Closed
Bug 259532
Opened 20 years ago
Closed 20 years ago
talkback-public.mozilla.org is helping spammers by publishing valid email addresses
Categories
(mozilla.org :: Talkback Server & Webtool, task)
mozilla.org
Talkback Server & Webtool
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: MatsPalmgren_bugz, Assigned: jay)
References
()
Details
(Keywords: privacy)
Attachments
(1 file, 1 obsolete file)
|
604 bytes,
text/html
|
Details |
talkback-public.mozilla.org is helping spammers by publishing valid email addresses. STEPS TO REPRODUCE: 1. go to URL 2. filter out all strings that has @ in them 3. send spam Please put that data behind a query URL to make it less likely that spiders can harvest the mail addresses.
|
Assignee | |
Comment 1•20 years ago
|
||
I'll just take out the email addresses from that report. If people need to find out who owns the bugs, they can just go look at the bug itself. I've made it a point to not include any user email addresses sent in the Talkback data for privacy reasons, so other than the bug info at the top, there shouldn't be any other email addresses to find. Putting the data behind a query url is something I'll have to look into as a permanent solution...but that might take a while.
mats: just use an invalid email address like i do :). jay: i'd rather you just drop the @ sign entirely (replace it with a space, you can do the same thing to periods). being able to quickly glance through the list and understand which owners they had is fairly important to me.
|
|
Assignee | |
Comment 3•20 years ago
|
||
thanks timeless...i was thinking the same thing actually. it'll be just as easy to change the email address format to something like that. if no one has any objections, i'll simply replace the at and dot with spaces. taking bug.
Status: NEW → ASSIGNED
|
Reporter | |
Comment 4•20 years ago
|
||
Well, it's better than nothing I suppose. Call me paranoid, but I still think a query URL is a better long term solution.
|
|
Assignee | |
Comment 5•20 years ago
|
||
In an attempt to appease both timeless and mats, I have changed the bugstatus info to only contain the username from the email address. This way there is no way to tell which address it is attached to but there is enough info to quickly know who the owner is. Hope that works for both of you. I'm marking this fixed (you will see the results in tommorrow's reports). When I find some more time, I will look into the query url solution.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
the hazard with that is a number of users have accounts of bugs@ or bugzilla@ or mozilla-bugs@ hence my suggestion. actually you might as well s/[^a-z0-9]/ / that way + and - also become space so there's really no pattern for calculating the address, although a seasoned bugzilla user could probably recognize the strings.
|
|
Reporter | |
Comment 7•20 years ago
|
||
I'm pretty sure a decent harvester can read my mail address from "mats palmgren bredband net". However, I don't believe they are sofisticated enough to understand CSS (yet) though so maybe this is a better solution... (It requires that you use HTML though)
oh, the other thing you could do is drop the last few letters of the domain up to 5 letters., be it .com, .co.uk, .tld, .bugs
|
|
Assignee | |
Comment 9•20 years ago
|
||
Yeah, I was thinking about converting the entire report into html and using something like what's suggested here: http://www.ibeck.com/tools/mailto.php?print=1 Reopening for now. I'll at least try timeless' idea next week and if I find some extra time, I will convert the report into html (which I've been wanting to do for a while).
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
||
Comment 10•20 years ago
|
||
(In reply to comment #7) > so maybe this is a better solution... > (It requires that you use HTML though) fwiw mozilla's copy&paste of that does not quite do what you expect. or rather, while it may do what you expect, it does not do what a normal user would expect ;)
|
|
Reporter | |
Comment 11•20 years ago
|
||
Thanks for addressing this problem so promptly. Would it be possible to remove/regenerate older reports which still has this problem? http://talkback-public.mozilla.org/reports/mozilla/M16/smart-analysis.all
|
|
Assignee | |
Comment 12•20 years ago
|
||
Thanks for the reminder Mats! I actually shutdown the generation of the older releases last week before making this change. I'll run them this week one more time (once the Talkback db is back up).
|
|
Assignee | |
Comment 13•20 years ago
|
||
Mats: all the old release reports are running now and I have generated the latest bugstatus file to include some changes I made. The email address will be shown as <username> <domain> without the .com/.net/.etc at the end (actually just the first word of the complete domain when it's split by .) Can you take a look at the reports tommorrow to make sure everything looks ok and then mark this fixed? Thanks.
|
|
Reporter | |
Comment 14•20 years ago
|
||
Looks ok now, thanks for fixing this. -> FIXED
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 15•20 years ago
|
||
(In reply to comment #10) > fwiw mozilla's copy&paste of that does not quite do what you expect. fwiw, that can be worked around by using klingon ;-)
Attachment #159034 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•