[Tails-dev] How to remove identifying information in bug rep…

Delete this message

Reply to this message
Author: Alan
Date: 2014-02-25 15:04 -000
To: tails-dev
Subject: [Tails-dev] How to remove identifying information in bug reports?
Hi Tails developers,

Whisperback is the application used in Tails to report issues to the
developers. Its reports are encrypted and send via a Tor hidden service
to some trusted members of the Tails team.

If the user doesn't out-out, Whisperback collects information about the
problem such as logs. As they contains identifying information, they
are cleaned before sending by regexp replacement
(whisperBack/utils.py:138 sanitize_hardware_info in whisperback
sources).

But new identifying information that are not cleaned are discovered
again and again. See https://labs.riseup.net/code/issues/6343

I wonder what would be a good fix to that issue. We could keep on adding
patterns to the regexp, the that looks like an endless blacklist
approach. However I fail to see how to take a white-list approach on
this without killing the whole purpose of this additional information.

The only idea I have is to remove everything that follow the "serial"
word, matching case insensitive. That would work for most issues that
have been discovered yet, but would also remove some non-harming lines.

Any thought?

Cheers