browsers and can authorize whether cookies are sent to a third party website.
Why so much privacy?
Security. If a hacker redirects you to a malicious website, the cookie associated with it will still be sent – compromising your data, and making your browser, and all the information associated with it, vulnerable.
Why HTTPS?
HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of HTTP that is used to protect your data sent between your browser and the site. HTTPS is what makes online banking and online shopping possible.
So what do I need to do?
Simply put, if you don’t do anything about it, “stuff will break.”
Cookies without the proper labeling won’t work within the Chrome browser – losing 64% of the browser market. No Cookies means no website visitor’s information. There goes your data and the vital information about your audience.
Give us a call and we will make sure the cookie doesn’t crumble.