publisher_info_db still being populated despite Rewards disabled.

[RonnyTNL]

Description

On an existing profile publisher_info_db is still being populated despite Rewards being disabled.

On top of that issue 926 has a flaw with regards to UI steps (see image).
Start using suggests that it's disabled, and to "Reset brave rewards data" you should not need to "enable" something first.

On top of that I consider this a privacy issue it is not clear to the user, nothing suggests that this feature keeps track of every site you have visited.

Steps to Reproduce

1. Can't reproduce on a VM with a fresh install.
2. Seems a result of a long used profile/upgrades.
3. Can't find anything in regular settings that could enable this.
4. Closing the browser and removing the publisher_info_db file does not make this stop, it get's rebuild an populated.

Actual result:

First it would need to be way more clear that this 'feature' keeps track of all your domains visited.
Clearing of this privacy related info appears to have a bug on existing users from the looks of it.

Expected result:

Clear browser data and checking all boxes should make sure that all "history" is erased, if needed for rewards it needs to be made clear that certain data needs to be tracked because if that feature.

Reproduces how often:

Every site visit on at least two machines with long lasting existing profile.

Brave version (brave://version info)

Version 1.60.110

Version/Channel Information:

Stable

• Can you reproduce this issue with the current release? -- No
• Can you reproduce this issue with the beta channel? -- N/A
• Can you reproduce this issue with the nightly channel? -- N/A

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields? - No
• Does the issue resolve itself when disabling Brave Rewards? - No
• Is the issue reproducible on the latest version of Chrome? - No Rewards related.

Miscellaneous Information:

[Miyayes]

Thanks. Some questions @RonnyTNL:

1. Did you enable Rewards in the past, and then only "disable" it by resetting Brave Rewards?
2. Are new entries/rows being written to the publisher_info_db while Rewards is not enabled? Or is it just that the data in publisher_info_db is not being cleared after a Rewards reset?
3. If new entries/rows are being actively written into publisher_info_db while Rewards is disabled, can you press the main browser hamburger menu > Tools > Task Manager, and look for BAT Rewards service (or related names), and see if that service is running?

Thanks. cc: @zenparsing

[RonnyTNL]

1. Don't think so, this profile started on "created_by_version": "77.0.69.132"
2. New entries are being written after I removed the complete file (when browser closed) have not touched reset yet as for that the GUI ends up in a "you have to enabled this feature first before you can get to that button" (see screenshot above).
3. Confirmed, the BAT rewards service is shown running.

[Miyayes]

Given that:

Can't reproduce on a VM with a fresh install.

I wonder if Ronny's browser profile could be in an unexpected state because it was created so long ago.

[RonnyTNL]

Hi @Miyayes

Would this have been a cosmetic issue I would not have an issue with recreating a fresh profile.
But given the fact that this has the potential to have a huge privacy impact on the loyal user base of long time Brave users I guess this justifies further investigation.

I can confirm this on at least 4 machines, of which 1 is not mine, 2 daily drivers, and 2 test machines (low browser use).
daily: "created_by_version":"77.0.69.132"
test: ""created_by_version":"74.0.64.75"
(other two not at hand atm).

Two that don't have this:
"created_by_version":"90.1.24.86"
"created_by_version":"94.1.30.87"

On the topic of VM reproduction, the problem is that my profiles have gone over every update (and corresponding code update/migration of these settings, and a fresh install upgrades just from e.g. 1.20 -> 1.60 so it doesn't touch all mitigating code in the middle possibly related to bug 926) so I'm afraid this test is not representative.

/cc @fmarier

[RonnyTNL]

Hi @Miyayes @rebron @fmarier

I'm sorry? How is this going to resolve the privacy impact of this 'issue'?

Has the privacy team been notified and has it reviewed this risk issue?

How are unknowning users supposed to fix this if they even don't know these stats are collected?

Can you run a one-time update to disable this and remove the collected data or something?
Did you run an inventory of how many users are affected?

[fmarier]

Can you run a one-time update to disable this and remove the collected data or something?

Finding the root cause is likely a very hard problem and so that work is not planned.
Instead, we're planning to do, as you suggested, some kind of cleanup (details TBD) that will cover existing users like you that somehow got into this unexpected situation.

[ShivanKaul]

@Miyayes just to confirm, we currently delete this on Rewards disablement right? publisher_info_db

[Miyayes]

@ShivanKaul For precision, "Rewards disablement" would be resetting the Brave Rewards feature. That is, pressing the "Reset" button, which returns the browser to a state as though the user never enabled Rewards before. When a user goes through the reset process, it deletes the publisher_info_db file completely. cc: @brave/rewards-client

@RonnyTNL Is there a chance you had some kind of database viewer (like SQLite browser) open when you deleted the publisher_info_db file? If so, it could've been written again because it was opened in a SQLite browser at the time.

[RonnyTNL]

I don't think so, all SQLite actions where taken on a closed database (no brave active) and no changes have been saved via SQLite browser.

After I had renamed the db file it got recreated on the next start of Brave which corresponds with the fact that the BAT Rewards service was still running and thus recreating the file with fresh content.

I went ahead with a profile and used the "Reset Brave rewards data" (despite the fact that the steps are illogical (need to enable to disable) and after that the BAT Rewards service is no longer running and the publisher_info_db is removed only a swap/journal file was left.

#"If new entries/rows are being actively written into publisher_info_db while Rewards is disabled, can you press the main browser hamburger menu > Tools > Task Manager, and look for BAT Rewards service (or related names), and see if that service is running?"