#93 Common debugging command doesn't protect personal info :( - Website

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#93 ✓released

Common debugging command doesn't protect personal info :(

Reported by Casemon | November 28th, 2011 @ 05:48 PM | in 2013 (closed)

Recently troubleshooting an issue, was asked to run the command given here:
http://support.gpgtools.org/kb/faq/how-can-i-generate-debugging-inf...

In doing so, was very surprised to see a debug command be so cavalier with spreading my personal info, after asking for my secret PGP password. The command created an email with an embedded log that contained the following:

My user name
My computer name
My public keys
My PGP email address
Several other email addresses from the GPGMail output

All with no warnings this is being communicated, etc. which seems incongruent with the goal of privacy that these tools have.

Considering the debug command collects so much common info, perhaps it can instead replace what is more or less useless-for-the-purpose-of-debugging personal data before adding it to the log?

I know this issue demands a little more scripting than the current behavior of just collating existing output into a log, but considering the length these tools go to protect privacy, fixing this would be inline with the overall goals, no?

Comments and changes to this ticket

You flagged this item as spam.
Casemon November 28th, 2011 @ 06:15 PM
Maybe for the short term, can change "Your Message Here" in debugGPGTools.sh script to something like: "WARNING: A lot of your personal info is contained in this log! Please edit it before sending if you don't wish to send us all that (we typically don't need it anyway) :)"
You flagged this item as spam.
Alex (via GPGTools) November 28th, 2011 @ 06:24 PM
- Assigned user set to “Alex (via GPGTools)”
- State changed from “new” to “open”
You're right. We'll at least add a disclaimer and leave this ticket open till we find an reasonable solution for this.
You flagged this item as spam.
Alex (via GPGTools) November 28th, 2011 @ 06:25 PM
[bulk edit]
You flagged this item as spam.
Alex (via GPGTools) November 28th, 2011 @ 06:40 PM
- State changed from “open” to “hold”
Added the disclaimer: https://github.com/GPGTools/GPGTools_Core/commit/183bcf3de5ca8f4ad0...
You flagged this item as spam.
Alex (via GPGTools) January 1st, 2012 @ 01:44 PM
- State changed from “hold” to “released”
- Milestone set to “2013”
- Importance changed from “Medium” to “”
I think the current disclaimer via CLI and within the mail is enough - also the mail is sent to a small group of people only (i.e. not the developer list).

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Organize issues related to http://gpgtools.org

Shared Ticket Bins (Sort)

↓↑ drag 9 Open tickets
↓↑ drag 0 Resolved tickets
↓↑ drag 0 This week's tickets

People watching this ticket

Referenced by

100 "Decryption failed" error on content encrypted to my own public key? WTF Also, created new ticket for personal info appearing in l...

Gpgtools Website → 2013