https://bugs.documentfoundation.org/show_bug.cgi?id=165781
Bug ID: 165781
Summary: Privacy risk: Pinter name is stored on each edit
Product: LibreOffice
Version: 24.8.5.2 release
Hardware: All
OS: Linux (All)
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: Calc
Assignee: [email protected]
Reporter: [email protected]
As a privacy conscious user I expect LibreOffice to write my name (like I
entered in settings) and probably some metadata (like timestamp and maybe a
build tag) to a file whenever I save it. People who want to create or edit
files anonymously are hopefully aware of those and can act accordingly.
What I would not expect is to find my printer name in a file which I just
minimally edited (not created, not printed nor actively print-previewed).
Printer names can be unique, they can potentially identify your workplace or
organization. They are also system wide, meaning that creating a separate user
account for anonymous editing will not prevent your identification. This can
become a huge issue for whistleblowers or people who need to edit something
anonymously for any reason. We must assume that intelligence organizations have
databases of such metadata and will use it for de-anonymization.
Technicalities
--------------
After unzipping a document, check settings.xml for the config:name
"PrinterName" and "PrinterSetup", the latter also contains the name and some
settings base64 encoded.
Reproduce on Linux
------------------
1. Move an ods file to an empty directory
2. `unzip myfile.ods`
3. Optionally format xml files in place. (Don't run it in the wrong directory,
it may overwrite or clear your xml files when errors occur.)
`find . -maxdepth 3 -type f -iname "*.xml" -exec xmllint --format '{}'
--output '{}' \;`
4. `rg Printer` (or use any other grep or searchtool you like to search for
Printer)
5. Optionally decode PrinterSetup: `echo "yourbase64" | base64 --decode
Example file
------------
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/OPCUA/OPCUA_Sicherheitsmechanismen_odt.ods?__blob=publicationFile&v=1
(I haven't looked at the contents, just found this randomly with a google
"filetype:ods security" search. The last editor apparently had a default
printer named "5_703_COL_simplex".)
Further notes
-------------
- Someone else also mentioned this on Stackoverflow:
https://superuser.com/a/1831528/551544
- Reported against Calc because this is what I tested and I didn't see an "all"
component.
- It is documented here, but disabling the "save" feature does not seem
possible:
https://help.libreoffice.org/7.0/en-US/text/shared/optionen/01010200.html?DbPAR=SHARED
--
You are receiving this mail because:
You are the assignee for the bug.
