Brave connects to accounts.google.com on launch for no reason?

Description of the issue:
Why is it necessary for Brave to connect to accounts.google.com when I launch Brave with a blank window?

Steps to Reproduce (add as many as necessary): 1. 2. 3.
Launch Brave with a blank window

Actual Result (gifs and screenshots are welcome!):
Brave makes connection to accounts.google.com

Expected result:
Brave should not connect to any third parties website on its own

Reproduces how often:
Every time I launch Brave

Operating System and Brave Version(See the About Brave page in the main menu):
macOS 10.15.7
Version 1.17.73 Chromium: 87.0.4280.67 (Official Build) (x86_64)

What software did you use to detect this connection?

Little Snitch.

The problem is still occuring as of Brave Version 1.17.75 Chromium: 87.0.4280.88 (Official Build) (x86_64)

Interesting. Unfortunately my MacBookPro is broken and I can’t check what happens with Brave for macOS. I wonder what the staff has to say about this, though.

@kg3,
Thanks for reporting.
Can you tell me if you have any extensions installed in the browser at this time? Additionally, do you have Sync enabled for the browser?

The only extensions was 1Password. Brave is still connecting to accounts.google.com after I removed the extension.

No sync.

The problem is still happening as of 1.18.70 Chromium: 87.0.4280.101 (Official Build) (x86_64)

Hello, @kg3! Can you check to see if a new profile shows similar traffic? To create a new profile, click on the ☰ at the top-right of Brave, and select Create a New Profile. With that profile opened (and all other profiles closed), do you still see the calls to accounts.google.com?

Also, can you share the request/response for these requests? Please remove any sensitive information, should there be any.

I checked a new profile, and found no connections to accounts.google.com. Only the connections we expect to see Brave make when it launches:

image2896×1666 391 KB

We do have an issue with Sync, which would issue an empty call out to accounts.google.com. If you had enabled Sync in the past, you might have seen that call. You can track progress and developments on that issue here: https://github.com/brave/brave-browser/issues/12984.

Thank you for your reply. I did not see a request to accounts.google.com when I use a new profile. Although I don’t remember ever enabling sync in the past, that’s probably it. Glad to know that a fix is in the works.

Do you still need the “request/response”? And how do I obtain this information?

There is another thing. When I used a new profile, the blank tab showed the “binance” and “gemini” cards by default. When I clicked the “…” to hide those cards, requests were made to binance.com and gemini.com. These requests should not have happened. I hope this too will be fixed. Thanks!

No request/response needed. I’m not sure if Little Snitch offers that level of insight (using it here was my first experience with the program). Typically, I use Fiddler Classic for these types of inspections ^{1, 2}. It is not directly supported on macOS, so I route my macOS traffic through a Windows PC and inspect the traffic there. They do have Fiddler Everywhere, which supports macOS, if I’m not mistaken (but the last time I tested it, it hadn’t yet achieved feature-parity with Classic).

I took a look at the binance/gemini issue. It appears no network calls are made when you click the …, but a network call is made when you actually hide the widget. For both, we issue a token-revocation call, since the user is indicating they no longer wish to use the widget/service. For users who have never used the service to begin with, the revoke-token calls contains no token. We could probably make this call only if a token exists, otherwise simply hide the element.

Thanks! I filed an issue for this behavior.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.