Ubuntu LTS, BRAVE browser, Google account, Not sure if it's a security issue

yoda goba

1/28/23, 12:02 AM

I’m using always updated UBUNTU 20.04 LTS I’m using BRAVE downloaded from UBUNTU software center “snap”

Description of the issue: Was browsing with BRAVE. I logged into my google account on youtube. I happened to click on “Nautilus” and found the following: my google drive for that email, was mounted as a drive. in it, someone downloaded a file, named kiki, into location: /run/user/1000/gvfs/google-drive:host=gmail.com,user=yodagoba

content of the file is: Look at this… :eyes: https://pin.it/3rTKHqD 4

I looked at my Ubuntu settings online-accounts and found that my yodagoba gmail account was added. I did not do it myself. I've never added online accounts. how did someone, something, was able to download a file to my computer??? via: google drive, via BRAVE, via Ubuntu. I’m not sure if Brave, Google or Ubuntu contributed to this suspicious behavior. it may not be a hack, but it can be used as an open door to an Ubuntu account. I have never encountered that issue using firefox. or on another Debian computer with Brave, since I use the version downloaded from Brave.com, not from Ubuntu-Software-Center. I also filed this question on the BRAVE support website.

0 + 0

software-center

gmail

security

brave

20.04

user535733

1/28/23, 2:04 AM

See if you can reproduce the behavior in a LiveUSB's "Try Ubuntu" environment: Install the Brave Snap, call up assorted online accounts, and see if the information gets passed to Gnome Online Accounts. If a bug cannot be reliably duplicated using a simple recipe, the bug probably cannot be properly triaged nor fixed. Assuming, of course, that your recollection ("*I did not do it myself*") is accurate.

pLumo

1/28/23, 6:03 AM

I somehow hesitate to click on a link where someone says *"content of the file is: Look at this…"*. Could you please describe the file ? :-) However, I strongly doubt that your google-drive got mounted by brave(?). Also, this file has not been downloaded to your Ubuntu unless you open the it, it is still only a mounted location.

yoda goba

1/28/23, 5:04 PM

@user535733, work computers are UBUNTU-LTS, firefox. never added online accounts to gnome>settings>online-accounts. was testing out Brave on 3 computers. this one has Brave downloaded as snap. 1st time logged into google account via Brave. then I saw gmail mounted drive in Nautilus, looked at gnome-settings, found gmail account added (did NOT add it myself) red flag right there. did not open that 'kiki' file on my computer. I use a throwaway chromebook. url went to pinterest site with drawings. re-suggestion of launching liveUSB etc. it did happen again. also reported to Brave support.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Ubuntu LTS, BRAVE browser, Google account, Not sure if it's a security issue

TH: Ubuntu LTS, เบราว์เซอร์ BRAVE, บัญชี Google, ไม่แน่ใจว่าเป็นปัญหาด้านความปลอดภัยหรือไม่

RO: Ubuntu LTS, browser BRAVE, cont Google, nu sunt sigur dacă este o problemă de securitate

RU: Ubuntu LTS, браузер BRAVE, учетная запись Google, не уверен, что это проблема безопасности

VI: Ubuntu LTS, trình duyệt BRAVE, tài khoản Google, Không chắc đó có phải là sự cố bảo mật không

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.