New issue
Advanced search Search tips

Issue 625166 link

Starred by 1 user

Issue metadata

Status: Archived
Owner: ----
Closed: Aug 14
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Clear Browsing Dialog counter for passwords excludes blacklisted entries

Project Member Reported by vabr@chromium.org, Jul 1 2016

Issue description

Version: 53
OS: any

What steps will reproduce the problem?
(1) Go to https://rsolomakhin.github.io/autofill/.
(2) Fill in a password.
(3) Click Never when asked about saving it.
(4) Go to chrome://settings/clearBrowserData
(5) Check Passwords.
(6) Hit the "Clear browsing data" button.

What is the expected output?
The message in step (5) and action in step (6) should match.

What do you see instead?
In step (5), the counter for passwords says "none". It indicates that deleting the passwords is a no-op. However, step (6) removes the blacklisted entry.


This is not a sever issue -- the user loses virtually no data by removing blacklists, they merely prepare a bit of inconvenience the next time they visit a page on which they don't want to be disturbed by the save prompt.

And Chrome is correct to remove the blacklisted passwords, not doing so would potentially leak parts of browsing history (the URLs of the blacklisted items).

However, this is still confusing. Could we show counts including blacklisted entries, either as a single number or as two (one for normal, one for blacklisted)?
 
Thanks for reporting this! See attached mock for how an extended data counter string with information about blacklisted sites could look like. I understand the concern, however I'm slightly worried that we could cause more confusion than we help people since the blacklisting concept is non-trivial too understand and the amount of words we can use to explain this is limited.
CBD.png
269 KB View Download
Cc: msramek@chromium.org maxwalker@chromium.org
Strawman: Should we delete blacklists together with browsing history instead?

Comment 3 by vabr@chromium.org, Jul 1 2016

Thanks both of you for your suggestions.

I actually think that the mock in #1 is very clear about the action to be taken, and I like it very much.

The idea in #2 makes sense to me. It might surprise the user a little bit that they get offered saving passwords again if they just delete browsing history, but on the other hand (1) it really makes sense to do that, and (2) not sure how likely such situations are about to happen.

So I don't oppose any of those suggestions, although I prefer #1 as the most straightforward solution.
Components: Privacy
Status: Archived (was: Untriaged)
Archiving old bugs that haven't been modified in over two years. 

If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!

Sign in to add a comment