ubuntu-bug sends huge amounts of internal data to public bugs without asking for permission

Hello Henning,

Thank you for taking the time to report this. You can remove any attachments from your public bug by opening the report in your browser, clicking the yellow edit button beside whichever file you'd like to remove, and selecting delete.
When sending a bug report with `ubuntu-bug -w`, a window should open listing the data that will be sent along with the option to send or cancel sending the report, as pictured here: https://help.ubuntu.com/community/ReportingBugs#Complete_the_bug_report_filing_process.

Thanks,
Avital

thanks a lot for your fast response and help!

Actually I only recognized the yellow editing circle for the main content areas here in launchpad bug report, and missed them being also next to each single file, where I can delete the whole files, as I see now on closer inspection.

I wanted to disagree with the point that the information that is uploaded is displayed and I am asked for confirmation, because I have seen an checked this dialog in previous automatic crash reports and never saw anything critical.

But on closer inspection I see that apparently a bug report for Terminal sends different information than for example thunderbird (which was my reason to file this bug, as it sent details about my internal ip network, lsusb, alsa, username etc).

In my opinion this fact isn't clear enough, people who filed bugs e.g. for Terminal before, will assume the information sent is the same with any other program, and will not check these things.

IMHO and the warning when sending "ip addr" output and other things should be clearer.

While being convenient for developers debugging problems not having to ask for additional information, I doubt it is a good idea to fetch all these data in all cases.
e.g. my IP address, username, alsa sound system information, lsusb says a LOT about my personal computer usage, but is absolutely not necessary nor even useful to have when I send a bug report because Thunderbird's way to handle keyboard shortcuts is broken since the latest update.

I am not sure if this is the best possible way to report bugs and collect data about systems, that also contains data about computer users and therefore persons.

I'm not sure what you expect to happen here. When running "ubuntu-bug -w", a window pops up which asks for confirmation to send the report to the developers, and inside the window is the contents of the information that is going to be sent. The user can inspect the information and choose not to send it.

Please describe in detail the changes that you would like to see implemented in that dialog. Once you do so, I will mark this bug appropriately and will make it public so that the Apport developers can see it.

Thanks!

Yes i understand, so let me try:

In my opinion it should be somehow made clear that each application sends
different Information. I was not aware of that, so i have checked this
dialog a few times in the past but wasnt aware of the need to do it for
each report.

Also applications should be checked if they should be allowed to request
those amounts of data. A full dmesg output for example is inappropriate for
a mail client.

--
Henning Sprang
http://www.sprang.de

dmesg in bug reports is fantastically helpful: it is a very fast and reliable way to diagnose many classes of hardware problems or filesystem flaws or kernel module incompatibilities that show up to the user as bugs in their programs. Having it available has saved both developers and users a *lot* of time.

Thanks

On Tue 10. Aug 2021 at 22:21, Seth Arnold <email address hidden>
wrote:

> dmesg in bug reports is fantastically helpful: it is a very fast and
> reliable way to diagnose many classes of hardware problems or filesystem
> flaws or kernel module incompatibilities that show up to the user as
> bugs in their programs. Having it available has saved both developers
> and users a *lot* of time.

I cannot tell for sure about the overall amount of bugs in Launchpad, but
in my own 25 years of software development i dont see how generally
requesting dmesg for each and every bug report would have been necessary or
helpful.

For my concrete situation and launchpad reports, i can tell that at the
same time i havent even got any answer for any bug i reported about
thunderbird so far… so its not even looked at by maintainers but available
to the whole world. (No complain, theres sure enough to do besides caring
for a single users rare issues! Only an observation from my perspective)

But yeah, there might be insights that i am lacking that make it a good fit.

Im not going to insist in changes if you see it as necessary the way it
is. I know what to do to work around it now.

Thanks :)

--
Henning Sprang
http://www.sprang.de

im concerned that in my last bug report apport sent GsettingsChanges.txt file which was containing my geolocation: b'org.gnome.shell.weather' b'locations' had name of my city, and b'org.gnome.settings-daemon.plugins.color' b'night-light-last-coordinates' had coordinates pointing at the city i live in. And i could see this information only after sending it and viewing attached files.