Skip to content

Add user warning that certain logging levels can log sensitive inform…#19764

Closed
awiedenhoeft wants to merge 1 commit intonvaccess:masterfrom
awiedenhoeft:master
Closed

Add user warning that certain logging levels can log sensitive inform…#19764
awiedenhoeft wants to merge 1 commit intonvaccess:masterfrom
awiedenhoeft:master

Conversation

@awiedenhoeft
Copy link
Copy Markdown

Link to issue number:

Fixes #19465

Summary of the issue:

Changing logging levels to "debug warning", "input/output", or "debug" allows the program to log sensitive information on the user's computer, such as passwords and personal information. No warning message currently exists to alert users of this consequence.

Description of user facing changes:

A warning message will pop up after users select logging levels above "info." The message states the following: "Warning: Selecting 'Debug warning', 'Input/output', or 'Debug' logging levels may record sensitive information such as typed text, system information, or application data. Only enable these levels if you understand the risks."

Description of developer facing changes:

Description of development approach:

Added an event handler in the PrivacyAndSecuritySettingsPanel class to display a warning message if the user selects certain logging levels. The box is hidden by default and only displays after the event handler checks the logging level selected.

Testing strategy:

Known issues with pull request:

Code Review Checklist:

  • Documentation:
    • Change log entry
    • User Documentation
    • Developer / Technical Documentation
    • Context sensitive help for GUI changes
  • Testing:
    • Unit tests
    • System (end to end) tests
    • Manual testing
  • UX of all users considered:
    • Speech
    • Braille
    • Low Vision
    • Different web browsers
    • Localization in other languages / culture than English
  • API is compatible with existing add-ons.
  • Security precautions taken.

@awiedenhoeft awiedenhoeft requested a review from a team as a code owner March 9, 2026 20:15
@makhlwf
Copy link
Copy Markdown
Contributor

makhlwf commented Mar 9, 2026

Is it possible for the warning to appear only after I apply and save the settings? I prefer not to see it while navigating through the options.

@wmhn1872265132
Copy link
Copy Markdown
Contributor

wmhn1872265132 commented Mar 10, 2026

Is it possible for the warning to appear only after I apply and save the settings? I prefer not to see it while navigating through the options.

Agree with this, since this is a combo box, I'm concerned that if the user modifies the options via the down arrow, the immediate warning may pop up several times

@seanbudd seanbudd marked this pull request as draft March 10, 2026 01:15
@XLTechie
Copy link
Copy Markdown
Collaborator

XLTechie commented Mar 17, 2026 via email

@seanbudd seanbudd added the conceptApproved Similar 'triaged' for issues, PR accepted in theory, implementation needs review. label Mar 17, 2026
@CyrilleB79
Copy link
Copy Markdown
Contributor

@awiedenhoeft Please make sure that this warning can be disabled by advanced users. Either by a "Don't show this again" type checkbox, or a hidden config file option. For those of us who work with logs a lot in different modes, dealing with warnings all the time will get tedius fast. (Depending on how this is implemented.)

Not sure about this one. I am quite reluctant to cluter the GUI with "Don't show warning" checkboxes for everything, even in the Advanced settings panel. Wouldn't an add-on be enough for advanced users? I can implement this in NVDA Dev & Test Toolbox if needed. Of course, this would not cover the case when launching NVDA without add-ons though.

If the warning pops up when the setting is actually saved, wouldn't it be so difficult to press OK / Yes once more? If you do it frequently, I'm quite sure that you quickly get muscle memory for this.

Also, agreed with @makhlwf and @wmhn1872265132

Fully agree: the warning should not pop up each time you press downarrow in the combobox.

@XLTechie
Copy link
Copy Markdown
Collaborator

XLTechie commented Mar 17, 2026 via email

@cary-rowen
Copy link
Copy Markdown
Contributor

I don’t like warning pop-ups either, and I’m not interested in developing muscle memory just to skip through them. I honestly doubt if these dialogs really do much to protect anyone's privacy. We see this every year with the update warnings for disabled add-ons; people check the box and then still ask why their add-ons are gone. This approach feels like it's just about being 'technically correct'—basically saying, 'Well, we warned you'—without actually helping the end user.

@seanbudd
Copy link
Copy Markdown
Member

seanbudd commented Apr 1, 2026

@awiedenhoeft - do you intend to continue to work on this?

@seanbudd seanbudd closed this Apr 16, 2026
@seanbudd seanbudd added the Abandoned requested reports or updates are missing since more than 1 year, author or users are not available. label Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Abandoned requested reports or updates are missing since more than 1 year, author or users are not available. conceptApproved Similar 'triaged' for issues, PR accepted in theory, implementation needs review.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add user warning that logging can store PII on the user's machine

7 participants