Total Cookie Protection in Chrome-based browsers

Discussion in 'privacy general' started by Sampei Nihira, Jun 16, 2022.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    Total Cookie protection in Firefox is now enabled by default:

    https://www.bleepingcomputer.com/ne...e-tracking-by-default-for-all-users/#comments

    you can also get the same in chrome-based browsers:

    https://developer.chrome.com/docs/privacy-sandbox/chips/

    in Edge stable there is a flag that needs to be enabled:
    • Partitioned cookies - enabled
    user Coriy in the comments to this article:

    https://www.ghacks.net/2022/06/15/privacytests-reveals-how-your-web-browser-does-privacy-wise/

    claims that another flag must be enabled:
    • Partitioned cookies: bypass origin trial - enabled
    this flag does not appear in the latest stable version of Edge.

    it would be interesting to know whether this functionality in Chrome-based browsers is not dependent on disabling third-party cookies.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    10,290
    Location:
    U.S.A. (South)
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,441
  4. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    512
    Location:
    Milan, Italia
    The first is included in default Brave. I enable the second based on my reading here https://github.com/brave/brave-browser/wiki/Ephemeral-Storage-Design I'm not sure what the implementation status is for current default Brave stable builds.

    I also keep abreast of configuration development and some of the suggestions here: https://chef-koch.bearblog.dev/brave-browser-hardening-by-chef-koch/ He tries to maintain the page with Brave info, suggestions, etc.
     
    Last edited: Jun 16, 2022
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,270
    When Brave stops worrying about crypto and fixes the infamous flashing white screen let me know. Until then I will use Edge and/or Firefox.
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,681
    LibreWolf recommended? Seriously? Librewolf is using some switches within the regular firefox, but is lowering security overall. must be a "mistake" by that author. sorry, but this author is getting more and more questionable for me.
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,004
    Where does it lower security)
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    As in Firefox you must NOT disable third-party cookies:

    https://developer.chrome.com/blog/chips-origin-trial/

    P.S.

    In version 44 of Edge no flag:

    Partitioned cookies: bypass origin trial
     
    Last edited: Jun 17, 2022
  9. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    :thumb::)
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,761
    Location:
    Outer space
    Both flags are default for me, but it doesn't state if default is enabled or disabled. I also wonder if certain Shield settings affect this, for example Trackers & ads blocking or Block cookies. It does for Firefox so it also might here. Network partitioning and ephemeral/partitioned storage is not mentioned by such names in the settings.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,724
    Location:
    The Netherlands
    So to clarify, it's not an official feature in Chromium browsers yet, but you can still enable it? Because I've read that Firefox recently has added this feature to the newest FF version, sounds pretty cool to me because it makes tracking way harder. And I wonder if it can also stop cookie hijacking.
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    Yes you can enable this feature in chrome-based browsers excluding Edge.
    Because the second required flag is not available,even in the Policy.
    It does not work even when entered as Command Line Switches.

    If any forum members who have activated CHIPS can verify whether it is indeed working with the test below:


    Edge.jpg

    TH.:)

     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,761
    Location:
    Outer space
    In Brave, the column Partition Key is there, but the value is empty, like in your screenshot. If I enable the Flag #partitioned-cookies and relaunch Brave, the value is still empty.
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    Please check:

    • Go to and make sure that the radio button is set to "Allow all cookies" or "Block third-party cookies in Incognito
    • Partitioned cookies: bypass origin trial - enabled
    • Repeat the test
    Th.:thumb:
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,761
    Location:
    Outer space
    I tried the bypass origin trial flag first, did not help.

    The Brave settings are a bit different.
    The entry is called Block Cookies. It was set to "Only cross-site", I changed it do "Disabled", but that did not work either.
     
  16. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    OK.
    So the test is not reliable.
    We need to fall back on a longer test, which we will limit to the 5 steps:


    https://www.chromium.org/updates/chips/

    1. Go to chrome://settings/cookies and make sure that the radio button is set to "Allow all cookies" or "Block third-party cookies in Incognito".

    2. Open a new tab and navigate to https://cr2.kungfoo.net/cookies/v2.

    3. Click "Set cookie (SameSite=None)" to set an unpartitioned SameSite=None cookie named "unpartitioned".

    4. Click "Set partitioned cookie (SameSite=None; Partitioned)" to set a partitioned cookie, "__Host-1P_partitioned".

    5. Open DevTools to Application (let's reduce the 5-step to the essentials).
    You can also see from my image in Edge that the test works:

    Edge1.jpg

    P.S.

    Chrome 103 almost certainly has CHIPS in a more advanced mode than other Chrome-based browsers.
    So you might consider enabling the feature permanently and not just for testing.
    The other derived chrome-based browsers will then have to wait and test later.

     
    Last edited: Jun 22, 2022
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    I repeated the test with Edge 103.:confused:
    No key in the partitioned cookie.
    I leave the flag enabled,but block third-party cookies.
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,761
    Location:
    Outer space
    That works for me in Brave 1.40 (Chromium 103). If I set the flags back to default it does not work, so it seems partitioned cookies is not enabled by default yet.
     
  19. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    215
    Location:
    Canada
    I just tried this on Chrome 105 and had to enable 2 flags to get it to work:
    #partitioned-cookies
    #partitioned-cookies-bypass-origin-trial
     
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    :thumb:
    Unfortunately, the second flag is absent in Edge.
     
  21. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    215
    Location:
    Canada
    That shouldn't be an issue if the first flag works, no?
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,763
    Location:
    Italy
    It doesn't work.
     
  23. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    215
    Location:
    Canada
    Ah, yes. I just reread some of your earlier comments. Well then, all I can do is say thanks for bringing this security feature our attention. I use Chrome, but for your peace of mind, I hope M$ will enable it in Edge sooner rather than later.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.