Hi Tails developers,
Whisperback is the application used in Tails to report issues to the
developers. Its reports are encrypted and send via a Tor hidden service
to some trusted members of the Tails team.
If the user doesn't out-out, Whisperback collects information about the
problem such as logs. As they contains identifying information, they
are cleaned before sending by regexp replacement
(whisperBack/utils.py:138 sanitize_hardware_info in whisperback
sources).
But new identifying information that are not cleaned are discovered
again and again. See
https://labs.riseup.net/code/issues/6343
I wonder what would be a good fix to that issue. We could keep on adding
patterns to the regexp, the that looks like an endless blacklist
approach. However I fail to see how to take a white-list approach on
this without killing the whole purpose of this additional information.
The only idea I have is to remove everything that follow the "serial"
word, matching case insensitive. That would work for most issues that
have been discovered yet, but would also remove some non-harming lines.
Any thought?
Cheers