X

Google Chrome cracks down on cookies that track you online

Google follows in other browsers' footsteps to protect privacy.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
3 min read
A Chrome lapel pin

Curtailing cookie powers is a big step toward user privacy, though it may not go as far as other browsers. 

Stephen Shankland/CNET

Safari did it. Firefox did it. Brave did it. Now Google Chrome, too, is trying to curtail privacy problems posed by cookies -- the small text files websites store that can track you online.

"We're changing how cookies work in Chrome, making them more private and secure by default," said Tal Oppenheimer, a Chrome product manager speaking at the Google I/O show for developers Tuesday.

Cookies have been useful for decades for actions like remembering that you're signed into a website or keeping that toothpaste in your e-commerce shopping cart. They also turned out to be useful for letting advertisers and publishers track you online -- including your activity as you traveled around many websites on the web.

Curtailing cookie powers is a big step toward user privacy, though it may not go as far as other browsers. Google believes that draconian cookie blocking has an unintended consequence, though, which is that websites figure out ways to track you that sidestep cookies and that you can't control at all.

Google will require website developers to specify when cookies can be used for this cross-site tracking.

"This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used," said Ben Galbraith, director of Chrome product management, and Justin Schuh, director of Chrome engineering, in a blog post about Chrome's coming cookie policies.

Developers can test the new feature today in the developer version of Chrome, but it'll ship more broadly later this year, Oppenheimer said.

The move is likely to cause trouble with websites and advertisers that rely on such cookies, for example to monitor your behavior to place better targeted, more profitable ads. Google is one such website, of course, and it's a giant of online advertising.

Google is aware of the effects it'll have, though. "We're committed to preserving the overall health of the web ecosystem," Oppenheimer said.

Chrome to curtail browser fingerprinting, too

A change to Chrome's cookie handling had been expected, but it's not clear yet how it'll affect the web overall. The company's approach, later and less aggressive compared to other browsers, has the potential to be more significant since Chrome today accounts for about 63% of web usage, according to analytics firm StatCounter.

Cookie bans can backfire, Schuh and Galbraith said.

"Blunt approaches to cookie blocking have been tried, and in response we have seen some user-tracking efforts move underground, employing harder-to-detect methods that subvert cookie controls," they said.

Tal Oppenheimer, a Chrome product manager, described Chrome privacy changes at the Google I/O show.

Tal Oppenheimer, a Chrome product manager, described Chrome privacy changes at the Google I/O show.

Screenshot by Stephen Shankland/CNET

That's why Google also is trying to to crack down on browser fingerprinting, in which websites run scripts to gauge a browser's configuration and abilities with enough tests that people can in effect be identified and tracked. Anti-fingerprinting technology also is already in use in other browsers.

"Chrome plans to more aggressively restrict fingerprinting across the web," Galbraith and Schuh said. "One way in which we'll be doing this is reducing the ways in which browsers can be passively fingerprinted, so that we can detect and intervene against active fingerprinting efforts as they happen."

Watch this: Incognito mode comes to Google Maps

Originally published May 7, 1:54 p.m. PT.
Update, 2:07 p.m. PT: Adds more details.