Because you aren't really the audience for that post, and they can safely assume you'll dig deeper anyways?

If we're not the audience then who is? This was made to the Chromium open source blog, which is typically a developer heavy blog (with previous topics like "Hint for low latency canvas contexts"). Throwing a few reference links at the bottom shouldn't harm their message with the less technically savvy.

I'm just guessing. Something else that sparks joy for me: the fact that Google will never give any of their announcements the titles they're justifying, like, "OMG, WE KILLED CSRF!", and that I'll have to dig in a bit to see how big a deal what they just did is. It's like every "Improving privacy and security on the web" is a little gift I get to unwrap. It's like Justin Schuh and Mike West's version of "one more thing".

Good feedback. Chromium blog content varies from product announcements to technical summaries. We did link to this article in the Chromium blog:

<https://web.dev/samesite-cookies-explained/>

which does go into a good deal of technical detail. A challenge is that even experienced web developers didn't know much about SameSite prior to this announcement.

A few more reference links might not hurt, true.

As for who the audience is, perhaps people who were alarmed by the WSJ's scaremongering: https://www.wsj.com/articles/googles-new-privacy-tools-to-ma...

Someone leaked the news to the WSJ, which tried to spin this as an anti-competitive move.