Closed Bug 1485775 Opened 7 years ago Closed 7 years ago

user comments are no longer public

Categories

(Socorro :: Webapp, task, P3)

Product:
Socorro
Component:
Webapp
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: willkg, Unassigned)

Details

Previously, user comments were public. People who weren't logged in or didn't have PII access would see scrubbed versions of the user comment data. That all changed in bug #1485188 where we changed the user comments data to require PII access. We know this affects some people, though we don't know exactly how or who or to what extent it affects them. This bug covers figuring out use cases and specifics so we can figure out what to do next.
hi, i will certainly be affected by this change as sifting through crash comments was a default step before getting a stability bug on file. usually comments are an essential part for understanding a crash signature: # at times they provide reproducible steps which make it possible to file detailed bug reports that can be resolved quickly (most recent example bug 1482694) # they point towards issues that may be specific to a particular site, to a particular third-party software or system/firefox/addon updates # they help in judging the impact of a crash (a high proportion of reports with comments point towards an issue that is highly disturbing to users and should be tackled with higher priority) # some categories of crashes like shutdownhangs are usually seen as less important, but sometimes they are just a symptom of an important and underlying problem (freezes, unable to load pages, etc...), without comments it's not possible to discover that. at past occasions it was already unequivocally stated that there is no way for non-employees to get access to the PII category fields. perhaps with this recent change making things even more difficult for contributors we could implement some tiered approach to PII access and make comments available to nda'd mozillians at least, since affected users are clearly made aware that there is no expectation of privacy regarding the things they put into the comment filed at the time of submitting a report.
ditto to comment 1. I thought crash reporter stated user crash comments are public?
I remember many cases in which Philipp helped diagnose / managed to reproduce crashes by reading user comments. It would be great if we could allow trusted contributors to access this sensitive but not too sensitive information.
This appears inspired by https://arxiv.org/pdf/1808.01718.pdf and if you check some of the things they look for you can find them in our comment data. Clearly our scrubbing was insufficient, but is it a lost cause or could it be improved enough? Is there an easy way to share comments with the large group of NDA'd contributors?
To answer dveditz's questions: 1. Scrubbing is never perfect, so if we have a stance of "no PII", then scrubbing isn't an option. 2. There's no way to share user comments with NDA'd contributors currently. This bug has been around for a month now, so let's summarize where this is at: 1. This definitely affects Philipp and what he does. 2. This theoretically affects other contributors, but I don't see any anecdata so it's not clear whether there's an actual impact here that is measurable. Seems like we should do something here, but there isn't a compelling enough reason to work on this instead of the myriad of other high priority things that need to be done. I'm going to make it a P3 which keeps it on the radar.
Priority: -- → P3
(In reply to Will Kahn-Greene [:willkg] ET needinfo? me from comment #5) > 2. There's no way to share user comments with NDA'd contributors currently. Is there a bug about allowing trusted NDA'd contributors to look at Socorro data? Or should this bug be that bug?
I discussed this with Marshall the same day bug #1485188 was filed. We are now treating the comment field like other PII fields and hiding it behind the same permission flags as minidumps, urls, email, and similar. There are no plans to extend that permission beyond employees. For this specific field it may be possible to develop some sophisticated scrubbing mechanism and move it to a different category. However, and with much gratitude to Philipp for his work, there are higher impact ways to invest our limited developer time right now.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.