Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a flag to disable download warnings when Safe Browsing is OFF #28917

Closed
RonnyTNL opened this issue Mar 6, 2023 · 78 comments · Fixed by brave/brave-core#18877
Closed

Add a flag to disable download warnings when Safe Browsing is OFF #28917

RonnyTNL opened this issue Mar 6, 2023 · 78 comments · Fixed by brave/brave-core#18877

Comments

@RonnyTNL
Copy link

RonnyTNL commented Mar 6, 2023

Description

Downloading .exe files now prompts for every file "This type of file can harm your computer" dialog (keep/discard).
Safe browsing is set to "No protection"

Steps to Reproduce

Download any .exe file from which ever site

  1. download, download will start and dialog "This type of file can harm your computer" will appear.

Actual result:

As safe browsing is set to disabled AND this did not happen in the past something has either changed or is broken.

Expected result:

File should have been downloaded without being interrupted by the Keep/Discard dialog.

Reproduces how often:

100% over multiple machines

Brave version (brave://version info)

1.48.171 Chromium: 110.0.5481.177 (Official Build) (64-bit)

Version/Channel Information:

N/A

  • Can you reproduce this issue with the current release?
    Yes
  • Can you reproduce this issue with the beta channel?
  • Can you reproduce this issue with the nightly channel?

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields?
  • Does the issue resolve itself when disabling Brave Rewards?
  • Is the issue reproducible on the latest version of Chrome?
    No does not produce in Chrome.

Miscellaneous Information:

@RonnyTNL
Copy link
Author

RonnyTNL commented Mar 6, 2023

Interestingly if I ENABLE Safe Browsing the issue disappears.

@RonnyTNL RonnyTNL changed the title Every download (.exe) now prompts for "This type of file can harm your computer" even when Safe browsing is disabled Every download (.exe) now prompts for "This type of file can harm your computer" when Safe browsing is disabled Mar 6, 2023
@bsclifton
Copy link
Member

bsclifton commented Mar 6, 2023

Hi @RonnyTNL

This should be (need to confirm) expected behavior. Safe browsing is enabled by default and there's a specific download list that is queried for downloads. With safe browsing off, I believe it's falling back on this notice

cc: @fmarier for confirmation

@RonnyTNL
Copy link
Author

RonnyTNL commented Mar 6, 2023

Has this changed in latest update then? this didn't happen on previous builds.

@fmarier fmarier self-assigned this Mar 6, 2023
@RonnyTNL
Copy link
Author

RonnyTNL commented Mar 7, 2023

@fmarier Update on repro:

I've verified with Chrome Stable (110.0.5481.178 (Official Build) (32-bit)) and Canary (113.0.5635.0 (Official Build) canary (64-bit)). On a clean VM.

If you set Safe browsing to No Protection the default is to prompt for Keep/Discard.
However if you also switch "Ask where to save each file" this behavior is NOT seen and the download finishes uninterrupted.

That's the reason I noticed the change in behavior as I have both settings non default.

@fmarier
Copy link
Member

fmarier commented Mar 11, 2023

Thanks for the extra details @RonnyTNL . The reason why this started to happen is that we've recently made it so that the same checks are applied to downloads regardless of the "Ask where to save each file" setting: #28079

So while in Chrome, you can suppress this behavior by:

  • disabling Safe Browsing
  • enabling "Ask where to save each file"

in Brave, that's no longer possible because we want to err on the side of protecting from more threats.

It's an unfortunate side-effect that disabling Safe Browsing means every .exe downloaded on Windows will throw up this warning, but since Safe Browsing is enabled by default and the warning can be bypassed by clicking the "Keep" button, I think it's a reasonable trade-off.

@fmarier
Copy link
Member

fmarier commented Mar 11, 2023

Not sure closed/wontfix is the best label for this, because it's a legit issue, but there's no closed/unfortunate-side-effect.

@fmarier
Copy link
Member

fmarier commented Mar 11, 2023

@RonnyTNL If you don't mind me asking, would you be willing to share why you disabled Safe Browsing? There are a lot of misconceptions about it and we've tried to improve some of the privacy properties in Brave, but I'd be curious to hear what made you disable it if you're willing to share.

@RonnyTNL
Copy link
Author

Hi @fmarier

First thing, there is a configuration option to disable something, then I expect that it does what it claims.

Setting it to "No protection" means "From now on I'm responsible" in my idea, so it kind of defeats the purpose to keep prompting from my point of view. And I get that from a use case of an average user downloads an occasional binary.
But if you chose to ignore that from a design perspective I guess you could remove the "No protection" setting completely.

I research security related stuff, might want to run in to an exploit, as we design anti-exploit protection, access stuff that Safe browsing prohibits, and download dozens of binaries a day, so in that case having to click on "Keep" get's rather annoying within a matter of minutes and frustrates my work, so I would really welcome some form of solution here (doesn't need to be UI, flag is fine) as long as I can disable this nag.

So it has nothing to do with not trusting the Safe browsing, I have a completely different use-case.

On a side-note, it seems there is still some part of the code that doesn't touch this "protection"
I have one way/link download that get saved without a prompt being an .exe file, but I guess it would be better not to post that in public.

@fmarier
Copy link
Member

fmarier commented Mar 14, 2023

I see. Thanks for the details on your use-case. I agree that it's pretty annoying for those who have legitimate reasons for disabling this protection.

Now that I think more about it, I suspect that the warning might go away once #17616 is fixed. That's the component that determines whether or not a file is (very loosely) "executable" and many of the checks and warnings are tied to that.

On a side-note, it seems there is still some part of the code that doesn't touch this "protection" I have one way/link download that get saved without a prompt being an .exe file, but I guess it would be better not to post that in public.

You can email that to security@brave.com if you'd like.

@RonnyTNL
Copy link
Author

RonnyTNL commented Apr 6, 2023

Update, on latest release this now has a nasty effect, the download bar on the bottom is gone, which leaves you without any visible clue as to that the download was not finished. (There is no keep/discard notification drawing attention) as the download now seems to use the download bubble, which leaves you with a fully downloaded file only in the tmp format (Unconfirmed 123456.crdownload).

@fmarier
Copy link
Member

fmarier commented Apr 21, 2023

Thanks for the update @RonnyTNL . I also noticed others reporting this:

I think it's showing up enough in the wild that we need to address it.

@fmarier fmarier reopened this Apr 21, 2023
@fmarier
Copy link
Member

fmarier commented Apr 21, 2023

Some screenshots to illustrate the problem.

This is Brave with Safe Browsing turned off treating all .exe downloads as dangerous (including the Brave browser itself):
Screenshot from 2023-04-21 15-10-07

While this behavior can be worked-around in Chrome via the Ask where to save each file setting, if you disable Safe Browsing in Chrome, all .exe are treated as dangerous just like in Brave:
Screenshot from 2023-04-21 15-09-09
Screenshot from 2023-04-21 15-09-41

As @RonnyTNL said, now that the download notification bar is gone in Brave, this is even less obvious and it just looks like the download is not working.

In both Chrome and Brave, the downloads can be manually allowed by going into chrome://downloads and clicking Keep:
Screenshot from 2023-04-21 15-15-31
Screenshot from 2023-04-21 15-15-53

@Upgrad3
Copy link

Upgrad3 commented May 9, 2023

Hi @fmarier

First thing, there is a configuration option to disable something, then I expect that it does what it claims.

Setting it to "No protection" means "From now on I'm responsible" in my idea, so it kind of defeats the purpose to keep prompting from my point of view. And I get that from a use case of an average user downloads an occasional binary. But if you chose to ignore that from a design perspective I guess you could remove the "No protection" setting completely.

I research security related stuff, might want to run in to an exploit, as we design anti-exploit protection, access stuff that Safe browsing prohibits, and download dozens of binaries a day, so in that case having to click on "Keep" get's rather annoying within a matter of minutes and frustrates my work, so I would really welcome some form of solution here (doesn't need to be UI, flag is fine) as long as I can disable this nag.

So it has nothing to do with not trusting the Safe browsing, I have a completely different use-case.

On a side-note, it seems there is still some part of the code that doesn't touch this "protection" I have one way/link download that get saved without a prompt being an .exe file, but I guess it would be better not to post that in public.

I also research CyberSecurity and am in the same position, I can sometimes download 100+ binaries per day, so in my case to have every download blocked until i click "keep" is ridiculous.

"First thing, there is a configuration option to disable something, then I expect that it does what it claims." - This is also my view.

Will we ever be able to completely disable again as we previously could ? Seriously considering changing browser cant put up with it much longer.

@chuckmckinnon
Copy link

Chiming in -- I'm setting up a new computer and, my word, on every single download I'm being told it's "dangerous" and have to open the download icon and click Keep.

Notepad++ is dangerous now? VLC? Really? Because those are the prompts I'm getting.

I'm old. I started programming in Apple ][ days and have been using Windows since before antivirus was a thing. I value Brave because it protects my privacy; I disabled Safe Browsing because I don't want or need anyone (even Brave) nannying me and yes, I am perfectly comfortable assuming any "risks" attendant on that decision. I'm not so stupid as to download files from illegitimate sources and if I do, that's my problem.

Seriously, please make this stop. Like Upgrad3 last week, I'm considering finding alternatives to Brave for a daily driver because every. blessed. time. I have to tell it to Keep a file I just told it to download. Please stop trying to anticipate my security needs and let me decide. Thank you.

@fmarier
Copy link
Member

fmarier commented Jan 25, 2024

@levicki I found the problem: #35561. It seems like there are only 6 file types that have the "DANGEROUS" danger level and .exe (or any of the ones I had previously tested) is not one of those.

@guest271314 The warnings are platform-specific and are defined in https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/content/resources/download_file_types.asciipb, a file that's downloaded as part of the "File Type Policies" component you can see in chrome://components.

@guest271314
Copy link

@fmarier Well, something ain't working as written out here https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/content/resources/download_file_types.asciipb;l=3439-3448.

The user gesture is the click on the link (HTML element)

file_types {
  extension: "deb"
  uma_value: 141
  ping_setting: FULL_PING
  platform_settings {
    platform: PLATFORM_TYPE_LINUX
    danger_level: ALLOW_ON_USER_GESTURE
    auto_open_hint: DISALLOW_AUTO_OPEN
  }
}

Chromium doesn't have anything in chrome://components, no components installed. Just like there are no terms (TOS) in chrome://terms.

"File Type Policies"

That got me to thinking about policies, i.e., chrome://policy, where there is at least one relevant entry https://chromeenterprise.google/policies/?policy=ExemptDomainFileTypePairsFromFileTypeDownloadWarnings

[ { "file_extension": "jnlp", "domains": ["example.com"] }, { "file_extension": "exe", "domains": ["example.com"] }, { "file_extension": "swf", "domains": ["*"] } ]

Note that while the preceding example shows the suppression of file type extension-based download warnings for "swf" files for all domains, applying suppression of such warnings for all domains for any dangerous file type extension is not recommended due to security concerns. It is shown in the example merely to demonstrate the ability to do so.

@fmarier
Copy link
Member

fmarier commented Jan 25, 2024

Well, something ain't working as written out here https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/content/resources/download_file_types.asciipb;l=3439-3448.

The user gesture is the click on the link (HTML element)

In Chromium, a danger level of ALLOW_ON_USER_GESTURE triggers the warning in the download manager when Safe Browsing is OFF. That's why you're seeing this (on the Linux platform).

Chromium doesn't have anything in chrome://components, no components installed.

This fallback code probably applies then.

Keep in mind though, I'm not a Chromium expert. I've only ever tested this in Brave.

@guest271314
Copy link

@fmarier

Setting the policy works on Chromium Version 123.0.6262.0 (Developer Build) (64-bit) - with Google Safe Browsing off.

I experimented setting Chromium and Chrome policies previously some time ago chrome Pop-up blocker when to re-check after allowing page. Then I was using Chromium downloaded via PPA using apt, which used the "chromium-browser" folder.

This links to https://github.com/google/ChromeBrowserEnterprise/blob/main/docs/policy_examples/managed_policies.json which I downloaded and modified to

{"ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [
 {
  "domains": [
   "*"
  ],
  "file_extension": "deb"
 }
]}
sudo mkdir /etc/chromium
sudo mkdir /etc/chromium/policies
sudo mkdir -p /etc/chromium/policies/managed
sudo cp ~/Downloads/managed_policies.json /etc/chromium/policies/managed

Verify the policy is loaded in chrome://policy

Screenshot_2024-01-24_21-46-00

Test downloading the .deb file. Observe no file type warning notification.

29f6a8b8-a3f0-4c8d-8dd6-973e59640a5b.webm

@levicki
Copy link

levicki commented Jan 25, 2024

@fmarier Thanks for looking into it, glad you could reproduce it.

I think that having ini and cfg listed as dangerous is plain ridiculous.

Moreover, manifest could probably be narrowed down to dll.manifest and exe.manifest so that other files with manifest extension are unaffected.

Is there a chance you could provide at least a rough ETA for the fix to hit the release channel?

@fmarier
Copy link
Member

fmarier commented Jan 26, 2024

Is there a chance you could provide at least a rough ETA for the fix to hit the release channel?

I have a PR in review which should land in time for 1.64 (currently scheduled to hit stable on March 19th).

@levicki
Copy link

levicki commented Jan 26, 2024

I have a PR in review which should land in time for 1.64 (currently scheduled to hit stable on March 19th).

Good to know.

Out of curiosity, why not change cfg, dll, and ini to be ALLOW_ON_USER_GESTURE level as well? Are they seriously that more dangerous than exe?

As an experienced PC user, software developer, and system administrator I can't understand the rationale behind that rating.

It's totally paranoid, and if we go that route why not mark webp files as DANGEROUS? After all, there was a 0-day exploit back in October 2023 in libwebp and everyone scrambled to patch it because pretty much all software everywhere was affected.

While we are at it, maybe we should also mark png and jpg as DANGEROUS because either current or some future version of Windows Explorer shell preview handler might have a vulnerability which will allow those files to do damage without user interaction (just generating a thumbnail preview while browsing Downloads folder could trigger the malicious payload).

In my opinion, blocking user-initiated downloads amounts to nothing more than a security theater. It's one thing to add a layer of security, and another to turn it into a major nuisance because when people are faced with an impediment 9 times out of 10 they will go out of their way to fully remove it and you will end up with the overall worse security posture than if you dialed the nuisance factor down a couple of notches.

Prime example of this are password policies. Let's say you demand:

  • Minimum 12 characters password
  • At least one uppercase letter
  • At least one digit
  • At least one symbol
  • Change every 90 days

And then you set their work PCs to lock after 5 minutes of being idle.

What do you think will 90% of people do if they have to type those passwords dozens of times in their 8 hour shift?

They will simply use passwords like January2024!, because remembering and typing complex passwords is a chore and nobody likes chores when they are already tasked to (or over the) capacity with their salaried work. Come end of March they will change it to AprilFools24@, and so on. It's a clear example that overly restrictive security policies do not actually improve security.

Sorry for the slight off-topic rant, but these things are like the pet peeve of mine.

@guest271314
Copy link

It's one thing to add a layer of security

There really is no such thing as "security" for any signal communications. As of last century certain entities were analyzing 20 TB per second via ThinThread. PRISM, Apple "disclosing" the had an agreement with the U.S. Government to not disclose to users agreements between that concern and the U.S. Government re user data, et al.

@fmarier
Copy link
Member

fmarier commented Jan 26, 2024

Out of curiosity, why not change cfg, dll, and ini to be ALLOW_ON_USER_GESTURE level as well?

That list is maintained by the Google Safe Browsing team and we use it without modifications in Brave (proxied of course). It's not currently something we have had the need to fork in Brave yet.

@digitaldreamer7
Copy link

Thanks for providing one more annoyance that we can't get rid of. I don't need you or google to hold my hand. My av can handle anything that's downloaded. This browser is becoming more and more frustrating for people who don't need YOU to decide what WE want to do on our own personal computers.

@luckman212
Copy link

Here's why THIS FEATURE FUC*ING SUCKS

Yesterday I was at a customer's office dealing with an emergency Network Down situation. The firewall's flash memory had become corrupt and I had to access it using a console cable in a very difficult to reach location. It was a tense moment but I got it repaired. Our policy is to save copies of the running config for these types of situations. So I clicked the "download config" button, saw the download complete (or so I thought), climbed down from the ladder, packed up my bag and left.

This morning, went to upload the config to our server for safekeeping and saw the file never made it to my disk. It was blocked & canceled because it was "insecure". THANKS GOOGLE.

@guest271314
Copy link

FWIW This might be the place to lodge your feedback on the record for download warnings Q4 2023 Summary from Chrome Security.

@levicki
Copy link

levicki commented Jan 28, 2024

@digitaldreamer7 @luckman212 Guys you are barking up the wrong tree here. Being abusive towards Brave devs doesn't really help — you are antagonizing the only people who can actually help us by making a browser which doesn't fully follow Google's (and Chromium's) bullshit policies like this one.

In case you didn't read the full thread and just came to vent your anger here is a short summary:

  1. When you turn off Safe Browsing all Chromium based browsers block downloads that are considered dangerous. What is dangerous is decided by Google Safe Browsing Team, not Brave devs.
  2. Brave users submitted a feature request for the ability to disable download blocking and that was implemented via brave://flags/#brave-override-download-danger-level flag.
  3. However, because of an oversight (which I reported here), that flag doesn't fully disable download blocking for all file tyes — the fix for that is currently scheduled for release in version 1.64 on March 19.

So, if you are using Brave, you just need to be a bit patient. Thanking Brave devs for honoring a feature request and putting in the extra work to override the default Chromium behavior in order to allow us to disable download blocking wouldn't hurt either.

@luckman212
Copy link

Sorry - my frustration wasn't towards Brave or the devs who are working towards finding a good solution to this. Yes I was venting a bit—towards Google—because it was being discussed. I meant no disrespect.

@825i
Copy link

825i commented Sep 11, 2024

I as the owner of my own computer and as an IT professional of 15+ years, am not allowed to download a freaking PDF FILE without being harassed every time! Because for some INSANE reason even on an HTTPS website, it's deemed "insecure".

Besides shouldn't the word in this case be UNSECURE? I don't quite think my .pdf file suffers from crippling depression or some other kind of imposter syndrome...

image

But yes, apparently being allowed to completely and totally disable garbage like this, is just not possible on the Chrome ecosystem. Wow. One step closer to a free and open internet aye folks?

Make no mistake, I have nothing against the Brave devs and I otherwise love this browser. Yet at the ass end of 2024, not having a way to disable this kind of thing is just plain Orwellian at this stage.

@825i
Copy link

825i commented Sep 11, 2024

Out of curiosity, why not change cfg, dll, and ini to be ALLOW_ON_USER_GESTURE level as well?

That list is maintained by the Google Safe Browsing team and we use it without modifications in Brave (proxied of course). It's not currently something we have had the need to fork in Brave yet.

Please, on behalf of all of us. WHEN WE TURN THIS OFF, TURN IT OFF FOR REAL.
Turning this off does NOT fix the problem at all. This leads me to believe that turning off safe browsing does nothing, or safe browsing has nothing to do with handholding my downloads.

image

@digitaldreamer7
Copy link

@digitaldreamer7 @luckman212 Guys you are barking up the wrong tree here. Being abusive towards Brave devs doesn't really help — you are antagonizing the only people who can actually help us by making a browser which doesn't fully follow Google's (and Chromium's) bullshit policies like this one.

In case you didn't read the full thread and just came to vent your anger here is a short summary:

  1. When you turn off Safe Browsing all Chromium based browsers block downloads that are considered dangerous. What is dangerous is decided by Google Safe Browsing Team, not Brave devs.
  2. Brave users submitted a feature request for the ability to disable download blocking and that was implemented via brave://flags/#brave-override-download-danger-level flag.
  3. However, because of an oversight (which I reported here), that flag doesn't fully disable download blocking for all file tyes — the fix for that is currently scheduled for release in version 1.64 on March 19.

So, if you are using Brave, you just need to be a bit patient. Thanking Brave devs for honoring a feature request and putting in the extra work to override the default Chromium behavior in order to allow us to disable download blocking wouldn't hurt either.

Enough people here have tried the "nice" route.

EDGE at this point is less restrictive and more user friendly out of the box than brave.... EDGE...

Again, We don't need hand holding

@pixelstuff
Copy link

pixelstuff commented Sep 11, 2024

I as the owner of my own computer and as an IT professional of 15+ years, am not allowed to download a freaking PDF FILE without being harassed every time! Because for some INSANE reason even on an HTTPS website, it's deemed "insecure".

Besides shouldn't the word in this case be UNSECURE? I don't quite think my .pdf file suffers from crippling depression or some other kind of imposter syndrome...

I don't think UNSECURE is an official word. INSECURE just means not sure, not certain, or not adequately protected. The word itself isn't intrinsically tied to someone's mental state anymore than the word blue is.

@guest271314

This comment was marked as off-topic.

@825i
Copy link

825i commented Sep 12, 2024

I as the owner of my own computer and as an IT professional of 15+ years, am not allowed to download a freaking PDF FILE without being harassed every time! Because for some INSANE reason even on an HTTPS website, it's deemed "insecure". Besides shouldn't the word in this case be UNSECURE? I don't quite think my .pdf file suffers from crippling depression or some other kind of imposter syndrome...

I don't think UNSECURE is an official word. INSECURE just means not sure, not certain, or not adequately protected. The word itself isn't intrinsically tied to someone's mental state anymore than the word blue is.

Staight from the Oxford dictionary my friend

image

Here's insecure

image

FYI, this bit was more tongue-and-cheek but after getting bombarded with this popup whenever I try to download handfuls of .pdf files, I felt compelled to have a stab at how stupid the wording is on top of everything else.

Another amazing find today. I'm able to download multiple .exe files from an HTTP unsecure connection that is served through an app on my phone, giving me access to my phone's storage. Without being prompted that these .exe files could be dangerous.

So...

  • .exe and HTTP = OKAY.
  • .pdf and HTTPS = NOT OKAY.

Wow yeah... this is definitely working as intended.

It's absolutely time to do away with this garbage "feature" that seems to do absolutely nothing good. There probably hasn't been a single person that this has actually helped. Everyone just clicks "Keep" anyway. At the very least let us turn this off, even if you have to break the Chromium base apart with a crowbar to do it.

If you can bake a crypto wallet, torrent downloader and AI assistant into Brave, please get rid of this stupid popup.

@levicki
Copy link

levicki commented Sep 12, 2024

I as the owner of my own computer and as an IT professional of 15+ years, am not allowed to download a freaking PDF FILE without being harassed every time! Because for some INSANE reason even on an HTTPS website, it's deemed "insecure".

Given that you are such a professional, are you absolutely sure it's HTTPS? What does it say for this file for example?

https://us.download.nvidia.com/Windows/561.09/561.09-win11-win10-release-notes.pdf

I have Safe Browsing disabled and for me this PDF is not being blocked by Brave.

Besides shouldn't the word in this case be UNSECURE? I don't quite think my .pdf file suffers from crippling depression or some other kind of imposter syndrome...

Unsecure isn't a word despite what that Google AI generated dictionary excerpt based on AI generated Google SEO gaming fluff being indexed is telling you.

Insecure on the other hand quite literally means "not safe" in Latin so if anything, you can argue for it to be replaced by "unsafe" if you are such a word purist.

Staight from the Oxford dictionary my friend

Straight from the lying LLM mouth my friend:

image

EDGE at this point is less restrictive and more user friendly out of the box than brave.... EDGE...

Then stop using Brave and use Edge instead of harrasing people here.

@pixelstuff
Copy link

I as the owner of my own computer and as an IT professional of 15+ years, am not allowed to download a freaking PDF FILE without being harassed every time! Because for some INSANE reason even on an HTTPS website, it's deemed "insecure". Besides shouldn't the word in this case be UNSECURE? I don't quite think my .pdf file suffers from crippling depression or some other kind of imposter syndrome...

I don't think UNSECURE is an official word. INSECURE just means not sure, not certain, or not adequately protected. The word itself isn't intrinsically tied to someone's mental state anymore than the word blue is.

Staight from the Oxford dictionary my friend
(screenshot)

Here's insecure
(screenshot)

That is pretty weird. Oxford seems to be the only dictionary to include "unsecure" and when I search in Oxford myself it says it is an obsolete word last used in the early 1700s. Why would they reference a "computer system" in an obsolete word? Merriam-Webster, Cambrige, and Dictionary.com don't mention unsecure at all.

With insecure most of them include additional definitions. Here are some from the Merriam-Webster Dictionary.
Insecure

@levicki
Copy link

levicki commented Sep 12, 2024

Oxford seems to be the only dictionary to include "unsecure" and when I search in Oxford myself it says it is an obsolete word last used in the early 1700s. Why would they reference a "computer system" in an obsolete word?

That's an AI generated blurb and AI hallucinates BS all the time.

There's quite a number of articles debating "insecure vs unsecure" in Google search results — they are probably skewing the answer by giving the "unsecure" word some statistical validity in ranking.

TL;DR — see the screenshot I posted from ollama3.1 model above, it first claims unsecure is a word, then when I confront the answer it admits it's not a word according to dictionary. Likely the training data was poisoned (or better said, it wasn't vetted for correctness).

@Targren
Copy link

Targren commented Oct 4, 2024

Maybe we should get back to focusing less vocabulary wanking and more trying to determine how we can make it so that the browser isn't stepping on me when I try to download a .deb package on my linux box, after I explicitly told I don't want it to protect me.

@guest271314
Copy link

Just use an extension, policies, and/or Native Messaging and be done with the matter.

Then you don't have to ask maintainers to do or not do anything. You implement the strategy yourself.

@guest271314
Copy link

While Chromium is arbitrarily popping up download warnings AI is now shipped in Chromium Version 131.0.6746.0 (Developer Build) (64-bit), defined on the global object.

Who asked for that? Chromium decided to download AI for you...

How about block "AI" marketing on every surface known to humankind?

Too funny.

@MNLierman
Copy link

MNLierman commented Oct 8, 2024 via email

@guest271314
Copy link

@MNLierman I already created such a Web extension and shared it here #28917 (comment). Specifically for downloading and creating directories without any prompts or user-activation permissions requests. Somebody marked it as off-topic. MV3 is not a challenge to bend to the will of the programmer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment