Summary

The PIA extension seems to be responsible for breaking access to github.com during login (and editing files from a repo in browser) which results in that document becoming unreadable with a 422 Status according to the network traffic.
This error only occurs when the PIA extension is enabled (Regardless of if it is currently active or not)

Steps to reproduce

PIA Chrome Extension (Version 2.1.1)
Chrome (80.0.3987.132)(64-bit)
Windows 10 (64-bit)

What is the current bug behaviour?

Whenever I attempt to login to github or modify a readme file and commit the changes the site throws errors regarding an invalid document submission (422 Status according to Chrome's network dev tool).

What is the expected correct behaviour?

I should be able to login to github, or perform the changes without being sent to an error screen.

Relevant logs and/or screenshots

github.txt

Does the extension use any type of encryption?

Could you provide releases? It would make the installation process much easier.

https://github.com/pia-foss/extension-chrome/releases

Summary

Steps to reproduce

extension auto-updated by Chrome

What is the current bug behaviour?

icon not visible in Chrome extension bar

What is the expected correct behaviour?

icon visible and functional

Assignees and labels

~ Linux
~ version 3 from the Chrome store
~ Ubuntu 18.04

Why isn't the public version 3 available on the repository?

Summary

I am unable to access any pages on Twitter if the extension is enabled.

Steps to reproduce

1. Sign in to PIA and activate the extension.
2. Go to https://twitter.com/ and log in.
3. Visit any Twitter account such as PIA's - https://twitter.com/buyvpnservice

What is the current bug behaviour?

(What actually happens).
I get the following text:

If you’re not redirected soon, please use this link.

What is the expected correct behaviour?

(What you should see instead).

PIA's Twitter page.

Relevant logs and/or screenshots

I enabled logging on the extension and tried to go to the Twitter page again and this is the entire log: 🤷‍♂️

debug mode: enabled.

Below is a screenshot of what the page looks like.

Note that non-authenticated users can view the site fine, view tweets, and go through the login process. It is only once you are authenticated that things go wrong.

I cleared my cache, cookies, localstorage and nothing resolved the issue. Then I looked at the PIA extension, disconnected it and Twitter immediately started working again. I added twitter.com and *.twitter.com to the bypass list but this is seemingly not enough as, when I connected again, Twitter ceased working once more.

Looking at my network tab, two requests were made. One to https://twitter.com/buyvpnservice and another to https://twitter.com/push_service_worker.js. Both result in a 200 HTTP status code.

Possible fixes suggested remediation

I assume that, like Netflix, there is a magic domain not related to twitter.com which allows twitter to suddenly work, but I'm not currently aware of it, and I can't see any requests being refused.

Assignees and labels

~bug ~Windows

Summary

Are there major limiting factors that prevent this chrome extension from having the region list that looks similar to the windows PIA application? On the windows application the region list has many more regions including Ukraine, Mexico, and many other countries. On the chrome extension however these same regions are not accessible to me. Is this a design choice or a code choice that maybe I'm missing? Why this is the case and would fixing this be a small refactor?

If adding more regions would not be a major refactor in the code base I might consider taking a swing at it and opening a PR to accomplish this.

Thanks for your time!

Just looking at the source code and associated commit message it is not possible to tell what Chrome bug is the cause of the only TODO in your codebase. External contributors might be willing to help, but without this context it is not possible.

Welcome to the FOSS world 👋

The setup instructions provided in the readme appear to be for non-Windows machines.

There is no ability to execute ./script/setup on Windows, and looking at the script itself, it appears to be Perl.

Is there a Windows alternative for setup instructions? I otherwise have all other stated requirements.

A significant portion of the code recently released was written by me (the move to webpack, the https integration, etc). Said code was not released while I still worked there, but it seems unprofessional to overwrite my commits (and those of my manager) and take credit away from the authors.

Summary

This repository was last updated on May 31, 2021, as well as the latest GitHub release, which is version 3.1.0, while the current PIA VPN chrome extension was last updated on July 18, 2023, and the latest release is version 3.2.0, according to the chrome web store. PIA VPN website states that PIA VPN apps are 100% open-source multiple times, but the chrome extension source code isn't updated, which makes those statements misleading and untrue because only some parts of PIA VPN are open-source and have their respective GitHub repositories updated.

Steps to reproduce

1. Go to the Private Internet Access website;
2. Go to the bottom of the site and click in "Chrome VPN", in the "PIA Apps" section;
3. Scroll the page until you find this marketing sentence: "Our VPN apps are 100% open-source so you can see for yourself we have nothing to hide."
4. To verify PIA's claims, go to GitHub, search for "pia-foss", filter by "Users" and you will find PIA's official GitHub profile;
5. Click in "Private Internet Access - Free and Open Source Software" profile;
6. Look for the "extension-chrome" repository among the profile's repositories;
7. Click in "extension-chrome";
8. Notice that the lats release in the release section is the 3.1.0 from May 31, 2021;
9. In another tab, go to the chrome web store and search for "Private Internet Access";
10. Find the extension and click in it;
11. Scroll until you find the extension's version number (currently 3.2.0) and the date from the latest update (currently July 18, 2023);
12. Understand that the extension's current source code isn't published in GitHub, only the source code from an old version.

What is the expected correct behaviour?

The current chrome extension's source code should be available in the "pia-foss/extension-chrome" repository in GitHub and the latest source code and extension releases in GitHub would be similar with the current chrome extension release in the chrome web store.

Possible fixes suggested remediation

Update the Private Internet Access chrome extension's source code in this GitHub repository and provide the latest extension and source code releases for this chrome extension in the releases section of this GitHub repository. Another solution is to clarify in PIA VPN's website that only some of its apps are open-source and exactly which ones, and consequently archive this repository. In fact, I think that the website shouldn't state that all PIA VPN apps are open-source until they really are.

Summary

I am unable to connect to any endpoints following an update to v2.1.0.

Steps to reproduce

(Please provide detail steps).

1. Ensure that the extension is up to date.
2. Try to connect to an endpoint.
3. Wait for a minute or two, or however long it is before you get bored.
4. Try to connect to a different location.
5. GOTO 3.

What is the current bug behaviour?

(What actually happens).

I am unable to connect. If I choose a different location, I get the following error in the console:

Uncaught (in promise) TypeError: Invalid invocation at chrome-extension://jplnlifepflhkbkgonidnobkakhmpnmh/js/background.js:5869

Full error information is below.

What is the expected correct behaviour?

(What you should see instead).

I should be able to connect to the VPN.

Relevant logs and/or screenshots

The below comes from the console.

foreground.js:8117 Uncaught (in promise) TypeError: Invalid invocation
    at chrome-extension://jplnlifepflhkbkgonidnobkakhmpnmh/js/background.js:5869
    at new Promise (<anonymous>)
    at proxy_BrowserProxy.set (chrome-extension://jplnlifepflhkbkgonidnobkakhmpnmh/js/background.js:5867)
    at proxy_BrowserProxy.enable (chrome-extension://jplnlifepflhkbkgonidnobkakhmpnmh/js/background.js:6182)
    at RegionListItem_RegionListItem.onClick (foreground.js:8117)
    at Object.ca (foreground.js:3023)
    at ja (foreground.js:3024)
    at ka (foreground.js:3024)
    at wa (foreground.js:3026)
    at Aa (foreground.js:3027)
(anonymous) @ chrome-extension://jplnlifepflhkbkgonidnobkakhmpnmh/js/background.js:5869
set @ chrome-extension://jplnlifepflhkbkgonidnobkakhmpnmh/js/background.js:5867
enable @ chrome-extension://jplnlifepflhkbkgonidnobkakhmpnmh/js/background.js:6182
onClick @ foreground.js:8117
ca @ foreground.js:3023
ja @ foreground.js:3024
ka @ foreground.js:3024
wa @ foreground.js:3026
Aa @ foreground.js:3027
ya @ foreground.js:3027
Da @ foreground.js:3030
Ad @ foreground.js:3093
Gi @ foreground.js:3259
Kb @ foreground.js:3048
Dd @ foreground.js:3095
(anonymous) @ foreground.js:3260
exports.unstable_runWithPriority @ foreground.js:3315
Ii @ foreground.js:3260
Cd @ foreground.js:3094
async function (async)
onClick @ foreground.js:8117
ca @ foreground.js:3023
ja @ foreground.js:3024
ka @ foreground.js:3024
wa @ foreground.js:3026
Aa @ foreground.js:3027
ya @ foreground.js:3027
Da @ foreground.js:3030
Ad @ foreground.js:3093
Gi @ foreground.js:3259
Kb @ foreground.js:3048
Dd @ foreground.js:3095
(anonymous) @ foreground.js:3260
exports.unstable_runWithPriority @ foreground.js:3315
Ii @ foreground.js:3260
Cd @ foreground.js:3094

The extension debug log produces the following output over and over again.

exclusions value: [object Object]
typeof exclusions: object
https-upgrade/rulesets#applyRuleset: invalid exclusions
https-upgrade: secured cookie "ecos.dt" for ".www.bbc.co.uk"
https-upgrade: attempting to secure cookie: ecos.dt
https-upgrade: secured cookie "ecos.dt" for ".www.bbc.co.uk"
https-upgrade: attempting to secure cookie: ecos.dt
https-upgrade: secured cookie "ecos.dt" for ".www.bbc.co.uk"
https-upgrade: attempting to secure cookie: ecos.dt
https-upgrade: secured cookie "ecos.dt" for ".www.bbc.co.uk"
https-upgrade: attempting to secure cookie: ecos.dt

Possible fixes suggested remediation

Assignees and labels

( please add labels as applicable )
~bug ~confirmed
~feature ~suggestion
~Windows ~Linux ~OSX
~Emergency ~Major ~Minor
%"milestone"
/cc @dev /assign @tester

• Patched
• Verified patch

Summary

Steps to reproduce

(Please provide detail steps).

Ensure you have v2.1.0

What is the current bug behaviour?

(What actually happens).

I am asked if I wish to allow the extension access to my entire browser history.

What is the expected correct behaviour?

(What you should see instead).

A VPN extension should not concern itself with my browser history.

Relevant logs and/or screenshots

Possible fixes suggested remediation

Remove the requirement for the browser history permission to be given, as there is no explanation for it in the changelog and, as per your recent reviews it seems that others have a problem with it as well.

Assignees and labels

( please add labels as applicable )
~bug ~confirmed
~feature ~suggestion
~Windows ~Linux ~OSX
~Emergency ~Major ~Minor
%"milestone"
/cc @dev /assign @tester

• Patched
• Verified patch

Microsoft Edge is the second most used browser on the web, making the browsing experience more flexible, offering many more services for users and optimized for Windows devices.

Microsoft Edge supports Chromium extensions, and you can publish your extensions to Microsoft Edge Add-ons website with minimal code changes. Find out more here.

If you have any more queries about porting Chrome extension to Microsoft Edge or anything else, you can contact the relevant teams whose links are given here.

Let me know if this was helpful. I am happy to help you with more details.