Proposal: save cookies and site data by default

[rdbo]

As of now, Ungoogled Chromium has the option "Delete data sites have saved to your device when you close all windows" on the "On-device site data" settings tab (chrome://settings/content/siteData). I propose that the default becomes "Allow sites to save data on your device". Here's why:

• Saving site data is the user expected behavior: most browsers will also store data from your browsing and keep it by default. So when most users (myself included, and many others as you can see in the GitHub issues) start using this browser, they will quickly realise that something is off, since the websites they just logged into are asking for credentials again, and if we are talking about the average person, they probably don't even know that they have to change a setting for that not to happen. Speaking from personal experience, I have used Ungoogled Chromium on and off for some time now, and everytime I install it, I end up forgetting that this is the default behavior after logging in to many services and search up how to turn it off. Then I have to log in all the way over again.

• Ungoogled Chromium is not a privacy focused browser: don't get me wrong on this point, removing Google is a huge step torwards achieving privacy. But it is not the finish line. If you want to achieve true privacy in a browser, there are many extra steps that need to be taken, such as modifying the user agent, spoofying hardware information, disabling most (or even all) Javascript, etc. Someone who wants a hardened browser will have to do much extra work from the base Ungoogled Chromium installation anyways, and they most likely know how to enable and disable site data on their own, unlike the average user.

• Cookies are not tracking-only features: even though cookies can be used for tracking users, they still play an essential role on keeping things like account access tokens for the websites you log in. If they were used exclusively for tracking, then sure, turn them off, but that isn't the case. Also, online fingerprinting has grown way beyond using cookies for tracking, so like I mentioned before, someone who truly wants privacy will have to go an extra mile either way to achieve it.

To sum it up, I really do think that keeping site data should be the default. The opposite confuses many users and also doesn't provide true privacy for your browser, at the cost of a good and standard browser experience.

[solarkraft]

This discussion comes from the issue #1012.

I fully agree with you.

Basically this default conflicts so directly with the project's second objective that I can't really imagine a reasonable argument for keeping it:

ungoogled-chromium retains the default Chromium experience as closely as possible.

[bugQ]

the thing i'm most curious about is why this setting got enabled by default to begin with. it seems it was originally a patch from iridium, which is indeed a privacy-oriented browser.

there does not seem to be any inherent reason for ungoogled-chromium to mimic iridium's defaults instead of chromium's in this regard, nor is there any real explanation for it in the FAQ

[pdfrod]

When I first started using ungoogled-chromium, I was also surprised by the fact that my sessions were being reset on browser restart. I expected this browser to work just like Google Chrome, sans Google tracking. Setting the Delete data sites have saved to your device when you close all windows to off is now the first thing I do whenever I reinstall ungoogled-chromium.

Given that third-party all blocked by default, I think that persisting the sites own cookies is a very acceptable compromise. If someone was that worried with their privacy, they would be better off using something like Tor.

At the very least there should be some wizard on the first use asking the user whether they want cookies to be deleted or nor, as many users seem to be tripping on this.

[PF4Public]

on the first use asking the user whether they want cookies

the changes to the default settings:

Fifth row!

[bugQ]

I could be wrong but I don't think this is what they were talking about, since this isn't exactly asking anything, it's just stating what the defaults are.

That being said, it would be nice if this information were more prominently or meaningfully labeled on the first run page, since many new users are clearly not noticing it. Why wouldn't it belong in the "How to" section, for example?

On the gripping hand, I still don't know why this particular option is enabled by default, beyond the fact that iridium did and it was not given a second thought.

[rdbo]

Has this been changed? I just installed Ungoogled Chromium from flatpak and the data didn't get deleted when I closed the browser (I didn't tweak any settings).
The "Default Settings" page still shows "Clear cookies and site data when you close all windows" as "Enabled" though

[PF4Public]

AFAIK Chromium developers have rearranged some code, that might've been the reason for the changed behaviour you're experiencing.