666204 - Browser uploads private data after user says "no"

Status: RESOLVED INCOMPLETE

(Toolkit :: Crash Reporting, defect)

Description

[Andreas van dem Helge]

User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20100101 Firefox/5.0
Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20100101 Firefox/5.0

When Firefox crashes the crash data is sent to an external source even when the user declines.

Reproducible: Always

Steps to Reproduce:
1. Select Firefox > About Firefox in Firefox 4
2. An unprompted forced upgrade is performed
3. Firefox 5.0 crashes
4. User selects do not send crash report

Actual Results:  
Crash report is uploaded to a remote server

Expected Results:  
Crash report should never be uploaded when user declines.

about:crashes shows a link to: https://crash-stats.mozilla.com/report/index/ce45c00d-fd99-46e0-9a0d-7a15e2110622

This link contains the private crash data despite the user declines to upload it.

Comment 1

[(not currently active) Ted Mielczarek]

Can you provide some more detail here? I've never heard of or experienced this happening.
When Firefox crashed, you saw the "Mozilla Crash Reporter" application, correct?
You unchecked the "Tell Mozilla about this crash so they can fix it" checkbox?
Then you clicked which button, "Quit Firefox" or "Restart Firefox"?
Did the crash reporter show a little spinner at the bottom of the window after you clicked a button?

When you went to about:crashes, did you click on the link you pasted above? We have some code that will attempt to submit an unsubmitted report if the user clicks on it in about:crashes.

Comment 2

[Andreas van dem Helge]

So why isn't there a warning in about:crashes before private data is uploaded from the user's computer? This must be what happended.

You can warn people and make them click 27 times to visit some SSL sites, even lock out other SSL sites with absolutely no override in the GUI. But uploading private data without the users consent is OK!!??

Comment 3

[(not currently active) Ted Mielczarek]

In the normal course of events, this does not happen. If the user unchecks the "Tell Mozilla about this crash", the crash reporter is supposed to delete the file from disk, and the user will not get another chance to submit it. The only time this is supposed to happen is when the user intends to submit the crash and it fails to submit, such as due to network error. We silently submit from about:crashes because the user is making an intentional act to visit a page (about:crashes) and click on a link looking for details about their crash.

This is why I asked for more details about what happened.

Comment 4

[Andreas van dem Helge]

The user believes they are visiting a link. There's no indication to the contrary. This is a serious issue that needs to be fixed.

Do you know what servers the crash reporter communicates with (DNS name)?

Comment 5

[Matthias Versen [:Matti]]

>This is a serious issue that needs to be fixed.
I still don't see why this should be a serious issue.

There will be only an entry in about:crashes if the user already confirmed that he wants to send the crash report to mozilla. I would call that a non issue.
The crash report doesn't or shouldn't appear there if the user says "no" and that's contrary to the statement in your bug report.

Comment 6

[(not currently active) Ted Mielczarek]

The user believes they are visiting a link *to a crash report that they already agreed to submit*. Now, if there's a specific bug here where we did not remove the crash report despite the user unchecking the "tell mozilla" box, then we should isolate and fix that, but I can't do that without more information.

Comment 7

[(not currently active) Ted Mielczarek]

I'm resolving this as INCOMPLETE until you can provide us with more information about what might have happened here. As it stands, this bug doesn't really tell us anything.