search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.63k stars 2.3k forks source link

Safety Check is warning about Passwords even though we disable that feature #39212

Closed fmarier closed 2 months ago

fmarier commented 3 months ago

Description

As reported in https://github.com/brave/brave-browser/issues/12859#issuecomment-2181636790, there is a very unhelpful message from Safety Check in brave://settings/privacy: Screenshot from 2024-06-20 16-54-33

since the password block is hidden in brave://settings/safetyCheck.

I have confirmed that no network requests are triggered by this, so it may be a local check for bad passwords, I'm not sure.

Steps to reproduce

  1. Use a new browser profile.
  2. Go to brave://settings/privacy and scroll down to Safety Check.
  3. Confirm that it's not reporting anything.
  4. Go to brave://password-manager/passwords.
  5. Add a fake password for facebook.com: username = foo and password = bar (note: it appears to require a bad password to trigger).
  6. Go back to brave://settings/privacy and scroll down to Safety Check.

Actual result

Brave found some safety recommendations for your review Passwords

Expected result

Brave regularly checks to make sure your browser has the safest settings. We'll let you know if anything needs your review.

Reproduces how often

Easily reproduced

Brave version (brave://version info)

Brave   1.68.92 Chromium: 126.0.6478.71 (Official Build) beta (64-bit)
Revision    393b9968e233540a48f04d74bc4601a05d3a0169
OS  Linux

Channel information

Reproducibility

Miscellaneous information

No response

rebron commented 3 months ago

cc: @emerick

mkarolin commented 2 months ago

@fmarier Do we want to always hide the specifics? For example, if we have

image

do we not want to see "Permissions" part either? So always hide the sub-text and just replace upstream text with ours?

fmarier commented 2 months ago

If the Safety Check/Hub shows something useful when Permissions are flagged in the sub-text, then it's okay to leave it (and probably better UX too).

The problem is with recommendations related to features we disable (the password checker is the only one I can think of).

Removing the sub-text wouldn't completely fix the issue because if it says "Brave found some safety recommendations for your review" (omitting Passwords) and then nothing is shown in Safety Check/Hub, then that would be confusing to users.

kjozwiak commented 2 months ago

The above requires 1.68.127 or higher for 1.68.x verification 👍

GeetaSarvadnya commented 2 months ago

Verification PASSED on

Brave | 1.68.127 Chromium: 127.0.6533.57 (Official Build) (64-bit)
-- | --
Revision | 88b0d9010af274686b27d8be77edd728fcba04a5
OS | Windows 10 Version 22H2 (Build 19045.4651)

Reproduced the issue on 1.67.134 and seen the message Brave found some safety recommendations for your review Passwords

image

Upgraded the profile to 1.68.127 and ensured that the message Brave regularly checks to make sure your browser has the safest settings. We'll let you know if anything needs your review. is shown as expected image