"Delete blocked cookies" option deleting unblocked cookies too

[in4u]

Prerequisites

• [x] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
• [x] This is not a support issue or a question
  • Support issues and questions are handled at /r/uMatrix
• I tried to reproduce the issue when...
  • [x] uMatrix is the only extension
  • [x] uMatrix with default lists/settings
  • [ ] using a new, unmodified browser profile
• [x] I am running the latest version of uMatrix
• [x] I checked the documentation to understand that the issue I report is not a normal behavior

Description

I want uMatrix to allow and keep everything except third-party cookies. The applied settings are as per below screenshots (raw configuration settings are left untouched):

Result is that not just third-party but first-party cookies are also getting deleted. The first-party cookies selected for deletion and the duration after which they are deleted seem completely random and unpredictable. Sometimes they get deleted within 10 minutes, mostly within a few hours and the longest I have noticed (so far) is around 15-18 hours.

Now I am not quite sure whether my settings are at fault here or this is actually some bug.

A specific URL where the issue occurs

Any page which uses first-party cookies. e.g. reddit.com, https://subscene.com/filter/edit, https://www.nvidia.com/Download/index.aspx?lang=en-us

Steps to Reproduce

1. Visit reddit.com, set some random preferences (e.g. select night mode from the top right hand side dropdown menu).
2. Visit https://subscene.com/filter/edit, set some random search preferences (e.g. select English as popular language, Yes for Hearing Impaired, and tick Foreign language only) and save changes.
3. Visit https://www.nvidia.com/Download/index.aspx?lang=en-us, select any random combination of product, type and series (e.g. product type as GeForce, product series as GeForce 10 Series, product as GeForce GTX 1070) and click search.
4. Close browser.
5. Re-open browser.
6. Visit the above 3 pages to confirm that saved settings are in effect.
7. Open uMatrix logger.
8. Wait and watch (could be anywhere from within 10 minutes to perhaps 24 hours) for the blue-colored entries highlighting deletion of set first-party cookies. Or if the logger is not being monitored, simply keep visiting those 3 pages every few hours to check saved settings.
9. Optional: Keep restarting browser every couple of hours or so if the cookies aren't deleted by that time.
10. Eventually (at least some of) the first-party cookies will be deleted and our 3 examples pages will revert to default settings.

Supporting evidence

Your environment

• uMatrix version: 1.3.14
• Browser Name and version: Firefox 62.0
• Operating System and version: Windows 7 SP1

Notes

I apologise in case this is the expected result as per my uMatrix settings and would appreciate guidance on how to achieve the intended result.

[uBlock-user]

This has happened to me in the past, whenever I use that setting, within few hours, I get logged out of current sessions from google account or github account and such, so I stopped using it. It deletes non-blocked cookies in my case as there are no blocked cookies because I blanket block 3rd party cookies by default, so such cookies never get set and it ends up targeting first-party non-blocked cookies.

[gorhill]

The problem with...

* * cookie block
* 1st-party cookie allow

... is that uMatrix is unable to tell whether a cookie is 1st- or 3rd-party until uMatrix has seen in what context it has been set. When you launch the browser, none of the existing cookies have been seen yet by uMatrix, and thus it can't tell whether an existing cookie was set in a 1st- or 3rd-party context. It currently assumes 3rd-party.

The only fix I can think of is to forfeit the ability of handling existing cookies which were set before uMatrix launched.

On the other hand, the workaround for the issue here is to simply explicitly allow the cookie for the specific sites:

subscene.com 1st-party cookie allow
reddit.com 1st-party cookie allow

This way there is no ambiguity.

[in4u]

The only fix I can think of is to forfeit the ability of handling existing cookies which were set before uMatrix launched.

Yes @gorhill, it'd be a much better solution for uMatrix to delete only confirmed third-party cookies and leave the assumed ones.

And rather than going about whitelisting individual sites I'd prefer to just not use the delete option. So, if the above solution is implemented, for me it'll be like something is better than nothing!

[gorhill]

uMatrix to delete only confirmed third-party cookies

Actually that does not even work that reliably. I might as well remove the cookie column, that will solve everything.

[uBlock-user]

I might as well remove the cookie column

Wouldn't that entirely remove the cookie blocking functionality from uMatrix via popup UI ? Instead of removing such functionality, I rather suggest you remove Delete blocked cookies setting itself.

[uBlock-user]

The problem with...

I don't have * * cookie block, but rather have * * * block with * 1st-party * allow, does that make any difference ?

[in4u]

@gorhill I second @uBlock-user's suggestion to just remove the delete option, until there's a better way of handling this issue.

In any case, I would not like to see the cookie column being removed. It's a quick visual way of identifying which sites are using cookies and how. Take whatever decision you see fit regarding cookie blocking but let the graphical representation stay.

[Kusresa]

I agree the cookie column is the best way to visualize which sites are using cookies and ease of just having to point and click to allow or deny from the popup UI is really great. FWIW I use uMatrix in a default deny way and use the popup UI a lot to temporarily allow cookies only when I need to and want them to be deleted whenever temporary cookie rules are reverted so both the cookie column and 'Delete blocked cookies' option are extremely useful to me.

[theWalkingDuck]

I might as well remove the cookie column

This must be sarcasm.