Add user warning that certain logging levels can log sensitive inform…#19764
Add user warning that certain logging levels can log sensitive inform…#19764awiedenhoeft wants to merge 1 commit intonvaccess:masterfrom
Conversation
|
Is it possible for the warning to appear only after I apply and save the settings? I prefer not to see it while navigating through the options. |
Agree with this, since this is a combo box, I'm concerned that if the user modifies the options via the down arrow, the immediate warning may pop up several times |
|
@awiedenhoeft Please make sure that this warning can be disabled by advanced users. Either by a "Don't show this again" type checkbox, or a hidden config file option.
For those of us who work with logs a lot in different modes, dealing with warnings all the time will get tedius fast.
(Depending on how this is implemented.)
Also, agreed with @makhlwf and @wmhn1872265132
|
seanbudd
added
the
conceptApproved
Not sure about this one. I am quite reluctant to cluter the GUI with "Don't show warning" checkboxes for everything, even in the Advanced settings panel. Wouldn't an add-on be enough for advanced users? I can implement this in NVDA Dev & Test Toolbox if needed. Of course, this would not cover the case when launching NVDA without add-ons though. If the warning pops up when the setting is actually saved, wouldn't it be so difficult to press OK / Yes once more? If you do it frequently, I'm quite sure that you quickly get muscle memory for this.
Fully agree: the warning should not pop up each time you press downarrow in the combobox. |
|
Not sure about this one. I am quite reluctant to cluter the GUI with "Don't show warning" checkboxes for everything, even in
I was mainly thinking in the warning itself, such as the one in the stopper dialog that comes up the first time you launch the add-on store.
I was also thinking that if we were going to continue the trend toward popping up workflow-interrupting warning dialogs for potentially risky choices, we should also start a trend of making them easy to hide.
|
|
I don’t like warning pop-ups either, and I’m not interested in developing muscle memory just to skip through them. I honestly doubt if these dialogs really do much to protect anyone's privacy. We see this every year with the update warnings for disabled add-ons; people check the box and then still ask why their add-ons are gone. This approach feels like it's just about being 'technically correct'—basically saying, 'Well, we warned you'—without actually helping the end user. |
|
@awiedenhoeft - do you intend to continue to work on this? |
seanbudd
added
the
Abandoned
7 participants
Link to issue number:
Fixes #19465
Summary of the issue:
Changing logging levels to "debug warning", "input/output", or "debug" allows the program to log sensitive information on the user's computer, such as passwords and personal information. No warning message currently exists to alert users of this consequence.
Description of user facing changes:
A warning message will pop up after users select logging levels above "info." The message states the following: "Warning: Selecting 'Debug warning', 'Input/output', or 'Debug' logging levels may record sensitive information such as typed text, system information, or application data. Only enable these levels if you understand the risks."
Description of developer facing changes:
Description of development approach:
Added an event handler in the PrivacyAndSecuritySettingsPanel class to display a warning message if the user selects certain logging levels. The box is hidden by default and only displays after the event handler checks the logging level selected.
Testing strategy:
Known issues with pull request:
Code Review Checklist: