Lost everything after a visitor signed in on my PC
Reported by
kingsley...@gmail.com,
Nov 13 2017
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36 Steps to reproduce the problem: 1. Visitor signed in on my PC to use e.g. Chrome Remote Desktop. 2. EVERYTHING from visitor's Google account was dumped onto my PC. 3. After signing visitor out, removing all sync'ed favourites etc. AND having to re-create my Chrome user profile, I went for months collecting favourites, etc. 4. Then, I tried one day to trial Google Videos (Play Store) and it STILL TOLD ME that the DELETED user was signed in. Prompted to switch to my "own" profile again, as I already had, my Chrome user profile was replaced by a new profile linked to my Google account, and I ***LOST*** all my favourites and everything in my Chrome profile (as you do when you destroy Chrome profile and make a new one). This was all entirely against my wishes. I thought I had signed my guest out, removed their information, and was again on a clean profile. But Chrome screwed it up again and deleted me over myself thinking I was still someone else even though I had done everything to isolate my own profile from that person who signed in. First time I have really thought "WTF!!!???" with Google. What is the expected behavior? Guest should be able to use Chrome Remote Desktop at a friend's house, without having to "Sign in to Chrome" and dumping all favourites, etc. onto host's PC. And after host has signed out the "unwanted" guest, removed all traces, deleted the Chrome profile etc. ----- not to be told by the Play Store that the unwanted guest is still signed in. Then when you delete the profile, all your OWN data is flushed down the toilet. What went wrong? God only knows. Google f**ked up the Chrome sync thing. Did this work before? N/A Chrome version: 62.0.3202.89 Channel: stable OS Version: 10.0 Flash Version: This is definitely a security problem - you are LEAKING someone else's data onto a machine being visited - and then destroying all information on the host PC being visited by you. Really pissed me off - I had a nice collection of links and favourites, all lost now because of you.
,
Nov 13 2017
I understand it must be frustrating to lose your saved data. We take cases of data loss and data leakage seriously and I will be looking at this one closely. I have a few questions that will hopefully clarify what happened here. In 3, you say that you signed the visitor out, removed their synced favorites, and re-created your Chrome user profile. From where did you sign the user out?(e.g. from the chrome://settings page, from gmail). Is your device managed by enterprise policy? This can be checked by looking near the top of the chrome://settings page; if it is, you'll see something like "Managed by foobar.com" next to a grey icon that resembles an office building. How did you "re-create" your Chrome user profile? Did you add a profile like in this link: https://support.google.com/chrome/answer/2364824?co=GENIE.Platform%3DDesktop&hl=en ? Did you sign your account into chrome via the chrome://settings page or via a page that looks like this? https://cloud.addictivetips.com/wp-content/uploads/2015/11/Chrome-sign-in.png When you say you collected favourites, do you mean Chrome bookmarks?(https://support.google.com/chrome/answer/188842?co=GENIE.Platform%3DDesktop&hl=en) I ask because there are also "Google Bookmarks" which are completely distinct. When you say you were prompted to switch accounts, where was that prompt? Did it look like this? https://support.zoom.us/hc/en-us/article_attachments/202831645/DefaultLogin1.png When you say you destroyed the Chrome profile and created a new one, how did you do this? I appreciate your help in understanding this issue.
,
Nov 13 2017
As succinctly as I can be right now at the present time (not easy): 1. My dad visited me and brought his spare laptop I wanted to borrow. The laptop booted, but screen was broken. 2. Dad said, Hey I can access that laptop using Chrome Remote Desktop. Sure, I said. Here, sign in on my home PC. 3. Dad signed in on my home PC. The laptop was in the end unreachable, so we gave up. 4. After Dad left and went home, I used Chrome. I saw that I was now signed in as user "Rob" and that all his bookmarks had been downloaded to my PC, and he was still signed in to Google - I could access his Gmail or any other Google Service. 5. I immediately signed out of Google Services (top-right of browser, user profile widget). 6. After signing out, I noticed that the current Chrome User was still Rob. It had created a new user for him. I removed all his bookmarks from my PC and went to chrome://settings and removed the Rob user, leaving only the Chrome user that had always been there. The Default user. 7. This worked fine for months, I continued to add favourites (bookmarks) from Hacker News and the Web, building my library of interesting things. 8. On the day I attempted to Trial Google Videos, and watch some animated movies... I was prevented from signing up - as Google Video told me I was signed in as someone else i.e. Rob, and that I needed to sign out and sign back in with my own account. 9. When I followed this advice, the Chrome user (the one I always had had) was deleted, and replaced with a new one linked to my Gmail address. Rob finally got deleted. My profile got deleted too. And I was now on a new profile linked to Gmail - lost all my extensions, bookmarks, and everything and anything else associated with the "Default User" of Chrome which had been my primary Chrome user profile. I'm sorry this is so verbose, but it's definitely a bug or problem in the workflow. I've tried to be explanatory as possible. Hit me up on Hangouts or mail me directly if you would like to talk 5 minutes for me to explain exactly the problem. Thanks. Kingsley
,
Nov 13 2017
I'm starting to develop a theory of what happened. When your father signed in, all the local data became associated with his account. Signing out prevented further syncing of data, but didn't remove this association. When, months later, you signed in with a different account, Chrome noticed this association. In order to prevent your father's data from mingling with yours, it asked if you wanted to link the data or not, and you choose not to link it. I am not clear why or how Google Play prompted you to sign into Chrome, but this scenario most closely matches what you're describing. The other unknown is whether your old profile was truly deleted; when I tried reproducing the steps, a new profile was created, but the old one wasn't destroyed. Can you tell me which directories are in the folder C:\Users\<username>\AppData\Local\Google\Chrome\User Data\ ? (where <username> is your windows username) And which profiles are present when you click "manage other people" from chrome://settings? And for the sake of completeness, can you provide a screenshot of chrome://signin-internals ?
,
Nov 14 2017
I believe the profiles on my PC are again in order. The key issue was that after deleting my father's profile and removing everything that had been downloaded to my own PC from his account after he signed in, his deleted account remained lingering behind the scenes on my PC for some time, and this was only brought to light when I wanted to watch Google Play Movies using Chrome on the desktop (it appears signing in to Chrome is/was a requirement at the time), and only then was I told Chrome was still signed in under my father's profile and needed to switch, even though I had months prior signed him out of Chrome and Google and removed all traces of his account. When I did agree to sign out again and switch again to my own profile, my existing profile was deleted, and replaced with a new one linked to my Gmail address, thus destroying all my existing bookmarks. The User Data folder in %APPDATA% is empty. I have just now rented the same movie from Google Play, and was not told that I needed to be signed in... how strange. The only conclusion I can draw from this, is that in order to watch Google Play Movies on the desktop, your current Chrome profile *must* be associated with the same email address belonging to your Google account. If it is an unnamed profile, or somehow now linked to your Google account i.e. plain vanilla local profile - then you are prompted to sign in or switch or do something. The reason I say this is because my old profile simply named "Kingsley", and the new profile that resulted from using Google play was auto-created with my Gmail address. That's all I can think of.
,
Nov 14 2017
NB! I was using the "Google Play Movies & TV" Chrome extension at the time - this is what was forcing me to sign in to Chrome. So apparently this is more a problem with the extension than with Chrome... in which case I apologize for posting the bug report here.
,
Nov 15 2017
It sounds like everything is in order for you, so I'm going to close this bug.
,
Nov 15 2017
Much ado about nothing I guess. Thank you, and yes please close this bug. There are more important things in life than lost bookmarks. |
||
►
Sign in to add a comment |
||
Comment 1 by manoranj...@chromium.org
, Nov 13 2017