Bug 197687 - Tools using bugzilla email lists expose un-truncated and un-obfuscated email addresses
Summary: Tools using bugzilla email lists expose un-truncated and un-obfuscated email ...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-05-08 01:23 PDT by Tobi Reif
Modified: 2020-05-05 01:06 PDT (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobi Reif 2019-05-08 01:23:21 PDT
My email address gets published un-truncated and un-obfuscated.

Here's a list of the pages:
(A URL-shortener is used so that I don't have to paste the verbatim URL which includes my email address. The bit.ly URL resolves to a google.com search.)

https://bit.ly/2DU2xGK

Please make sure that my email address gets obfuscated or truncated on these pages (please send a request to the marc.info maintainers).

Please also make sure that my email address gets obfuscated or truncated on the original pages (your pages) from which marc.info got the copies.
Comment 1 Simon Fraser (smfr) 2019-05-08 09:55:32 PDT
Looks like marco.info is following webkit-unassigned (https://marc.info/?l=webkit-unassigned&r=1&w=2)
Comment 2 Tobi Reif 2019-05-09 03:21:33 PDT
One specific example:

The bug page:
https://bugs.webkit.org/show_bug.cgi?id=108929
Does not publish my email address.

The message at the original location:
https://lists.webkit.org/pipermail/webkit-unassigned/2013-March/1364285.html
Has my email address, but at least the at-sign is replaced with " at ".
Please make sure the email address gets truncated/obfuscated more strongly (on the whole site webkit.org) (ideally for all email addresses).

The message copy at marc.info:
https://marc.info/?l=webkit-unassigned&m=136360475701428
Contains my email address (you can find it right after "Comment #7 from Tobi Reif") in full, non-obfuscated and non-truncated. It even is featured verbatim in the source of the page - very easy to harvest even for simple spam bots.

Since 2018-02-21 I have sent several emails to the maintainers of marc.info. They have not fixed the issue.

Please make sure that the list admin of "Webkit-unassigned" will soon send a request to the marc.info maintainers https://marc.info/?q=about asking them to immediately obfuscate or/and truncate all instances of my email address on their site which have been fetched from "Webkit-unassigned" (currently all instances of my email address on marc.info are from "Webkit-unassigned"). (Feel free to expand the request to all email addresses fetched from your list/lists.)
Comment 3 Tobi Reif 2019-05-09 03:28:19 PDT
... and if marc.info gets the messages via an API please make sure that the email addresses are strongly truncated/obfuscated in the data supplied by the API.
Comment 4 Tobi Reif 2019-05-09 04:25:42 PDT
And thanks for looking into it!
Comment 5 Tobi Reif 2019-05-17 02:43:14 PDT
Please make sure that my email address gets truncated/obfuscated on all these marc.info pages: https://bit.ly/2DU2xGK (they all publish a "Webkit-unassigned" message).

Please send a request to the contacts at https://marc.info/?q=about (there also is a contact at the bottom of the page after "send pizza").
Comment 6 Tobi Reif 2019-05-21 02:48:32 PDT
(Please make sure to not paste my email address here in this ticket. Thanks.)
Comment 7 Radar WebKit Bug Importer 2019-05-22 21:53:13 PDT
<rdar://problem/51055305>
Comment 8 Tobi Reif 2019-05-28 23:59:52 PDT
I hope this issue can get resolved soon.
Comment 9 Tobi Reif 2019-06-24 01:05:30 PDT
I hope this issue can get resolved soon.
Comment 10 Tobi Reif 2019-07-19 02:39:17 PDT
I hope this issue can get resolved soon.
Comment 11 Tobi Reif 2019-08-20 01:50:15 PDT
I hope that this issue will be resolved soon. Thanks in advance!
Comment 12 Tobi Reif 2019-09-25 01:23:40 PDT
I hope this issue can get resolved soon.
Comment 13 Tobi Reif 2019-11-04 02:13:27 PST
I hope this issue can get resolved soon.
Comment 14 Tobi Reif 2020-03-12 02:04:22 PDT
Please make sure that my email address gets truncated/obfuscated on all these marc.info pages: https://bit.ly/2DU2xGK (they all publish a "Webkit-unassigned" message).

Please send a request to the contacts at https://marc.info/?q=about (there also is a contact at the bottom of the page after "send pizza").
Comment 15 Tobi Reif 2020-04-24 02:13:49 PDT
It clearly doesn't help that I post here regularly. What could I do instead?


The issue needs to get resolved. Has anything been tried? Is there any progress at all?
Comment 16 Tobi Reif 2020-05-05 01:06:20 PDT
You are passing on my email address, not actively but knowingly, for years, either via the some pages or via an API. And marc.info is publishing it.

I had never consented to you passing on my email address. Please stop it. And please make sure that the past and future published copies of my bug reports on marc.info do not contain my email address (they got and are getting my email address through you).