Forgetful Browsing – Brave gives website owners a new headache

The privacy-conscious Brave browser is introducing a new feature that will make it even harder for websites to track users.

Dubbed Forgetful Browsing, the feature will automatically clear cookies and other information when a user closes tabs for a site. In particular, it will prevent sites from reidentifying users across different visits.

This has many benefits from a user’s perspective. It thwarts tactics such as putting up the price of products that a customer has repeatedly visited (such as plane tickets or hotel rooms). It will also prevent users from being rate limited, disrupting sites that offer you a certain amount of free views before you’re blocked by a paywall.

Users will be able to choose whether they apply Forgetful Browsing to a particular site or across every site they visit. The feature will be added to forthcoming versions of Brave’s desktop and Android browsers.

Although Brave is a minnow in the browser market – it claims that more than 50 million people have switched to the browser, but it’s hard to track market share because of the way it disguises itself – the company is definitely influential. Many of the features that started in Brave have ended up in rival browsers, especially those trying to distance themselves from Google Chrome.

If Forgetful Browsing does become more widespread, it could have big implications for web analytics packages that monitor repeat visits to sites. Not to mention website owners that employ paywalls.

Private browsing on steroids

Brave claims that Forgetful Browsing will go beyond the privacy protections built into many browsers. While most web browsers now offer some degree of protection against third-party tracking, Forgetful Browsing targets website owners that rely on first-party storage to track visitors.

“Browsers provide some tools to help users prevent unwanted first-party reidentification, but these tools are clumsy, inconvenient, and scoped either too broadly or too narrowly, all of which invite unwanted–and irreversible–reidentification,” Brave writes in a blog post announcing the new feature.

“This is because of how browsers manage first-party storage,” the post continues. “Browsers prevent sites from reading another site’s cookies (e.g. yahoo.com can’t read your login cookies for outlook.com), but browsers generally don’t restrict how the same site can read cookies across visits (if you visited chicagotribune.com yesterday, the site can re-read the same cookies next time you visit).

“Even when you tell a site to log you out, it can’t easily clear some kinds of first-party storage. This gives even well meaning sites the ability to reidentify users across visits. Worse, browsers provide few protections against sites that intentionally aim to re-identify you across logins.”

Forgetful Browsing is an improvement on private browsing modes, the company claims, because even they can snare visitors if they don’t always use private browsing when visiting the same site. What’s more, Forgetful Browsing will apply across a site’s entire web property, including subdomains.

The new feature will appear in Brave versions 1.53 and 1.54 for desktop and Android, but users who want to test the feature now can turn it on by visiting brave://flags in the browser and switching on “Enable First Party Storage Cleanup support”.