File download location from Incognito is remembered out of Incognito
Reported by
richardl...@gmail.com,
Oct 26 2016
|
||||||||||
Issue descriptionPRIVACY ISSUE When in Incognito browsing, if a file is saved or downloaded to a secluded location this location will be remembered outside of Incognito, in regular browsing. When the user later goes to upload a file from e.g. Inbox, the button 'Select files from your computer' directs the file explorer to the last location a file was saved to during Incognito. Issue persists after PC restart between Incognito mode and regular mode. VERSION: Chrome Version: 54.0.2840.71 m + [stable] Operating System: Windows 10 Pro, Version 1607, OS build 14393.321 REPRODUCTION STEPS I have been able to reproduce issue immediately after using Incognito, when back in regular mode. Able to reproduce after closing Incognito and regular mode application windows then reopening regular mode with PC staying on. Able to reproduce in regular mode after complete shutdown and restart of PC. Similarly, Incognito remembers the last folder location a file was was saved to in regular mode - however, this is not an issue. Issue reproduced from popular sites where content it uploaded: Inbox by Google, Facebook, Twitter, Flickr This could affect privacy on a family computer with multiple users under one Windows login. Example I have used is the saving of gifts ideas for other family members. Other, more embarrassing examples are possible.
,
Dec 15 2016
Sorry, I don't think I was completely clear before. It remembers location when choosing to upload a file in regular Chrome. Try this: 1. Open directory A in file picker regular mode. 2. Open incognito 3. Save file to directory B 4. Close incognito 5. Close regular chrome (optional) 6. Reopen regular chrome 7. Go to site with upload capability eg. Inbox.google.com 8. Compose new email 9. Clip paperclip to attach file 10. Choose, select file from computer 11. *Directory B shown*
,
Dec 15 2016
Thanks! I managed to reproduce it now. My reproduction steps referred to a different bug that I believe had been fixed in the past, but your steps indeed revealed another problem.
,
Dec 15 2016
We couldn't reproduce it on Linux but the same issue exists on Mac.
,
Feb 21 2018
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 22 2018
This sounds very similar to https://crbug.com/484003. I will mark as blocking to check if this is solved when the other issue has been fixed.
,
Apr 10 2018
It seems that this only happens if the open dialog in regular mode is "Multi file". The reproduction steps in this bug and 484003 both refer to websites that open multiple files. Can you reproduce it in another situation? I've already filed a bug for that: crbug.com/831097
,
Apr 11 2018
Not sure there are different modes of these dialogues. What I am seeing is simply that Chrome remembers the last location of file operation in incognito, both download and upload. Like I, in an incognito window, 1. click the "Attach a file" here below and choose example.jpg from D:\Temp, 2. next time I invoke a file opening dialogue, either via a file uploading interface or simply Ctrl+O, the dialogue will start at D:\Temp, persistently. I am not the original reporter though.
,
Apr 11 2018
Thank you for the comment. There are two mode of open dialogues, one for selecting a single file, and another for selecting multiple files. As far as I see in the code (and manual tests), only the multiple-file-select dialogue had this problem. I mean, this scenario should be persistent now: 1. Opening a file in regular mode from directory A. 2. Opening a file in incognito mode from directory B. 3. Opening a file in normal mode using single-file-select dialogue (like attache a file here). But this one was NOT persistent and is now fixed in crbug.com/831097 : 1. Opening a file in regular mode from directory A. 2. Opening a file in incognito mode from directory B. 3. Opening a file in normal mode using multi-file-select dialogoue (like jpg2pdf.com).
,
Apr 12 2018
,
Apr 12 2018
Thanks for the explanation. I can confirm with the current Dev version which does not have your fix yet and with a fresh profile, all work as you elaborated. However, I come to realize my profile is in a rare condition causing a separate issue that serves as an exception, and leads to my previous comment which is not true with a fresh profile. The fact is that after a fresh Chrome installation, I never invoked a file opening dialogue in a regular window. I use only incognito window (created a shortcut that has --incognito switch set permanently). Besides the settings pages that cannot be opened in incognito, I barely open a regular window. I guess this result in the so-called initial folder is never being set (since it is designed to be set only by a regular window?), so wherever the location last opened serves as the initial folder next time, regardless the dialogue modes and the fact that it all operated in incognito. (And the location is even being remembered across profiles. When I created a fresh profile via --user-data-dir to test your comment, I found the dialogue started with the last location I opened in my existing profile which again, only operated in incognito all the time) Nevertheless this is not really a problem for me and is apparently too scarce a use case to fix, unless the fix is super easy, I believe?
,
Apr 13 2018
I guess the "if (!initial_path.empty())" part is the issue here. The fix only works if you ever used the file selector in regular mode before, otherwise Chrome doesn't know which directory it should use and the operating system decides to use the last opened directory (from incognito). Could we set a default value for initial_path?
,
Apr 13 2018
Yes, you are right. This is still a bug. Reopening.
,
Apr 19 2018
,
Apr 19 2018
,
Apr 20 2018
,
Apr 23 2018
,
Apr 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/69ea529b50030be6464c6f4c577baff7a88cfe05 commit 69ea529b50030be6464c6f4c577baff7a88cfe05 Author: Ramin Halavati <rhalavati@chromium.org> Date: Tue Apr 24 12:30:01 2018 Set user's home directory as last selected directory of new profiles. New profiles' last selected file directory was left uninitialized, and hence the first file open was done in the last OS selected directory. This created unpredicted behavior for new profiles, and could cause leakage of the last folder used in incognito mode. User's home directory is now set as the default value for it. Bug: 659632 Change-Id: I91e49e7152bda9abe26ff97ece12f08f9805c8de Reviewed-on: https://chromium-review.googlesource.com/1023401 Commit-Queue: Ramin Halavati <rhalavati@chromium.org> Reviewed-by: Bernhard Bauer <bauerb@chromium.org> Cr-Commit-Position: refs/heads/master@{#553058} [modify] https://crrev.com/69ea529b50030be6464c6f4c577baff7a88cfe05/chrome/browser/profiles/profile.cc [modify] https://crrev.com/69ea529b50030be6464c6f4c577baff7a88cfe05/chrome/browser/profiles/profile_browsertest.cc
,
Apr 25 2018
The above CL has fixed it. Now: 1- When a profile is created, it's "last used directory" is set to user's home directory. 2- Incognito profiles have a separate last used directory, so doesn't interfere with regular mode. 3- Last used directory is used for all types of file open dialogs. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by msramek@chromium.org
, Dec 15 2016