Privacy: "Upload Current Log" has no confirmation prompt, or option to delete

obsproject / obs-studio

OBS Studio - Free and open source software for live streaming and screen recording

https://obsproject.com

GNU General Public License v2.0

59.96k stars 7.94k forks source link

Privacy: "Upload Current Log" has no confirmation prompt, or option to delete #3434

Open micolous opened 4 years ago

micolous commented 4 years ago

Platform

Operating system and version: Windows 10 Pro 1903 64-bit OBS Studio version: OBS 25.0.8 64-bit, installed from obsproject.

Expected Behavior

Options in the menu which upload log files should:

Be listed in the menu after the option to view the current log, ideally visually separated.
Prompt the user that they're about to upload data to obsproject.com.
Indicate the retention policy for the uploaded logs.
Provide an option to delete a log immediately on obsproject.com.

Current Behavior

There are two options to upload logs, which are between an option to view a list of all log files, and open the latest log in the system text editor:

Clicking this option immediately uploads a log without further prompts. There is no option within OBS itself, or obsproject.com, to delete a log, or scrub confidential information.

Steps to Reproduce

Start OBS.
Click Help -> Log Files -> Upload Current Log File

Additional information

n/a

Fenrirthviti commented 4 years ago

Logs do not contain confidential information, only configuration as it pertains to OBS. What specifically are you concerned about?

tt2468 commented 4 years ago

@Fenrirthviti I've seen confidential information unintentionally uploaded via logs. Plugins like to log sensitive info, and in some cases the RTMP url is considered sensitive. I think it is at least something to consider.

Fenrirthviti commented 4 years ago

I am not saying we shouldn't consider it, I am asking for clarification on what confidential information is a concern here so that we can address those concerns directly. There should be no confidential information stored in a log (even an RTMP URL is not really confidential, and anyone using one that way is doing something very wrong), so it is hard to help when we don't understand the actual concern.

matoi974 commented 3 years ago

Any sources that reference a file will log the full file name, which may contain personally identifiable information (such as the user's real name). Perhaps file names and paths could use the same partial censoring as RTMP URLs?

micolous commented 3 years ago

Out of the box, OBS logs a bunch of file paths, which includes the location of ones home directory, which includes their username, which is quite often their full name. Other built-in plugins log file-names, like the image plugin, which may reference private things.

OBS allows users to load arbitrary plugins, which may also log arbitrary and sensitive data, without the user's prior knowledge or explicit consent. While I agree they shouldn't do this, there is no way for one to know unless they read the logs after the fact.

The assertion that OBS "does not log confidential information" makes a lot of assumptions about how everyone is using OBS. Warnings before uploading, and escape-hatches after the fact would go a long way to prevent and mitigate the unintentional spread of PII.

notr1ch commented 3 years ago

I do think we should have a one-time warning when uploading with a link to a privacy policy. As a temporary measure, I added a server-side filter to remove usernames from some common paths that expose them. The ideal situation is that the log does not contain PII, but this is also at odds with the goal of the log file being useful for local debugging, where a full path to an image for example would be useful, and of course we cannot control what 3rd party plugins might write to the file.

kumar007git commented 2 years ago

There is no warning or confirmation that log file will be uploaded to an external location. How can I delete log file previously uploaded? What is the retention policy of the log files? This is a flagrant issue. I did not consent to uploading and storing information from my PC to an external location. I ask again - how can I delete the log file previously uploaded by OBS studio?

Fenrirthviti commented 2 years ago

As an update to this, we've had some internal discussions and think that a good compromise would be to change the upload log dialog to show a warning that says something to the effect of:

Log files may contain some personal information in the form of:
- File paths
- Stream URLs
- etc. etc.

With an option to continue to upload, or a "View Raw Log" button to view the contents of the file (likely as the View Current Log dialog that already exists). If anyone is looking to contribute a fix, this is what the preferred fix would be for the short term.

We are also still working towards a more public privacy policy regarding the log file uploads and retention, but I have no updates or ETA on this at this time.