[coreboot] Coreboots Board Status have privacy issues for contributors

Sun Nov 25 23:32:30 CET 2018

I've already raised this board_status.sh issue a few months earlier,
together with the proposed fix (which I forgot to transform into a
patch, perhaps because no one replied to me) -
https://mail.coreboot.org/pipermail/coreboot/2018-April/086488.html .
It could be hard to create an automatic filter which will successfully
erase all the information that you believe is private, and also there
could be different estimates of what is private and what is not.
Perhaps the easiest solution is just to insert a pause before
uploading the results, so that a user could use this pause to remove
the log parts that he considers as private. Also, this way only the
user will be responsible for removing his private information and
there wouldn't be any complains like "your script didn't remove X and
some 3-letter-agency hacked me by using this knowledge"
On Mon, Nov 26, 2018 at 12:03 AM Nico Huber <nico.h at gmx.de> wrote:
>
> On 25.11.18 18:24, j443i8 at goat.si wrote:
> > the mac 70:3a:cb:bd:fd:e3 . This is probably some Google device his
> > device is connecting to because the mac range is registered to Google
> > Inc. Now i can lookup in public wifi databases and in some cases i then
> > know where the users lives.
>
> You can also just ask them where they live. Whereby I want to say, not
> everybody is in the same paranoid mode.
>
> > I was thinking of contributing to the Board Status but i dont want to
> > release any private data and wont contribute now. What is the usage of
> > the world to know what mac address the people are using?
>
> There is no usage. It just makes the script simpler that gathers the
> information.
>
> >
> > Please fix this to:
>
> No, you, please fix this. You are very welcome to contribute patches.
>
> > 1) Remove kernel log and replace it with "uname -r" to just know the
> > kernel version.
>
> This makes no sense, nobody asked for the kernel version. We want to see
> kernel messages. You can however implement a heuristic to filter per-
> sonal information.
>
> > 2) Please make the contribution without the force of having to register
> > to git. Make a public account that have just access to the
> > board-status.git and set this public account into the code itself.
>
> You are free to set something like this up and redirect all pushes to
> your Gerrit account. *After* you filtered spam.
>
> > Then
> > there can be for example a simple live linux iso that people can boot
> > with LAN cable connected. No requirement of installation software, of
> > setting things up or anything like that.
>
> Yes, please implement that. Again patches are welcome. We don't lack
> ideas, we lack the time to set things up. So once you are done with
> that, feel free to ask what else you can do.
>
> Nico
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot