New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 681418 link

Starred by 1 user
Status: Duplicate
Merged: issue 524611
Owner:
emilyschechter@chromium.org
Closed: Apr 2017
Cc:
maxwalker@chromium.org
catmulli...@chromium.org
rdevlin....@chromium.org
odean@chromium.org
emilyschechter@chromium.org
battre@chromium.org
msramek@chromium.org
jawag@chromium.org
mea...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

draconian message for proxy-controlling extensions is innacurate and too alarmist

Project Member Reported by michae...@chromium.org, Jan 15 2017 
The message that periodically displays (not just for new profiles or new extension installs) for extensions that control proxy settings is too scary and overly general.

 --------------------------------------------------------------------------
| Your Internet connection is being controlled                             |
| =========================================================================|
| This extension has taken control of your proxy settings, which means it  |
| can change, break, or eavesdrop on anything you do online. If you aren't |
| sure why this change happened, you probably don't want it.               |
|                                                                          |
| [*] Installed by your administrator                     [ Keep changes ] |
|__________________________________________________________________________|

My main complaint is that these proxy settings apply only to browsing that happens from within that Chrome profile. The extension isn't controlling my entire Internet connection. The extension cannot change, break or eavesdrop on anything I do outside of that profile, especially other programs running on my machine. It might not even affect Incognito behavior.

But the warning clearly suggests, incorrectly and repeatedly, that the extension has assumed complete control over my machine's Internet connection.

The buttons are also problematic (tracked in issue 610833). This bug is specifically for the title and body text being overlay imprecise.

Comment 1 by ainslie@chromium.org, Jan 16 2017

Cc: -ainslie@chromium.org emilyschechter@chromium.org jawag@chromium.org maxwalker@chromium.org

Comment 2 by rdevlin....@chromium.org, Jan 17 2017

Cc: catmulli...@chromium.org mea...@chromium.org
A few quick thoughts:
- I think we all kind of dislike these bubbles.  There's some long-term work going on to think about how to replace them, but it's a tricky problem and the UX team is quite swamped.  Maybe it's worth changing the text in the meantime?
- The bubble should only show multiple times for the same profile on the same machine if you don't ack it.  Have you said "keep changes", or have you just been dismissing it by e.g. clicking outside it, on a different tab, etc?  (That said, it will show for each profile, on each machine, so if you're swapping between chromebooks it can be annoying.)

Comment 3 by jawag@chromium.org, Jan 17 2017

Cc: odean@chromium.org
My understanding is that the scary message was authored deliberately, based on the notion that most users don't understand the implications of a proxy-override and should indeed be very wary any extension that is doing it given the capabilities that an attacker would have.

If there is more accurate text that can still sufficiently achieve this, modifying the text as a short term solution sounds reasonable to me.

Comment 4 by msramek@chromium.org, Jan 20 2017

Cc: msramek@chromium.org
Components: Privacy

Comment 5 by rdevlin....@chromium.org, Jan 27 2017

Owner: emilyschechter@chromium.org
Status: Assigned (was: Untriaged)
I don't know who would be best to own this, but it falls under security UI, so over to Emily for further triage. :)

Comment 6 by michae...@chromium.org, Apr 19 2017

Mergedinto: 524611
Status: Duplicate (was: Assigned)
that feeling when you open a duplicate on a bug you filed yourself >_<

Sign in to add a comment