Safe '21
Set safer site defaults for today and tomorrow
About this presentation
The web has a history of being an over-sharer. Original defaults tended to allowing everything—with restrictions needing to be explicitly added by the site. Newer APIs follow the principle of least privilege, so that's better, but still have the challenge of maintaining backwards-compatibility leaves sites with a lot of responsibility to create a safe experience for visitors. We'll explore how the platform is moving to safer defaults—from phasing out third-party cookies, removing passive fingerprinting surfaces, and enforcing cross-origin isolation. Alongside these ongoing efforts, we'll also go through the changes you can make today to protect your site—from improving cookie usage to locking down your third-party interactions. We will also explore some patterns for balancing appropriate collection of user information with protecting those same users from phishing or other forms of fraud.