Can cookie storage in `Local Storage` & `File system` be BLOCKED?



  • I've been fighting this for years, & still cannot find a foolproof solution. I have configured a reliable way that tightly manages the "ordinary" cookies, but those per my subject line are driving me bonkers.

    Here's a typical example:

    They persist across restarts, which is obscene. Now, as for years, i manage them purely manually, via my webpanel chrome://settings/siteData, wherein i manually delete them after i have closed the relevant tabs each time.

    What i seek however is a foolproof way to block them ever being created, or, a reliable way to automatically delete them so i do not have to keep on top of them manually.



  • @Steffie I hate those things too, specially Service Workers, a scourge of the modern web.

    Maybe Cookie Autodelete can help at least a bit?
    https://chrome.google.com/webstore/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh

    I use it to keep a whitelist of sites I want to keep cookies/storage from. The rest are discarded on tab close.

    After adding a site to whitelist, you can go to the settings and uncheck "Keep local storage" to get it to delete this also for whitelisted sites. Note that some sites rely on Local Storage for functionality.

    Unfortunately it appears to not do anything about workers.



  • Totally agree!
    I made a Feature Requests to Disable Site Data Local Storage few years ago.

    There is also similar Feature Requests https://forum.vivaldi.net/topic/45006/add-extra-cookie-deleting-functionality



  • @Pathduck said in Can cookie storage in `Local Storage` & `File system` be BLOCKED?:

    Service Workers, a scourge of the modern web

    For these i use the Service Worker Detector extension. Each time it triggers i then open my chrome://serviceworker-internals/ webpanel & stop + unregister the offender. Annoying to have to manually do this, but tis effective afaik.

    @Pathduck said in Can cookie storage in `Local Storage` & `File system` be BLOCKED?:

    Maybe Cookie Autodelete can help at least a bit?

    Sadly, no. It is great for managing the "ordinary" cookies i mentioned in OP, but useless against those Local Storage & File system ones. Despite me using its explicit setting for them, it neither blocks them nor later removes them.

    Also good for managing the "ordinary" cookies, & equally useless for those other ones, is the extension Vanilla Cookie Manager.

    There's a very nice Firefox extension with an unintuitively antithetical-sounding name Forget Me Not that i'd love to try in V, but sadly its Dev seems not interested in cross-platform porting.

    @Stardust said in Can cookie storage in `Local Storage` & `File system` be BLOCKED?:

    I made a Feature Requests

    Fingers crossed that the V Devs can do something nice here.



  • What about something here:

    chrome://settings/content/cookies



  • @sgunhouse That's exactly how i do it now, but all that i wrote in my OP was predicated on my self-awareness of this fact... ie, the OP's described problem remains unsolved.

    Blocking ALL cookies does work, but obviously it creates its own quite dire usability hassles. Over the long hail i have had several bouts of doing it this way, but eventually i always have to return to allowing cookies for session only + no 3P [like now again] ... but that then allows these damn other things per my OP.



  • Strange that the setting says it should make cookies and site data both empty on exit yet you are still finding them. 😞



  • @sgunhouse Well of course i agree with you. IMO it simply should not happen, yet as my picture shows, it does ... & always has ... hence the years of fighting with it.



  • @Steffie said in Can cookie storage in `Local Storage` & `File system` be BLOCKED?:

    Blocking ALL cookies does work

    OMZ this is even more ridiculous. This morning i chose to revert to blocking all cookies, manually removed all the "naughty" ones, then did my usual morning browsing. Thus completed, i rechecked the cookie status [including a V relaunch], & am, tbh, quite enraged [colour code in these pics: green = good, red = bad].

    2020-06-29 13-34-22.png

    2020-06-29 13-32-42.png

    2020-06-29 13-32-26.png

    2020-06-29 13-31-45.png



  • @Steffie I believe "File System" includes stuff like BLOBs that technically are part of cache.

    To add to the confusion, Chromium has two separate pages showing the same information in different ways.
    chrome://settings/siteData
    chrome://settings/content/all

    When I look at some sites showing with File System, it shows as:
    Persistent storage = None
    Temporary storage = 0B

    (way to go for consistency Chromium devs πŸ‘ πŸ™„ )

    The worst is Gmail using bloody everything:
    e15c754c-6d9a-4c24-b34c-64fc67bba5be-image.png
    (two entries for database storage, Chromium? πŸ™„ )

    But I assume from your blocklist you don't use G services πŸ˜‰

    I think that we're at the point where more and more sites start using these kinds of storage systems and workers, for tracking users or less nefarious purposes, and privacy-focused extensions have just not caught up yet.

    And for all we know, the G is making it tough for extension devs to access the APIs to delete these things. At least that's the impression I got from following the CookieAutoDelete development of a Localstorage option. It was available in Firefox for a long time but the API was lacking in Chrome (and still is very limited).



  • Nice reply thank you. I'm happy to know others share my exasperation about this, but otoh tbh i just feel annoyed as hell that we cannot fully control our exposure.

    The "bad guy" here is unambiguously gargle, not V Devs, but that said, i dislike V boasting about their privacy credentials when [as i & others have pointed out for years] V still does not block HTML canvas fingerprinting, & this wretched cookie Local Storage & File system annoyance.


    Oh, i initially forgot to reply to another part of your post.

    @Pathduck said in Can cookie storage in `Local Storage` & `File system` be BLOCKED?:

    technically are part of cache

    Well, i claim no technical understanding here, but fwiw, for years i have run all my chromium-based browsers' caches including V in /tmp, which itself runs as a ram-disk in tmpfs. You doubtless know this means that my cache then is supposed to be cleared each reboot ... yet these obnoxious cookie monsters tenaciously persist anyway. Gaaaaahhhh!!



  • @Steffie

    for years i have run all my chromium-based browsers' caches including V in /tmp, which itself runs as a ram-disk in tmpfs

    You do this using the --disk-cache-dir flag? I have a suspicion File System, Local Storage and Service Workers are not considered part of this so will still be saved under the user data dir. As well as tons of other data potentially revealing browsing history. Yay for Chromium ...

    Generally I'm not too concerned about these files from a privacy point of view. I just strongly dislike the buildup of cruft so these caches are regularly cleared out with CCleaner.

    I agree on your point of Vivaldi using privacy as a major selling point while at the same time not giving us more control of these things. I think it's likely out of their control as well, they'll probably have to rewrite the entire caching system in Chromium/Blink from scratch to combat it.

    I wonder how browsers like Brave handle it, and if these kinds of data is actually cleared there.



  • @Pathduck This is my custom launcher, used in my Latte-Dock:
    firejail --blacklist=/Seagate* -- vivaldi-snapshot --disk-cache-dir=/tmp/vivaldi-snapshot-cache --force-device-scale-factor=1

    @Pathduck said in Can cookie storage in `Local Storage` & `File system` be BLOCKED?:

    a suspicion File System, Local Storage and Service Workers are not considered part of this so will still be saved under the user data dir

    Well if you're correct, that's just really demoralising!

    @Pathduck said in Can cookie storage in `Local Storage` & `File system` be BLOCKED?:

    I'm not too concerned about these files from a privacy point of view

    My primary objection is that i do not know one way or the other if they are an endangerment to my privacy or not, but i should have total control over what writes itself to my ssd & persists. My policy position is simple [albeit, apparently acutely naive!]: no website should store ANY data locally, except when i explicitly allow it.



  • @Steffie Easy to verify - check the content of your /tmp/vivaldi-snapshot-cache dir, you will find Cache, Code Cache and Storage. Not the others mentioned.

    no website should store ANY data locally, except when i explicitly allow it.

    I absolutely agree. However, I'm afraid this is not the way the wind blows... πŸ˜•

    If I was to put my tinfoil hat on: I'd say this is all part of Google's long-term plan to deprecate cookies and plain old cache as means of client storage and replace it with systems the users have very little control over. In the future all will be "Apps" and store data in one large impenetrable hunk of BLOBs and JS, with Service Workers pushing ads to the client and user data back to the server - even when the browser is closed. Clients will have no control of this, because why should they worry their little heads with such matters; they should stay consumers of ads and providers of personal data to be mined. The old open web we know and love will be dead, replaced by a tightly controlled selection of Apps made by faceless corporations.

    alt text



  • @Pathduck

    steffie@solydk[/tmp/vivaldi-snapshot-cache/Default] 20:19:26 Mon Jun 29 $> ls
     Cache  'Code Cache'
    steffie@solydk[/tmp/vivaldi-snapshot-cache/Default] 20:19:43 Mon Jun 29 $> 
    
    


  • How about symlinking the relevant user data dirs to the tmp dir? Although I think they will lose their file handles once gone and they won't be recreated. You'd need to write a wrapper script to create and symlink them on Vivaldi launch... πŸ˜•

    Some possible flags to try:
    --disable-local-storage
    --disable-shared-workers (not really sure what this is)

    I guess if you really hate Service Workers you could always symlink to /dev/null πŸ˜‚



  • @Pathduck …or chown root and chmod g= o=



  • Thanks both for your replies -- not actually ignoring them per se, but atm am still distracted by some tests i've been doing in my Test profile. Am falling-over hungry for my dinner now so need to leave off here for a bit, but in essence [& with more detail to be fleshed out later]:

    • Using CAD + chromium cookie settings in a specific combo subtly different to how i've been doing it in my main profile, seems so far ... repeatably ... to be achieving my goals.

    More to come, later...



  • @Steffie This combo seems to be working ok, thus achieving my objective.

    1. This Cookie AutoDelete [CAD] suite of CoreSettings:
    {
      "settings": [
        {
          "name": "activeMode",
          "value": true
        },
        {
          "name": "cleanCookiesFromOpenTabsOnStartup",
          "value": true
        },
        {
          "name": "contextMenus",
          "value": true
        },
        {
          "name": "contextualIdentities",
          "value": false
        },
        {
          "name": "debugMode",
          "value": false
        },
        {
          "name": "delayBeforeClean",
          "value": 15
        },
        {
          "name": "discardedCleanup",
          "value": true
        },
        {
          "name": "domainChangeCleanup",
          "value": true
        },
        {
          "name": "enableGreyListCleanup",
          "value": true
        },
        {
          "name": "enableNewVersionPopup",
          "value": false
        },
        {
          "name": "greyCleanLocalstorage",
          "value": false
        },
        {
          "name": "keepDefaultIcon",
          "value": false
        },
        {
          "name": "localstorageCleanup",
          "value": true
        },
        {
          "name": "notificationOnScreen",
          "value": 3
        },
        {
          "name": "showNotificationAfterCleanup",
          "value": false
        },
        {
          "name": "showNumOfCookiesInIcon",
          "value": true
        },
        {
          "name": "sizePopup",
          "value": 16
        },
        {
          "name": "sizeSetting",
          "value": 16
        },
        {
          "name": "statLogging",
          "value": true
        },
        {
          "name": "whiteCleanLocalstorage",
          "value": false
        }
      ]
    }
    
    1. This CAD suite of Expressions:
    {
      "default": [
        {
          "expression": "*.forum.manjaro.org",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "J207nmFkG"
        },
        {
          "expression": "*.forum.vivaldi.net",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "v6DGRjoLd"
        },
        {
          "expression": "*.manjaro.org",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "UfZFmN01v"
        },
        {
          "expression": "*.ourguide.com.au",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "GuVCO1RSP"
        },
        {
          "expression": "*.searx.ninja",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "tMH4a10ME"
        },
        {
          "expression": "*.vivaldi.net",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "tahJ1PqHs"
        },
        {
          "expression": "forum.manjaro.org",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "r21k-ALY5"
        },
        {
          "expression": "forum.vivaldi.net",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "wdcGLG0XI"
        },
        {
          "expression": "ourguide.com.au",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "w3WHqScK6"
        },
        {
          "expression": "searx.ninja",
          "listType": "WHITE",
          "storeId": "default",
          "cleanLocalStorage": false,
          "cookieNames": [],
          "id": "DEHRHH094"
        }
      ]
    }
    
    1. These chrome://settings/content/cookies values:

      Allow sites to save and read cookie data (recommended) = Enabled
      Clear cookies and site data when you quit Vivaldi = Enabled
      Block third-party cookies = Enabled
    Allow
    
    [*.]ourguide.com.au
    embedded on [*.]ourguide.com.au
    [*.]vivaldi.com
    [*.]vivaldi.net
    [*.]searx.ninja
    [*.]forum.manjaro.org
    

    Note that despite it appearing to be an unnecessary duplication, i found out the hard way that if i do only #1 & 2, but omit #3's "Allow" list, i lose all my defined login states & page customisations of those particular sites at the next V launch.

    I also discovered tonight why my earlier tests of CAD a few days back failed.

    • I had wrongly assumed that the chromium expression syntax shown in #3, would be identical to the CAD expression syntax shown in #2, & as i have had #3 done for months & months, i initially simply copied them from chromium cookie settings page then pasted them into the CAD Settings page.
    • Wrong! CAD could not read them, hence upon relaunch lost all my page status', leading me to wrongly blame CAD as a failure, when in fact it was my own error.
    • Once i tonight removed those original erroneous CAD expressions then configured them "the CAD way", it worked.

    Finally to mention the all-important objective of protection against those damn Local Storage & File system wotsits.

    1. My CAD CoreSettings nicely cause the "ordinary" cookies from all closed tabs [once the domain no longer exists in any open tabs] to be deleted 15" later.
    2. If any of those sites also had either or both of the offensive items stored, these do NOT get deleted at this point. That's a shame, but...
    3. ...upon V close & relaunch, they then get deleted!
    4. Several hours ago, highly ironically, an old thread resurfaced about some users unfortunately still getting occasional lost tab session upon launch. I made a new post mentioning that my main profile has not suffered that bug for a long time. Whilst that remains true atm tonight, my Test profile has fared worse. During my hours of testing tonight, there were three or four occasions when closing the Test profile window caused a crash during closure, & upon Test relaunch all the tabs were gone AND none of the nasty target storage cookies had been deleted by CAD. However if i then reclosed & relaunched the Test window, this time they were deleted. It seemed that each time the V window closed cleanly, CAD worked properly & upon relaunch the tabs remained whilst the nasty cookies were gone.

    I have now imported my Test profile's CAD settings [per #1 & 2 above] into my main profile's CAD. Over the remainder of this week as i do all my normal daily browsing workflow, this will be the acid test for the success or not of this new paradigm.



  • @Steffie Glad to hear you found a workable solution πŸ‘

    A couple of notes:

    You have "cleanLocalStorage": false" set in CAD for the domains, it won't clear this data, but since your solution still clears it along with the other nasties at restart I guess it doesn't really matter.

    Clear cookies and site data when you quit Vivaldi = Enabled

    I had (wrongly) assumed this was your setting all along and data was not being cleared on quit. Glad that it seems to work as advertised. I guess the above setting combined with the Allow list lets you set the domains you don't want data cleared from. If these sites also use Local Storage (etc) this will still persist, right?

    Also, this will clear out your cache (apart from the allowed sites), so might have performance implications. But as long as that's what you want (and you have a fast connection) no worries.

    On crashing+lost tabs: Sounds like you got quite a few of these during testing. Many users complain of the same, and if you're able to find a reproducible way of recreating such a crash, it would likely help the V team a lot if you can find the time to report it. Maybe crashes are related to messing around with the Chrome setting pages.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.