From: SourceForge.net <no...@so...> - 2007-09-18 13:28:33
|
Bugs item #1793966, was opened at 2007-09-13 07:47 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=1793966&group_id=11118 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: version 3.0.6 Status: Pending Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Fabian Keil (fabiankeil) Summary: default configuration logs all requests to a file Initial Comment: config contains debug 1 This may be ok for debugging and special cases, but default configuration logging all requests to a file doesn't sound like a good idea at all, from the perspective of a user seeking privacy IMHO. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-09-18 06:28 Message: Logged In: NO It may be not a bug in strict sense, but an issue worth concern. I was surprised to see this option in the config installed by default, in my opinion it doesn't make a lot of sense. And, yeah, I can and do disable logging completely, although without "debug 1" option it's less of a problem. But you are probably aware that privoxy is shipped in a bundle with Tor, via package management systems in various Linux distros etc, and, even if the user makes effort to edit the default config, it has a lot of potential to be overlooked (esp. given that intuitively people may expect privacy enhancing software not to do such things as verbose logs of all requests). Sorry if this report is spurious to you, but that's my take on it. ---------------------------------------------------------------------- Comment By: Fabian Keil (fabiankeil) Date: 2007-09-15 06:27 Message: Logged In: YES user_id=875547 Originator: NO Where's the bug? Unlike Tor, Privoxy doesn't scrub any log messages, so if you intent to give untrusted third parties access to your unencrypted hard disc, you should disable logging in Privoxy altogether. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=1793966&group_id=11118 |