ProcMaps.txt may contain private information such as username

Mon Jul 30 17:45:33 UTC 2012

You mean from humans going through with a fine toothed comb, and having
more than one user look at it?

I work in IT Security, i can identify PII relatively easily.  Part of my
job is to identify instances of PII leakage, whether accidental or
maliciously.  I can spot those things.  Likely, most of Bug Control can
identify that as well.

As I've said and at least one other person has said on this email chain, I
think the likelihood of PII leakage falls upon two groups of people: the
competency of people on the team(s) that can see the private bugs, and the
competency of the user who is submitting the data to actually *look* at
what's being submitted.  I believe apport should better identify the risk
of submitting the information, making a note that PII might be in the
report.  I still believe that autoremoving these items is not a good idea.

Even then, if I thought it *were* a good idea, there's a feasibility issue
here, of how to automatically identify and remove the information.  How are
we going to identify *every variation* of how PII shows up?  How're we
going to remove that PII without any side-effects (see the 'go' example in
the email chain)?

I also personally believe that the likelihood of any true PII leakage is at
or near zero.  Most of the responsibility falls on the users themselves to
say "Do I really want to include this information?", and if so then that's
the end of it, otherwise they have to go through and decide whether they
really want to include the information.

(I might be restating my opinions, but from my perspective as someone who
works with PII fairly often, and as a programmer, there is a "feature
feasibility" issue here)

-----------
Thomas

On Mon, Jul 30, 2012 at 12:40 PM, Fred . <eldmannen at gmail.com> wrote:

> Well then just modifying $USER and $HOSTNAME maybe work?
>
> What options do we have for improving privacy and prevent PII leakage?
>
> On Mon, Jul 30, 2012 at 6:01 PM, Claudio Moretti <flyingstar16 at gmail.com>
> wrote:
> > On Mon, Jul 30, 2012 at 3:50 PM, Fred . <eldmannen at gmail.com> wrote:
> >>
> >> You wouldn't search and replace for just "go", you would include the
> >> directory separator and search for "/go/", and probably even include
> >> home there and search for "/home/go/"
> >> So a stacktrace should be no problem.
> >
> >
> > Sure, but you won't be able to replace strings that contain only the
> > username, and the user at hostname:pwd string too..
> >
> > Claudio
>
>  --
> Ubuntu-bugsquad mailing list
> Ubuntu-bugsquad at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-bugsquad/attachments/20120730/10403410/attachment.html>