Whitelist specific cross-site cookies?

FlickerPaws · December 2, 2021, 7:44pm

Hello, I have run into an issue while running Cold Turkey, a website blocking app that I use to prevent myself from spending time on distracting websites during work hours.

Cold Turkey, which is added to Brave via an extension, shows a “blocked” page whenever you try to access a site that you have allowed it to block. The app also allows you to set a custom blocked page rather than the default one (like writing your own custom message that shows there, changing the page colors, etc.). I really like that feature and find it more useful to me than their default block page, which simply says “You’ve quit this site, cold turkey” when I visit a blocked page. That sits with me weird because I haven’t quit the site, I’m just taking a break from it, and a more to-the-point and motivational message helps me better, like setting the custom page to say “You are free from this distraction. Use your time more meaningfully.” That gets me right back on track to my work and feels more motivating than punitive. It’s the energy I need to keep my workflow rather than feel I ran into a roadblock by mindlessly clicking something I wasn’t supposed to. The custom block screen is also a feature of the paid version of the app, which I bought, so I’d like to make use of it.

Here is the issue when it comes to Brave. Cold Turkey uses a cross-site cookie to enable the custom block page to show on the sites you have blocked. The Cold Turkey dev thought that by allowing cookies for his website it would allow the custom page to load on blocked sites, however it didn’t, and would only show the default one on all my blocked pages. I later did some playing around and realized that I needed to enable cross-site cookies either globally or for each site that Cold Turkey blocks, in order for the custom block page to load on those sites.

I don’t like this as a solution because I have to allow ALL cross-site cookies for each of those pages, meaning when I’m not using Cold Turkey to block them, other cross-site cookies can run in the background of those pages, and these are on sites that are notorious for running tens or hundreds of them, like Youtube and other social media.

So, is there a way I can whitelist/allow specific cross-site cookies to run on those pages (specifically, or globally), so that I can get the full functionality of my website blocker app and see the custom block page on those sites, but without allowing all cross-site cookies to run on those pages?

In summary: Simply putting shields down on the Cold Turkey site where the cookie originates, and checking that the cookie from that site is allowed in the cookie settings, does not work. It has to have cross-site cookies allowed on every page it interacts with or the functionality is broken. A way to whitelist a specific cross-site cookie would be the best thing I could think of here.

Brave Version 1.32.113 Chromium: 96.0.4664.45 (Official Build) (64-bit)

fanboynz · December 3, 2021, 2:16am

Allowing X/Y cookie seems to open invitation for tracking, when you have no control on what the 3rd-party does with your data. Privacy first for good reason and making exceptions would just be asking for trouble.

I would expect cookie based extensions would have issue with Brave, no much we can do here tbh. Maybe the extension shouldn’t use/need cookies to track users, that is bad design imo.

Related: which helps

FlickerPaws · December 3, 2021, 11:38pm

I read the article you shared, but I don’t understand how it would help my situation. It seemed to imply that ephemeral storage wouldn’t work when cross-site cookies are involved and that it would be cleared whenever leaving the site anyways. Is that right? So, for the issue described I don’t see the relevance. Can you explain?

I’ve given a suggestion to the owner/founder of Cold Turkey to include local or non-cookie storage of the custom block page data in a future update, though, I doubt enough people are cookie-blocking and running into this issue that he’ll get enough requests to prioritize it as a feature, but here’s hoping. I would imagine his reason for using a cookie to store this data is to make the feature work across devices since some people use his app on computer and phone, etc. I don’t know the ins and outs of developing an app, so I don’t know if there are other ways to do that, but I brought up my concern with it to him, so here’s hoping.

system · January 2, 2022, 11:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I allow third-party cookies for a single site only? Desktop Support macos	3	6169	July 11, 2020
How to block all but 1 cookie on a specific website? Desktop Support windows	16	2267	November 17, 2022
Extension does not work on webpages - blocked by cross-site cookies settings Browser Support windows	1	457	July 4, 2021
Allowing one site (only!) to use cross-site cookies Browser Support windows	9	2952	December 17, 2020
Bug/Glitch Block cookie menu Mobile Support android	3	488	July 8, 2023
Brave shield can't Block Cross-Site Cookies Mobile Support android	9	860	September 29, 2023
Need finer control over cross-site trackers Desktop Requests	11	894	October 18, 2023
Cookies keeps blocked fully Mobile Support android	9	1684	December 11, 2022

Whitelist specific cross-site cookies?

Related topics