ProcMaps.txt may contain private information such as username

Fri Jul 27 18:02:26 UTC 2012

Yes, things like hardware information is useful for a complete bug report.
But I doubt username and hostname would be necessary for a complete report.

Not all potential PII can, should or ought to be removed. But I do
think that the $USER and $HOSTNAME should definitely without a doubt
be scrubbed.

Why should $USER and $HOSTNAME not be automatically scrubbed?

On Fri, Jul 27, 2012 at 7:27 PM, Thomas Ward
<trekcaptainusa.tw at gmail.com> wrote:
> (For the record, "PII" means personally identifiable information, whether
> computer-identifiable or otherwise)
>
> As Andrea said, there is *tons* of other PII in reports, and having that
> information can sometimes make a more complete bug report.  It is part of
> the duties of those who analyze the private bugs which contain PII to
> identify and remove such things before making a report public.
>
> There's no way to remove every individual piece of PII automatically,
> there's too many variations of what it would look like.  This is why people
> who understand what *is* PII go through these reports.
>
> Argue what you want, but I think you're beating a dead horse at this point.
> It's not likely this'll be implemented, in my opinion (nor do I support
> automatic removal).
>
>
>
>
> On Fri, Jul 27, 2012 at 1:18 PM, Fred . <eldmannen at gmail.com> wrote:
>>
>> Okay, but I still argue for at least automatically replace all
>> occurrences of $USER and $HOSTNAME with a dummy string prior to
>> sending the data to Launchpad.
>>
>> On Fri, Jul 27, 2012 at 7:09 PM, Andrea Corbellini
>> <corbellini.andrea at gmail.com> wrote:
>> > Hi Fred,
>> >
>> > On 27/07/12 17:56, Fred . wrote:
>> >>
>> >> [...]
>> >> Disclosing the username is not much of a threat, but it was not
>> >> apparent to the user reporting the bug that hes username would be
>> >> announced.
>> >
>> >
>> > Apport actually gives you chances to check the information you submit.
>> > Also,
>> > for some special packages, you will be explicitly asked to attach some
>> > optional files. For example, if you try to file a bug against compiz you
>> > will be asked this question:
>> >
>> >   Your display manager log files may help developers diagnose the bug,
>> >   but may contain sensitive information such as your hostname.  Do you
>> >   want to include these logs in your bug report?
>> >
>> >> [...]
>> >> The user have a expectation that he reports a bug, not sending
>> >> personal identifiable information. This may trigger spyware
>> >> allegations.
>> >
>> >
>> > I do not agree: whenever you file a bug you are forced to publish
>> > personal
>> > information about you. Just the fact that you have filed a bug against a
>> > package means that you have installed and used it.
>> >
>> > Also, the information that is attached to bug reports is not meant to
>> > spy
>> > you, but to help triagers and developers debug and fix the issue. In
>> > many
>> > cases a simple list of steps to reproduce the bug isn't enough to
>> > reproduce
>> > it.
>> >
>> >> Imagine if Microsoft did this, "Microsoft's bug report software
>> >> includes spyware that secretly collects personal identifiable
>> >> information!" and there would be a huge backlash.
>> >
>> >
>> > Every bug reporting tool must collect some information about what
>> > happened
>> > and in which circumstances. A report containing just the phrase
>> > "application
>> > does not work" cannot help anybody fixing the issue.
>> >
>> >> If Apport detects any personally identifiable information, it should
>> >> scrub it before sending it to Launchpad.
>> >
>> >
>> > The problem here is that 1. it's not that easy to know whether an
>> > information is private; and 2. sometimes the key of the issue is
>> > contained
>> > in such private information.
>> >
>> > Again, think for example of compiz: many times knowing which graphics
>> > card
>> > is mounted on your computer is *essential* to debug the issue.
>> >
>> >> A prerequisite for being a good Ubuntu user who reports bugs is that
>> >> it is trusted to not collect any personally identifiable information.
>> >> Many users disable bug reporting for these reasons. As well does many
>> >> companies as a company-wide policy.
>> >
>> >
>> > This is something we know and accept. However, one complete bug report
>> > is
>> > much much better that thousands vague reports. Nobody forces you to
>> > report
>> > bugs; if it is not obvious, then it means that the wording of apport &
>> > co.
>> > is not clear enough.
>> >
>> >> Please automatically replace all occurrences of $USER and $HOSTNAME
>> >> with a dummy string prior to sending the data to Launchpad.
>> >
>> >
>> > The username and the hostname are just two small examples of private
>> > information. There are many other information that might be uploaded;
>> > detecting and replacing them is not that easy and sometimes it is not
>> > even
>> > possible.
>> >
>> >
>> > In short: the information collected by Apport is essential (to be
>> > honest,
>> > sometimes it is not enough).
>> > If it's not clear that your bug reports may contain sensible
>> > information,
>> > than Apport should be improved to tell you that.
>> > If it's not clear how to review and remove sensible information from bug
>> > reports, than the UI of Launchpad should be improved to make it more
>> > obvious.
>> >
>> >
>> > I hope to have resolved all your concerns. By the way, thanks:
>> > suggestions
>> > and feedback -- in any form -- are always appreciated.
>
>