Closed Bug 163551 Opened 18 years ago Closed 4 years ago
Implement complete email address privacy
I would like to be able to hide my email-address from any user using Bugzilla. This means changes in a lot of areas I guess, here are a few from the top of my head: 1 A new email pref of course ("Don't reveal my email address...") 2 All emails to me that also reaches other users (To or CC) should automatically move my address to Bcc instead. 3 In bug listings the "mailto:" link should just display my name or (if you feel inspired) be a link to "send message form" that "proxy" the email so that the final destination is not revealed to the sender. 4 In the a bug report where I have made a comment or am the reporter there is again a "mailto:" link. This can removed or be a link to a form that posts the message as a new comment to the bug in question, it could even have some parts of the text generated - for example when you click on "Mats Palmgren" in a comment such as: ------- Additional Comment #1 From Mats Palmgren 2002-08-19 15:50 ------- The text "In reply to Mats Palmgren in comment 1:" could be generated. 5 I see that there are requests to spread email addresses even more (like the X-Bugzilla-Who: request in bug 137261 for example). Such fields should not be sent (or send my name instead) when I have selected the pref in 1. 6 etc. there probably lots of other places I haven't thought of... This request is of course to limit the risc of being SPAMMED. Please have this risc in mind when considering "X-Bugzilla-Who:" and similar requests. Thanks, Mats
*** Bug 163546 has been marked as a duplicate of this bug. ***
2) Mail is only sent via To, but its only sent to one person at a time - ie theres a separat email for each person, so that problem isn't an issue 5) X-Bugzilla-Who would require a spammer to be ccd on the appropriate bug - there are easier ways to get addresses. This is probably a dupe of bug 120030, but not entirely.
I have a dedicated Bugzilla email address and I just received spam to it. This is a serious hole.
same here. I just got spam on my (dedicated) bugzilla email address. not impressed people. I use this to help you improve the program. It is not an invitation to receive more spam. but unfortunately now I am stuck with it, that email address will soon be unusable, and I will have to get another one. great. thanks.
A suitable solution is described at: http://www.htmldog.com/ptg/archives/000063.php This would require minimal application changes. Much less intrusive than new configuration values, internal messaging systems, etc.
In order to have complete email address privacy, you need something that is not an email address to put in boxes such as "Reassign bug to", "Add CC", "Requestee", search boxes, etc. To me the obvious way to do this is what most online forums etc. do, which is to have a login name that is not necessarily an email address. I filed a bug about this, bug 218917, but reading it back it had seemed barely intelligible, with the actual suggestion was lost somewhere in the original comment! Would there be any objection to me duping that bug against this, and providing a summary of my (further) thoughts to date? It actually works out as a rather less intrusive change (code-wise) than you might think, because login_name is used all over the place, but email_address need not be.
> Would there be any objection to me duping that bug against this, and providing > a summary of my (further) thoughts to date? Sounds like a good idea, but then make this a meta bug and file separate bugs on each specific change that improves email privacy, f.e. arbitrary usernames.
I forgot I'd intended to link these bugs together... but now I think about it again, I think a dependency is the correct relationship rather than dupe. Bug 218917 could (should?) be implemented in a way that only the login_name and never the email_address is shown to *other* users, but it doesn't have to provide this privacy, so is only a step towards this (and there may well be other bugs which provide other steps towards it from different directions).
Depends on: 218917
(In reply to comment #0) > 3. In bug listings the "mailto:" link should just display my name or (if you > feel inspired) be a link to "send message form" that "proxy" the email so > that the final destination is not revealed to the sender. This was proposed in Bug 215439, but it was opposed (even if I've not understood why)
To summarize bug 450295 above: When following the "show votes" links, the voters email addresses are displayed in clear to any visitors, thus exposing them to spam bots.
Bug number 215439 is active, please Vote for it! https://bugzilla.mozilla.org/show_bug.cgi?id=215439 as it addresses this problem.
I'm getting more and more spams on my bugzilla address. Even people without a bugzilla account can harvest my email address. 7 years later, and it still s****. Privacy issues should get immediate attention. Bug 218917 would be a good start.
Version: 2.17 → unspecified
Bugzilla is compromising the user's privacy, which is clearly a bug, not an enhancement (-> critical).
Severity: enhancement → critical
Please work on this... Websites that can't preserve a person's privacy and prevent SPAM are worthless. And, it is not just the "to" line. I just got a message CC'd to me... User email@example.com changed..... Added firstname.lastname@example.org to cc list comment #4 from email@example.com The user's e-mail address showed up 2 or 3 times in each message about the bug. While e-mail addresses on the website are hidden without logging in, they are wide open EVERYWHERE once a person logs in. And it is awfully easy to become a registered user. The rest of the world is changing... Mozilla and Bugzilla are in the stone ages of user privacy. And, the only option... just look at the list of usernames... a lot of people have discovered the only option is to create special spam-filter usernames specifically for this site. As always, I've put a high enough priority to this issue... that if given adequate site/system access I would be willing to volunteer some help towards fixing it. Of course, it would take a little while to "get my feet wet"... but apparently this has been a KNOWN issue for over a half a decade.
This is a RFE. Also, leave the version field alone. No reason to change it.
Severity: critical → enhancement
This bug is critical because it makes a security hole into the worlwide mail system.
I can't believe it when I filed my first comment today here in bugzilla that anyone could see my mail address before setting a user name and even after setting it every logged in user is able to see my mail address and not only my user name. Are you bugzilla serious? So you let any spammer can make an account and collect thousands of mail addresses? This is a huge security hole and definitely seems that you don't care at all about privacy. Fortunately I realized it straight away and changed my personal account to an account for low or ambitious security sites. I was expecting more from bugzilla and not immatures. Now I only hope there is a secure and permanent account deletion.
Fixed in Bugzilla 5.1 by bug 218917.
Assignee: user-accounts → gerv
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 6.0
You need to log in before you can comment on or make changes to this bug.