search

ProtonMail / proton-bridge

Proton Mail Bridge application
GNU General Public License v3.0
1.14k stars 155 forks source link

Logs expose email information (such as subjects) by default #322

Closed iTrooz closed 1 year ago

iTrooz commented 1 year ago

A few days ago I exported emails from my account using the Import-Export app. the app generated logs that showed the subject/from/to addresses of all the mails. I believe this is problematic because users do not expect/know that these are saved to their computer. Personally, I like to think of my emails as solely contained in Proton's apps, and not stored directly in my computer.

I believe that a second, similar log file was created when I imported the email back into another account, a few days later

Expected Behavior

Do not write sensitive information in logs file (at least not by default ?)

Current Behavior

Sensitive information is written by default in the logs file without the user's knowledge

Possible Solution

Disable (or remove sensitive information from ) logs by default, and add an option to toggle them on, specifying that logs may contain sensitive information

Steps to Reproduce

  1. Open the app
  2. Login to an account
  3. Click "export all" and follow the process
  4. Open the logs location and look at a file starting with "import_"

Version Information

v1.3.3

Context (Environment)

I would like data from my emails to be contained in the Proton apps exclusively, and not stored directly in my computer

Additional info :

I am on Linux, my log location is /home/[user]/.cache/protonmail/importExport/logs/

LBeernaertProton commented 1 year ago

Hey @iTrooz Please contact customer support for any issues you may be experiencing.

iTrooz commented 1 year ago

Hello @LBeernaertProton would I still need to go to customer support to submit a PR to fix this behavior ?