[Freeciv-Dev] [bug #17747] Reassigned to another tracker [was: Your gna installation leaks "private" emails.]

[anonymous]

Follow-up Comment #10, bug #17747 (project freeciv):

Ironically I can't, because the new bug report doesn't accept anonymous. But
we are legion!?

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #17747] Reassigned to another tracker [was: Your gna installation leaks "private" emails.]

[Daniel Markstedt]

Follow-up Comment #9, bug #17747 (project freeciv):

Please take your discussion to the reassigned bug #18310 in the Savane
project.

This is not and never was a bug in Freeciv.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #17747] Reassigned to another tracker [was: Your gna installation leaks "private" emails.]

[anonymous]

Follow-up Comment #8, bug #17747 (project freeciv):

(OP here)
1) I'm not referring to the CC in the email, although admittedly BCC would be
a nice idea, too.

2) I *was* referring to anonymous bug reports. I as "another" anonymous can
find the first anonymous' contact information by just adding a comment to an
anonymous bug report.

3) I am not and was not logged in as user. User accounts tend to pile up and
rot plus have a tendency to have unsafe shared passwords - the fewer the
better. It would be nice if gna respected this. ANYWAYS: I don't mind if the
people from the project see my contact info. Not at all. They need it. If
you're logged in and have this bug report assigned, by all means, do contact
me. But if I am NOT logged in and don't have anything to do with the bug
report, just by submitting a comment, I shouldn't be able to find out the
originator's email.

4) I am not concerned about anyone intercepting this. I am concerned about a
third party coming along, and adding a comment to a bug report just to find
out who reported it. It's no big deal, but it's a very unexpected way of
exposing one's email address, if the rest of the bug reports give you the
impression that the email is actually not shared (see, e.g., the cc list,
where the anonymous originator's is NOT displayed, as well as other places
that give you the impression there's been some effort to guard the email
address)

5) HTTPS or not is not and was never the concern.

second 5) well, fix that. I shouldn't need an account to retain privacy just
because I find a bug in project XYZ and me idiot takes the time to report it.
I don't know how many website / group accounts you have, but I have too many
already.

Finally) Please have a look at the screenshot I posted. If you can reproduce
getting my email displayed anonymously just by adding a comment here, then I
continue to claim that this is a bug in GNA. It CANNOT be accepted GNA default
operation to spew out its users data - anonymous or not.

I understand the points you raised, but most of them are IMO not catching the
aspect about which I created the bug report. And also about not pushing out
people's email: I'd really appreciate if BUG #18310 got my email address
removed from its visible portion.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #17747] Reassigned to another tracker [was: Your gna installation leaks "private" emails.]

[David Lowe]

Follow-up Comment #7, bug #17747 (project freeciv):

1) The system really does send an email to the given address, and furthermore
anyone who adds a comment will get an email that has a CC: of everyone who
contributed to the discussion.  So yeah, you now have my email address. 
Perhaps we can coax GNA to use a BCC: instead?  That's the only thing i can
think of that won't stifle discussion...

2) I didn't test it right now, but IIRC the banner on the web page displays a
username [if Savane has one available] instead of the naked email address.  If
so, then posting anonymously is less secure than creating an account - the
system has no other way to refer to you than by your address.

3) Similarly, bug reports always display the username of the original
submitter.  Where the name is 'None' [i.e., anonymous] then the additional
field called Originator Email is also displayed, because we simply have to
have some way to contact the OP.  AFAIK, these tracker items never go away
even when closed - your address is attached to this item more or less
forever.

4) The web page banner is sent in a 'private' packet from the server to your
browser.  While it is certainly possible for that packet to be intercepted, it
should be far easier for a cracker to access the email with all of our
addresses in it.  I suggest that is the area that could use the most attention
from the administrators.

5) Right now this is being sent inside a HTTPS session.  IDK if this is also
true for 'anonymous' posts.

5) The project does have some responsibility for the privacy of it's
community members, but arguably those users have as much or more
responsibility for their own privacy.  The moral of this story is that not
having an account is inherently less secure than having one.  If you insist on
being 'anonymous' then you would be better served by getting an additional
free email address and use that address only with the project.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #17747] Reassigned to another tracker [was: Your gna installation leaks "private" emails.]

[anonymous]

Follow-up Comment #6, bug #17747 (project freeciv):

See the top of : 
http://img847.imageshack.us/img847/169/gna.png
Maybe that explains it better and maybe it's something absolutely natural :)

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #17747] Reassigned to another tracker [was: Your gna installation leaks "private" emails.]

[anonymous]

Follow-up Comment #5, bug #17747 (project freeciv):

with reassigning this bug you actually published my email address, too,
dmarks - see field #36. Just made me chuckle given the nature of this bug
report ;)

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev