Youtube.com cookies not deleted/cleared on exit/close - started just today - todo with local storage it seems

[NipLars]

Visiting youtube.com you get a cookie doing that. Having that as part of what to delete/clear at exit/close

• it still remains permissions part 100B
• so the cookie part remains as entry too, listed as among cookies EDIT: now going into 100B data, it says local storage for www.youtube.com

So think it's local storage that is not cleared/deleted. - if I delete that manually, removal of cookie entry disappear and work

EDIT2: site vend.se has the same fenomena, also stores local data and does not work anymore.

It just started today

• if youtube/google did anything or Brave update, not sure
• some sites that is tracked by google also create the youtube.com entry that does not go away

So seems a newly introduced bug in Brave.

I have a good amount of such "sites that clear cookies when you close them"

• to delete at exit, but this fails now suddenly.
• the rest seems to work still
• I also tried clearing the list I had, and just do youtube.com and www.youtube.com
• it remains and does not delete at exit

Entry on cookie listings say

• youtube.com Entry going in on that cookie say . www.youtube.com

And all parts regarding permissions stay there 100B Going in on "cookies and site data" nothing is listed

[rebron]

cc: @ryanbr @mkarolin

[rebron]

I think this is a related issue or a dupe. https://github.com/brave/brave-browser/issues/33033

[Climbingbow]

@NipLars check which version of chromium it is using i was having similar issues when it was Chromium: 117.0.5938.62 but ive just done another fresh install an it has reverted to Chromium: 116.0.5845.188 and is now working as it was before. so from the deductions i can make it looks like that version of chromium was messing with the cookies/passwords and auto login and log out on exit.

[NipLars]

@NipLars check which version of chromium it is using i was having similar issues when it was Chromium: 117.0.5938.62 but ive just done another fresh install an it has reverted to Chromium: 116.0.5845.188 and is now working as it was before. so from the deductions i can make it looks like that version of chromium was messing with the cookies/passwords and auto login and log out on exit.

Thanks, I had that 117.x.x .62 and today updated to .88. So if reverting something a 116.x chromium will probably update real soon again.

[NipLars]

My toucpad acted up on me, no close of subject was intended.

[ghost]

@rebron

I found that the 100B leftover in brave://settings/content/all is not exactly sensitive Data (like Local Storage or Cookies) not being cleared by Brave.

I was testing other methods to clean 1p storage, Forgetful Browsing and the toggle Clear cookies and site data when you close all windows since it can be controlled with the Sites that can always use cookies list. Well, Forgetful Browsing works fine, and the issue seems to be with Clear cookies and site data when you close all windows and Sites that clear cookies when you close them.

But the 100B invisible leftover data is from a SQLITE DB file called MediaDeviceSalts, a file I have never seen before. So it displays in brave://settings/content/all after opening some sites.

Making a quick search it's easy to find this, if it is related to that file: https://chromium.googlesource.com/chromium/src/+/main/components/media_device_salt/

So, either Brave has to check how private that MediaDeviceSalts feature is and see if it has to be disabled completely or find a way to isolate the data in the Ephemeral Storage when using Sites that clear cookies when you close them and also see why Clear cookies and site data when you close all windows that data is not being cleared by Clear cookies and site data when you close all windows toggle.

Forgetful Browsing works fine, which is anyway the latest and newest and coolest feature by Brave, so I guess that should be used instead if all people want to do is to clear data.

So, yes, @NipLars use Forgetful browsing, that works fine, if you don't have it enable it in brave://flags/#brave-forget-first-party-storage, and while it is not as easy to manage, because you would probably want to open/edit Preferences file to see 'all websites' where you enabled it, without opening Shields panel, and even add the sites quickly, but yeah FB is 'the future in Brave' and the latest feature. If you don't know, It takes 30 seconds to clear the data when you close a site and of course clears data on exit, and since you want to clear data, it makes sense to use it.

[NipLars]

@Emi-TheDhamphirInLoveUnderTheFrozenStar Just using you link it shows Default Enabled for FB

• I found the Shield settings for this
• seem to work after a bit after startup, first showing 140B and 2 cookies and then disappears

Is functionality before update sept 14th not coming back?

• it worked for years

[NipLars]

@Emi-TheDhamphirInLoveUnderTheFrozenStar I tested on samnytt.se and two things does not work a) third party cookie for youtube.com can be set even though third party is blocked b) FB does not work so youtube.com remains in cookie list this case

[NipLars]

riks.se is also a site that set youtube.com as cross-site though blocked.

Places that uses Google scripts for statistics or something set this even it should be blocked.

[ghost]

@NipLars it can be global, also per site by using Shields panel as "Forget me when I close this site"

The problem is there is no way to know which sites were added to the FB. You will have to see the preferences file in the "brave_remember_1p_storage": {}, Example:

If you change the global toggle, it will not affect those sites, unless you remove them from the preferences file, they will be out of sync with the global setting forever.

Forgetful Browsing works as expected, also, it is meant to work for 1p, not 3p, Brave already isolates 3p data to the Ephemeral Storage by default, which means no 3p data should be writing to the persistent storage unless you changed something.

The only issue I can see in riks.se and samnytt.se is that it sets the 100B for Youtube, and as explained it is made by the MediaDeviceSalts file that is something not related to the sensitive storages information like Cookies or Local Storage, not good but 3p cookies or local/session storage information shouldn't be writing to Brave persistent storage by default.

Also, you have to remember brave://settings/content/all was added by Brave, because Chromium removed it, so Brave might be the only browser with the feature to see these media_device_salts information like that. I am sure Brave team will deal with it accordingly, and if it is not good for privacy it will probably get disabled/removed, so the 100B problem doesn't happen again.

But you probably need to check brave://settings/cookies and make sure you don't have Youtube on the allow part, because it is the only way it will cause that. no 3p is allowed in Brave, but it is not blocked, it is isolated so no other site can access it and gets cleared after closing the site. That's Ephemeral Storage and it is similar to Firefox Total Cookie Protection.

[NipLars]

@Emi-TheDhamphirInLoveUnderTheFrozenStar

Thanks.

Right now it's for me samnytt.se and riks.se that sets 3p youtube.com that remain. I tried for samnytt.se to list among sites that never should accept cookies, and popup dialog for cookie credentials disappeared, but still got the 3p cookie on youtube.com.

And 3p cookies are not part of FB so remains unless manually removed. But if I go to youtube.com that has 1p too, FB removed it all. But then youtube.com can track that I had a 3rd party and connect some dots.

Brave has no competition when it comes to these things.

If there were a setting whether to Ask for confirmation removing cookies or not would be great. Limit the clickfest to remove unwanted cookies. So just click on dust bin and gone if you want. (I put on feature request some months ago).

[ghost]

@NipLars Did Well, the only way that can happen is:

• if you added the sites and checked the box Including third-party cookies on this site
• you did it through the Shields Panel, which adds the "Including third-party cookies on this site" on the allowed cookies for the site.
• you added youtube domain to the Sites that can always use cookies which will allow Youtube to be set and read as 1p and 3p on any website.

Forgetful Browsing is not useless, it is just like Ephemeral Storage in 1p, the only difference is that it deals with Persistent Storage and not a temporary storage, which can be convenient. These features that clean 1p, are obviously not aware if the site added 3p, and Brave already doesn't allow 3p to be added to Persistent Storage unless you allow it.

So what exactly is being added by samnytt.se and riks.se? are you sure they are cookies/local storage data? or we are talking about the same 100 B bug?

That's why your removing cookies Feature Request seems awkward, there are already 5 ways to clear cookies.... 6 if we count Devtools? should be enough. 1p storage can be cleared or avoided, and 3p is already isolated by Brave. And in brave://settings/content/all you can already filter sites and click delete displayed data, or click the trash bin icon to remove the data.

I just don't get the weird obsession of clearing data all the time, clearing settings, login data and important stuff, that will be set after anyway, sometimes... most of the time is pointless. Most tracking is avoid 3p which Brave already avoid, and you are not stopping the tracking on 1p, because when you visit sites, you are already giving tons of information. So, in that case why are you allowing any data? block it or use Private Windows and only allow the sites that need cookies/other data.

Just my opinion, but also I don't get the issue with Forgetful Browsing, Ephemeral Storage. The only issue is the 100 B here, which I already shown not to be anything but a 'display bug' or a feature that needs to be disabled completely so eventually I am sure Brave team will take care of it.

Anyway, if anything, the only 'solution' or 'temporary workaround to the 100 B issue, is to lock the MediaDeviceSalts file. I only know Windows, so if you are on Windows:

1. You go to %localappdata%\BraveSoftware\Brave-Browser\User Data\Default, if you are using Stable, for nightly it is %localappdata%\BraveSoftware\Brave-Browser-Nightly\User Data\Default

2. MediaDeviceSalts file, open the file in a SQLite file and remove every line in the media_device_salts table or probably creating an empty file with that name should work.

3. Right click and go to the Properties of the file -> Go to Security tab -> Advanced

4. click Add -> Select a principal

5. type your username and click 'Check Names' or use the Advanced option 'Find now' and select the one that makes more sense, Administrators, Users, or your Username.

6. Then select 'write' and 'type Deny'

7. and apply and done

It will not let the 100B happen because nothing will be written on the file, of course, you or anyone would do this knowing the risks, like if something will break or not for not letting the file to be written, or like Chromium documentation says: it avoids cross-origin tracking, so if true, you will 'break' the benefit of it.

[NipLars]

@Emi-TheDhamphirInLoveUnderTheFrozenStar Many thanks for all your tips.

My start page is so I see all cookies when I open Brave.

• can quickly look if anything I am not logged into and remove manually

Browsing history is cleared at exit of Brave, for all but cookies and site data and shields as it says.

Samnytt.se and riks.se are added to be cleared on close as well as sites that never can use cookies.

• third party is checked on those, to also clear any third party if any

Nothing is entered on sites that always can use cookies.

• that part is empty

Running vpn and Brave shield settings this make me feel more private.

• google I hate over all that is everywhere
• most places I visit with bookmarks on a clean tab, so no refer info on http header where I came from

The youtube.com is probably the 100B bug as you said, it says 100B beside it

• but as actually visiting youtube.com and 1p FB removal works
• but from samnytt.se and riks.se the 100B for 3p youtube.com is not removed and remain

I'll await some updates on Brave and clear manually till then.

• or might try your deny write idea

[goodov]

I think this is a related issue or a dupe. #33033

this is not related to #33033.