Bug 197687 - Tools using bugzilla email lists expose un-truncated and un-obfuscated email addresses
Summary: Tools using bugzilla email lists expose un-truncated and un-obfuscated email ...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-05-08 01:23 PDT by Tobi Reif
Modified: 2019-11-04 02:13 PST (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobi Reif 2019-05-08 01:23:21 PDT
My email address gets published un-truncated and un-obfuscated.

Here's a list of the pages:
(A URL-shortener is used so that I don't have to paste the verbatim URL which includes my email address. The bit.ly URL resolves to a google.com search.)

https://bit.ly/2DU2xGK

Please make sure that my email address gets obfuscated or truncated on these pages (please send a request to the marc.info maintainers).

Please also make sure that my email address gets obfuscated or truncated on the original pages (your pages) from which marc.info got the copies.
Comment 1 Simon Fraser (smfr) 2019-05-08 09:55:32 PDT
Looks like marco.info is following webkit-unassigned (https://marc.info/?l=webkit-unassigned&r=1&w=2)
Comment 2 Tobi Reif 2019-05-09 03:21:33 PDT
One specific example:

The bug page:
https://bugs.webkit.org/show_bug.cgi?id=108929
Does not publish my email address.

The message at the original location:
https://lists.webkit.org/pipermail/webkit-unassigned/2013-March/1364285.html
Has my email address, but at least the at-sign is replaced with " at ".
Please make sure the email address gets truncated/obfuscated more strongly (on the whole site webkit.org) (ideally for all email addresses).

The message copy at marc.info:
https://marc.info/?l=webkit-unassigned&m=136360475701428
Contains my email address (you can find it right after "Comment #7 from Tobi Reif") in full, non-obfuscated and non-truncated. It even is featured verbatim in the source of the page - very easy to harvest even for simple spam bots.

Since 2018-02-21 I have sent several emails to the maintainers of marc.info. They have not fixed the issue.

Please make sure that the list admin of "Webkit-unassigned" will soon send a request to the marc.info maintainers https://marc.info/?q=about asking them to immediately obfuscate or/and truncate all instances of my email address on their site which have been fetched from "Webkit-unassigned" (currently all instances of my email address on marc.info are from "Webkit-unassigned"). (Feel free to expand the request to all email addresses fetched from your list/lists.)
Comment 3 Tobi Reif 2019-05-09 03:28:19 PDT
... and if marc.info gets the messages via an API please make sure that the email addresses are strongly truncated/obfuscated in the data supplied by the API.
Comment 4 Tobi Reif 2019-05-09 04:25:42 PDT
And thanks for looking into it!
Comment 5 Tobi Reif 2019-05-17 02:43:14 PDT
Please make sure that my email address gets truncated/obfuscated on all these marc.info pages: https://bit.ly/2DU2xGK (they all publish a "Webkit-unassigned" message).

Please send a request to the contacts at https://marc.info/?q=about (there also is a contact at the bottom of the page after "send pizza").
Comment 6 Tobi Reif 2019-05-21 02:48:32 PDT
(Please make sure to not paste my email address here in this ticket. Thanks.)
Comment 7 Radar WebKit Bug Importer 2019-05-22 21:53:13 PDT
<rdar://problem/51055305>
Comment 8 Tobi Reif 2019-05-28 23:59:52 PDT
I hope this issue can get resolved soon.
Comment 9 Tobi Reif 2019-06-24 01:05:30 PDT
I hope this issue can get resolved soon.
Comment 10 Tobi Reif 2019-07-19 02:39:17 PDT
I hope this issue can get resolved soon.
Comment 11 Tobi Reif 2019-08-20 01:50:15 PDT
I hope that this issue will be resolved soon. Thanks in advance!
Comment 12 Tobi Reif 2019-09-25 01:23:40 PDT
I hope this issue can get resolved soon.
Comment 13 Tobi Reif 2019-11-04 02:13:27 PST
I hope this issue can get resolved soon.