[Ubuntuone-users] Somewhat urgent privacy concern
Zachery Bir
zachery.bir at canonical.com
Sun Aug 30 00:42:30 BST 2009
Arand Nash wrote:
> Somewhat urgent privacy concern:
>
> Currently approximately 60 users (or more), who have recently reported
> crashes in Ubuntu One, have the file & foldenames of their entire Ubuntu
> One contents listed publicly in text attachments.
>
> This comes about since U1's crash reports contains a list of all the U1
> files and folders of the reporting user (LP: 419895), AND that those
> attachements are not removed when the bug is marked as a duplicate and
> made public by the apport retracing service (LP: 419929).
> One concerned bug report is (LP: 419488), which seemed to affect a lot
> of Karmic+U1 testers.
>
> My urgent-quickfix suggestion would be to either immidiately mark all
> these bugs as private OR remove the concerned attachment from all of
> them, and continue doing so with all new incoming ones.
>
> In the "long" term either U1 has to stop attaching this data to their
> crash reports OR the retracer has to be fixed to keep bugs private when
> dupe-marked or to remove *all* attachments from private bugs gone public.
>
> I'm hoping for now that this hasn't and will not cause any hurt to the
> concerned users, and hopefully it can be taken care of quickly, since it
> puts both Ubuntu One and Launchpad in a somewhat bad light.
>
Saw this recently on OmniGroup's blog about gibberish-izing crash reports:
<http://blog.omnigroup.com/2009/08/25/sending-confidential-documents-to-omni-and-the-gibberish-izer/>
Wonder if it's interesting to us to implement something similar,
presuming we even want to know number of files our users have.
Zac
More information about the ubuntu-devel
mailing list