New permission dialog only has "always allow"

I’m not sure which exact version, but a recent update changed the dialog that prompts to allow permission to e.g. camera/microphone. The previous dialog had an “only this time” option, but the new one only has a single “Allow” option which enables “allow on every visit”. I almost never want that behavior, and this is really bad IMO for a privacy-oriented browser.

image

image

1 Like

@eric99 I’m not quite sure I fully understand the issue. If you uncheck the Allow on every visit option, it should work similarly to selecting Only this time.

Typically, when we give permission for things like microphone access, we only need to do it once, and the permission stays in place unless we clear cookies or manually reset the permissions. This way, you’re not constantly being asked for permission each time you revisit the site, but the website still won’t have access to the microphone once you leave.

And to be clear, there is a toggle on the right side of where it says Microphone. So you can disable the permission by toggling off, you uncheck the box if you won’t want it to have permission on the next visit, or you leave it checked so it won’t ask you each time.

Previously, when it asked, it had (I forget the exact verbiage, but close to):

  • until I close this window
  • always
  • deny

I almost always used the first option. I don’t want to give anything permission to use my microphone or camera indefinitely, particularly companies whose entire business is built around surveilling your every move and were using eye tracking software 15 years ago. Their predatory practies are the entire reason Brave exists…

Now, I would have to:

  • click allow
  • click the permissions button next to the url
  • expand the camera section
  • uncheck “allow on every visit”
  • click back
  • expand the microphone section
  • uncheck “allow on every visit”

Every single time. I’m perfectly fine with constantly being asked for permission each time I revisit the site, but the now 8 step process is significantly more tedious.

1 Like

@eric99 I wouldn’t say it’s 8 steps as you mentioned. As I just experimented, it seems to be two clicks after giving the permission.

  1. Click the image button

  2. Click Reset Permission

image

That said, I do agree after testing that it’s not right that if you uncheck the box for Allow on every visit which convers to Only this time, it should be able to retain that. So far I’m not seeing an option that retains instructions. And as much as I could suggest something like Forget me when I close this site, that’s a bit much as it is a headache having to login again compared to just revoking permission.

image

Based on some testing this seems to be a change inherited by Chromium. I’m not sure if they would say some change needs to happen upstream or if this is something Brave would handle. I’ll tag in @mattches and @steeven on it so they can advise.

Hey @eric99 are you on Beta or Nightly? Thanks!

Oh, hey @Evan123. This can be replicated on Release. Way it works is it asks if you want to allow access to microphone, then it defaults to the Always Allow if you accept. A person has to be aware to reset if they want it to ask the next time they return. Also happens on Nightly.

“Reset permissions” revokes the permissions immediately (and prompts you to refresh the window), so that’s not really an acceptable solution. You would have to remember to do that after using the page just before closing it. Multiple tabs in a browser all but guarantees a mistake.

I’m on :
Version 1.69.162 Chromium: 128.0.6613.120 (Official Build) (64-bit)
from the Arch AUR brave-bin package.

But it was happening on 1.68.x (sorry, I don’t have the exact point version) as well.

This looks isolated to Google Meet only. Tried Brave Talk and Zoom and receive Brave’s Site Permissions modal as expected. Looking into it. Thanks!

2 Likes

Oh, you’re right. @eric99 can you confirm this yourself as well? Just tested at https://mictests.com/ and https://talk.brave.com/. On both, it shows the old prompt:

image
image

So I guess it’s just Google being Google again.

:person_facepalming:
Confirmed. Wow that’s sneaky. Ok, sorry to waste your time.

1 Like

Was tagged here but just now seeing (was on PTO) — is this issue resolved then?

@Mattches I’m not sure where things stand with Evan looking into this. It’s concerning how the browser handles permissions on Google websites compared to others. It would be great if this could be brought to the right person’s attention to see if Brave can address it or make changes in the future.

From what we can tell, it looks like this just Google trickery vs an actual browser issue. On my end, when I go to meet.google.com and try starting a meeting, I see this screen:

Clicking this option (implemented by Google) will allow permissions “forever”. However, if I click Continue without microphone and camera I then see the meeting screen, with icons next to the mic/camera options:

image

If I then click on either of those buttons, I see the expected screen and the expected browser permissions dialog:

As mentioned in previous replies, other video conferencing sites display the permissions dialog normally. So to answer the question of:

The answer is, from the browsers standpoint, exactly the same. It’s just that Google inserts this additional page/option, expecting that most users will take the path of least resistance and click that button without thinking about it. I’ll ping @fanboynz and see if there is a way that we can use Shields to block this option all together.

3 Likes

Half of one and half another. Not good to know any trickery out there that can kind of bypass the traditional browser prompts and give permissions “forever.” Perhaps no real harm in it but just seems like a backdoor vulnerability of sorts.

Awesome. Thanks.

And @eric99 just tagging you in again to make sure you see that latest update. Definitely isn’t a waste of time as it’s good to know something weird like this is happening on websites. It’s always good to have people speak up and make things known.

2 Likes

Eric…
Not a waste of time, anyone’s, at all.
Just read entire thread, your question out of “what the hell is this illogical sh¡t…?” has exposed another expected google deviance
Why personally anything Google is avoided, why i really like Brave, has Qwant as a search engine option

Brave dude Saoiray… please forward this idea to those concerned
Make Qwant the DEFAULT search engine, not goolag
Drop those buggers to the bottom of the list
Using various keyword searches, Qwant trumps google by far and is slightly better than DuckDuckGo
:sunglasses::call_me_hand:

1 Like

@FlyingKiwi better yet, make Brave Search the default search engine! I know they have a little ways to go on yielding the best results but they are significantly getting better overtime. And the more we use it and can provide feedback the better it gets

1 Like

Thanks for following up. @Saoiray I do agree with your assessment. I think it’s at least worth verifying that it is, in fact, only available on Google websites.

  • If so, then it seems to violate the spirit of Chromium. They can do whatever they want in Chrome, but there shouldn’t be Google-only backdoors
  • If not and ANY page could do this for permission, then it’s probably worth making Brave prevent it. IMO there should never be an option to add permissions without the option to make it temporary
3 Likes

At least we know @Mattches is aware and has already pinged Fanboynz. I’m not sure if anyone else internally has been contacted, but it’s probably best to be patient for now and let them look into possible solutions. I agree—it’s a great opportunity to learn from this and improve the process so it’s not as easy to circumvent things in the future.

1 Like

Challenge accepted, only in the sense that will test Brave using same parameters…
Hint: Previously a Systems Admin Online Security, but ain’t a nerd or a geek…
To explain - approx 5 - 7% of individual’s are nerds/geeks but i.t depts are 99.99% full of these brain wired types
94.99% of the populace are not, but they have to use the sh¡t CONstructed by them…
:rofl:
Enjoy your day y’all

1 Like

@FlyingKiwi where it can really shine is if you’re really wanting to jump down the rabbit hole and learn to use Goggles. But not sure the average person wants to create one as it requires learning the syntax and all. Existing Goggles are okay, but not what people expect. I kind of touch on that a bit at What Are Goggles and How Can They Change Your Search Results?

And little closely related is just little article I wrote as this comes up a lot from people who are too used to the echo chamber known as Google: * Is Brave Search Politically Biased?

Anyway, I’ll be interested to hear your thoughts just using Search as is. Then perhaps find out if you jump down that rabbit hole to experiment a bit.

2 Likes