Data loss in Brave browser

Brave-Matt commented 2 months ago

Description

This issue is a continuation of a previous and ongoing issue that was recently closed. Previous issue description:

Please note that this issue has been ongoing for sometime now.

We have noticed a significant uptick in user reports concerning a random/unexplained loss of data in the browser. Based on these reports, it appears that the data in question can be anything stored locally/in the browser — from passwords, to bookmarks, to all browser profile data. This issue occurs across all [desktop] platforms.

We started tracking individual instances of this issue occurring in a document here: https://docs.google.com/spreadsheets/d/1Caau3LFaktSXv4vmecmTkQjr7XOtuaQK9G2ozol43_Q/edit?pli=1#gid=0

Please also note that the above document is not representative of all the reports received and that particular document is not quite up to date at this time. We do however have an ongoing Community thread where we have been collecting Community user reports, along with additional instructions for these users to follow and extra steps they can take to get us the data we need: https://community.brave.com/t/notice-unexplained-data-loss-issue/485498

The purpose of this issue is to continue tracking users losing data (passwords, bookmarks, history, etc) that proceeded (and continue to persist) the password decryption issue that was introduced with the bump to Chromium 127.

The issue itself is largely unchanged — users are seeing different data types in the browser "disappear" due to know discernible reason/intentional action taken by the user. This includes any kind of data held in the browser, as shown in the sheet linked above. While I believe that most of these cases are not due to user error/behavior, there are a few caveats where there are known reasons in which this occurs.

Known occurrences (will continue to add to this list)

Scenarios in which data loss is expected include:

Keychain deleted or inaccessible For macOS users, the secret used to encrypt/decrypt is stored in the macOS Keychain. If this Keychain gets deleted, permission is lost (rendering the Keychain inaccessible), or if the [user's] profile folder is moved to a new machine (which doesn't have that keychain), then the new machine will not be able to read the secret and decrypt the data and data loss would be expected.

Corrupted, deleted or moved Local State file For Windows users, the secret key is stored in the Local State file. If this file (or the entire profile folder) is copied and moved to a new machine, the new machine will be unable to decrypt the secret and a new key would be generated, resulting in data loss.

Additionally, if the Local State file is corrupted (or if this file is deleted) this will likely result in a loss of data as well, as the secret will not be able to be decrypted and a new key will be created.

Troubleshooting Steps/Helpful information

At this time, troubleshooting and relevant information that users (or devs) can share on this is a bit scattered, so I will use this section to reorganize and highlight what information can help resolve this issue. For now, please refer to the "Actions users can take" section in the Community thread for basic troubleshooting and information gathering.

Additional troubleshooting:

Finding Local State.bad file (Windows only): If your Local State file gets corrupted for any reason, it will move itself out of the way and change its name to Local State.bad and replace itself with a "fresh" Local State file (which, again, would present as a loss of data). You would be shown an error when launching into Brave:

You can look for this in your User data directory by going to %LOCALAPPDATA%\BraveSoftware\Brave-Browser\User Data on your PC. There, you should see the Local State.bad and the new Local State.

This error might happen if you edited the Local State file. It's in JSON format - you can try pasting the Local State.bad content into a JSON validator to ensure there isn't something wrong with the formatting. The encryption key will be stored under the JSON object os_crypt. If you're up for some text editing, you can copy this node over from the Local State.bad into the new Local State.

Steps to reproduce

N/A

Actual result

N/A

Expected result

Data stays safe and intact in browser

Reproduces how often

No steps to reproduce

Brave version (brave://version info)

Issue has been present since v1.50x up to the most recent release.

Channel information

[X] release (stable)
[X] beta
[X] nightly

Reproducibility

[ ] with Brave Shields disabled
[ ] with Brave Rewards disabled
[ ] in the latest version of Chrome

Miscellaneous information

No response

szilardszaloki commented 2 months ago

Row 15 here — issue on Brave Community (reported by mlchatnoir):

breaking commit in Brave: https://github.com/brave/brave-core/commit/f82ae5a3a6d581578519e30f37de7ef55da93108 (basically, ReadPassword() was falsely assumed to return a bool, whereas it returns a KWalletDBus::Error — and !ReadPassword() is not the same as ReadPassword() != KWalletDBus::SUCCESS, since enum Error { SUCCESS = 0, CANNOT_CONTACT, CANNOT_READ };)
first went live with 1.51.106 on April 27, 2023 (mlchatnoir reported it on April 30, 2023)
corresponding issue on GitHub: https://github.com/brave/brave-browser/issues/30147
fixed via https://github.com/brave/brave-core/pull/18404 (uplifted into 1.51.x)
fix went live with 1.51.117 on May 15, 2023
mlchatnoir also reported on May 18, 2023 that after an upgrade, passwords came back ✅

LaurenWags commented 2 months ago

Per discussion via https://bravesoftware.slack.com/archives/CHGKGMHDJ/p1723569829908629?thread_ts=1723127438.506119&cid=CHGKGMHDJ, removed OS/Windows as the associated PR is only for macOS and Linux.

Added release-notes/include as well.

cc @rebron @kjozwiak

bsclifton commented 1 month ago

Issue to follow which help in some cases - filed upstream in Chromium: https://issues.chromium.org/u/1/issues/365913981

brave / brave-browser