Boot-repair uploads potentially sensitive information to a public website without user consent
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Boot-Repair |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
If you check the "create a BootInfo" summary option, Boot-Repair automatically uploads this information to http://
This is a public service which does not allow the uploader to delete posts.
The BootInfo contains potentially senstitive information including: mount point names (e.g. /home/myname), partition labels, grub config, raw dumps of filesystem data (including unknown filesystems - so there is no guarantee what the initial data is at all), /etc/fstab, disk UUIDs allowing easy correlation across sessions, and more.
Boot-Repair should:
- save to a local file by default, not the internet
- have an option to upload to a pastebin, but:
- describe the type of information that the report contains - getting explicit user consent
- support only uploading the BootInfo summary, which is unlikely to contain personally identifying or sensitive information
- choose an upload service that allows the submitter of the report to delete the report or has a clear, short expiry period
| information type: | Private Security → Public Security |
| YannUbuntu (yannubuntu) wrote | #1 |
| Changed in boot-repair: | |
| status: | New → Won't Fix |
Thank you Michael for the report.
Understand your concern, but this data is just "potentially" sensitive in some extreme situations. Nobody uses bank account as login and bank password as mountpoint ;)
Furthermore, the disclaimer in the the official website ( http://
+What does the BootInfo contain? https:/
"Check internet access" and "Participate to statistics of use" are unrelated to pastebin functionality.
B-R uses different pastebins: ubuntu, debian, paste2.org... if you know one which is reliable and allows to delete the report, would be glad to try it.
hope this helps.