Open Bug 1639285 Opened 4 months ago Updated 4 months ago

Optionally sanitize/redact PII from exported HAR

Categories

(DevTools :: Netmonitor, enhancement, P3)

enhancement

Tracking

(Not tracked)

People

(Reporter: Harald, Unassigned)

References

(Blocks 1 open bug)

Details

User Story

When export HAR files for filing bugs, I want to be able to remove any PII (like phone numbers, credit cards, or emails), so that I can safely share them.

Via https://twitter.com/michaelgorsuch/status/1262727314212827136

The thread discusses redacting known PII formats.

The idea overlaps with the Profiler's build-in profile sanitization, so we can maybe share parts of the interface or backend.

Greg, where I can see the code that sanitizes the profiler data?

Honza

Flags: needinfo?(gtatum)

Not sure if this is the best way forward, as it radically removes any URL. HAR files without URLs are probably not as useful. Something like https://github.com/solvvy/redact-pii can redact more fine-grained, but security should be consulted on best practices.

UX must communicate that HAR files should be only shared with trusted parties – HAR files inherently contain some level of PII with the URLs they mention.

You need to log in before you can comment on or make changes to this bug.