Add option for users to visit a site in ephemeral 1p storage

[Tonev]

Description

Hello,

I would like to suggest the introduction of an option that will allow users to delete all cookies associated with a website the moment they leave that website. I believe my suggestion will improve users' privacy further and remove the need of installing extra addons that do the job. For better understanding of my suggestion I'll mention the addon CookieAutoDelete, which is probably the best addon of its kind.

Best regards

[Tonev]

@pes10k

Tagging you because I'm a huge fan of your privacy-related suggestions and implementations. I believe you might be interested in this suggestion, and hopefully think of a way to implement it in some form, appropriate for a web browser.

[pes10k]

Hi @Tonev , thanks for the suggestion! We've discussed a similar idea, basically calling it "1p ephemeral browsing." We'd want to do a few things in a possible brave implementation:

1. Don't clear 1p state immediately, but after a short time period (30 sec or 5 min or similar), to allow some SSO flows to work (i.e. Clear ephemeral storage partitions after a small time period #14943)
2. persist partitioned 3p storage for the lifetime of the 1p site (a la https://brave.com/privacy-updates-7/)

But i think its a great idea, and thank you for the suggestion @Tonev ! We don't have it in a development queue at the moment, but we hope to get to it at some point!

[Tonev]

Thank you for the quick reply @pes10k! Highly appreciate Brave's privacy efforts and implementations that make the browser even more privacy-friendly for all of us!

[iam-cult]

I would also like this, maybe an option to choose between whitelist or blacklist? I think I would find more use out of a whitelist, where I have to opt websites out of ephemeral storage, but I'm sure others will disagree with me. For convenience sake it would also be nice to control this from the address bar.

[Tonev]

The idea of first-party ephemeral storage is actually great!

@pes10k I really like how you turned my basic idea of "delete cookies after leaving a website" to something like this. It's great to see issues don't remain forgotten somewhere but developers actually think of an as proper implementation as possible!

[iam-cult]

May I ask why this was marked as feature/private-browsing? I assumed that this would be a feature for normal browsing, because of the fact that storage is already cleared after closing the tab/window in private browsing, as well as the fact that @Tonev mentioned the addon CookieAutoDelete, which is not exclusive to private browsing.

[pes10k]

@TheCultLeader666 this was marked as private-browsing bc the feature is conceptually similar to it (i.e. i wanna do a thing where storage isn't connected to the other stuff i do). But we don't intend it as a substitute or replacement for the existing private browsing mode. The uses we current have in mind for this feature are (partial list, still under discussion, no commitments, etc.):

1. as part of bounce tracking protection. I.e. the browser is about to navigate to a domain we know is used for click / bouncetracking, usually though link decoration, but we'd like to reduce the ability of the site to track users across visits
2. as a general, opt-in shields option for visiting a site, without the site remembering you after you close the site
3. a general, always on, never let any 1p remember anything about me after the site as been closed (i.e. a "super-duper" private browsing mode)

Anyway, like i said, this is all underdevelopment and subject to change, but, we don't mean it as a replacement to private browsing, but as a way of providing private-browsing like protections in a wider range of situations

[Tonev]

as a general, opt-in shields option for visiting a site, without the site remembering you after you close the site

Sounds good but please pay attention to #15347 in case you decide to introduce first-party ephemeral storage as a Shields addition. I'm sure you don't want clearing browsing data for "Site and Shields Settings" to disable such an important privacy feature out of the sudden.

a general, always on, never let any 1p remember anything about me after the site as been closed (i.e. a "super-duper" private browsing mode)

The best option among the listed, in my opinion. My only concern with this option is the "always on" part, unless I misunderstood you. For privacy-concerned users of Brave, having this option always enabled should be good, my concern is that a lot of users will want an option to remain "remembered" sometimes, so having an option to enable/disable the first-party ephemeral storage would be quite appreciated, either through an option in Brave's privacy settings or a separate flag, like we have the #brave-ephemeral-storage flag now, but being completely opt-out by default might be the sweet spot for everyone as it improves users' privacy greatly.

[iam-cult]

a lot of users will want an option to remain "remembered" sometimes, so having an option to enable/disable the first-party ephemeral storage would be quite appreciated, either through an option in Brave's privacy settings or a separate flag

In my opinion it should be more accessible than a flag, as most people would probably not use it (or know it's there). Being disabled by a flag makes it sound like it would be enabled by default, which would probably anger a lot of people. I'm more in favor of both an opt-out shields option and an opt in one, that could be toggled in the settings to fit the user's needs, and there would have to be a switch to opt a site out/in in the shields dropdown. (These are just ideas, take them with a grain of salt)

[iam-cult]

Maybe, since ephemeral storage in its current implementation is meant to replace the blocking of 3p storage, this could be controlled through the entry in the shields dropdown for cookies, and since the implementation of ephemeral 3p storage would presumably be replacing the "Cross-site cookies blocked" option, maybe 1p ephemeral storage could replace the "Cookies Blocked" option. It would then be very simple to set the default in the settings, and make exceptions in the shields dropdown.