-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Uphold linking modals should be combined and have privacy warning #11431
Comments
@diracdeltas the second login only works for users that have an Uphold account; the entire idea of the second dialog is if they have had previously created the account. When one links the wallet, the user explicitly sees the authorization - that is what Tom and we agreed to do clearly suggesting to the user that a) you are creating an account on Uphold as them being a Custodian and they have fiduciary duties and b) you are authorizing Brave to get XYZ access to your Uphold account. @NejcZdovc @LaurenWags if you have the authorize screen handy, can you add to this ticket? The message on image-1 needs a redo and I can get going on that; it makes sense. I am trying to understand why have the same exact message when they re-login in to the system; may be change the Login to "Re-login". We can add the message but we can't have the same screen when the use cases are very different and are meant to do a different thing. |
@mandar-brave did you mean this image? |
its the entire auth aspect including the scopes @NejcZdovc - this is just the text part of it. |
@mandar-brave understood; regardless I think it's not clear to the user when they link their Uphold wallet (regardless of whether they already have an Uphold account) that this allows Uphold to see tipping activity. This has important privacy implications and should be clearly presented to the user. |
@diracdeltas nothing against the ask; wondering how we can pack each such transaction over time in to the UI, and then as we add more custodian providers. The re-login page does force the user to go through an authorization page explicitly via Uphold (and that may be a better place to fix all text as well), so if they have not authenticated the Brave Browser one time, they have to irrespective of which modal they clicked in. So if the user signed up on Uphold but never authorized the Brave Browser, they have to do that. Fair call on the text, just feel its an overkill with multiple pages in play. And understand the hosted authorization page is in Uphold Custody. My suggestion is we have a hosted redirect page that does this vs. having to stuff this in to modals which cannot take ever expanding context. the hosted page will allow us to control the text and story for each custodian globally with clear call outs for all of the pieces. It has significant funnel conversion issues, but at a minimum we can reduce friction in terms of having to update new features in to the modal. thoughts? cc @evq per chat yesterday |
sgtm from a privacy/consent perspective |
@jenn-rhim @bradleyrichter lets talk |
@NejcZdovc @mandar-brave to confirm, this issue only covers the directive to have a note from 2 in the description
This issue does not cover a consolidated modal for the two different scenarios, correct? |
Correct at the end we didn't merge them, we just added notes |
Verified passed with
Verified test plan from brave/brave-core#6926 Confirmed able to see the note on the Uphold 25 BAT verification message from both the panel and brave://rewards page: Confirmed able to see the same message on the Verify Wallet modal: Verification passed on
Verified test plan from brave/brave-core#6926 Confirmed able to see the note on the Uphold 25 BAT verification message from both the panel and brave://rewards page: Confirmed able to see the same message on the Verify Wallet modal: Verification passed on
Verified test plan from brave/brave-core#6926 Confirmed able to see the note on the Uphold 25 BAT verification message from both the panel and brave://rewards page: Confirmed able to see the same message on the Verify Wallet modal: |
Discussed in https://github.com/brave/security/issues/72:
We currently show two different modals in brave://rewards for uphold wallet linking, depending on whether you already have a verified uphold account or if you have at least 25 BAT.
25 BAT screen:
already have a verified wallet:
cc @NejcZdovc @evq
The text was updated successfully, but these errors were encountered: