Just saw this PR on GitHub, and Brave is officially creating their own email aliasing service for their browserđ
brave:master â brave:issues/43115
[[puLL-Merge](https://github.com/brave/pull-merge)] - [brave/brave-core@27127](h⌠ttps://github.com/brave/brave-core/pull/27127)
### Description
This PR introduces a new Email Aliases feature to Brave Browser. It adds functionality for users to create, manage, and use email aliases to protect their primary email address. The feature includes a new settings page, a bubble interface for creating aliases, and integration with Brave's existing systems.
### Possible Issues
1. The implementation relies on external services (accounts.bsg.bravesoftware.com and aliases.bsg.bravesoftware.com) which may introduce dependencies and potential points of failure.
2. The hardcoded API key (kBraveApiKey) in the code could pose a security risk if exposed.
### Security Hotspots
1. The use of a hardcoded API key (kBraveApiKey) in the code. This should be stored securely and not in the source code.
2. The handling of user authentication tokens and session management. Ensure proper encryption and secure storage of these sensitive data.
3. The implementation of network requests to external services. Ensure proper error handling and input validation to prevent potential vulnerabilities.
<details>
<summary><i>Changes</i></summary>
### Changes
1. app/brave_command_ids.h:
- Added new command IDs for showing email aliases and creating new email aliases.
2. app/brave_generated_resources.grd:
- Added new string resources for email aliases feature UI elements.
3. app/brave_settings_strings.grdp:
- Added new string resources for email aliases settings page.
4. browser/about_flags.cc:
- Added a new feature flag for email aliases.
5. browser/brave_browser_features.cc and .h:
- Added a new feature flag definition for email aliases.
6. browser/brave_local_state_prefs.cc and browser/brave_profile_prefs.cc:
- Added registration for email aliases preferences.
7. browser/resources/settings/brave_autofill_page/brave_autofill_page.ts:
- Added navigation to email aliases settings page.
8. browser/resources/settings/brave_overrides/autofill_page.ts:
- Added UI elements for email aliases in the autofill settings page.
9. browser/resources/settings/email_aliases_page/:
- Added new files for implementing the email aliases settings page UI.
10. browser/ui/views/email_aliases_bubble_view.cc and .h:
- Implemented a new bubble view for creating email aliases.
11. browser/ui/webui/brave_settings_ui.cc:
- Added email aliases handler to the settings UI.
12. browser/ui/webui/brave_web_ui_controller_factory.cc:
- Registered the email aliases bubble UI.
13. browser/ui/webui/settings/brave_email_aliases_handler.cc and .h:
- Implemented the handler for email aliases WebUI operations.
14. components/email_aliases/browser/:
- Added new files for email aliases preferences and constants.
15. components/resources/brave_components_resources.grd:
- Added references to new email aliases resources.
```mermaid
sequenceDiagram
participant User
participant BrowserUI
participant EmailAliasesHandler
participant MappingService
participant ExternalAPI
User->>BrowserUI: Request Email Alias Creation
BrowserUI->>EmailAliasesHandler: Show Email Aliases Bubble
EmailAliasesHandler->>MappingService: Generate Alias
MappingService->>ExternalAPI: API Request
ExternalAPI-->>MappingService: Return Generated Alias
MappingService-->>EmailAliasesHandler: Return Generated Alias
EmailAliasesHandler-->>BrowserUI: Display Generated Alias
User->>BrowserUI: Confirm Alias Creation
BrowserUI->>EmailAliasesHandler: Create Alias
EmailAliasesHandler->>MappingService: Create Alias
MappingService->>ExternalAPI: API Request
ExternalAPI-->>MappingService: Confirm Alias Creation
MappingService-->>EmailAliasesHandler: Confirm Alias Creation
EmailAliasesHandler-->>BrowserUI: Update UI
BrowserUI-->>User: Display Confirmation
```
</details>
4 Likes
fria
January 7, 2025, 5:28am
2
Thatâs awesome! Hope they start moving away from crypto and more toward services like this for their business model.
1 Like
Theyâre considering releasing Brave Pro as a $3 a month subscription with all the crypto stuff and extra features removed. Iâm interested if theyâre going to follow through on that, and if it would be successful.
1 Like
fria
January 7, 2025, 5:35am
4
Itâs something I guess but Iâd rather have it all gone by default lol.
fria:
crypto
Why crypto is bad? Many open-source project can not earn enough money via their business model. If they donât have idea to earn enough money what is bad if they use an fully anonymized, libre, client side crypto-miner ? what bad of this?
Iâm not talking specifically for Brave browser.
Im really curious what we will do if signal project will not donated by 1 person with million dolarsâŚ
fria
January 7, 2025, 6:11am
6
Mainly I have a problem with Braveâs own crypto scheme with their own ad network and everything, even if itâs optional. Also including a bunch of crypto software ootb isnât great either for UX or attack surface. Cryptocurrency in general can be good, like you said some projects rely on it for funding.
ph00lt0
January 7, 2025, 7:41am
7
I just hope it will not interfere with addons of third party password managers.
1 Like