Closed Bug 1011343 Opened 10 years ago Closed 10 years ago

sync logs contain FxA email address

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla32
Tracking Flags:
Tracking Status
firefox29 --- wontfix
firefox30 - wontfix
firefox31 - verified
firefox32 --- verified

People

(Reporter: markh, Assigned: Gijs)

Details

(Whiteboard: p=2 s=it-32c-31a-30b.3 [qa+])

Attachments

(1 file)

don't log username in sync log,
1.22 KB, patch
markh
: review+
Sylvestre
: approval-mozilla-aurora+
Details | Diff | Splinter Review 
With the change to FxA, we now log the email address of the user:

1400141271123	Sync.Service	INFO	Logging in user foo@bar.com

(but with the real email address).  In the old sync we just logged a hash of the username (the hash is what is stored as the username, so no special action was taken to log the hash).

Given this is PII, it seems we should not log this.
Flags: firefox-backlog+
Whiteboard: p=2
Is this a "regression" from bug 1006943 then?
Blocks: 1006943
tracking-firefox30: ?+
tracking-firefox31: ?+
(In reply to :Gavin Sharp (email gavin@gavinsharp.com) from comment #1)
> Is this a "regression" from bug 1006943 then?

Nope - it's been doing that since FxA landed.
No longer blocks: 1006943
Whiteboard: p=2 → [qa+] p=2
Since it's not a regression and we're already getting close to the end of Beta for FF30, I'm going to untrack this and let the backlog do it's job. We can look at a nomination for uplift when ready and make the decision then for how high to take it at that time based on where we're at in the cycle.
tracking-firefox30: +-
tracking-firefox31: +-
Whiteboard: [qa+] p=2 → p=2 [qa+]
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Whiteboard: p=2 [qa+] → p=2 s=it-32c-31a-30b.3 [qa+]
(In reply to Mark Hammond [:markh] from comment #0)
> With the change to FxA, we now log the email address of the user:
> 
> 1400141271123	Sync.Service	INFO	Logging in user foo@bar.com
> 
> (but with the real email address).  In the old sync we just logged a hash of
> the username (the hash is what is stored as the username, so no special
> action was taken to log the hash).
> 
> Given this is PII, it seems we should not log this.

What's the desired endstate here? Should we log a hash (is there still a hash), or replace it with e.g. email@example.com, or something else?
Flags: needinfo?(mhammond)
(In reply to :Gijs Kruitbosch from comment #4)

> What's the desired endstate here? Should we log a hash (is there still a
> hash), or replace it with e.g. email@example.com, or something else?

The desired state is the correct balance between "no PII" and "enough debug info to be useful" - beyond that it's up to you ;)  (But to be helpful, I'd say completely omitting it is fine - we could just ask the user for their email addy)
Flags: needinfo?(mhammond)
So... what are the STR here? I spent the last 30 minutes trying to understand the log level goop and which of the two (both?) logs that match the string from comment #0 are involved here, but I've not managed to get it to show up. If I can't get this logged, I also can't really check that I've fixed it...

I've enabled logOnSuccess, and I synced several times, but neither the error nor the success log seem to have any login info. I've also tried to replace some of the seemingly relevant "Debug" prefs with "Info" (.identity, .status, .authentication, ...), to no avail.
Flags: needinfo?(mhammond)
OK, so it seems for the log level prefs to take effect, you need a restart, and the tps/ thing isn't built by default, so I just need to change the other instance. Patch coming up.
Flags: needinfo?(mhammond)

        Attachment #8430733 -
        Flags: review?(mhammond)

    
    

    
  
FWIW, the other case that I noticed was http://mxr.mozilla.org/mozilla-central/source/services/sync/tps/extensions/tps/resource/auth/sync.jsm#65 but I don't know by whom / under what circumstances / how that gets called.

    
    

    
  
Comment on attachment 8430733 [details] [diff] [review]
don't log username in sync log,

Review of attachment 8430733 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks!

        Attachment #8430733 -
        Flags: review?(mhammond) → review+

    
    

    
  
(In reply to :Gijs Kruitbosch from comment #9)
> FWIW, the other case that I noticed was
> http://mxr.mozilla.org/mozilla-central/source/services/sync/tps/extensions/
> tps/resource/auth/sync.jsm#65 but I don't know by whom / under what
> circumstances / how that gets called.

TPS is yet-another-test-environment.  Sync is full of surprises ;)

    
    

    
  
(In reply to :Gijs Kruitbosch from comment #6)

> I've enabled logOnSuccess, and I synced several times, but neither the error
> nor the success log seem to have any login info. I've also tried to replace
> some of the seemingly relevant "Debug" prefs with "Info" (.identity,
> .status, .authentication, ...), to no avail.

FWIW, you want to bump those prefs up to "Trace", not down to "Info". And, as you discovered, restart Firefox.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/75131819a6fe
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32

    
    

    
  
Does this want uplifting, Mark?
Flags: needinfo?(mhammond)

    
    

    
  
(In reply to :Gijs Kruitbosch from comment #14)
> Does this want uplifting, Mark?

I think so, yeah.  Thanks!
Flags: needinfo?(mhammond)
QA Contact: twalker

    
    

    
  
Comment on attachment 8430733 [details] [diff] [review]
don't log username in sync log,

[Approval Request Comment]
Bug caused by (feature/regressing bug #): new sync
User impact if declined: we log personally identifiable information to disk if the user toggles a hidden pref
Testing completed (on m-c, etc.): on m-c
Risk to taking this patch (and alternatives if risky): none
String or IDL/UUID changes made by this patch: none

        Attachment #8430733 -
        Flags: approval-mozilla-aurora?

        Attachment #8430733 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

    
    

    
  
Hi Tracy, will it be possible to have this bug verified by end of day this Friday?  Our current Iteration ends on Monday June 9.
Flags: needinfo?(twalker)

    
    

    
  
(In reply to Marco Mucci [:MarcoM] from comment #18)
> Hi Tracy, will it be possible to have this bug verified by end of day this
> Friday?  Our current Iteration ends on Monday June 9.

Absolutely, I'll look at it today, if possible.  

But otherwise leaving myself needinfo'd as a reminder.

    
    

    
  
I no longer see the log line with email addy in latest nightly. I had seen it with logs prior to the landing.
Status: RESOLVED → VERIFIED

          status-firefox31:
          fixedverified

          status-firefox32:
          fixedverified
Flags: needinfo?(twalker)
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: