Can we identify and treat information that a user would want to keep private in the status log so that a user may more confidently share this for diagnostics?
My current status log is about 1400 lines, and I see that it contains some information that I would be hesitant to share here or in Salsa. It’s long enough that a person would have to be diligent to obscure every instance of private information, and users may not know which parts of this log may create a risk if they share it on the internet. They may also obscure this information in such a way as to make this more difficult to use to diagnose the problem.
Sharable Status Log would be a status log which will obscure information which may pose a risk to the user if shared online. Here are some examples, and we can debate the severity but I’m going to put a risk rating on this as High Risk or Low Risk. Anything excluded I consider “No Risk,” but I may be wrong!
High Risk: Feb 10 15:35:06 hostname /usr/bin/plinth: Updating dynamic domain fullyqualifiedhostname.freedombox.rocks, DNS address 184.108.40.206, looked up external address <!doctype html public “-//w3c//dtd html 4.01 transitional//en”
Low Risk: Feb 10 15:34:26 hostname /usr/bin/plinth: Not Found: /plinth/sys/diagnostics/img/noise.png
High Risk: hostname fullyqualifiedhostname.freedombox.rocks
currently points to 220.127.116.11
Refer to your FreedomBox status log.
Today the user must obscure this information manually. There are several ways they can expose themselves to risk:
Some users are unaware of the risk and share the information without modification
Some users are aware of the risk, but maybe not aware of all cases creating risk to the user
Some users may be completely aware of the risks, but still fail to obscure the information in each instance
Identify information in status log that creates risk when shared (FQDN, External IP, etc.)
– information that could be used to identify a user for attack or exploit
– user supplied information such as hostname which they may wish to keep private
– user supplied information which may be offensive to log file readers
Create a name substitution scheme to uniformly apply throughout the sharable status log, mayebe something like:
– hostname = ‘hostname’
– fqdn = ‘hostname.freedombox.rocks’
– IP Address = ‘XX.XX.XX.XX’
Create a UI element to either copy Sharable Status Log to the clipboard or download this as a file.