Hw-probe privacy best practices

Mayavimmer · Сообщение **Mayavimmer** » 07 дек 2015, 14:15

I like the idea of hw-probe as a move towards efficiency and standardization. However I am also concerned about privacy after noticing that it leaks out some private information that I don't want to post on a public web site.

In particular I found my own name and that of some customers of mine plus other private data in various places, including config and log files and their internal comments documenting their usage.

Since my hw-probe -all run produces more than 2000 lines of text in about 100 files it is not exactly convenient to comb through all that to find unwanted personal data.

As a temporary fix I tried:

Код: Выделить всё

hwprobe -all
grep -ir "my name" hw.info
grep -ir "my client's names" hw.info
grep -ir "my public ip"
...etc... substituting your real name
cp -a hw.info public.hw.info
lynx public.hw.info # modifying private info
hw-probe -update -src public.hw.info

... manually overstriking private info with XXXX's wherever I find it.

Stiil I am not entirely happy with this procedure. Probably the biggest problem is the possibility of unstructured privated comments documenting config files. And this can only be solved in the distant future by abolishing low level text content in programming. (Dreaming!). Does anybody have any ideas?

At a minimum users should be warned to produce a local hw.info to be scanned with grep -ir and a quick text viewer such as lynx before sending it in with -update -src. Perhaps including this in the hw-info wiki page.

Not all logs you submit are shown publicly on the web-site. For example, uname, ps, pstree, top, dmi/id, avahi, ldconfig, nm-tool, avahi, iw scan, hcitool scan and route logs are not shown for others. Also the user name and host name in the journalctl are decorated when shown on the site. Your serial id of the board is also decorated in the dmidecode.

However we should add an option (may be enabled by default) to prevent this private information from submitting to the server at all. So that even developers can't access it.

I'll try to find some solution this week.

Thank you.

Mayavimmer · Сообщение **Mayavimmer** » 09 дек 2015, 07:46

Ok, that is a useful step, but it needs to be documented.

Also I think all comments should be stripped out, as they often contain very important and very private information.

Perhaps we should get the public's opinions on what they want to protect most. It could be done with a simple wiki page documenting each hw.info item and their potential for privacy harm. Or maybe we could just do that informally in the forum (here?).

Another possibility would be to scramble serial numbers, UUID's, etc.

Privacy is greatly improved in hw-probe version 1.4. See https://github.com/linuxhw/hw-probe#privacy. All old probes are protected too.

ROSA Forum