Google has announced that starting in the second half of 2024, it plans to end third-party cookies in Chrome. Have we reached the end of an era?
Cookies are used in the digital landscape, for advertising strategies based on users' web browsing data. In this way, they act as a bank of this information collected in all online sessions, tracking the behavior of users.
These actions put people's privacy at risk and have been criticized for years, which is why it is being blocked by several browsers and Google has decided to adopt this practice.
But what does this mean, and how does the end of cookies represents a breakthrough for the security of our data? Keep reading this text and learn more.
What are cookies?
If you browse the internet, you've probably seen a message stating that the page uses cookies to improve navigation. But do you know what this means and how this practice can put the security of your data at risk?
Cookies are small text files that are stored on our electronic devices such as computers and mobile phones through browsers. They are created to identify people.
The stored files contain specific information about our online activities and are used by the websites for different purposes.
The information collected ranges from login and password, to items left in the shopping cart and each person's preferred language. In addition, a variety of other activities are tracked, which can pose a privacy risk.
In the digital scenario, cookies are used by advertising that can offer personalized campaigns and promotions to people, so it is “easier” to reach the target and make people buy certain things, after all it is in their interest.
This is a practice that has been used since the 1990s, but in recent years it has generated several discussions about its use and the extent to which it can put the security of our data at risk.
In light of this, Google will prevent any website from exchanging data when accessed through Chrome.
In a statement, the company made it clear that:
Google is heading in the same direction as its competitors, as companies like Safari and Apple have already eliminated cookies from their browsers in the name of their users' privacy.
What are its risks?
Now that you have a better understanding of what cookies are and why you decided to eliminate them from your browsers, let's understand a little better what the risks are and why they are harmful to our online privacy.
Spoofing Attack
This attack happens when a browser sends a cookie in response to a request, without even knowing where it came from. This is precisely why the problem begins.
That way, when a website receives a request that can't distinguish whether the action was initiated by the user or not, it looks for the cookie and if it's available, it performs the action as if you had initiated it.
For simplicity's sake, let's take an example, you have connected to an online banking website that uses cookies and while you are logged in to that bank you have visited a website that is not secure.
This malicious website may try to make a request to the bank's website, after all you are logged in and if this website does not have protection it can accept the request and perform the action.
Cookie Drop Attack
These attacks are known as cookie theft, which happens when an attacker manages to intercept user cookies at the moment they are being transmitted over the network.
This action is dangerous because if the cookie contains sensitive information, such as login details or credit card information, the attacker can steal the user's identity and use it to apply scams.
Session pinning
This is a type of attack that exploits the vulnerability in cookies to hijack a user's session.
It works as follows, the criminal sends a specific session cookie, which can come through a phishing link or by injecting the cookie into the browser, so when the victim starts a session this criminal manages to hijack the session.
And with that, he has access to data, bank accounts, and can carry out transactions on behalf of people.
Cookie Overflow
Cookie Overflow exploits the limitations of how browsers handle cookies. Be aware that a browser can only handle a certain amount of cookies per site, so if they try to overload this limit, it can generate a series of problems.
In this way, a criminal may try to overload users' browser with cookie data, this causes it to stop working. This is dangerous, as this way the person cannot access the website in question and can be vulnerable.
A new era?
As you can see, cookies pose a major risk to the security of our data, as their vulnerabilities can be exploited in a variety of ways.
The great risk of cookies is that people often have no idea of the dangers and authorize their use, this opens up security loopholes, which makes people and companies vulnerable.
After all, an attack coming from a place you least expect can pose a big risk to everyone. The end of cookies is undoubtedly a breakthrough in data security.
But know that even so, some of your information will be collected for commercial purposes, after all, advertisements increasingly aim to personalize the customer experience. However, these actions will be done in other ways.
Without the use of cookies, everyone's data will be safer and the collection of information can be done through algorithms capable of understanding the data and knowing what each person wants.
With this, the algorithm understands the preferences of each user and delivers content that is more likely to be viewed or interacted with.
PhishX in data protection
Just as cookies pose a great danger to the security of our data and we are not even aware of it, know that there are numerous risks that can put your online life on alert.
That is why it is essential that people know how to protect themselves from all attacks, cookies will be extinguished, but we must not forget that every day there are thousands of cyberattacks. That's why it's essential that everyone knows how to protect themselves.
PhishX is an ecosystem focused on cybersecurity awareness, we assist companies in the entire process of acculturation and creation of an effective data security policy.
These actions are done through phishing campaigns, training, and simulations that prepare people so that they know how to deal with cyberattacks and are less susceptible to falling for scams.
It is necessary to understand that these vulnerabilities put our online lives at risk and knowing how to deal with them is fundamental for a safer society.
PhishX has a library full of materials that address a range of topics related to cybersecurity, such as QR Code use, data privacy, online payments, among other content.
All training is done in an interactive way through short videos and objective content that can engage people.
