ProcMaps.txt may contain private information such as username

Fred . eldmannen at gmail.com
Tue Jul 31 00:53:52 UTC 2012 

The user must always be respected.
It is a shame that we reward those who help with reporting bugs by
sacrificing their privacy.
Maybe the user doesn't want anyone to have access to that information,
and that includes the bug control cabal?

I don't think anonymizing $USER and $HOSTNAME is too much to ask.
I am sure there have to be ways to implement it in a good way that
doesn't compromise the quality/integrity of the report.

On Tue, Jul 31, 2012 at 12:09 AM, Thomas Ward
<trekcaptainusa.tw at gmail.com> wrote:
> *THIS* email chain is a non-issue.  Your bug was also marked as a non-issue.
> We've already established this is an issue where the user needs to be more
> proactive in bugs.  Your concerns are not based in any solid fact, and as
> I've said before, everyone on the bug control team knows what to look for.
> Therefore, this *is* a non-issue.
>
> Thomas
>
>
> On Mon, Jul 30, 2012 at 5:26 PM, Fred . <eldmannen at gmail.com> wrote:
>>
>> I don't think privacy is a non-issue.
>>
>> On Mon, Jul 30, 2012 at 10:54 PM, stevec at couttsnet.com
>> <stevec at couttsnet.com> wrote:
>> > Far too much effort is being put into this non-issue.
>> >
>> > Sent from my HTC
>> >
>> >
>> > ----- Reply message -----
>> > From: "Fred ." <eldmannen at gmail.com>
>> > To: "Thomas Ward" <trekcaptainusa.tw at gmail.com>
>> > Cc: <ubuntu-bugsquad at lists.ubuntu.com>
>> > Subject: ProcMaps.txt may contain private information such as username
>> > Date: Mon, Jul 30, 2012 19:20
>> >
>> >
>> > Yeah, users can look what is being submitted.
>> > On one hand, the user really wants to submit that bug and help out.
>> > On the other hand, the user does not want to reveal PII and compromise
>> > his privacy.
>> >
>> > The user is nice enough to take the time to report a bug, he it
>> > putting in effort and time.
>> > Why should he have to sacrifice his privacy too?
>> >
>> > What reasonable actions can we take to prevent PII leakage?
>> > If we cant get rid of all PII leakage, maybe we can at least reduce it.
>> >
>> > What measures can we take to increase privacy, decrease PII leakage,
>> > while
>> > not
>> > reducing the quality of the report?
>> >
>> > Could $USER and $HOSTNAME be assigned something else to the Apport
>> > process?
>> >
>> > On Mon, Jul 30, 2012 at 7:45 PM, Thomas Ward
>> > <trekcaptainusa.tw at gmail.com> wrote:
>> >> You mean from humans going through with a fine toothed comb, and having
>> >> more
>> >> than one user look at it?
>> >>
>> >> I work in IT Security, i can identify PII relatively easily.  Part of
>> >> my
>> >> job
>> >> is to identify instances of PII leakage, whether accidental or
>> >> maliciously.
>> >> I can spot those things.  Likely, most of Bug Control can identify that
>> >> as
>> >> well.
>> >>
>> >> As I've said and at least one other person has said on this email
>> >> chain, I
>> >> think the likelihood of PII leakage falls upon two groups of people:
>> >> the
>> >> competency of people on the team(s) that can see the private bugs, and
>> >> the
>> >> competency of the user who is submitting the data to actually *look* at
>> >> what's being submitted.  I believe apport should better identify the
>> >> risk
>> >> of
>> >> submitting the information, making a note that PII might be in the
>> >> report.
>> >> I still believe that autoremoving these items is not a good idea.
>> >>
>> >> Even then, if I thought it *were* a good idea, there's a feasibility
>> >> issue
>> >> here, of how to automatically identify and remove the information.  How
>> >> are
>> >> we going to identify *every variation* of how PII shows up?  How're we
>> >> going
>> >> to remove that PII without any side-effects (see the 'go' example in
>> >> the
>> >> email chain)?
>> >>
>> >> I also personally believe that the likelihood of any true PII leakage
>> >> is
>> >> at
>> >> or near zero.  Most of the responsibility falls on the users themselves
>> >> to
>> >> say "Do I really want to include this information?", and if so then
>> >> that's
>> >> the end of it, otherwise they have to go through and decide whether
>> >> they
>> >> really want to include the information.
>> >>
>> >> (I might be restating my opinions, but from my perspective as someone
>> >> who
>> >> works with PII fairly often, and as a programmer, there is a "feature
>> >> feasibility" issue here)
>> >>
>> >>
>> >> -----------
>> >> Thomas
>> >>
>> >>
>> >> On Mon, Jul 30, 2012 at 12:40 PM, Fred . <eldmannen at gmail.com> wrote:
>> >>>
>> >>> Well then just modifying $USER and $HOSTNAME maybe work?
>> >>>
>> >>> What options do we have for improving privacy and prevent PII leakage?
>> >>>
>> >>> On Mon, Jul 30, 2012 at 6:01 PM, Claudio Moretti
>> >>> <flyingstar16 at gmail.com>
>> >>> wrote:
>> >>> > On Mon, Jul 30, 2012 at 3:50 PM, Fred . <eldmannen at gmail.com> wrote:
>> >>> >>
>> >>> >> You wouldn't search and replace for just "go", you would include
>> >>> >> the
>> >>> >> directory separator and search for "/go/", and probably even
>> >>> >> include
>> >>> >> home there and search for "/home/go/"
>> >>> >> So a stacktrace should be no problem.
>> >>> >
>> >>> >
>> >>> > Sure, but you won't be able to replace strings that contain only the
>> >>> > username, and the user at hostname:pwd string too..
>> >>> >
>> >>> > Claudio
>> >>>
>> >>> --
>> >>> Ubuntu-bugsquad mailing list
>> >>> Ubuntu-bugsquad at lists.ubuntu.com
>> >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad
>> >>
>> >>
>> >
>> > --
>> > Ubuntu-bugsquad mailing list
>> > Ubuntu-bugsquad at lists.ubuntu.com
>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad
>
>

More information about the Ubuntu-bugsquad mailing list