ProcMaps.txt may contain private information such as username

Thomas Ward trekcaptainusa.tw at gmail.com
Fri Jul 27 17:27:58 UTC 2012 

(For the record, "PII" means personally identifiable information, whether
computer-identifiable or otherwise)

As Andrea said, there is *tons* of other PII in reports, and having that
information can sometimes make a more complete bug report.  It is part of
the duties of those who analyze the private bugs which contain PII to
identify and remove such things before making a report public.

There's no way to remove every individual piece of PII automatically,
there's too many variations of what it would look like.  This is why people
who understand what *is* PII go through these reports.

Argue what you want, but I think you're beating a dead horse at this
point.  It's not likely this'll be implemented, in my opinion (nor do I
support automatic removal).




On Fri, Jul 27, 2012 at 1:18 PM, Fred . <eldmannen at gmail.com> wrote:

> Okay, but I still argue for at least automatically replace all
> occurrences of $USER and $HOSTNAME with a dummy string prior to
> sending the data to Launchpad.
>
>  On Fri, Jul 27, 2012 at 7:09 PM, Andrea Corbellini
> <corbellini.andrea at gmail.com> wrote:
> > Hi Fred,
> >
> > On 27/07/12 17:56, Fred . wrote:
> >>
> >> [...]
> >> Disclosing the username is not much of a threat, but it was not
> >> apparent to the user reporting the bug that hes username would be
> >> announced.
> >
> >
> > Apport actually gives you chances to check the information you submit.
> Also,
> > for some special packages, you will be explicitly asked to attach some
> > optional files. For example, if you try to file a bug against compiz you
> > will be asked this question:
> >
> >   Your display manager log files may help developers diagnose the bug,
> >   but may contain sensitive information such as your hostname.  Do you
> >   want to include these logs in your bug report?
> >
> >> [...]
> >> The user have a expectation that he reports a bug, not sending
> >> personal identifiable information. This may trigger spyware
> >> allegations.
> >
> >
> > I do not agree: whenever you file a bug you are forced to publish
> personal
> > information about you. Just the fact that you have filed a bug against a
> > package means that you have installed and used it.
> >
> > Also, the information that is attached to bug reports is not meant to spy
> > you, but to help triagers and developers debug and fix the issue. In many
> > cases a simple list of steps to reproduce the bug isn't enough to
> reproduce
> > it.
> >
> >> Imagine if Microsoft did this, "Microsoft's bug report software
> >> includes spyware that secretly collects personal identifiable
> >> information!" and there would be a huge backlash.
> >
> >
> > Every bug reporting tool must collect some information about what
> happened
> > and in which circumstances. A report containing just the phrase
> "application
> > does not work" cannot help anybody fixing the issue.
> >
> >> If Apport detects any personally identifiable information, it should
> >> scrub it before sending it to Launchpad.
> >
> >
> > The problem here is that 1. it's not that easy to know whether an
> > information is private; and 2. sometimes the key of the issue is
> contained
> > in such private information.
> >
> > Again, think for example of compiz: many times knowing which graphics
> card
> > is mounted on your computer is *essential* to debug the issue.
> >
> >> A prerequisite for being a good Ubuntu user who reports bugs is that
> >> it is trusted to not collect any personally identifiable information.
> >> Many users disable bug reporting for these reasons. As well does many
> >> companies as a company-wide policy.
> >
> >
> > This is something we know and accept. However, one complete bug report is
> > much much better that thousands vague reports. Nobody forces you to
> report
> > bugs; if it is not obvious, then it means that the wording of apport &
> co.
> > is not clear enough.
> >
> >> Please automatically replace all occurrences of $USER and $HOSTNAME
> >> with a dummy string prior to sending the data to Launchpad.
> >
> >
> > The username and the hostname are just two small examples of private
> > information. There are many other information that might be uploaded;
> > detecting and replacing them is not that easy and sometimes it is not
> even
> > possible.
> >
> >
> > In short: the information collected by Apport is essential (to be honest,
> > sometimes it is not enough).
> > If it's not clear that your bug reports may contain sensible information,
> > than Apport should be improved to tell you that.
> > If it's not clear how to review and remove sensible information from bug
> > reports, than the UI of Launchpad should be improved to make it more
> > obvious.
> >
> >
> > I hope to have resolved all your concerns. By the way, thanks:
> suggestions
> > and feedback -- in any form -- are always appreciated.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-bugsquad/attachments/20120727/01c7f1d6/attachment-0001.html>

More information about the Ubuntu-bugsquad mailing list