Page 45 - Payout Magazine Online Volume 10.02
P. 45

Temporary Mitigation                                The Reasons for Google Chrome
                                                    Updates
    Chrome is releasing temporary mitigation
referred to as Lax + POST to help eliminate             Individuals are placed at risk due to third-
issues when a user signs on due to cookies          party cookies including data leakage and
passed between third-party providers and            malicious tracking. Users can also be placed
websites during authentication. Cookies lacking     at risk for cross-site forgery attacks. Clicking
the correct SameSite settings have a window         on an unsafe email link can enable a bad actor
of two minutes for the type of requests initiated   to log into numerous websites including banks.
for sign-on flows. Cross-site GET requests will     Google is moving the web ecosystem into a safer
continue to attach Lax as opposed to Strict for     area through changes in the default behavior.
SameSite cookies. The new model Chromium            The default when there is no specification for
tracker describes the temporary mitigation          SameSite is a much more secure option as
process. Sign-in flows should be tested             opposed to the risks of the previous default.
immediately for third-party services providing
sign-on                                             Steps Publishers Need to Implement
                                                    Prior to February 20th, 2020
    Temporary Transition: Any provider of cross-
site cookies updating immediately prior to the          Publishers should initiate testing through
release of Chrome 80 should be aware that           secure Chrome websites to ensure nothing
some returning or known Chrome 80 users may         breaks. Migration to HTTPS secure pages
appear temporarily as either new or unknown         is recommended. All publishers are advised
users. The issue will be corrected once cookies     to take these steps if they have not already
have been refreshed through the new Chrome          been completed. Publishers are encouraged
settings. Providers are encouraged to update        by Google to review all developer tools alerts
cookies in advance to lessen the impact. Users      including checking with vendors to determine
will have had additional time to use the new        the actions of analytics and ad tech providers.
settings for picking up cookies.                    Publishers need to know if these sites are
                                                    accessing or setting third-party cookies without
Troubleshooting and Testing                         proper labeling.

    The recommendation is enabling secure           The Risks of Third-Party Cookies
experimental flags in Chrome 76+ for Cookies
without SameSite and SameSite by default                In some instances, third-party cookies
cookies to determine how the service or site will   are used by publishers for remembering
react under the new Chrome model. Flags can         the preferences of the users and logins as
be enabled by visiting chrome://flags. Due to       opposed to using safer first-party cookies.
the gradual roll-out of Chrome 80, flags should     In most cases, this occurs when numerous
be enabled during testing to ensure the new         different domains and websites are owned by
default settings are reflected by the browser.      a single publisher. The maintenance of single
                                                    sign-ons encompassing more than one domain
    Testing can also be performed to determine      means publishers must make certain cookie
if the unexpected behavior experienced              configuration is compatible.
through Chrome 80 is due to the new model.
The user disables SameSite by default cookies           The largest potential risks are for vendors
and ensures there are secure flags for Cookies      using audience databases reliant on cookies.
without SameSite. If there is still an issue once   One of the best examples is Adobe. A blog
the flags are disabled, the cookies changes are     post has already been released warning
most likely not causing the issue.                  Audience Manager customers may experience
                                                    a decrease in customers if any of their partners
Enterprise Policies                                 do not make the required changes within the
                                                    period of time remaining. The key issue is the
    Special policies may need to be implemented     lack of compatibility between the new standard
by enterprise administrators to revert the new      cookies and the old cookies. The current
Chrome browser back to legacy behavior if internal  marketing pools may become completely
applications or sign-on services are not ready for  useless.
the changes implemented by Chrome 80.

                                                                                                      PAYOUTMAGAZINE 45
   40   41   42   43   44   45   46   47   48   49   50