All users were logged out of Bugzilla on October 13th, 2018

stop writing personal information into system log

RESOLVED FIXED

Status

()

P3
normal
RESOLVED FIXED
7 years ago
a year ago

People

(Reporter: myk, Unassigned)

Tracking

unspecified
ARM
Android
Points:
---

Firefox Tracking Flags

(fennec11+)

Details

(Whiteboard: [MTD])

(Reporter)

Description

7 years ago
Fennec writes personal information into the system log when syncing history, in particular the titles and URLs of the entries it syncs.  This makes attaching a log to a bug into a cumbersome and disconcerting experience, because one must scrub the log of the personal information first to avoid leaking it, and one is never quite sure that the scrubbing was thorough.

Fennec shouldn't write such information into the system log.  Or, if it's really needed to debug certain kinds of problems, Fennec should only write it into the system log when an about:config pref is set, and that pref should not be set by default.
Gian-Carlo: I thought we already removed this in a different bug?
Assignee: nobody → gpascutto
tracking-fennec: --- → 11+
Priority: -- → P1
(Reporter)

Comment 2

7 years ago
Note: I last saw the information a week or two ago, I just forgot to file the bug until now.  So it's possible y'all fixed it already, in which case sorry for the invalid bug!
(In reply to Mark Finkle (:mfinkle) from comment #1)
> Gian-Carlo: I thought we already removed this in a different bug?

Sync still logs everything apart from passwords.
The excessive logging in Profile Migrator was removed in Bug 713408. But someone else seems to have had the same bad idea as I did.
(In reply to Gian-Carlo Pascutto (:gcp) from comment #4)
> The excessive logging in Profile Migrator was removed in Bug 713408. But
> someone else seems to have had the same bad idea as I did.

This was a deliberate and informed choice: thorough logging is necessary to figure out when things don't work, particularly for Sync, and we don't yet have a mechanism for adjusting logging levels.

It doesn't do us any good to ship a build to test drivers and then respond to their bugs with "sorry, we need more log data for this". :/
Assignee: gpascutto → nobody
Component: General → Android Sync
Product: Fennec Native → Mozilla Services
QA Contact: general → android-sync
Do you really need to log all the actual URLs themselves, though? That's what bothers people, not so much the log volume.
(In reply to Gian-Carlo Pascutto (:gcp) from comment #6)
> Do you really need to log all the actual URLs themselves, though? That's
> what bothers people, not so much the log volume.

We use all the attributes of your bookmarks and history entries — titles, URLs, folders… — to reconcile. If there's a bug in reconciling, it doesn't really help for us to only see GUIDs.
is there a way for people to opt into/out of this for privacy reasons?  ie maybe a preference?
(In reply to Naoki Hirata :nhirata from comment #8)
> is there a way for people to opt into/out of this for privacy reasons?  ie
> maybe a preference?

See Comment 5: "and we don't yet have a mechanism for adjusting logging levels".
OK, this data is being used to debug Sync so there is no reason to pull it out yet. It's providing a good service. Nightly and Aurora are fine targets for this debugging. We should discuss whether we want to leave it on of off for a beta release.
(Reporter)

Comment 11

7 years ago
(In reply to Mark Finkle (:mfinkle) from comment #10)
> OK, this data is being used to debug Sync so there is no reason to pull it
> out yet. It's providing a good service. Nightly and Aurora are fine targets
> for this debugging. We should discuss whether we want to leave it on of off
> for a beta release.

I can see how it provides a good service when debugging certain sync problems, but otherwise it does debugging a disservice, since it dissuades folks from submitting logs.

The last time I submitted a log with this information in it (about a sync problem, but one diagnosable without this information), I spent quite a bit of time scrubbing the log of the information via several regex-based find/replaces in my text editor.  And then I crossed my fingers that I got everything.

That isn't something I want to do on a regular basis.  So this isn't just about end-user privacy (and beta/release performance).  It's also about nightly and aurora tester participation.

At the very least, it should be possible to disable this logging.

Updated

7 years ago
Depends on: 725082
Triaging down to P3. We'll address this before release, probably by turning down logging in the release channel.
Priority: P1 → P3
Fixed. See Bug 725513 as a follow-up.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Assignee)

Updated

6 years ago
Component: Android Sync → Android Sync
Product: Mozilla Services → Android Background Services

Updated

a year ago
Product: Android Background Services → Firefox for Android
You need to log in before you can comment on or make changes to this bug.