freedom-foundation
commented
1 month ago The pupose of this GitHub repository is to publicly mirror an issue(s) which has been sent to Google and closed and ignored multiple times (about 4) as won't fix. It behoovith me to make a repoaitory so not to lose track of preasimg this issue. The issue has been reentered and the issue has been marked private so the public may not see. The progress of the issue as it appears on Google issuetracker is pasted here following:
IssueTracker
Assigned to me Starred by me CC'd to me Collaborating Reported by me
To be verified Bookmark groups
Saved searches
Hotlists
Create hotlist Create bookmark group Browse components Issue 365405757 This issue is a part of the Chromium tracker. Public Trackers > 1362134 > Chromium > UI SEVERE PRIVACY ISSUE cookie management is broken in all android chrome regression from stable Comments (15) Dependencies (0) Duplicates (1) Blocking (0) Resources (8) Assigned Bug P2 Unconfirmed Status Update Updated by matt39s.home@ just now unsolved Description chrome-wizard@prod.google.com created issue on behalf of Google Account #1 Sep 8, 2024 06:42PM Steps to reproduce the problem
Easily reproducible, follow the steps ( on android) 1. Block thirdparty cookies 2.can't login to google.com website ( enter
www.google.com into browser tap login and go through the precess) Problem Description
Easily reproducible SEVERE PRIVACY ISSUE cookie management is broken in all android chrome regression from stable, can't login to www.google.com if block third party cookies has been enabled , follow the steps ( on android) 1. Block thirdparty cookies 2.can't login to google.com website ( enter
www.google.com into browser tap login and go through the precess) Summary
SEVERE PRIVACY ISSUE cookie management is broken in all android chrome regression from stable Additional Data
Category: UI
Chrome Channel: Not sure
Regression: Yes
Issue summary
Similar issues
Title Dupes +1s
Created
- 2 this version not support cookies 3.
0 1 May 16, 2024
Can't copy paste manually or using shortcuts in chrome, and various chrome shortcuts not working 1 2 Feb 8, 2024 Browser issues 0 0 Aug 13, 2024
Links (5) “ www.google.com ” chrome-wizard@1, vaggasathish@
6
“ Video ” vaggasathish@
6
“ https://github.com/learningBASh/chromium-debug/issues/1 ” matt39s.home@
11, matt39s.home@
12
“ google.com ” matt39s.home@
11, matt39s.home@
12
“ bughunters.google.com ” matt39s.home@
13
Comments All comments Google Account matt39s.home@gmail.com #2 Sep 8, 2024 06:45PM Third time this easily reproducible bug has been falsely-marked can't reproduce won't fix thus worthy of criminal negligence. vaggasathish@google.com vaggasathish@google.com #3Sep 9, 2024 12:46AM Assigned to matt39s.home@gmail.com.
THanks for filing the issue.
@reporter: Could you please help us with a video reproducing the issue.
Thanks. Google Account matt39s.home@gmail.com #4 Sep 9, 2024 09:57PM @asker I can make a screen record video but you do not need it. Because you DO NOT need it a red flag goes up that you may be a moron or an automatic chatbot. This easily reproducible SEVERE PROBLEM applies to all chrome variants brave, and every other rebranded chromium source based browser. All you need to do is follow the steps on android. By now google may be prosecuted for criminal negligence and espionage against America's public. peeps-workflow-peeps-continuous-blintz@prod.google.com peeps-workflow-peeps-continuous-blintz@prod.google.com #5Sep 9, 2024 10:02PM
Thank you for providing more feedback. Adding the requester to the CC list. vaggasathish@google.com vaggasathish@google.com #6Sep 10, 2024 12:49AM
Thanks for the update.
Issue is NOT REPRO & tested on Android 15; Pixel 8a Build/AP4A.240905.001 | Chrome 128.0.6613.132
Launch chrome
Navigate to settings > security & privacy -> Third party cookies -> Block third party cookies
Go back and on a new tab, search with www.google.com
Able to see search results
Video@reporter: Could you please help us with reported version , device details to further investigate the issue.
Thanks for understanding. Google Account matt39s.home@gmail.com #7 Sep 10, 2024 08:22PM @vaggasathish@google.com Absolutely this IS REPRO. I myself have reproduced this multiple times on multiple android phones. Pls hold the ticket open for screenshots and more info. peeps-workflow-peeps-continuous-blintz@prod.google.com peeps-workflow-peeps-continuous-blintz@prod.google.com #8Sep 10, 2024 08:27PM
Thank you for providing more feedback. Adding the requester to the CC list. Google Account matt39s.home@gmail.com #9 Sep 10, 2024 08:27PM @vaggasathish after reading your attempt to repro I cannot be sure why you think watching a video relates to UNABLE TO LOGIN TO GOOGLE. By the average-joe you must be a gravely disabled mind. You shouldn't really be participating in public settings. vaggasathish@google.com vaggasathish@google.com #10Sep 11, 2024 12:48AM
Thanks Matt for the update.
COuld you please help me understand better, by sharing video with steps to reproduce, so that I can further triage this issue.
Thanks for understanding Google Account matt39s.home@gmail.com #11 Sep 11, 2024 08:02AM During your wait for screen record video take a look at my logs of past reports I had to keep because buganizer kept deleting my bug reports. This here is actually about the 4th report of the same not fixed bug. The backlog is located here at github https://github.com/learningBASh/chromium-debug/issues/1 titled End Of Humanity bug. And take a good look at the YouTube channel connected to this bug. Because something surprising happened during my screen recording I suspect this bug is a JavaScript trap or hijacking of JavaScript running as the google.com domain. I can explain more please leave this report open so I can log it. Unrelated private info may have been captured on screen record and I should re-record to exclude the private info. Google Account matt39s.home@gmail.com #12 Sep 11, 2024 08:26AM Actually when you look at my github issue containing all of the past reports indeed screenshots I supplied with typed labels and arrows in yellow overlayed on the screenshots -look these over as well as reading the full report. If you have any questions about the report do notbhesitate to ask and I will help you understand. If after reading the full history of these-this bug report if you still want a screen record say so. As you will see in the report this particular bug occored on older versions of chrome and do know it was also an entirely different version of android. The preponderance of evidence begins to point at quite possibly something to do with JavaScript -and further so because suddenly the bug SEEMS to have dissapeared what a surprise I find during my screen recording yet keep in mind the exact bug as I report DID insistently occour on this phone multiple times I reproduced it on this phone as it was reproduced multiple times on prior phone as may be seen in the GitHub log https://github.com/learningBASh/chromium-debug/issues/1
I highly suspect this has to do with the way JavaScript interacts or should not interact with the login cookie of google.com. (but for any other site?) In order to check this out one would need a chrome browser with JavaScript debugging enabled. Can you reccomend a JavaScript debug version of chrome for use on my android?
THIS ISSUE IS NOT YET RESOLVED DO NOT CLOSE THIS ISSUE Google Account matt39s.home@gmail.com #13 Sep 11, 2024 07:53PM While my months of tracking this bug is being looked over can you talk to your banker about how much you will value my report to earn paid rewards from bughunters.google.com .I see fivethousand for an XSS bug in Gmail and $31,837 rewarded for a Google Cloud Deployment bug. What do you and your banker and perhapse your attorney suppose this-here bug report should be worth considering this affects every google account security in the world and inhibits GDPR compliance but mostly is prosecutable by any of the public at large as either a civil damages or military espionage case. Which has been already commit by Google and confirmed by willful neglect to solve the bug. On the prosecution side giving away the security of entire accounts by willfull neglect is likely to value at bankruptcy of Google and further damages and injuries of Liberty against the public which google could not pay for. Wouldn't you say 51% shareholding of the entire Corporation is fair reward? Google Account matt39s.home@gmail.com #14 Sep 13, 2024 11:53PM Continue to wait while I compare this regressiin from Chrome current stable with Chromium unstable latest. Again if you can point me to a JavaScript debugging webbrowser so the actual JS code given to the effected Chrome android browsers can be audited for code being involved in this SEVERE PRIVACY ISSUE. Google Account matt39s.home@gmail.com #15 Sep 14, 2024 02:49AM The current preinstalled version of Chrome is 111.0.xxxx.116 and it seems to have different settings then latter versoins . This may actually be the browser version which this SEVERE PRIVACY ISSUE does regress to. I would need to be able to identify the changing of the handling of third party cookies in the sourcecode of Chrome to find out exactly how far this SEVERE PRIVACY ISSUE does regress. As you should know Google Play will force an upgrade to the latest Chrome from the playstore. That being said may explain why the bug wasn't reproduced while making a video in my previous post. Having compared the settings with Chromium unstable latest the part of the settings which differ are the handling of thirdparty cookies being not only in 'site settings' now also in settings > privacy > tracking. The span of the regression is now presumably from 130.0 - 111.0 the versiin may be updated in this bugreport to 130.0. Please update the version now. And do note the way the new handling of thirdparty cookies is put in settings seems to work hand in hand with the way JavaScript should-not be handling the login cookie. To take a look at the code which seems to have part in this offence I need access to a version of Chrome for android between the regressive versions 130-111 which does have JavaScript debugging. Add comment CC Me Issue metadata Access Limited visibility + Google Expanded Access Collaborators CC matt39s.home@gmail.com vaggasathish@google.com Code Changes
Privacy | Terms
Backlog from @learningbash including screenshots appended https://github.com/learningBASh/chromium-debug/issues/1
Skip to content Navigation Menu
Code Issues 1 Pull requests
Jump to bottom End of humanity (bug) (help wanted) #1 Open learningBASh opened this issue Feb 10, 2024 · 11 comments Labels bug help wanted Comments learningBASh commented Feb 10, 2024 •
reporter:svjasonmchristosthefirstSP@proton.me
Assigned to me Starred by me CC'd to me Reported by me To be verified Bookmark groups Saved searches Hotlists Create hotlist Create bookmark group Browse components Issue 330744616 Chromium 330744616 1 of 3 End of humanity bug Comments(2) Dependencies(0) Duplicates(0) Blocking(0) Resources(6) Bug P2 Unconfirmed STATUS UPDATE No update yet.
DESCRIPTIONch...@google.com created issue on behalf of Sovereign Jason M Christos the First SP #1 2024-03-22 02:31 Steps to reproduce the problem
End of humanity (bug) (help wanted) #1 Bug Google Chromium 122 regressive Block all third-party cookies seems to block all cookies. Point at the code handling these privacy options. While this may be a more valid use of the term "third-party" expect an intermediary option for the user to allow cookies from the domain visited without having to allow any and all cookies. As it is chromium 122 has no intermediary option for privacy involving cookies. "While this may be a more valid use of the term "third-party" " Let me explain when user is first party phone is second party google then technicly is thirdparty and whatever was called thirdparty is cross-site cookies. As I say regardless of what it is being called there needs to be an intermediary option. See screenshots on original bug report here:
Google banned me for Google being wrong : or deleted my post : they don't really give explanation but I did say google help is wrong because of a serious bug in Chrome : looks like they are trying to force you to get attacked by AI by making it hard not to use thirdparty cookies: the bug is too convenient right at the time online biz are moving toward ChatGPT biz models : so guys in the google system can evade its own policies as a thirdparty : if you thought policy meant nothing wait until you see AI harassment tracking devices on thirdparty cookies. This is serious severity HIGH. Sam Altman testified before Congress about this, I have found the " end of humanity " bug. Why hasn't any dev touched this yet?
UPDATE Severity: HIGH how to change a bug name from " no cookie whitelist" to " end of humanity " bug buganizer: this is serious Sam Altman testified before Congress about this stuff; I have found the " end of humanity " bug. I may need to refile this bug because it isn't getting looked at.
"Here are the docs on the various ways to manage cookies " is exactly, exactly!, what I was talking about in my community post here https://support.google.com/chrome/thread/263788579?hl=en I do quote Myself " The BUG really proves Google Help files WRONG about block third-party cookies " with 3 updates and two replys missing. and it seems my post was deleted then suddenly reappears. I guessed it was because I said Google Help files are WRONG and now it is locked up. and no it is not a specific build. It is a persistent regressive bug from Android chrome 124 and 122 maybe all the way back to 111 if you read my original bug report I asked for help wanted searching the code for what has caused this and when it was introduced in the versions. Rerun your tests with any android build and regress until you get cookie whitelisting 88 is confirmed working for whitelists.
Seems like you are stalling to let an AI scourge run. Sam Altman warned a Congress about this to quote the " end of humanity ". With block third-party cookies turned on any attempt to login to google.com returns you need to enable cookies. Reproduce that. Turn off allow google login, turn on block cookies and attempt to login to my account.google.com. Apparently that is how you expect it to work? Third-party (cross-site) cookies required to login to Google? Wow, amazing stupor. Wow! And editing your posts after I comment to make my comments look bad isn't helpi Problem Description
Wow, amazing stupor. Wow! And editing your posts after I comment to make my comments look bad isn't helping.
Priority the First -severe privacy bug - Are you selling out android users wholesale in human traffiking to the triads backing Google Play Services authentication? I recently noticed in the google session management my browser is listed when using the triad security mechanism of allow Google login. ( in google terms Devices list ) Will this be enabling third parties to handle my authentication which third parties not party to Google policies therefore completely nullifying any purpose or use of Google policies including privacy? Google is an American multinational company and a clear Annerican overstands the fourth clause of the First amendment concerning privacy right down to the minutia of personal effects. Additional Comments
See screenshots on original bug report here: #1 Summary
End of humanity bug Custom Questions Example URL:
www.google.com Does the problem occur on multiple sites?
Yes - Please describe below Is it a problem with a plugin?
No - It's the browser itself Does this work in other browsers?
Yes - This is just a Chromium problem Additional Data
Category: Content Chrome Channel: Not sure Regression: Yes @learningBASh learningBASh added bug help wanted labels Feb 10, 2024 learningBASh commented Feb 24, 2024
help wanted: there should be some way to browse the sourcecode and see when this was changed.
further steps taken: tryed many browsers looking for a cookie whitelist and none found it is interesting most browsers are pulling from chromium and are rebranded chrome browsers.
FAQ What are you trying to do? A. Use Chrome sync. This bug was encountered trying to use Chrome sync for the purpose of saving bookmarks - attempts whitelisting only google for this specific purpose and any other google specific purpose. @learningBASh learningBASh changed the title Security and privacy BUG no way to allow cookies from google.com without allowing any and all third-party cookies no cookie whitelist (bug) (help wanted) Feb 24, 2024 learningBASh commented Feb 24, 2024
BEFORE AFTER learningBASh commented Feb 24, 2024
Further steps taken: Even trying out Firefox(123.0) the whitelist is not possible as per Enhanced Tracking Protection in Firefox for Android > Manage your Exceptions list here https://mzl.la/3BUXdli the exceptions screen has no way to input sites. This bug may also be reported to mozilla. learningBASh commented Feb 24, 2024
help wanted: Question When was this bug introduced in the version history? Sometime after version 88 and before 120. learningBASh commented Mar 22, 2024
Filed bug with chromium devs and some guy shot it down claiming it is not reproducable bevause he failed to test it on android. Refiled the bug with new title End of humanity bug. Links to chromium bug reports to follow. learningBASh commented Mar 22, 2024
Yet another reproduction aside from google.com youtube.com also fails to login see screenshots: Screenshot_20240322-064933~2 Screenshot_20240322-065016~3 And the current settings: Screenshot_20240322-065531 Screenshot_20240322-065549 learningBASh commented Mar 22, 2024
For the r3cord the first shot down bug report is here https://issues.chromium.org/329479339 no cookie whitelist (bug) (help wanted) #1 learningBASh commented Mar 22, 2024
The refiled End of humanity bug report here https://issues.chromium.org/330744616 End of humanity bug @learningBASh learningBASh changed the title no cookie whitelist (bug) (help wanted) End of humanity (bug) (help wanted) Mar 22, 2024 HolyNameSoftware commented Aug 8, 2024
This is how you would whitelist the Google domain and login without any third-party interference keeping your business with Google between you and Google alone. What is the wildcard symbol for chrome settings website URL in the list of exceptions for various block settings? Hint: it uses brackets. something like: [*].google.com
Blocking everything and then only allowing what is needed to login to Google. HolyNameSoftware commented Aug 8, 2024 •
The syntax for wildcard subdomain is [.]google.com and it seems to be a useful bug because [.] is treated as an array but you can't input * alone.
NOT DISPLAYING PROPERLY HERE
openbracket-asterisk-period-closebracket HolyNameSoftware commented Aug 14, 2024
More of this ongoing bug is unfolding: with a new android having android 13 Chrome locks up the phone and I highly suspect it is due to JavaScript. JavaScript debugging is needed to confirm. However that this my bug report has been ignored and suppressed by buganizer and further now my report of Chrome being shipped unusable in android 13 also being ignored in buganizer. To be linked here. That these intentional neglects happen suggests to confirm my aforementioned suspicion and description of human traffiking. Also note that Google's bug reporting system was changed to buganizer only some years ago as announced on Google's blog to be linked here. Add a comment Comment
Add your comment here... Remember, contributions to this repository should follow our GitHub Community Guidelines. Assignees No one assigned Labels bug help wanted Projects None yet Milestone No milestone Development
No branches or pull requests Loading 2 participants @learningBASh @HolyNameSoftware Footer © 2024 GitHub, Inc. Footer navigation
HolyNameSoftware commented More of this ongoing bug is unfolding: with a new android having android 13 Chrome locks up the phone and I highly suspect it is due to JavaScript. JavaScript debugging is needed to confirm. However that this my bug report has been ignored and suppressed by buganizer and further now my report of Chrome being shipped unusable in android 13 also being ignored in buganizer. To be linked here. That these intentional neglects happen suggests to confirm my aforementioned suspicion and description of human traffiking. Also note that Google's bug reporting system was changed to buganizer only some years ago as announced on Google's blog to be linked here.