Open
Bug 1639285
Opened 4 years ago
Updated 4 years ago
Optionally sanitize/redact PII from exported HAR
Categories
(DevTools :: Netmonitor, enhancement, P3)
DevTools
Netmonitor
Tracking
(Not tracked)
NEW
People
(Reporter: Harald, Unassigned)
References
(Blocks 1 open bug)
Details
User Story
When export HAR files for filing bugs, I want to be able to remove any PII (like phone numbers, credit cards, or emails), so that I can safely share them.
Via https://twitter.com/michaelgorsuch/status/1262727314212827136
The thread discusses redacting known PII formats.
The idea overlaps with the Profiler's build-in profile sanitization, so we can maybe share parts of the interface or backend.
Comment 1•4 years ago
|
||
Greg, where I can see the code that sanitizes the profiler data?
Honza
Blocks: netmonitor-har
Flags: needinfo?(gtatum)
Reporter | ||
Comment 2•4 years ago
|
||
Not sure if this is the best way forward, as it radically removes any URL. HAR files without URLs are probably not as useful. Something like https://github.com/solvvy/redact-pii can redact more fine-grained, but security should be consulted on best practices.
UX must communicate that HAR files should be only shared with trusted parties – HAR files inherently contain some level of PII with the URLs they mention.
You need to log in
before you can comment on or make changes to this bug.
Description
•