Far too much effort is being put into this non-issue. Sent from my HTC ----- Reply message ----- From: "Fred ." <eldmannen@gmail.com> To: "Thomas Ward" <trekcaptainusa.tw@gmail.com> Cc: <ubuntu-bugsquad@lists.ubuntu.com> Subject: ProcMaps.txt may contain private information such as username Date: Mon, Jul 30, 2012 19:20 Yeah, users can look what is being submitted. On one hand, the user really wants to submit that bug and help out. On the other hand, the user does not want to reveal PII and compromise his privacy. The user is nice enough to take the time to report a bug, he it putting in effort and time. Why should he have to sacrifice his privacy too? What reasonable actions can we take to prevent PII leakage? If we cant get rid of all PII leakage, maybe we can at least reduce it. What measures can we take to increase privacy, decrease PII leakage, while not reducing the quality of the report? Could $USER and $HOSTNAME be assigned something else to the Apport process? On Mon, Jul 30, 2012 at 7:45 PM, Thomas Ward <trekcaptainusa.tw@gmail.com> wrote: > You mean from humans going through with a fine toothed comb, and having more > than one user look at it? > > I work in IT Security, i can identify PII relatively easily. Part of my job > is to identify instances of PII leakage, whether accidental or maliciously. > I can spot those things. Likely, most of Bug Control can identify that as > well. > > As I've said and at least one other person has said on this email chain, I > think the likelihood of PII leakage falls upon two groups of people: the > competency of people on the team(s) that can see the private bugs, and the > competency of the user who is submitting the data to actually *look* at > what's being submitted. I believe apport should better identify the risk of > submitting the information, making a note that PII might be in the report. > I still believe that autoremoving these items is not a good idea. > > Even then, if I thought it *were* a good idea, there's a feasibility issue > here, of how to automatically identify and remove the information. How are > we going to identify *every variation* of how PII shows up? How're we going > to remove that PII without any side-effects (see the 'go' example in the > email chain)? > > I also personally believe that the likelihood of any true PII leakage is at > or near zero. Most of the responsibility falls on the users themselves to > say "Do I really want to include this information?", and if so then that's > the end of it, otherwise they have to go through and decide whether they > really want to include the information. > > (I might be restating my opinions, but from my perspective as someone who > works with PII fairly often, and as a programmer, there is a "feature > feasibility" issue here) > > > ----------- > Thomas > > > On Mon, Jul 30, 2012 at 12:40 PM, Fred . <eldmannen@gmail.com> wrote: >> >> Well then just modifying $USER and $HOSTNAME maybe work? >> >> What options do we have for improving privacy and prevent PII leakage? >> >> On Mon, Jul 30, 2012 at 6:01 PM, Claudio Moretti <flyingstar16@gmail.com> >> wrote: >> > On Mon, Jul 30, 2012 at 3:50 PM, Fred . <eldmannen@gmail.com> wrote: >> >> >> >> You wouldn't search and replace for just "go", you would include the >> >> directory separator and search for "/go/", and probably even include >> >> home there and search for "/home/go/" >> >> So a stacktrace should be no problem. >> > >> > >> > Sure, but you won't be able to replace strings that contain only the >> > username, and the user@hostname:pwd string too.. >> > >> > Claudio >> >> -- >> Ubuntu-bugsquad mailing list >> Ubuntu-bugsquad@lists.ubuntu.com >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad > > -- Ubuntu-bugsquad mailing list Ubuntu-bugsquad@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad