ubuntuone-users team mailing list archive

[Elliot Murphy <elliot@xxxxxxxxxxxxx>]

Arand Nash wrote:
> Somewhat urgent privacy concern:
> 
> Currently approximately 60 users (or more), who have recently reported
> crashes in Ubuntu One, have the file & foldenames of their entire Ubuntu
> One contents listed publicly in text attachments.

Thank you for raising this concern. I'll do my best to help solve it
immediately.

> This comes about since U1's crash reports contains a list of all the U1
> files and folders of the reporting user (LP: 419895), AND that those
> attachements are not removed when the bug is marked as a duplicate and
> made public by the apport retracing service (LP: 419929).
> One concerned bug report is (LP: 419488), which seemed to affect a lot
> of Karmic+U1 testers.
> 
> My urgent-quickfix suggestion would be to either immidiately mark all
> these bugs as private OR remove the concerned attachment from all of
> them, and continue doing so with all new incoming ones.

I see that Andrew Starr-Bochicchio marked bug 419488 private about 8
hours ago. I wonder if that will prevent the retracer from marking any
subsequent duplicates as public.

> In the "long" term either U1 has to stop attaching this data to their
> crash reports OR the retracer has to be fixed to keep bugs private when
> dupe-marked or to remove *all* attachments from private bugs gone public.
> 

We can immediately change the apport hooks in ubuntuone-client to stop
attaching these logs. It's very important that users give informed
consent before sharing any of their data with developers to debug. Once
this is removed from the apport hooks then we can have a longer
discussion about changing the way logging is done in U1, how the
retracer works, etc.

-elliot