Google is changing Chrome's caching to prevent snooping and improve security - gHacks Tech NewsGoogle plans to introduce a change to caching in the company's Chrome web browser that is designed to improve user privacy and security.

ADVERTISEMENT

Google is changing Chrome's caching to prevent snooping and improve security

Google plans to introduce a change to caching in the company's Chrome web browser that is designed to improve user privacy and security. All web browsers use a cache by default to load previously accessed files more quickly when resources are requested again; this speeds up the loading of sites as content is loaded from the local system and not a remote server.

Caching works by saving a resource, an image for example, along with its full URL as the key for identification purposes. Any site requesting the resource, be it directly or in an iframe, will benefit from the cached file. While that speeds up loading, it poses risks as site may use the mechanism to detect if a specific site was visited by the user in the past. Other risks include cross-site tracking and cross-site search attacks.

Google engineers developed a partition system for the cache in the Chrome web browser to mitigate these risks. The main idea is simple: instead of saving a resource with its full URL only, Chrome is adding two more bits of data to the saved information. Chrome will save the top-level site and the current-frame site next to the full URL of the cached resource. The browser uses the information to determine whether it should serve resources from the cache or not.

chrome caching partition

Chrome will load the cached resource if the request comes from the original top-level site regardless of whether it is requested directly or using an iframe. Caching rules ignore ports and subdomains.

When an unrelated site requests the file, Chrome will load it from the server and not the cache.

Google's data indicates that the new caching functionality increases the miss rate by about 3.6% and will increase the "fraction of bytes loaded from the network" by about 4%.

Apple is already using cache isolation in the Safari browser. Mozilla has plans to introduce the functionality in Firefox as well.

Closing Words

The introduction of cache partitioning improves privacy and security when caching files. Google plans to introduce the change in Chrome 86 gradually. The new version of the browser was released on October 6, 2020.

Now You: what is your take on the feature? Have you disabled the cache?

Summary
Google is changing Chrome's caching to prevent snooping and improve security
Article Name
Google is changing Chrome's caching to prevent snooping and improve security
Description
Google plans to introduce a change to caching in the company's Chrome web browser that is designed to improve user privacy and security.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Iron Heart said on October 14, 2020 at 10:12 am
    Reply

    > what is your take on the feature? Have you disabled the cache?

    I like this change of course, good to see that Google is quick to implement this. The way I handle cache: Cookie AutoDelete deletes it upon closing the related tab or upon domain change. I have also set my browser to delete cache upon shutdown.

    1. ShintoPlasm said on October 14, 2020 at 11:56 am
      Reply

      And what browser might that be? Do tell!

      (Sorry, couldn’t resist :P )

      1. Iron Heart said on October 14, 2020 at 12:05 pm
        Reply

        @ShintoPlasm

        Can’t mention it, for I will be accused of shilling it, even in statements that can be applied just as much to any other browser.

      2. Peter Gunn said on October 14, 2020 at 12:48 pm
        Reply

        Brave man!

      3. Iron Heart said on October 14, 2020 at 2:36 pm
        Reply

        @Peter Gunn

        Learned from experience, rather.

        Also shhh, don’t spoil it for everybody. :D

  2. d3x said on October 14, 2020 at 11:32 am
    Reply

    > Have you disabled the cache?
    Disabling cache on Chromium-based web browsers is really dumb, I would love to do it because it’s useless with current high speed connections. On the other hand, in firefox you can easly do it in about:config

  3. Tom Hawack said on October 14, 2020 at 12:38 pm
    Reply

    I presume this concerns memory cache as well as disk cache… or does it?
    Personally I disable disk cache and if the advantages of keeping only memory cache are obvious in terms of speed and privacy in that it vanishes once the browser exited, I still don’t know exactly the incidence on privacy during the session : does the concern addressed by Chrome’s caching modification include memory cache?

  4. Anonymous said on October 14, 2020 at 2:40 pm
    Reply
  5. linuxfan said on October 14, 2020 at 5:32 pm
    Reply

    It should be added that this feature has been available in Firefox for years if you enable First-Party Isolation (as mentioned, e.g., in https://www.ghacks.net/2017/11/22/how-to-enable-first-party-isolation-in-firefox/ ) or, alternatively, by using containers in Firefox, e.g., via the add-on Temporary Containers.

  6. Anonymous said on October 14, 2020 at 5:48 pm
    Reply

    It was not! It required additional switch in `about:config`.

  7. Anonymous said on October 14, 2020 at 6:02 pm
    Reply
  8. ULBoom said on October 15, 2020 at 12:02 am
    Reply

    Snooping by whom, Google?

    Seems like the equivalent of FF’s first party isolation which is nice for privacy but breaks some sites. Similar to blocking third party cookies, good idea but a crap shoot in practice.

    When Chrome is capable of deleting browsing data on close vs. next open, Google will actually be doing something for users. Currently they depend on lack of user knowledge for their smoke and mirrors show.

    They can do all the preemptive damage control they want and it will help them naught when DOJ hits them.

    1. Anonymous said on October 15, 2020 at 3:13 pm
      Reply

      It’s not like Firefox first party isolation. It’s not about privacy, but it is about security. It’s still not enabled in Firefox – https://bugzilla.mozilla.org/show_bug.cgi?id=1536058

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.