cc @ShivanKaul @rebron @fmarier @antonok-edm

@Saoiray if you close reddit.com manually and wait for 30 seconds BEFORE quitting the browser, does that clear all the cookies? If you quit the browser before closing the site, that wouldn't trigger "forget me when I close this site."

@ShivanKaul that's a negative. This little google.com entry still appears and persists. And while I call it a cookie, I'm not sure if it is or if it's something else. If you'd like, can schedule a time with you and do a screenshare or whatever. Might be easier to get data or test.

I also want to highlight I can replicate in all release channels. In trying to rule things out, I even purged all profiles on Beta and started fresh. Then I was able to go through everything as indicated originally, where everything clears out except the google entry.

Part of me wondered if might have been because of search engine or something, but default settings are to Brave Search.

When trying to delete it, get the normal prompt saying might get signed out and all.

-NOTE-

If I go to Delete Browsing Data it will erase the entry. So this exception only seems to be happening via the Forget me when I close this site.

At around 100 B it's not much data at all, but not sure if it's just enough of something inserted to track or if it's something else. Or what it's falling under that doesn't get cleared that way.

Sorry, but one more update. I just pulled out my old Samsung Galaxy S9 (Android 10) and installed Brave Beta (1.74.20) on it. I tried the same thing, enabling Forget me when I close this site and then visiting Reddit.com.

Traveling to Brave's settings -> Site Settings -> All Sites showed reddit.com (7 cookies, 7.5 kB) and google.com (133 B), though I never visited Google.

From there I hit the back button until I got back to where Reddit was open and I closed the tab. Stared at the You'll find your tabs here thing for more than 30 seconds before opening Settings. I went back to the All Sites as indicated before and the only thing listed was www.google.com (133 B).

Reddit enables DisableThirdPartyStoragePartitioning2 [1] origin trial for google.com. This makes google.com iframe store its data without partitioning. Our cleanup logic removes top frame storage and partitioned storage keyed by the top frame origin, so technically nothing is broken.

We may prevent this trial to be enabled, but it potentially may break some things. @ShivanKaul thoughts?

Decrypted origin trial from reddit:

{
  "payload": {
    "origin": "https://google.com:443",
    "feature": "DisableThirdPartyStoragePartitioning2",
    "expiry": 1742342399,
    "isSubdomain": true,
    "isThirdParty": true
  },
...

This can also be seen in devtools:

1. https://developer.chrome.com/origintrials/#/view_trial/568016503002103809

Can we confirm that disabling the upstream origin trial fixes the issue i.e. the 3rd party Google cookie is stored in the partition, and is cleared when forgetful browsing is invoked?

Can we confirm that disabling the upstream origin trial fixes the issue i.e. the 3rd party Google cookie is stored in the partition, and is cleared when forgetful browsing is invoked?

yes, confirmed an ignored origin trial partitions google.com:

after 30 seconds cleanup:

Thanks for confirming. I think we should disable this origin trial. Websites shouldn't be able to unilaterally opt-out of Brave's privacy protections, especially something as fundamental as storage partitioning.
cc @arthuredelstein

Will disabling this origin trial break reddit or any other websites? I agree we don't want to have this opt-out, but it would be good to know what the consequences will be and if we can mitigate any problems.

I guess ideally we should bind the origin trial disabling to Brave Shields on/off state, but not sure if it's easy doable.