Open RonnyTNL opened 11 months ago
Thanks. Some questions @RonnyTNL:
Thanks. cc: @zenparsing
Given that:
Can't reproduce on a VM with a fresh install.
I wonder if Ronny's browser profile could be in an unexpected state because it was created so long ago.
Hi @Miyayes
Would this have been a cosmetic issue I would not have an issue with recreating a fresh profile. But given the fact that this has the potential to have a huge privacy impact on the loyal user base of long time Brave users I guess this justifies further investigation.
I can confirm this on at least 4 machines, of which 1 is not mine, 2 daily drivers, and 2 test machines (low browser use). daily: "created_by_version":"77.0.69.132" test: ""created_by_version":"74.0.64.75" (other two not at hand atm).
Two that don't have this: "created_by_version":"90.1.24.86" "created_by_version":"94.1.30.87"
On the topic of VM reproduction, the problem is that my profiles have gone over every update (and corresponding code update/migration of these settings, and a fresh install upgrades just from e.g. 1.20 -> 1.60 so it doesn't touch all mitigating code in the middle possibly related to bug 926) so I'm afraid this test is not representative.
/cc @fmarier
Hi @Miyayes @rebron @fmarier
I'm sorry? How is this going to resolve the privacy impact of this 'issue'?
Has the privacy team been notified and has it reviewed this risk issue?
How are unknowning users supposed to fix this if they even don't know these stats are collected?
Can you run a one-time update to disable this and remove the collected data or something? Did you run an inventory of how many users are affected?
Can you run a one-time update to disable this and remove the collected data or something?
Finding the root cause is likely a very hard problem and so that work is not planned. Instead, we're planning to do, as you suggested, some kind of cleanup (details TBD) that will cover existing users like you that somehow got into this unexpected situation.
@Miyayes just to confirm, we currently delete this on Rewards disablement right? publisher_info_db
@ShivanKaul For precision, "Rewards disablement" would be resetting the Brave Rewards feature. That is, pressing the "Reset" button, which returns the browser to a state as though the user never enabled Rewards before. When a user goes through the reset process, it deletes the publisher_info_db
file completely. cc: @brave/rewards-client
@RonnyTNL Is there a chance you had some kind of database viewer (like SQLite browser) open when you deleted the publisher_info_db
file? If so, it could've been written again because it was opened in a SQLite browser at the time.
I don't think so, all SQLite actions where taken on a closed database (no brave active) and no changes have been saved via SQLite browser.
After I had renamed the db file it got recreated on the next start of Brave which corresponds with the fact that the BAT Rewards service was still running and thus recreating the file with fresh content.
I went ahead with a profile and used the "Reset Brave rewards data" (despite the fact that the steps are illogical (need to enable to disable) and after that the BAT Rewards service is no longer running and the publisher_info_db is removed only a swap/journal file was left.
Description
On an existing profile publisher_info_db is still being populated despite Rewards being disabled.
On top of that issue 926 has a flaw with regards to UI steps (see image). Start using suggests that it's disabled, and to "Reset brave rewards data" you should not need to "enable" something first.
On top of that I consider this a privacy issue it is not clear to the user, nothing suggests that this feature keeps track of every site you have visited.
Steps to Reproduce
Actual result:
First it would need to be way more clear that this 'feature' keeps track of all your domains visited. Clearing of this privacy related info appears to have a bug on existing users from the looks of it.
Expected result:
Clear browser data and checking all boxes should make sure that all "history" is erased, if needed for rewards it needs to be made clear that certain data needs to be tracked because if that feature.
Reproduces how often:
Every site visit on at least two machines with long lasting existing profile.
Brave version (brave://version info)
Version 1.60.110
Version/Channel Information:
Stable
Other Additional Information:
Miscellaneous Information: