Vivaldi causing Insecure browser error on Gmail, and retaining search queries

ajenn

Vivaldi 3.7.2218.55 (Stable channel) (64-bit)
Revision 95bbce164915ddff8d58c77a97064f858db3df2b
OS Windows 10 OS Version 2004 (Build 19041.804)
JavaScript V8 8.9.255.25

1. This version and the one prior, both are returning error messages and lockouts from Google Gmail and other logins on Google services, with an error message that says my browser "may" be insecure. This occurs with or without any extensions and began suddenly with Vivaldi only. Brave and other Chromium browsers do not have the problem.

2. Vivaldi is retaining typed search entries despite such behavior being turned off in settings. All the suggestions you see in the popdown window above came from the browser. I have never been on that website before, and I manually clear all history, cache and searches when I leave the internet. Somewhere, Vivaldi is retaining this search information and offering it up on every search box, if there is relevancy (in other words the searches shown would not show up on a foodie site search box, but WILL show up on shopping sites or RC airplane forums).

Zalex108

Hi,

1. Check the FAQ - Q: Can’t log in to Google services

2. Have you enabled Flags?
   Check at Chrome://Settings suggestions

--

Open one thread per question,
Thank you

--
"Off Topic Tip"
Follow the Signature's Backup | Reset link.
Take the opportunity to start a Backup plan and even create a Template Profile.

---

Windows 7 (x64)
Vivaldi Backup | Reset + Extra Steps

ajenn

@Gwen-Dragon It happens whenever I go to Gmail and attempt to login. I have not removed anything in Vivaldi Settings > Privacy > Google Extensions that I know of. I have blocked third party cookies, and allowed only per-session cookies.

TbGbe

@ajenn Look at your screenshot - ALL the Google extensions ARE DISABLED!

To access gmail you should ENABLE "Crypto Token" (as a minimum).

ajenn

@TbGbe Okay I was unsure what you meant. HOWEVER, that said, first of all I don't want Google involved in my browsing or anything else. I don't use crypto currency, and don't want to enable it for any reason. I've had sites try to plant malware into my computer to use it for crypto-mining. I don't see any reason why Google would need to force that extension in Vivaldi or why it should break my access to Gmail which has nothing to do with Crypto currency, (unless they're trying to use my computer for cryptomining when I'm using their services), when Brave works fine without it (Brave is also a Chromium based browser). So that's suspicious. Same with Chromecast Media Router.

Next I don't use "Hangouts" at all, or the Google Web Store services unless specifically needed for something, do not want to use Google Services for Phishing and Malware protection, or their DNS service to resolve domain name server errors, or their form autofill assistance. I don't want Google anything. They are very intrusive, scrape and share my data, and I'm sick and tired of it. If they have such control over your browser that turning off these unrelated extensions will break my access to Gmail if not allowed then maybe I don't need to be using Gmail or Vivaldi.

nomadic

@ajenn As @Gwen-Dragon said, the Crypto Token Extension has nothing to do with crypto currencies.

See this post I made:
Google Extensions - Crypto Token [What it Does]

ajenn

Yeah, I get it. You can stop making that the main deflection of this discussion. I read your posts. I have also found a MUCH better explanation and what a surprise, it's just another layer of the same Gestapo-like "authentication" being demanded by THE biggest data scrapers, whose only purpose in doing so, is creating the ability to lock you out of your accounts, if you don't give them all the information about you that they want. Because they sell that information. You are literally interfering with their baseless profits, so they have to keep coming up with more and more creative ways to get information out of you. Don't comply? They control your life and will lock you out of it.

So I wonder why they are also the same sites with the absolute worst security on the planet. I have to wonder why my banks, credit unions, government sites, insurance sites, credit card companies, and all other highly secure corporate websites don't require all these multi-factor authentication protocols. Why is it just data scrapers like facebook and Google?

Now, here is the explanation I found, which is a lot less fuzzy jargon and a plain, simple explanation of exactly what I just said:

"What is CryptoTokenExtension in Chromium extensions?

http://askubuntu.com/questions/844090/ddg#844095

It is the extension that allows two-step verification between hardware. From the link:

Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication.

It is supported by Google Chrome since version 38 and Opera since version 40. Firefox has an add-on for this. And Microsoft has plans to implement it. Dropbox, GitHub, GitLab and Bitbucket support it too.

Is it safe to use?

Well... the tool itself is there to protect you from misuse. But it all depends on how you treat your hardware I would say. On the other hands... it IS a tracking tool so Richard Stallman will disagree (strongly and furiously) (:)) "

Pay close attention to that last statement.

Funny how none of my banks make me prove who I am, and let me in every time I use my login username and password, and have ZERO security issues, but with all the various ways companies like Gmail and facebook already employ to "verify your identity," they are FULL of hackers, scammers and spammers. And I find that many websites now have realized the monetization potential of selling your information....the very ones throwing down the most challenges and trying to lock you out of your accounts.

nomadic

@ajenn said in Vivaldi causing Insecure browser error on Gmail, and retaining search queries:

a lot less fuzzy jargon and a plain, simple explanation

Sorry if any of my explanation was not clear. I tried to include links to explanations of any jargon I used and also show the process of how I got my information in case anyone disagreed with my approach.

I summarized my findings near the end, but it has to include some terminology to make sense. Hopefully the links are enough to explain them.

"On the other hands... it IS a tracking tool so Richard Stallman will disagree (strongly and furiously) (:)) "

I haven't audited the full code, but this statement from that link (which I did mention in my post ), seems a bit dishonest. Sure it can be used with pinpoint accuracy to determine who someone is, but isn't that the purpose of a website login?

I also didn't include too much discussion into that link because it is out of date. The Crypto Token extension no longer handles 2-factor hardware authentication; that has been moved to an internal API.

So I wonder why they are also the same sites with the absolute worst security on the planet. I have to wonder why my banks, credit unions, government sites, insurance sites, credit card companies, and all other highly secure corporate websites don't require all these multi-factor authentication protocols. Why is it just data scrapers like facebook and Google?

Many of those examples you provided do allow multi-factor authentication, or at least should, because it is the most secure way to protect an account login (but avoid SMS text based multi-factor authentication as it is vulnerable to social engineering.)

The Crypto Token extension would have been necessary on the past for all those sites if you used a hardware based multi-factor login.

---

What it all comes down to is that every browser you will use will have the same functionality included that the Crypto Token extension provides. It is an implementation of a standard that everyone uses. Notice how you are still able to sign into Google in Firefox or Safari. Vivaldi just gave users the option to disable it.

I hope Google finishes up migrating the functionality to their web authentication API, so fewer new Vivaldi users will accidentally break their Google logins.