Opened 22 months ago

Last modified 19 months ago

#24741 new defect

Consider redacting usernames in notice level logs

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor:

Description

macOS uses a person's first and last name as their username by default.
(I'm not sure what Windows or other unix systems do.)

This means that logs can contain a user's full name, and sometimes (at info level?) their IP address.

We should think about the risks here, particularly for users that post logs to the bug tracker.

Child Tickets

Change History (3)

comment:1 Changed 19 months ago by nickm

Keywords: 034-triage-20180328 added

comment:2 Changed 19 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:3 Changed 19 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.