What would happen if browsers started syncing cookie jars across devices, the same way they sync passwords and #webauthn passkeys?
8
3
I'm pretty convinced there is something to be done here. Not cookies per se, has to be opt in (breaks backwards compatibility otherwise), but i agree there is something here. Interested in exploring this further with browser engineers?
3
2
If you think this won't immediately be abused in ways you didn't intend, go read up on Britney's case where they had a copy of all her comms from a shadow iOS device signed in to her iCloud

Jul 29, 2022 · 9:40 PM UTC

1
1
Replying to @aaronpk @samuelgoto
Yes, it was a random thought and I’m sure there are consequences. What if the browser itself required FaceID to unlock the cookie jar. That would mitigate many issues, and if you squint at it is not all that different than a credential store.
2
The problem is FaceID is only tied to the device so it doesn't change the situation 😔 I'm also not convinced syncing WebAuthn keys was a good idea either tho
1