Public bug reported: Binary package hint: apport
I used the "Help -> Report a problem" menu item in gedit to report bug #132788. The command line of my gedit process was automatically included in the bug report. The command line contained the pathname of a file that I clicked to open that particular instance of gedit earlier. So the pathname of an unrelated file on my computer has been accidentally included in a public bug report. The pathname is hard to notice in the bug report text for a unsuspecting user, and no preview or warning about privacy issues were given. Moreover, the pathname cannot be easily removed from the bug report text: even after editing the bug description, the original report is still publicly available. That behavior of the bug reporting system does not respect the reporter's privacy. Making the bug visible to its subscribers only is a poor solution for this. It limits the access to the bug without any good technical reason. Even worse, it works only if the user has noticed her private filename visible to anyone in the first place. A proper fix for this should show a preview of all the debugging information being submitted. The fix would allow the user to exclude any fields that can violate her privacy before submitting her bug report via the net. I assigned this bug to apport to have my version details automatically included here. It might be as well fixed in Launchpad, but that has the shortcoming that private information has to be first transmitted to Launchpad before the user has a chance to mark it as private. So it would be still potentially disclosed to Launchpad maintainers, the guys who managed to secretly own Launchpad, and those who can eavesdrop SSL sessions using some 0day protocol flaws or whatever. ProblemType: Bug Architecture: i386 Date: Thu Aug 16 01:23:49 2007 DistroRelease: Ubuntu 7.04 Package: apport 0.76.1 PackageArchitecture: all SourcePackage: apport Uname: Linux chronos 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux ** Affects: apport (Ubuntu) Importance: Undecided Status: New -- Command line automatically included in bug report, violating user's privacy https://bugs.launchpad.net/bugs/132800 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs