bugFreeciv - Bugs: bug #17747, Reassigned to another tracker...

Show feedback again

bug #17747: Reassigned to another tracker [was: Your gna installation leaks "private" emails.]

Submitted by:  None
Submitted on:  Wed Feb 16 15:29:58 2011  
Category: freeciv.orgSeverity: 6 - Security
Priority: 5 - NormalStatus: None
Assigned to: NoneOriginator Email: -unavailable-
Open/Closed: ClosedRelease: n/a
Operating System: AnyPlanned Release: 
Contains string changes: None

Add a New Comment (Rich MarkupRich Markup):

You are not logged in

Please log in, so followups can be emailed to you.


(Jump to the original submission Jump to the original submission)

Fri Jul 8 01:15:08 2011, comment #10:

Ironically I can't, because the new bug report doesn't accept anonymous. But we are legion!?

Thu Jul 7 13:16:53 2011, comment #9:

Please take your discussion to the reassigned bug #18310 in the Savane project.

This is not and never was a bug in Freeciv.

Daniel Markstedt <dmarks>
Project Administrator
Thu Jul 7 13:04:36 2011, comment #8:

(OP here)
1) I'm not referring to the CC in the email, although admittedly BCC would be a nice idea, too.

2) I was referring to anonymous bug reports. I as "another" anonymous can find the first anonymous' contact information by just adding a comment to an anonymous bug report.

3) I am not and was not logged in as user. User accounts tend to pile up and rot plus have a tendency to have unsafe shared passwords - the fewer the better. It would be nice if gna respected this. ANYWAYS: I don't mind if the people from the project see my contact info. Not at all. They need it. If you're logged in and have this bug report assigned, by all means, do contact me. But if I am NOT logged in and don't have anything to do with the bug report, just by submitting a comment, I shouldn't be able to find out the originator's email.

4) I am not concerned about anyone intercepting this. I am concerned about a third party coming along, and adding a comment to a bug report just to find out who reported it. It's no big deal, but it's a very unexpected way of exposing one's email address, if the rest of the bug reports give you the impression that the email is actually not shared (see, e.g., the cc list, where the anonymous originator's is NOT displayed, as well as other places that give you the impression there's been some effort to guard the email address)

5) HTTPS or not is not and was never the concern.

second 5) well, fix that. I shouldn't need an account to retain privacy just because I find a bug in project XYZ and me idiot takes the time to report it. I don't know how many website / group accounts you have, but I have too many already.

Finally) Please have a look at the screenshot I posted. If you can reproduce getting my email displayed anonymously just by adding a comment here, then I continue to claim that this is a bug in GNA. It CANNOT be accepted GNA default operation to spew out its users data - anonymous or not.

I understand the points you raised, but most of them are IMO not catching the aspect about which I created the bug report. And also about not pushing out people's email: I'd really appreciate if BUG #18310 got my email address removed from its visible portion.

Thu Jul 7 09:58:24 2011, comment #7:

1) The system really does send an email to the given address, and furthermore anyone who adds a comment will get an email that has a CC: of everyone who contributed to the discussion. So yeah, you now have my email address. Perhaps we can coax GNA to use a BCC: instead? That's the only thing i can think of that won't stifle discussion...

2) I didn't test it right now, but IIRC the banner on the web page displays a username [if Savane has one available] instead of the naked email address. If so, then posting anonymously is less secure than creating an account - the system has no other way to refer to you than by your address.

3) Similarly, bug reports always display the username of the original submitter. Where the name is 'None' [i.e., anonymous] then the additional field called Originator Email is also displayed, because we simply have to have some way to contact the OP. AFAIK, these tracker items never go away even when closed - your address is attached to this item more or less forever.

4) The web page banner is sent in a 'private' packet from the server to your browser. While it is certainly possible for that packet to be intercepted, it should be far easier for a cracker to access the email with all of our addresses in it. I suggest that is the area that could use the most attention from the administrators.

5) Right now this is being sent inside a HTTPS session. IDK if this is also true for 'anonymous' posts.

5) The project does have some responsibility for the privacy of it's community members, but arguably those users have as much or more responsibility for their own privacy. The moral of this story is that not having an account is inherently less secure than having one. If you insist on being 'anonymous' then you would be better served by getting an additional free email address and use that address only with the project.

David Lowe <doctorjlowe>
Thu Jul 7 02:55:06 2011, comment #6:

See the top of :
Maybe that explains it better and maybe it's something absolutely natural :)

Thu Jul 7 02:49:04 2011, comment #5:

with reassigning this bug you actually published my email address, too, dmarks - see field #36. Just made me chuckle given the nature of this bug report ;)

Mon Jul 4 18:11:51 2011, comment #4:


Please, do not post any new comments to this item.

Daniel Markstedt <dmarks>
Project Administrator
Mon Jul 4 18:11:00 2011, comment #3:

Testing again.

Thu Feb 17 21:47:59 2011, comment #2:

Test anonymous comment.

Wed Feb 16 15:30:46 2011, comment #1:

the message looks like, e.g.: "New item posted (bug #17747) CC added. Mail sent to (my email address here), -unavailable-"

Wed Feb 16 15:29:58 2011, original submission:

I can see my "unavailable to non logged in" email just fine without logging in.

Submitting a change where my email's the originator email makes a overlay appear in my browser which displays my email address (message sent to : other people in the CC + original submitter) as (email address) - -unavailable-. Yes, my email address is clearly visible next to the unavailable.

Please fix your gna setup.



(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):

No files currently attached


Depends on the following items: None found

Items that depend on this one: None found


Carbon-Copy List
  • -unavailable- added by dmarks (Posted a comment)
  • -unavailable- added by doctorjlowe (Posted a comment)
  • -unavailable- added by None (Submitted the item)

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.


    Error: not logged in



    Follows 1 latest change.

    Date Changed By Updated Field Previous Value => Replaced By
    Mon Jul 4 18:11:51 2011dmarksReassign ItemFreeciv, bug #17747=>Savane, bug #18310
    Show feedback again

    Back to the top

    Powered by Savane 3.1-cleanup