Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync should show warning not to share the code with anyone #4132

Closed
diracdeltas opened this issue Apr 16, 2019 · 4 comments · Fixed by brave/brave-core#2259
Closed

Sync should show warning not to share the code with anyone #4132

diracdeltas opened this issue Apr 16, 2019 · 4 comments · Fixed by brave/brave-core#2259
Labels
feature/sync priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
0.65.x - Release ...

Comments

@diracdeltas
Copy link
Member

STR:

  1. Go to brave://sync
  2. Click 'start a new chain'
  3. Click either desktop or mobile
  4. It shows the sync code (either code words or a QR code) without any type of warning that this is a sensitive encryption key.

Impact: Someone could accidentally share the code with Brave (ex: in a support request) which gives us the access needed to decrypt their sync data. The user has no idea the sync words are security sensitive.

Desired outcome: There should be some kind of bold warning text in this modal.
Screen Shot 2019-04-16 at 12 44 36 PM
@diracdeltas diracdeltas added security feature/sync priority/P2 A bad problem. We might uplift this to the next planned release. labels Apr 16, 2019
@diracdeltas
Copy link
Member Author

diracdeltas commented Apr 16, 2019
edited
Loading

Note: this needs to also be fixed in android and iOS which use the same text

@rebron
Copy link
Collaborator

rebron commented Apr 16, 2019

Screen Shot 2019-04-16 at 12 51 57 PM
Muon text for reference.

@diracdeltas diracdeltas mentioned this issue Apr 16, 2019
Closed
@rebron
Copy link
Collaborator

rebron commented Apr 17, 2019

Suggested text for this page:
Treat this code like a password. If someone gets ahold of it, they can read and modify your synced data.

Reference for what we mention in Wallet:
Screen Shot 2019-04-16 at 2 36 24 PM

@rossmoody rossmoody mentioned this issue Apr 17, 2019
Merged
@rebron rebron added this to the 0.66.x - Nightly milestone Apr 25, 2019
@rebron rebron modified the milestones: 0.66.x - Dev, 0.65.x - Beta May 14, 2019
This was referenced May 17, 2019
Open
Closed
@LaurenWags
Copy link
Member

LaurenWags commented May 17, 2019
edited by btlechowski
Loading

Verified passed with

Brave 0.65.95 Chromium: 74.0.3729.131 (Official Build) beta(64-bit)
Revision 518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS Mac OS X

Verification passed on

Brave 0.65.95 Chromium: 74.0.3729.131 (Official Build) beta (64-bit)
Revision 518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS Windows 10 OS Build 17134.523

Verification passed on

Brave 0.65.97 Chromium: 74.0.3729.131 (Official Build) beta(64-bit)
Revision 518a41c1fa7ce1c8bb5e22346e82e42b4d76a96f-refs/branch-heads/3729@{#954}
OS Ubuntu 18.04 LTS

@LaurenWags LaurenWags mentioned this issue May 31, 2019
Closed
@srirambv srirambv mentioned this issue Jul 10, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature/sync priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
0.65.x - Release (Release Channel)
Development

Successfully merging a pull request may close this issue.

Update Sync strings brave/brave-core
7 participants
@diracdeltas @cezaraugusto @rebron @LaurenWags @rossmoody @btlechowski @GeetaSarvadnya