You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please use the 👍 reaction to show that you are affected by the same issue.
Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Subscribe to receive notifications on status change and new comments.
Expected behaviour
The Nextcloud desktop client should clean out all potentially sensitive data from the debug zip file contents
The Nextcloud desktop client should warn about which data is contained in the dump
(Additionally: file extension should be zip automatically, but there isn't any)
Actual behaviour
The debug log / databases contain sensitive data such as email addresses, nextcloud user names, private server addresses, local disk paths (which include local user names), something called oc_sessionPassphrase, file and folder names in the nextcloud, file checksums, a user's online times, file modification times, ... basically everything except the files themselves.
No visible effort has been made to obscure any of the sensitive data
Nextcloud team requires that such a dump is included in any reports about desktop client misbehavior in their issue template:
desktop client logs are a hard requirement for bug reports because we don't know how to do magic here :)
To be honest, I'm shocked. Nextcloud boasts itself of respecting and improving their users' privacy, and then this?
As a temporary fix, the requirement should be removed from the issue template ASAP.
As a near-term fix, the user data should be cleaned before saving as a debug dump that is supposed to be posted into a public place.
Steps to reproduce
Right-click on desktop client icon
Select 'Settings'
Select 'General' in top right corner
Click on 'Create Debug Archive ...'
Inspect resulting file
Client configuration
Any
Server configuration
Any
The text was updated successfully, but these errors were encountered:
How to use GitHub
Expected behaviour
Actual behaviour
To be honest, I'm shocked. Nextcloud boasts itself of respecting and improving their users' privacy, and then this?
As a temporary fix, the requirement should be removed from the issue template ASAP.
As a near-term fix, the user data should be cleaned before saving as a debug dump that is supposed to be posted into a public place.
Steps to reproduce
Client configuration
Any
Server configuration
Any
The text was updated successfully, but these errors were encountered: