ProcMaps.txt may contain private information such as username

Fri Jul 27 17:09:50 UTC 2012

Hi Fred,

On 27/07/12 17:56, Fred . wrote:
> [...]
> Disclosing the username is not much of a threat, but it was not
> apparent to the user reporting the bug that hes username would be
> announced.

Apport actually gives you chances to check the information you submit. 
Also, for some special packages, you will be explicitly asked to attach 
some optional files. For example, if you try to file a bug against 
compiz you will be asked this question:

   Your display manager log files may help developers diagnose the bug,
   but may contain sensitive information such as your hostname.  Do you
   want to include these logs in your bug report?

> [...]
> The user have a expectation that he reports a bug, not sending
> personal identifiable information. This may trigger spyware
> allegations.

I do not agree: whenever you file a bug you are forced to publish 
personal information about you. Just the fact that you have filed a bug 
against a package means that you have installed and used it.

Also, the information that is attached to bug reports is not meant to 
spy you, but to help triagers and developers debug and fix the issue. In 
many cases a simple list of steps to reproduce the bug isn't enough to 
reproduce it.

> Imagine if Microsoft did this, "Microsoft's bug report software
> includes spyware that secretly collects personal identifiable
> information!" and there would be a huge backlash.

Every bug reporting tool must collect some information about what 
happened and in which circumstances. A report containing just the phrase 
"application does not work" cannot help anybody fixing the issue.

> If Apport detects any personally identifiable information, it should
> scrub it before sending it to Launchpad.

The problem here is that 1. it's not that easy to know whether an 
information is private; and 2. sometimes the key of the issue is 
contained in such private information.

Again, think for example of compiz: many times knowing which graphics 
card is mounted on your computer is *essential* to debug the issue.

> A prerequisite for being a good Ubuntu user who reports bugs is that
> it is trusted to not collect any personally identifiable information.
> Many users disable bug reporting for these reasons. As well does many
> companies as a company-wide policy.

This is something we know and accept. However, one complete bug report 
is much much better that thousands vague reports. Nobody forces you to 
report bugs; if it is not obvious, then it means that the wording of 
apport & co. is not clear enough.

> Please automatically replace all occurrences of $USER and $HOSTNAME
> with a dummy string prior to sending the data to Launchpad.

The username and the hostname are just two small examples of private 
information. There are many other information that might be uploaded; 
detecting and replacing them is not that easy and sometimes it is not 
even possible.

In short: the information collected by Apport is essential (to be 
honest, sometimes it is not enough).
If it's not clear that your bug reports may contain sensible 
information, than Apport should be improved to tell you that.
If it's not clear how to review and remove sensible information from bug 
reports, than the UI of Launchpad should be improved to make it more 
obvious.

I hope to have resolved all your concerns. By the way, thanks: 
suggestions and feedback -- in any form -- are always appreciated.