Open micolous opened 4 years ago
Logs do not contain confidential information, only configuration as it pertains to OBS. What specifically are you concerned about?
@Fenrirthviti I've seen confidential information unintentionally uploaded via logs. Plugins like to log sensitive info, and in some cases the RTMP url is considered sensitive. I think it is at least something to consider.
I am not saying we shouldn't consider it, I am asking for clarification on what confidential information is a concern here so that we can address those concerns directly. There should be no confidential information stored in a log (even an RTMP URL is not really confidential, and anyone using one that way is doing something very wrong), so it is hard to help when we don't understand the actual concern.
Any sources that reference a file will log the full file name, which may contain personally identifiable information (such as the user's real name). Perhaps file names and paths could use the same partial censoring as RTMP URLs?
Out of the box, OBS logs a bunch of file paths, which includes the location of ones home directory, which includes their username, which is quite often their full name. Other built-in plugins log file-names, like the image plugin, which may reference private things.
OBS allows users to load arbitrary plugins, which may also log arbitrary and sensitive data, without the user's prior knowledge or explicit consent. While I agree they shouldn't do this, there is no way for one to know unless they read the logs after the fact.
The assertion that OBS "does not log confidential information" makes a lot of assumptions about how everyone is using OBS. Warnings before uploading, and escape-hatches after the fact would go a long way to prevent and mitigate the unintentional spread of PII.
I do think we should have a one-time warning when uploading with a link to a privacy policy. As a temporary measure, I added a server-side filter to remove usernames from some common paths that expose them. The ideal situation is that the log does not contain PII, but this is also at odds with the goal of the log file being useful for local debugging, where a full path to an image for example would be useful, and of course we cannot control what 3rd party plugins might write to the file.
There is no warning or confirmation that log file will be uploaded to an external location. How can I delete log file previously uploaded? What is the retention policy of the log files? This is a flagrant issue. I did not consent to uploading and storing information from my PC to an external location. I ask again - how can I delete the log file previously uploaded by OBS studio?
As an update to this, we've had some internal discussions and think that a good compromise would be to change the upload log dialog to show a warning that says something to the effect of:
Log files may contain some personal information in the form of:
- File paths
- Stream URLs
- etc. etc.
With an option to continue to upload, or a "View Raw Log" button to view the contents of the file (likely as the View Current Log dialog that already exists). If anyone is looking to contribute a fix, this is what the preferred fix would be for the short term.
We are also still working towards a more public privacy policy regarding the log file uploads and retention, but I have no updates or ETA on this at this time.
Platform
Operating system and version: Windows 10 Pro 1903 64-bit OBS Studio version: OBS 25.0.8 64-bit, installed from obsproject.
Expected Behavior
Options in the menu which upload log files should:
Current Behavior
There are two options to upload logs, which are between an option to view a list of all log files, and open the latest log in the system text editor:
Clicking this option immediately uploads a log without further prompts. There is no option within OBS itself, or obsproject.com, to delete a log, or scrub confidential information.
Steps to Reproduce
Help
->Log Files
->Upload Current Log File
Additional information
n/a