Brave Browser may soon delete cookies and data when websites are closed
Brave Software is working on a new privacy feature for its Brave Browser that it calls Forgetful Browsing. The feature is scheduled for inclusion in Brave 1.53 for the desktop and Brave 1.54 for Android.
Forgetful Browsing configures the web browser to delete cookies and other site data automatically when a website is closed in the browser. Brave users may configure the feature for individual sites or for all sites in the browser.
The privacy feature gives Brave users control over first-party site data and cookies. First-party refers to the actual site that users are on.
Using the feature is quite simple. Brave has added it to its Shield feature, which powers the content blocker as well as other privacy and security protections.
To apply it to a single site, you'd activate the Shield icon in Brave, select advanced controls to expand these options, and check the "Forget me when I close the site" toggle.
Brave will delete cookies and other site data of that website automatically when the last instance of it is closed in the browser.
Brave explains in a new blog post on its site: "When this option is set, Brave will clear first-party storage for the site a few seconds after there are no more open tabs for the site."
The Forgetful Browsing feature of Brave browser deletes explicitly and indirectly stored values in the browser according to Brave Software: "Forgetful Browsing clears both explicitly stored values (e.g. cookies, localStorage, or indexedDB) and indirectly stored values (e.g. HTTP cache or DNS cache)."
Brave users need to be aware that the deletion of the data will log them out automatically, as session data will be removed when websites are closed.
Brave Software points out the following advantages of the feature for some use cases:
- Users are logged out automatically of sites configured for Forgetful Browsing.
- Rate limiting may be circumvented; some sites allow users to view only a specific number of articles, and keep track of this through cookies or site data.
- Sites may not be able to identify users who visited them previously.
Forgetful Browsing was created by Brave Software to further strengthen user privacy. The company believes that the "Web has the wrong defaults for privacy", as browsers "let sites reidentify users indefinitely" even though users benefit from this only on some sites that they visit.
While reidentification is useful, e.g., to check emails or messages, or to manage personal sites, it is often not necessary.
Most web browsers have improved protection against third-party tracking in the past years. Most include options to clear third-party cookies and site data on exist, or support extensions that prevent the setting in first place. There is also support for private browsing modes, which are limited to deleting local data, and features such as Firefox's Total Cookie Protection,
First-party tracking on the other hand has been largely neglected up until now. Browser users may delete data manually or use extensions that help them.
Brave Browser's Forgetful Browsing feature integrates a built-in tool to address this. Most Brave users may want to configure the feature for individual sites, e.g., to always reset the number of articles they read on a site, or to make sure that they are signed-out of a service whenever they close the browser.
Some may go a step further and enable it for all sites. This is done by loading brave://settings/shields in the browser's address bar and enabling the Forget me when I close a site option on the page that opens.
There are a handful of potential downsides to enabling this for all sites visited in the browser. Besides needing to sign-in to sites each time they are loaded, most sites may also display cookie prompts on each visit.
A click on the Shields icon in Brave after enabling the global feature allows Brave users to turn it off for specific sites. This way, you could disable the forgetfulness feature for sites that you want to stay signed in or be remembered, while having improved privacy protections for all other sites visited.
Forgetful Browsing applies to the entire site and not domains; this means that all subdomains of the site and all folders of it, are affected by the feature.
Brave 1.53 and Brave 1.54 will be released in the coming months.
Now You: what is your opinion on Forgetful Browsing?
This sounds like it would be particularly useful on mobile, where the browser is normally not actually closed.
Currently the user would need to set Brave to delete browser data on exit and then explicitly exit the browser using [Settings > Exit]. With this new feature, it will clear the data automatically even if that step isn’t taken – which sounds great.
It’s a good idea, no single cookie should be stored after closed the tab of that website.
Great, now we need something similar to Firefox’s Multi-Account Container and Brave would be something incredible…
I would like an “Export/Import” settings-function that would work on any machine so I could just send the settings file to anyone and they’d apply it and go on about their day. The defaults are complete garbage and for a new user the settings are just a jungle. Yeah, also include my preferred extensions in the settings while you’re at it. Come on Brave developers, I know you can do more than just code more rewards-bullshit nobody on the planet wants or uses.
Deleting cookies and data when websites are closed, the option to do so, is a major feature and undoubtedly an incentive to consider attentively a browser offering it natively. ‘Cookie Autodelete” on Firefox here and now. Remains to be seen if this native feature in the Brave browser will include as many options as ‘Cookie Autodelete’ does, that is selecting cookies (all, specific) but as well including or not in the sites’ data removal IndexedDB, LocalStorage, Plugin Data, Service Workers. If so : applause.
It is, and it is the superior version over what can be added over installing an add-on. The reason why i always rate browsers like Pale Moon, Edge, Brave… or even Vivaldi – OVER Firefox
NOTE : I posted this answer above by mistake …
@Sajadi, are you sure?
From what I understand in the article, this new feature of deleting cookies and data when websites are closed (“Forget me when I close this site” in the Shield drop-down menu) is indeed applicable globally or per-site :
“Forgetful Browsing configures the web browser to delete cookies and other site data automatically when a website is closed in the browser. Brave users may configure the feature for individual sites or for all sites in the browser.”
BUT will it be possible, globally and per-site, to choose what site data to keep and what site data to remove?
This is essential and ‘Cookie Autodelete’ allows this fine tuning. The user may wish i.e. to keep only cookies, but none of the rest, or cookies and LocalStorage but not IndexedDB etc. etc. — I don’t know if Brave’s “Forgetful Browsing” will allow this fine tuning. I do know that I use extensively this fine tuning with ‘Cookie Autodelete” that is to remove only some of a given site’s data when exiting it.
Once again…
YES – i am sure. Native is always the better way. As it is no “glued on top” feature like its when you install an add-on inside a browser. Also the feature is not maintained by some hobby developer, but by the lead developers of the browser.
The only reasoning which speaks against the native way are the complaints of simple users who call every added feature bloat.
@Sajadi, everyone agrees that a native feature is preferable to an extension, that’s not the problem.
The problem, or problematic, is that a native feature may not be preferable if it doesn’t deploy with the same tuning, with the same flexibility as an extension.
If you read my above comment — I won’t repeat it for the third time — I am not asking if you are sure that native is better, I am asking if Brave’s Forgetful Browsing feature will be as feature-rich as the ‘Cookie Autodelete’ extension, and is detailed in my former “BUT […]” paragraph. I have no information in that regard, if you do thanks for sharing it.
Please do read before answering nonsense.
This sounds like incognito mode, why reinventing the wheel again
The good part I see in this is that they are bringing the privacy a step closer to the normies. Yes, it’s arguable if such people would ever know that Brave exists, but the chance the option to be found and understood is much bigger than the about:config 90’s shenanigans.
Well that’s good, then I can remove the Cookie AutoDelete extension once this hits the stable channel of Brave. The less extensions, the better (for my fingerprint).
Yes, that’s potentially a good replacement for Cookie AutoDelete. Although there’s nothing wrong with Cookie AutoDelete. But this seems like a good thing for Brave to do – can’t trust Google to allow various kinds of extensions to work in chromium in the future.
@Iron Heart
I’m wondering if you have put a Brave setup guide together recently. I know that you did one over a year ago. Would like to see how you set up Brave now with some of the newer features added.
Thanks
In short, it is the same as the browser addon “Forget Me Not – Forget cookies & other data” developed specifically for Firefox.
It has been in the public release since 2011; that’s over 12 years now. ….
https://github.com/Lusito/forget-me-not/
A native implementation is ALWAYS better than an add-on based solution.
Period!
@Sajadi, are you sure?
From what I understand in the article, this new feature of deleting cookies and data when websites are closed (“Forget me when I close this site” in the Shield drop-down menu) is indeed applicable globally or per-site :
“Forgetful Browsing configures the web browser to delete cookies and other site data automatically when a website is closed in the browser. Brave users may configure the feature for individual sites or for all sites in the browser.”
BUT will it be possible, globally and per-site, to choose what site data to keep and what site data to remove?
This is essential and ‘Cookie Autodelete’ allows this fine tuning. The user may wish i.e. to keep only cookies, but none of the rest, or cookies and LocalStorage but not IndexedDB etc. etc. — I don’t know if Brave’s “Forgetful Browsing” will allow this fine tuning. I do know that I use extensively this fine tuning with ‘Cookie Autodelete” that is to remove only some of a given site’s data when exiting it.
I am sure. Native is always the better way. As it is no “glued on top” feature like its when you install an add-on inside a browser. Also the feature is not maintained by some hobby developer, but by the lead developers of the browser.
The only reasoning which speaks against the native way are the complaints of simple users who call every added feature bloat.
@Sajadi,
Browser extensions “suck” because the Chrome Web Store is sloppy. There is no human intervention in the review process, it is all “AI”. This is why there are so many fake extensions, useless extensions, etc.
The problem has been unresolvable and has undermined trust. It is a bitter “manifesto” and a problem because it is chromium.
Brave has deprecated the use of extensions from the Chrome Web Store that expose such abominations, and is working on making implementations of popular ones and others; Of course, fingerprinting is also a consideration. Brave appreciates “AMO” and is considering making it available to Brave as well.
https://github.com/brave/brave-browser/issues/15187
The majority of AMO are developed and supported by open source projects, and the “program code” for those released by AMO will be rigorously inspected and continually reviewed by a full-time reviewer.
The browser add-on “Forget Me Not – Forget cookies & other data” is available on Github and can be committed or branched by anyone.
This is not in the category of your delusional “personal taste”.
You seem to be “denying extensions” one way or another, but for example, a “search engine” is also an extension. Not all extensions are “bad” and should be judged by users on a case-by-case basis. At least you don’t seem to have that kind of insight.
The main point of my post was “Firefox has been available for 12 years.
But Brave is just the planning.
When will the other Chromiums be available?”.
I am an iPad user.
https://www.ghacks.net/2023/04/12/operas-free-vpn-service-is-now-available-in-its-ios-browser/#comment-4563732
On rare occasions I use a Windows machine, in which case I use Mullvad Browser.
https://www.ghacks.net/2023/04/03/mullvad-browser-privacy-friendly-browser-launched/#comment-4563225
https://www.ghacks.net/2023/04/03/mullvad-browser-privacy-friendly-browser-launched/#comment-4563581
I use Mullvad Browser as default, so it is “always in private browsing mode”. In my use case, the browser extension is unnecessary.
——————–
@Tom Hawack,
> BUT will it be possible, globally and per-site, to choose what site data to keep and what site data to remove?
Of course, it is possible.
The add-on can be set to any global default value. Site-specific tweaks can be made by registering the site via the Extensions button on the page when visiting the site.
Registration is not required every time you open a page. Only unregistered ones on sites where persistent cookies are used will have a warning mark “! will light up. We found this very useful. Of course, if those persistent cookies are not used, the button will not respond.
You can check the active development status at Official Support.
https://github.com/Lusito/forget-me-not/issues?q=is%3Aissue+is%3Aall+
In addition, this browser extension has been given a “Recommend” by Mozilla (a full-time reviewer scrutinizes the program code). This is safer than sloppy (Development support tends to be neglected) native implementations.
You both are using it wrong. Temporary containers are entirely new sessions and can delete all of the cookies, IndexedDB, LocalStorage, Plugin Data, Service Workers.
[https://addons.mozilla.org/de/firefox/addon/temporary-containers/]
@owl, implementing natively a “delete cookies and data when websites are closed” WOULD have the same result as “Forget Me Not – Forget cookies & other data” (or rather, IMO, than “Cookie Autodelete” which is better when I compare it to “Forget Me Not”, tested several years ago) IF it allows fine per-site data removal and if so would have the advantage of being implemented natively which is always better than having a dedicated extension when both perform exactly the same feature.
The “Forget Me Not – Forget cookies & other data” if I remember correctly doesn’t allow the fine tuning offered by “Cookie Autodelete” : selecting cookies (all, specific) but as well including or not in the sites’ data removal IndexedDB, LocalStorage, Plugin Data, Service Workers. We often focus on deleting cookies and maybe forget the “site data” which includes …. IndexedDB, LocalStorage, Plugin Data, Service Workers.
We may want, i.e. to remove only a site’s cookies, but not its localStorage, or keep its cookies and its localStorage but not other site data downloaded to the user’ IndexedDB (that one may get filled astronomically if not managed).
Keeping LocalStorage but cleaning IndexedDB will basically keep settings when stored in LocalStorage but remove the user’s data a site has kept in the user’s IndexedDB which in 99% of the cases is absolutely not required to be kept, on the contrary, may lead to MBytes of totally unnecessary garbage-data interesting only the Website OR the user when his connection is drastically slow).
All this can be performed, easily, per-site with ‘Cookie Autodelete’. The point is to know if Brave’s announced native “delete cookies and data when websites are closed” will perform as well.