ProcMaps.txt may contain private information such as username

Fri Jul 27 17:18:16 UTC 2012

Okay, but I still argue for at least automatically replace all
occurrences of $USER and $HOSTNAME with a dummy string prior to
sending the data to Launchpad.

On Fri, Jul 27, 2012 at 7:09 PM, Andrea Corbellini
<corbellini.andrea at gmail.com> wrote:
> Hi Fred,
>
> On 27/07/12 17:56, Fred . wrote:
>>
>> [...]
>> Disclosing the username is not much of a threat, but it was not
>> apparent to the user reporting the bug that hes username would be
>> announced.
>
>
> Apport actually gives you chances to check the information you submit. Also,
> for some special packages, you will be explicitly asked to attach some
> optional files. For example, if you try to file a bug against compiz you
> will be asked this question:
>
>   Your display manager log files may help developers diagnose the bug,
>   but may contain sensitive information such as your hostname.  Do you
>   want to include these logs in your bug report?
>
>> [...]
>> The user have a expectation that he reports a bug, not sending
>> personal identifiable information. This may trigger spyware
>> allegations.
>
>
> I do not agree: whenever you file a bug you are forced to publish personal
> information about you. Just the fact that you have filed a bug against a
> package means that you have installed and used it.
>
> Also, the information that is attached to bug reports is not meant to spy
> you, but to help triagers and developers debug and fix the issue. In many
> cases a simple list of steps to reproduce the bug isn't enough to reproduce
> it.
>
>> Imagine if Microsoft did this, "Microsoft's bug report software
>> includes spyware that secretly collects personal identifiable
>> information!" and there would be a huge backlash.
>
>
> Every bug reporting tool must collect some information about what happened
> and in which circumstances. A report containing just the phrase "application
> does not work" cannot help anybody fixing the issue.
>
>> If Apport detects any personally identifiable information, it should
>> scrub it before sending it to Launchpad.
>
>
> The problem here is that 1. it's not that easy to know whether an
> information is private; and 2. sometimes the key of the issue is contained
> in such private information.
>
> Again, think for example of compiz: many times knowing which graphics card
> is mounted on your computer is *essential* to debug the issue.
>
>> A prerequisite for being a good Ubuntu user who reports bugs is that
>> it is trusted to not collect any personally identifiable information.
>> Many users disable bug reporting for these reasons. As well does many
>> companies as a company-wide policy.
>
>
> This is something we know and accept. However, one complete bug report is
> much much better that thousands vague reports. Nobody forces you to report
> bugs; if it is not obvious, then it means that the wording of apport & co.
> is not clear enough.
>
>> Please automatically replace all occurrences of $USER and $HOSTNAME
>> with a dummy string prior to sending the data to Launchpad.
>
>
> The username and the hostname are just two small examples of private
> information. There are many other information that might be uploaded;
> detecting and replacing them is not that easy and sometimes it is not even
> possible.
>
>
> In short: the information collected by Apport is essential (to be honest,
> sometimes it is not enough).
> If it's not clear that your bug reports may contain sensible information,
> than Apport should be improved to tell you that.
> If it's not clear how to review and remove sensible information from bug
> reports, than the UI of Launchpad should be improved to make it more
> obvious.
>
>
> I hope to have resolved all your concerns. By the way, thanks: suggestions
> and feedback -- in any form -- are always appreciated.