ProcMaps.txt may contain private information such as username

Fred . eldmannen at gmail.com
Mon Jul 30 18:20:16 UTC 2012 

Yeah, users can look what is being submitted.
On one hand, the user really wants to submit that bug and help out.
On the other hand, the user does not want to reveal PII and compromise
his privacy.

The user is nice enough to take the time to report a bug, he it
putting in effort and time.
Why should he have to sacrifice his privacy too?

What reasonable actions can we take to prevent PII leakage?
If we cant get rid of all PII leakage, maybe we can at least reduce it.

What measures can we take to increase privacy, decrease PII leakage, while not
reducing the quality of the report?

Could $USER and $HOSTNAME be assigned something else to the Apport process?

On Mon, Jul 30, 2012 at 7:45 PM, Thomas Ward
<trekcaptainusa.tw at gmail.com> wrote:
> You mean from humans going through with a fine toothed comb, and having more
> than one user look at it?
>
> I work in IT Security, i can identify PII relatively easily.  Part of my job
> is to identify instances of PII leakage, whether accidental or maliciously.
> I can spot those things.  Likely, most of Bug Control can identify that as
> well.
>
> As I've said and at least one other person has said on this email chain, I
> think the likelihood of PII leakage falls upon two groups of people: the
> competency of people on the team(s) that can see the private bugs, and the
> competency of the user who is submitting the data to actually *look* at
> what's being submitted.  I believe apport should better identify the risk of
> submitting the information, making a note that PII might be in the report.
> I still believe that autoremoving these items is not a good idea.
>
> Even then, if I thought it *were* a good idea, there's a feasibility issue
> here, of how to automatically identify and remove the information.  How are
> we going to identify *every variation* of how PII shows up?  How're we going
> to remove that PII without any side-effects (see the 'go' example in the
> email chain)?
>
> I also personally believe that the likelihood of any true PII leakage is at
> or near zero.  Most of the responsibility falls on the users themselves to
> say "Do I really want to include this information?", and if so then that's
> the end of it, otherwise they have to go through and decide whether they
> really want to include the information.
>
> (I might be restating my opinions, but from my perspective as someone who
> works with PII fairly often, and as a programmer, there is a "feature
> feasibility" issue here)
>
>
> -----------
> Thomas
>
>
> On Mon, Jul 30, 2012 at 12:40 PM, Fred . <eldmannen at gmail.com> wrote:
>>
>> Well then just modifying $USER and $HOSTNAME maybe work?
>>
>> What options do we have for improving privacy and prevent PII leakage?
>>
>> On Mon, Jul 30, 2012 at 6:01 PM, Claudio Moretti <flyingstar16 at gmail.com>
>> wrote:
>> > On Mon, Jul 30, 2012 at 3:50 PM, Fred . <eldmannen at gmail.com> wrote:
>> >>
>> >> You wouldn't search and replace for just "go", you would include the
>> >> directory separator and search for "/go/", and probably even include
>> >> home there and search for "/home/go/"
>> >> So a stacktrace should be no problem.
>> >
>> >
>> > Sure, but you won't be able to replace strings that contain only the
>> > username, and the user at hostname:pwd string too..
>> >
>> > Claudio
>>
>> --
>> Ubuntu-bugsquad mailing list
>> Ubuntu-bugsquad at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad
>
>

More information about the Ubuntu-bugsquad mailing list