New issue
Advanced search Search tips

Issue 917636 link

Starred by 3 users

Issue metadata

Status: Unconfirmed
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug
Team-Security-UX



Sign in to add a comment

Site info popup misleading on data privacy

Reported by ithinkpl...@gmail.com, Dec 23

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce the problem:
1. Go to facebook.com
2. Click the lock icon and read the reassuring text that all my information, indeed all my passwords and my credit card information would be totally private when sent to them.
3. Repeat this process with any scammer website where Chrome still tells me that my information is private.

What is the expected behavior?
As a regular user, when I say to somebody "your information is private when you send it to me", I mean that it's private after it arrived.
A man in the middle attack is not something that a user would ever worry about or think is even possible.

Suggested info text:
"This website is using encryption for data transfer which means that the information you send here will be private between you and the website during transport. Make sure to trust the website with your data before and after sending it."

What went wrong?
Chrome is telling users that data sent to e.g. Facebook is private. As we all know that didn't turn out to be the case for many. But it's much worse when these assurances are given while unsuspecting people are on scammer websites with valid ssl certificates, and we all know it's easier than ever to get an ssl certificate now.

Did this work before? N/A 

Chrome version: 71.0.3578.98  Channel: stable
OS Version: 10.0
Flash Version:
 
Cc: emilyschechter@chromium.org
Components: UI>Browser>Omnibox>SecurityIndicators>VerboseChip UI>Browser>Omnibox>SecurityIndicators
Labels: -Type-Bug-Security Type-Bug
Labels: -Restrict-View-SecurityTeam
Labels: Needs-Triage-M71
Cc: phanindra.mandapaka@chromium.org
Labels: Triaged-ET Needs-Feedback
Thanks for filing the issue...

@Reporter: As per above description it seems to be a feature request. Can you please confirm that we can consider this issue as feature request.

Thanks..!

Sign in to add a comment