Public bug reported:
Binary package hint: apport
I used the "Help -> Report a problem" menu item in gedit to report bug
#132788. The command line of my gedit process was automatically included
in the bug report. The command line contained the pathname of a file
that I clicked to open that particular instance of gedit earlier.
So the pathname of an unrelated file on my computer has been
accidentally included in a public bug report. The pathname is hard to
notice in the bug report text for a unsuspecting user, and no preview or
warning about privacy issues were given. Moreover, the pathname cannot
be easily removed from the bug report text: even after editing the bug
description, the original report is still publicly available.
That behavior of the bug reporting system does not respect the
reporter's privacy.
Making the bug visible to its subscribers only is a poor solution for
this. It limits the access to the bug without any good technical reason.
Even worse, it works only if the user has noticed her private filename
visible to anyone in the first place.
A proper fix for this should show a preview of all the debugging
information being submitted. The fix would allow the user to exclude any
fields that can violate her privacy before submitting her bug report via
the net.
I assigned this bug to apport to have my version details automatically
included here. It might be as well fixed in Launchpad, but that has the
shortcoming that private information has to be first transmitted to
Launchpad before the user has a chance to mark it as private. So it
would be still potentially disclosed to Launchpad maintainers, the guys
who managed to secretly own Launchpad, and those who can eavesdrop SSL
sessions using some 0day protocol flaws or whatever.
ProblemType: Bug
Architecture: i386
Date: Thu Aug 16 01:23:49 2007
DistroRelease: Ubuntu 7.04
Package: apport 0.76.1
PackageArchitecture: all
SourcePackage: apport
Uname: Linux chronos 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
GNU/Linux
** Affects: apport (Ubuntu)
Importance: Undecided
Status: New
--
Command line automatically included in bug report, violating user's privacy
https://bugs.launchpad.net/bugs/132800
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
