search

nvaccess / nvda

NVDA, the free and open source Screen Reader for Microsoft Windows
https://www.nvaccess.org/
Other
2.12k stars 638 forks source link

Show warning prompt after initialling nvda.ini if the logging level isn't set to "INFO" or to "OFF" #8515

Open DrSooom opened 6 years ago

DrSooom commented 6 years ago

Path:

NVDA menu » Preferences » Settings... » General

Actual behaviour:

At the moment there isn't any warnings if the logging level is higher than "Information" which cause security and privacy issues.

Expected behaviour:

So if the line in the "nvda.ini" isn't called "loggingLevel = INFO" or "loggingLevel = OFF" (see: PR #8596), NVDA should show a warning prompt every time after the file "nvda.ini" is initialled (e.g. after starting NVDA or after loading the saved configuration via the NVDA menu). The warning text should inform the user about the security and privacy risks if the logging level is higher than "Information". The prompt should ask the user if he wants to change it back to "Information" (= INFO) or to "Disable" (= OFF) now. Furthermore there should be a checkbox to disable this warning prompt (for devs) because in some circumstances it could be annoying for testers. Well, and the same checkbox also have to add in the General NVDA Settings window below the combobox "Logging level" as well.

System configuration:

NVDA version:

2018.1 (and earlier) to 2018.3.2

josephsl commented 6 years ago

Hi,

A few weeks ago, there was a heated argument somewhere regarding screen readers not caring about privacy, as they can intercept input and what not. I don't know how the debate ended, but if I remember correctly, the general consensus was that it does have implications.

To me, the bigger hole is unintentional information sharing. Yes, debug logs can log input and output; yes, IO logs can tell you whatever keys you or others have entered. If this information is kept local, this does not become a privacy problem; but once personal information is shared, there is a possibility that it could be used against users. These days, many tech articles always recommend users to stay vigilant, as security holes open up when users are not being careful themselves.

Let us hear thoughts from others before either committing to this or deferring it. Thanks.

LeonarddeR commented 6 years ago

Personally, I'd not be willing to accept such a feature, just because I always use NVDA at a level of debug warning or even debug, and I don't want to be bothered with such a prompt every time. As @josephsl states, there's only a privacy issue when the data that NVDA logs is actually shared with someone. See also #8516.

DrSooom commented 6 years ago

@leonardder: Maybe you have overseen that I also included a checkbox to disable this warning in my issue description – especially for devs. This warning prompt should protect at all non-testers from too much logging.

LeonarddeR commented 6 years ago

@DrSooom commented on 19 jul. 2018 06:15 CEST:

@leonardder: Maybe you have overseen that I also included a checkbox to disable this warning in my issue description – especially for devs. This warning prompt should protect at all non-testers from too much logging.

I'm sorry, I missed that part.

having said that though, I think that #8516 and this issue are quite related in that they are discussing privacy related issues, which are, in my opinion, a bit theoretical. I prefer performing the discussion in only one of them, preferably #8516.

DrSooom commented 6 years ago

Because of PR #8596 and the discussion in issue #8880 I recently update the issue description of this issue here a little bit regarding to the new option to fully turn logging off.

Adriani90 commented 8 months ago

I propose to rather never save the log level at NVDA restart / exit, it should always be disabled when NVDA starts unless the user chooses explicitely to restart NVDA with debug level enabled in the restart dialog. cc: @seanbudd