Incredible but true: a customer of mine “couldn’t” download a shared ZIP file using Nextcloud File app, on a subdomain with a valid SSL certificate (Le’ts Encrypt), because the browser Google Chrome alert about the RISK of download such a file (???).
This is an screenshot of the message & blocking by the browser, and the super-little and HIDDEN button to let the user download the file.
Sincerely, am i the unique angried with this exaggerated alert messages to the users? Furthermore, the same action of download the same file on Firefox and Iridium Browser (!) don’t cause this “effect”. So i’m really suspicious about a possible BOYCOT T (sabotage) from Google to other suites like Nextcloud, clearly a competitor of GoogleDrive.
Incredible… so many decades talking bad about monopolistic techniques of Microsoft, and now the “don’t be evil company” is the master of…
Note: i’m not very sure if i should share these kind of questions, deliberations, on this forum, please, don’t hesitate to guide to me in this sense. I’m a newbie on this community forum.
I shared this experience, because my scared customer wrote to me ASKING ME PLEASE to share with her the file directly with a ZIP direct dowload URL, as i usually did before to use Nextcloud.
I discovered Nextcloud less than 3 weeks ago and i’m in love with it. So i’m using it installed on a VPS, learning to use it. So progressively i’m using it with customers (Talk app is simply wonderful!!).
Specifically, in this ZIP file i was sharing with my accountant (sorry, she is my provider, no my customer! hehehe) the accountancy files of my last 2 months. Hehe, although you’re thinking about it: it’s IMPOSSIBLE to give this “kind of people” a shared access to the XLS files (i’ve installed OnlyOffice too) or the folders in Files app… this kind of “collaborative work methods” are still 2 light years away for the “normal people”. At least on my country. For this reason, although the files zipped are already stored and edited on my Nextcloud, i decided to “simply” share a ZIP file for download. And even then there have been technical problems along the way!
So -maybe being a bit stubborn- i decided not to give up to share my PRIVATE DATA without using Nextcloud and his password-protected download (and with expiry date) and i adopted a “didactic tone” in my answer to her, and i explained with screenshots how to download the file and assuring her that IT REALLY THERE IS NOT RISK on download that file. Sincerely… i’ve not received yet a confirmation by her about the successful download. I hope yes.
So, i think that there are probably more people in this forum which has experienced THE SAME SITUATION. Please, share your thoughts in this sense. Do you react/response in another different way than this mine? I recognize that sometime i’m quite rude or abrupt with third people. So i really would like to read other ways to see this matter.
Thanks in advance!
I have tested with edge44.18362, chrome75, firefox68 and 690b3. The only message is to open the zip or to save it
This is not nextcloud related.
This is blocked by chrome because of security option freaking stupid now !
Easy fix is:
- 3 dots menu ( top right )
- Sync and Google services,
- Safe Browsing - Protects you and your device from dangerous sites (Disable it)
Hello @stratege1401 , in my computer i’ve Ubuntu 18.04.02 and i have always updated all the sowftare. Specifically Google Chrome is version 75.0… 64 bits. I don’t know what version is using my accountant, but i suspect that Chrome for Windows, and she has the same problem.
I found an interesting clue
I’ve created 2 shared ZIP links on my Nextcloud instance to ask you to try to download, and i realized now that one of them cause the alert and the other one not !! The alert only arise when the ZIP file contain an spreadsheet file ! Although in this case it’s a simple text with an image embedded (i created it just for this testing):
This cause alert:
Note: use password “1234”
Thanks for your time and interest!
no “alarm” on both using ff 67.04 (64)
no alarm while downloading. but if you’d check the download-butto you’ll get a message that both files arent downloaded very often and so could contain a virus… BOTH files.
i downloaded both files (with ffox-66.0-ESR on gentoo-x86) and there was no “alarm” whatsoever. this is obviously a client-side problem - only Google Corp. decides and knows what Google Corp.'s browser does. there is also the issue of other client side software (add-ons and “anti-virus”).
it might be possible to circumvent this problem by just changing the file-extension (eg. txt), but then you also have to get the user to change it back.
maybe you can generate some revenue checking the client-computer/-software directly.
test both link with the test browser i use.
No warning whatsoever.
Both browser have been install from official source. Not from the app microsoft wallet for my w10pro machine.
Tested also on a debian buster laptop. No warning etheir.
Have you check the gpedit.msc rules ?
I cannot replicate this on my FF75 (on Ubuntu 18.04). I means: it never doesn’t show to me some kind of alert or warning, neither when i donwload the file or when i try to open it instead or when i download it and afterwards i open it. I think that i tested all these combinations.
I agree with @pete.dawgg that at the end it depends a lot on the browser security-privacy settings, and obviously if you have plugins or anti-malware software installed on your local machine.
So concluding, i would say that the only thing we can do is to “alert” (to tell) the people we are sharing files to, that their browser can show this kind of “discouraging” messages alerting of the risk. Maybe Nextcloud File app interface could include a little text node in cursive under the download link remembering this possibility to all users trying to download the file.
Indeed, @pete.dawgg, the chrome alert message usually appears when it’s a ZIP file and containing XLS documents, or similar type documents that we know are typically used when malware is embedded on documents. You know: viral macros, etc…
In some way is prudent to alert users. But i don’t agree with the exaggerated message, neither with the DIFFICULT to find the way to continue with download (so little button).
Sorry, I know this is not helpful, but I can’t resist the urge to say… don’t use Google Chrome.
Is it possible that antivirus is actually blocking the file rather than the browser?
I get an alert on the first, and no alert on the 2nd download. So i can confirm your observation with Google Chrome Version 75.0.3770.100 64bit on Windows 10 (1903).
I don’t have any anti virus installed (besides windows defender of course). This is a Google thing. You can click on the download and show more information
I didn’t like too Google Chrome. It is the person with i shared my file on Nextcloud who is using Chrome. Unfortunately, G.Chrome has easily a quote of use of 60% in front of a tiny 10% of Firefox?
I prefer Firefox, obviously. For the freedom part, and also to avoid monopolistic use of Chrome. I didn’t like monopolies
No, it’s not a problem of antivirus. I have no antivirus installed on my Ubuntu desktop OS.
Chrome browser is one of the best browsers which i have run. Fixed kodak printer not printing black ink helped me to get the WinRAR files downloaded.
I totally agree with you.
Now Firefox is start doing the same for all ZIP files downloaded from Nextcloud. I think this case is even worst because this is a non-profit Foundation going against freedom and open source privacy-care alternatives.
What can we do about it? I’m in.