In November, the federal government issued a directive requiring websites to use JavaScript as a way to detect and block malicious code, which has been widely adopted in web browsers.
But while the directive does not specifically require that every website run JavaScript, it does specify that “a website must include the following functionality if it is not already listed: an ability to use a cookie to identify users for a given site, if such cookies are available, and the ability to verify that the user’s cookie has not been altered by malicious software.”
The directive also mandates that webpages use a “cookie management tool” that “provides the ability for a website to recognize cookies, including those from external sources, and track them for the purpose of serving ads to users.”
In a blog post on the federal web site, Google’s VP of Engineering, Tom Schuster, wrote that while Google’s web browser “does not offer the ability [to use a third party cookie management tool] that Google is actively working on, the existing JavaScript-based cookie management tools are not compatible with Google Chrome, so the default setting is to use the Google Web Cookie Manager.
This setting will also not work on Google Chrome due to the way that Google’s browser supports WebCookieManager.
The default setting for Chrome will continue to use Google Web Caching.
This is due to a limitation of Chrome that Google currently has in place with Google WebCaching.
As part of the Chrome browser update that will be released in the coming weeks, we will also be providing a default setting that will work on all browsers and Chrome versions that support WebCached cookies.””
With these changes, Google will now require sites to include a browser-based support for cookies,” he added.
“If you have a site that uses Google Web cookies, you can use Chrome to set cookies and we will provide you with the cookie management interface to do that.
If you don’t have a website that uses Web Cached cookies, then you can set the default to Google Web Cookies.”
However, the new directive also specifies that Google may require that websites “require that users who visit a site opt in to the use of cookies,” which could make some sites “more susceptible to the attack vectors described above.”
In the coming days, the Department of Homeland Security (DHS) will release a new set of guidelines for “cookies and other digital technologies,” which will “help guide the development of best practices for ensuring security of the Internet by ensuring that these technologies are used responsibly, effectively, and fairly, and that individuals have the choice of how they use these technologies.”
If you or anyone you know has problems with the new policy, you should contact the Department.