Command line automatically included in bug report, violating user's privacy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apport (Ubuntu) |
Fix Released
|
High
|
Martin Pitt |
Bug Description
Binary package hint: apport
I used the "Help -> Report a problem" menu item in gedit to report bug #132788. The command line of my gedit process was automatically included in the bug report. The command line contained the pathname of a file that I clicked to open that particular instance of gedit earlier.
So the pathname of an unrelated file on my computer has been accidentally included in a public bug report. The pathname is hard to notice in the bug report text for a unsuspecting user, and no preview or warning about privacy issues were given. Moreover, the pathname cannot be easily removed from the bug report text: even after editing the bug description, the original report is still publicly available.
That behavior of the bug reporting system does not respect the reporter's privacy.
Making the bug visible to its subscribers only is a poor solution for this. It limits the access to the bug without any good technical reason. Even worse, it works only if the user has noticed her private filename visible to anyone in the first place.
A proper fix for this should show a preview of all the debugging information being submitted. The fix would allow the user to exclude any fields that can violate her privacy before submitting her bug report via the net.
I assigned this bug to apport to have my version details automatically included here. It might be as well fixed in Launchpad, but that has the shortcoming that private information has to be first transmitted to Launchpad before the user has a chance to mark it as private. So it would be still potentially disclosed to Launchpad maintainers, the guys who managed to secretly own Launchpad, and those who can eavesdrop SSL sessions using some 0day protocol flaws or whatever.
ProblemType: Bug
Architecture: i386
Date: Thu Aug 16 01:23:49 2007
DistroRelease: Ubuntu 7.04
Package: apport 0.76.1
PackageArchitec
SourcePackage: apport
Uname: Linux chronos 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux
I definitely agree .
<quote>
A proper fix for this should show a preview of all the debugging information being submitted. The fix would allow the user to exclude any fields that can violate her privacy before submitting her bug report via the net.
</quote>
well, showing to an common end user, all debugging information can be really scary. But we need to analyze and to distinguish type of informations that could touch to the user privacy , then ALWAYS ask him if he wanted to modify the informations (concealing them for instance) but he needs to be aware that in some case the exact information is mandatory to investigate.
But we shouldn't allow complete removal of the information (just modification).
in some case , private informations are embedded in the stack Trace. Those cases are really difficult to address.
NOTE [for QA] : this bug importance should be set to High or Serious as privacy is a really important subject for Users