JDownloader Community - Appwork GmbH
 

Reply
 
Thread Tools Display Modes
  #21  
Old 09.12.2019, 21:13
Beer Beer is offline
JD Fan
 
Join Date: Oct 2019
Posts: 75
Default

Thank you for the clarifications! As always, we have to chose whom to trust, and taking additional security measures if necessary. I am worried that JD might be prone to be hacked, is all.
Reply With Quote
  #22  
Old 12.04.2020, 02:46
plaintext plaintext is offline
BugMeNot Account
 
Join Date: Sep 2016
Posts: 189
Angry Logging bad UI, and probably breaks data protection regulation.

Today I wanted to see if the logs said anything about why my captchas were failing. So I look around for the logs and I see there's a "Create Log" button. That seems like a good button to press to see my logs I figured. Okay when did it happen, I click the times that were interesting. And click continue. Then the window just dissapears and it tells me to give some string to my support agent. NEVER does it mention that it will upload logs, it doesn't even _suggest_ that it would send the logs anywhere in _any_ button or dialouge. Continue is not a button one expects to start uploading shit. "Create a log" is not a button one would expect to upload data to some remote server.

I then explored to see if the logs were in some other folder, finding the logs I am then appalled to see it includes my proxy passwords and god knows what else.

This is immoral behavior for a program. And should be fixed ASAP.

The "Create Log" button needs to be changed to "Upload logs" and the dialog updated to say "Upload", or "Finish" as a first step.

Next steps would be to have some text explaining what and where its being uploaded to, a Privacy Policy.

After that it would be good to work on more granular log uploads and letting the user see (THE CONTENT) and opt out of each log that is supposed to be uploaded.

If you want to go the extra mile, E2E encrypt the data and have the user send the key to decrypt it through your support channels. And for god sake, start removing secrets in the logs that are written to disk, and are getting uploaded...

I feel betrayed by JDownloader and this experience has left a really poor taste. It's inexcusable to have this language and it really feels like you've _stolen_ data from me.

I know there are some threads on this from 2017, so its absolutely ridiculous that this hasn't been fixed.
Reply With Quote
  #23  
Old 13.04.2020, 07:36
raztoki's Avatar
raztoki raztoki is offline
English Supporter
 
Join Date: Apr 2010
Location: Australia
Posts: 17,212
Default

@plaintext/bugmenot

generalised response from my knowledge and quick research.

You can find a Privacy Policy should be terms and conditions and privacy policy should be displayed within the installer. Though I believe its also present here: privacy policy, and terms and conditions .

some background that Im aware of, logs are uploaded over encrypted stream, they are stored on encrypted volume, log ids are randomly generated, there is no way to link ids to a person unless you give us the id (custom uri). They are also automatically deleted after a time period. Since you never provided anyone with your logid, your log will be purged without anyone seeing it.

for pending log issue tickets https://svn.jdownloader.org/issues?u...d_on&group_by=

Not to justify but more so indicate only minor changes have been made in JD2 since release. No significant GUI changes have been made, although it would require seemly minor change in order to add text descriptions to give significant clarification (assuming people read it) about whats about to happen and inclusion. Larger changes in respects to how logging works, Jiaz indicated above that it was a 'major changes' and would require time. But logs are located within the install path if end users want to review (read with your favourite text viewer). You can change log settings, you can find all log settings within settings > advanced settings > filter: log.

In respects to passwords and download activity, we will not utilise your logins (hoster/proxy/etc) without your express permission and only if required. If the project wanted access to this information without your permission or knowledge, we could already do this (covered numerous times before), but doing so would kill the project reputation instantly with end users and providers. If you trust us with your information within utilising JDownloader, providing logs should not be too much of an extension from this.

Please wait for Appwork offical response, it should be not long after the Easter break.

raztoki
__________________
raztoki @ jDownloader reporter/developer
http://svn.jdownloader.org/users/170

Don't fight the system, use it to your advantage. :]

Last edited by raztoki; 13.04.2020 at 07:39.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 20:00.
Provided By AppWork GmbH | Privacy | Imprint
Parts of the Design are used from Kirsch designed by Andrew & Austin
Powered by vBulletin® Version 3.8.10 Beta 1
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.