Clarify Problem Report Personal Information

Discussion in 'Feature Suggestions' started by sandinak, May 24, 2011.

?

Do you consider information included in Problem Reports 'personal information'?

Poll closed Jun 23, 2011.
  1. Yes, it's a breach of my security and privacy.

    1 vote(s)
    100.0%
  2. Perhaps, but Parallels should clarify personal info is being sent and used only for support..

    0 vote(s)
    0.0%
  3. No, It's not an issue to me

    0 vote(s)
    0.0%
  1. sandinak

    sandinak

    Messages:
    5
    The current problem report in Parallels 6 says 'No personal information will be collected'. However.. the default settings for a problem report include logfiles with LOTS of personal information in them are being sent. I would recommend that you change the statement to include the possibility that personal and security related information will be in the problem report. If parallels isn't collecting it after-the-fact .. that should be made clear. Specifically:

    - The screen shots have LOTS of possibility for information compromise depending on what else one was doing when the problem report is generated.
    - The Installed Software list contains revisions, which can be used for targeted attacks.
    - Host Hardware contains all connected interfaces, for Firewall/Bridge machines this is a bad information leak.
    - system.log contains valid calls to sudo are posted here, which gives a convenient list of users enabled for sudo

    All of these logs contain various piece of personal information including ipaddresses, macaddresses, full name, etc. which can certainly construed as 'personal information'. Might be worth some time to clean this up and make it more security and privacy aware.
     

Share This Page