Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Chrome Privacy IT

Chrome Changes How Its Cache System Works To Improve Privacy (zdnet.com) 21

Google has changed how a core component of the Chrome browser works in order to add additional privacy protections for its users. From a report: Known as the HTTP Cache or the Shared Cache, this Chrome component works by saving copies of resources loaded on a web page, such as images, CSS files, and JavaScript files. The idea is that when a user revisits the same site or visits another website where the same files are used, Chrome will load them from its internal cache, rather than waste time re-downloading each file all over again.

[...] With Chrome 86, released earlier this week, Google has rolled out important changes to this mechanism. Known as "cache partitioning," this feature works by changing how resources are saved in the HTTP cache based on two additional factors. From now on, a resource's storage key will contain three items, instead of one: The top-level site domain (http://a.example), the resource's current frame (http://c.example), and the resource's URL (https://x.example/doge.png). By adding additional keys to the cache pre-load checking process, Chrome has effectively blocked all the past attacks against its cache mechanism, as most website components will only have access to their own resources and won't be able to check resources they have not created themselves.

This discussion has been archived. No new comments can be posted.

Chrome Changes How Its Cache System Works To Improve Privacy

Comments Filter:
  • In you aren't downloading anything, and are loading a webpage with over a gigabyte of storage, you have problems, like Google adware spying.
  • by Rick Schumann ( 4662797 ) on Friday October 09, 2020 @05:13PM (#60589904) Journal
    You mean they want to prevent non-Google spying on users, right?
    • by AmiMoJo ( 196126 )

      This affects Google sites too.

      I doubt they bother with this kind of attack, aside from inviting expensive legal issues they can get the same information easily from Google Ads.

  • Chrome will load them from its internal cache, rather than waste time re-downloading each file all over again.

    I always turn that off. No caching. I go to a page, you get me the latest information. If I wanted to see old information I would use the Wayback machine.

    They make it sound like having to wait an extra 0.002 seconds to view a page is because the U.S. is some third world shithole country with slow internet and high costs.

    Oh, wait.

    • by AmiMoJo ( 196126 )

      Sites are supposed to tell the browser what resources should not be cached. No need to download images that are always the same, but refreshing the HTML makes sense.

    • by ftobin ( 48814 )

      They make it sound like having to wait an extra 0.002 seconds to view a page is because the U.S. is some third world shithole country with slow internet and high costs.

      Cache matters on mobile.

    • by antdude ( 79039 )

      Also, I like having caches in case I need to quit my web browser OR it crashes. Restoring sessions feature is nice.

    • by Anonymous Coward

      I always turn that off. No caching. I go to a page, you get me the latest information. If I wanted to see old information I would use the Wayback machine.

      You should also always walk rather than use any kind of vehicle, or you risk missing subtle changes in the scenery along the way, and you obviously would not want that.

      Snarky mode: You appear to not understand what these caches are for and that they do not affect whether you see old or information or not. (Assuming the site you are visiting has implemented things correctly, of course.)

  • by martynhare ( 7125343 ) on Friday October 09, 2020 @05:27PM (#60589954)
    Google does put in a serious effort into preventing unauthorised spying on users activity. If they do get an approved client-side standard for users to be able to express their general interests in a privacy-respecting manner, I can see them going while hog and applying website origin policy to first party cookie access too - preventing unauthorised Facebook like button tracking.
  • I teach college classes and often look for interesting resources as I'm prepping my class for the coming term. Sometimes a year later, I'll remember I had seen some things the previous year that I'd like to use this time around. The easiest way to find those was to search my browsing history from the year before.

    So imagine my surprise when had I switched to Chrome a couple years before only to find none of that history existed... that Chrome dumps my browsing history after 90 days. How lame is that?!

    • by WallyL ( 4154209 )
      You mean, none of that history exists on your client. It exists certainly, but you don't pay Google for access to the information it stores about you, so NO SOUP FOR YOU.
    • Browsing history is not cache and is not even related to the cache, beyond some superficial similarities in the UI.

      • by hazem ( 472289 )

        Yes, and I'm saying that if we're still making changes to the product, let's get rid of a dumb "feature" while we're at it. It should be a simple matter of simply deleting the code that goes and removes history after 90 days. Or add a flag and an "if-statement" to let users choose what they get to do with their own data.

  • by ffkom ( 3519199 ) on Friday October 09, 2020 @05:29PM (#60589968)
    ... not to improve the user's "privacy".

    When advertisement / data collection companies like google or Facebook make it harder for their competitors to grab your sensitive data, they do so not because they like you, but to increase the value of the data they collect from you while you use their service.
    • by arQon ( 447508 )

      While there's little doubt that the motivation is exactly what you suggest, it *doesn't matter*. Anyone using Chrome has already sacrificed all the their privacy wrt Google. If Google wants to preserve those users' privacy wrt everyone else though, that is still a very significant improvement in the browser's behavior.

  • I always turn mine off in Firefox, and never notice a performance difference. Is there an analysis of how much caching affects performance? Sometimes I think it is only there to enable LEO to analyze what you have been browsing.

    • I think caching is more for bandwidth and data conservation, especially when one is getting the internet through mobile or satellite data plan.

      So even if you don't mind the performance difference because your bandwidth is plenty, it cost money to other in need if disabled.

  • So does this mean the files will have to be re-downloaded for each website? That would only increase the amount of connections your browser makes to third party servers. Already CDN's are a privacy issue, since it means every time you visit a website a third party it is also contacted (since you're downloading a file from it). "Free" CDN's cost money to run, so they've got to make money somehow...

    I personally use the Decentraleyes addon to make sure CDN's aren't contacted unnecessairily. If that functionali

  • Correct title: Google discovers decades-old caching techniques. Rejoice!

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...