New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 663389 link

Starred by 2 users
Status: Fixed
Owner:
lshang@chromium.org
Last visit > 30 days ago
Closed: Nov 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Split out UMA metrics for password vs credit card "Not secure" warnings

Project Member Reported by est...@chromium.org, Nov 8 2016 
Because of false positives like  issue 663380 , we might want to split out the "Not secure" omnibox warning UMA by whether a password or credit card (or both) triggered it.

We only expect to see credit card forms on http very very rarely, so if the credit card detection rate is high, that might be an indication of false positives.

Comment 1 by est...@chromium.org, Nov 9 2016

Cc: lshang@chromium.org
Hey Liu, would you be interested in taking this bug? It's an important metric for HTTP-bad. Basically we'd need to:

1. Split SecurityInfo::display_private_user_data_on_http into two booleans, one for passwords and one for credit cards. [1] It's set at https://cs.chromium.org/chromium/src/components/security_state/security_state_model.cc?sq=package:chromium&rcl=1478636282&l=245 where we already have the information broken down into passwords/credit cards.

2. Deprecate the Security.HTTPBad.UserWarnedAboutSensitiveInput histogram [2] and replace it with Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard and Security.HTTPBad.UserWarnedAboutSensitiveInput.Password, deciding which one to record based on the boolean password/credit card flags in |security_info|.

[1] https://cs.chromium.org/chromium/src/components/security_state/security_state_model.h?q=SecurityStateModel::SecurityInfo&sq=package:chromium&l=142

[2] https://cs.chromium.org/chromium/src/chrome/browser/ssl/chrome_security_state_model_client.cc?q=UserWarnedAboutSensitiveInput&sq=package:chromium&l=363

Comment 2 by lshang@chromium.org, Nov 9 2016 

Happy to help with this:-)

Comment 3 by est...@chromium.org, Nov 9 2016

Cc: -lshang@chromium.org
Owner: lshang@chromium.org
Status: Started (was: Available)
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 11 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4805cebc1656e9f99905537db6b369bec581ac28

commit 4805cebc1656e9f99905537db6b369bec581ac28
Author: lshang <lshang@chromium.org>
Date: Fri Nov 11 03:15:50 2016

HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings

Split SecurityInfo::displayed_private_user_input_data_on_http into two booleans,
one for passwords and one for credit cards, and split out the
Security.HTTPBad.UserWarnedAboutSensitiveInput histogram into two
histograms: Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard and
Security.HTTPBad.UserWarnedAboutSensitiveInput.Password depending on the boolean
password/credit card flags in |security_info|.

BUG= 663389 

Review-Url: https://codereview.chromium.org/2483423002
Cr-Commit-Position: refs/heads/master@{#431481}

[modify] https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28/chrome/browser/ssl/chrome_security_state_model_client.cc
[modify] https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
[modify] https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
[modify] https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28/components/security_state/security_state_model.cc
[modify] https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28/components/security_state/security_state_model.h
[modify] https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28/components/security_state/security_state_model_unittest.cc
[modify] https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28/tools/metrics/histograms/histograms.xml
Project Member

Comment 5 by bugdroid1@chromium.org, Nov 11 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e9cfde4b3b4587632781f2921e50c4b730bc63d7

commit e9cfde4b3b4587632781f2921e50c4b730bc63d7
Author: hiroshige <hiroshige@chromium.org>
Date: Fri Nov 11 06:33:11 2016

Revert "HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings"

This reverts commit 4805cebc1656e9f99905537db6b369bec581ac28.

Original CL: https://codereview.chromium.org/2483423002

Reason for revert:
SystemTrayTest.NullDefaultViewIsNotRecorded (ash_unittests) failure.
https://build.chromium.org/p/chromium.win/builders/Win7%20Tests%20(1)/builds/59826

BUG= 663389 
TBR=lshang@chromium.org, isherman@chromium.org, estark@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2494033002
Cr-Commit-Position: refs/heads/master@{#431508}

[modify] https://crrev.com/e9cfde4b3b4587632781f2921e50c4b730bc63d7/chrome/browser/ssl/chrome_security_state_model_client.cc
[modify] https://crrev.com/e9cfde4b3b4587632781f2921e50c4b730bc63d7/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
[modify] https://crrev.com/e9cfde4b3b4587632781f2921e50c4b730bc63d7/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
[modify] https://crrev.com/e9cfde4b3b4587632781f2921e50c4b730bc63d7/components/security_state/security_state_model.cc
[modify] https://crrev.com/e9cfde4b3b4587632781f2921e50c4b730bc63d7/components/security_state/security_state_model.h
[modify] https://crrev.com/e9cfde4b3b4587632781f2921e50c4b730bc63d7/components/security_state/security_state_model_unittest.cc
[modify] https://crrev.com/e9cfde4b3b4587632781f2921e50c4b730bc63d7/tools/metrics/histograms/histograms.xml
Project Member

Comment 6 by bugdroid1@chromium.org, Nov 11 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/05079791166f38efb6b1bc5ccdc8d985d799863b

commit 05079791166f38efb6b1bc5ccdc8d985d799863b
Author: lshang <lshang@chromium.org>
Date: Fri Nov 11 07:29:54 2016

HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings

Split SecurityInfo::displayed_private_user_input_data_on_http into two booleans,
one for passwords and one for credit cards, and split out the
Security.HTTPBad.UserWarnedAboutSensitiveInput histogram into two
histograms: Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard and
Security.HTTPBad.UserWarnedAboutSensitiveInput.Password depending on the boolean
password/credit card flags in |security_info|.

BUG= 663389 

Committed: https://crrev.com/4805cebc1656e9f99905537db6b369bec581ac28
Review-Url: https://codereview.chromium.org/2483423002
Cr-Original-Commit-Position: refs/heads/master@{#431481}
Cr-Commit-Position: refs/heads/master@{#431515}

[modify] https://crrev.com/05079791166f38efb6b1bc5ccdc8d985d799863b/chrome/browser/ssl/chrome_security_state_model_client.cc
[modify] https://crrev.com/05079791166f38efb6b1bc5ccdc8d985d799863b/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
[modify] https://crrev.com/05079791166f38efb6b1bc5ccdc8d985d799863b/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
[modify] https://crrev.com/05079791166f38efb6b1bc5ccdc8d985d799863b/components/security_state/security_state_model.cc
[modify] https://crrev.com/05079791166f38efb6b1bc5ccdc8d985d799863b/components/security_state/security_state_model.h
[modify] https://crrev.com/05079791166f38efb6b1bc5ccdc8d985d799863b/components/security_state/security_state_model_unittest.cc
[modify] https://crrev.com/05079791166f38efb6b1bc5ccdc8d985d799863b/tools/metrics/histograms/histograms.xml

Comment 7 by est...@chromium.org, Nov 29 2016

Labels: M-56
Status: Fixed (was: Started)

Sign in to add a comment