#1
|
|||
|
|||
Logs and data privacy
Hi,
I clicked on the Help -> Create Log -> Continue ... and got some link to send you guys. Is the log automaticly sent to you without any notice or question or information about data being sent? I saw a tmp folder and log files in it... I was quite shocked that you get all the premium passwords, list of proxies, vpn access, whole list of past downloads, ip's I connected from etc ... As you probably know some people may use the software to download movies, music, porn etc. Let's be straight ... Of course you can always say that its users fault and they shouldn't do it (bla bla) - but don't you think that you get maybe to much of sensitive data about peoople that don't know what you do with it, how you store it etc. If I love unusual porn movies or Im a gay that didn't come out and you get list of all movies that I have downloaded, when, where- it's very sensitive data... What sense it make for me to use VPN if the log sent to you contain every file that I've downloaded since 2 years, where I unpacked it, and you have all my access passwords. :confused: Anyways I apprieciate your work neme Last edited by raztoki; 20.04.2018 at 01:22. |
#2
|
||||
|
||||
creation of logs process in which have to select the menu and confirm the log sessions that you're submitting (timestamps). Log creation is not your download or linkgrabber list entirety (as in not your history for x years). We can not see VPN passwords. We can not see proxy passwords. Yes logs can contain sensitive information (in which you have access to see yourself within logs/ path). We can see your IP via reconnection module or commonly presented in HTML response from the websites JD uses for you. We can see hoster user:passwords (we get sent hundreds a month for support reasons and we do not abuse them. Access to fix plugins and then we no longer use the account). We ask during support issues that you just upload only the session(s) required as its easier to identify issues and requires less bandwidth/storage on our end. Logs are stored on encrypted volume. They are purged after set time. They are not linked to you in any manner other than the information within and the LinkID (random id) that you provide us during support.
If we wanted your reported information we could gather it within software without your knowledge and send it home (just like any other software installed to your computer). Since we are not interested in what 'your doing/you've been doing' over what the last 10 years, I'd hope that worry is unfounded. raztoki
__________________
raztoki @ jDownloader reporter/developer http://svn.jdownloader.org/users/170 Don't fight the system, use it to your advantage. :] Last edited by raztoki; 20.04.2018 at 01:21. |
#3
|
||||
|
||||
@raztoki: I've recently updated debug infos to include connection settings as well to debug proxy/connection/filter issues.
@neme: The logs are not sent automatically. You first have to manually open the *Create Log* window and select the ranges. And then you have to click on *Continue*. That's far from automatically. You can easily disable logs completely by setting Settings-Advanced Settings-Log.maxlogfilesize to 0 and restart JDownloader automatically cleanup Settings-Advanced Settings-Log.cleanuplogsolderthanxdays As raztoki already explained, uploaded logs are stored in encrypted way and only accessable by few staff members auto removed after timeout. Logs can only help us fixing/locating issues when they contain as much information as possible (Request, Response,ResponseContent)...We can't fix a plugin issue if we can't see the server response that has caused it. Same goes for wrong configuration, for example wrong white/blacklisting in connection settings. Or invalid download folder or disk full and so on. Users trust us(the developers) and JDownloader enough to use it for daily *downloading* of *family holiday photos* without thinking about such topcis at all. Same users also trust firefox/chrome and yet those send EVERY SITE/DOWNLOAD to safebrowing service first and they don't care about!? Chrome on windows even scans your files on disk! I always wonder why they start thinking about such topics when talking about logs? In this case about local stored logs they can easily disable and that are NOT sent automatically. If we really would want to mess with your privacy and more important, your trust, we could easily modify JDownloader and kill the whole project very fast/drive it against the wall. If you have further questions about this, please don't hesitate and write. It's important to us that there are no open questions or concerns.
__________________
JD-Dev & Server-Admin |
#4
|
|||
|
|||
Thank you both for being open on the topic and answering. I got you guys with your point of view, that you could be evil already if you wanted to. On the other hand as IT specialists Im sure that you understand that's not the case. For me JD with it's transparency was always number one as the software that I can trust - even though I didn't check the sourcode at any point.
@raztoki Im nota tech guy but I've seen inside of a zipped log passwords to recently used hosters, unpacked files, proxies etc. Let's say I've downloaded: 18.04.2018: files from: YouTube 18.04.2018: files from: RapidGator 19.04.2018: files from: Facebook 19.04.2018: files from: Porntube with VPN 20.04.2018: files from: Keep2Share 20.04.2018: Tried to download files from: UL.to and got an error (it's just an example - I don't know if YT, Fb or PT need passwords to work) So from what I can see in the log file you will get all the passwords in plain text and list of files that I've downloaded. I cannot control the conents of the log (even in really small matter) - lets say delete file names downloaded from services different than "UL.TO" and don't send other passwords than to service "UL.TO". If previous downloads were fine (before an error occurred), why would I want to send all the passwords? If the log says that connection was fine with Keep2Share, Porntube etc (look example above) than why would you "need" passwords to these services? I suppose that in most cases filenames are not crucial so actually they could be wildcarded. @Jiaz Quote:
Code:
How sending logs looks now: Menu -> Create log -> Select ranges (not pick ranges) -> Continue Code:
How sending logs could look like: Menu -> Create log -> Select ranges or pick manually -> See the contents of the log, question encrypt log "Yes/No" -> click the button "Send the log" (not "continue" !) Maybe it's more about awarness and concious decision. Quote:
Im always amazed by your work - for all the years, especially for support. I haven't seen this kind of quality in almost any commercial software. My concerns with privacy came when looked at the log and I started to wonder if it's not some kind of way that you would make money on Jdownloader because you do it for free/donation based and I was always curious with it. Greetings, neme |
#5
|
||||
|
||||
I've created a ticket for dialog modification. We will also include text that better informs that logs may contain personal data After selecting range, it will show what log files will be included and give the option to select/deselect single log files and then hit final *upload/create* button. That way you can fine select what to send. For example issue with UL, so only send the UL logs.
__________________
JD-Dev & Server-Admin Last edited by Jiaz; 20.04.2018 at 11:46. |
#6
|
||||
|
||||
Filenames can contain special chars which break downloading/post processing. Also user might have several issues and mean a specific download. And filenames are important to fix encoding issues, for example for servers that use wrong encoding/broken headers.
__________________
JD-Dev & Server-Admin |
#7
|
||||
|
||||
Quote:
We also offer an adware free installer, see http://jdownloader.org/jdownloader2
__________________
JD-Dev & Server-Admin |
#8
|
||||
|
||||
Filtering the log is nearly impossible, for example the filename. It may be encoded (javascript, hex, base64, urlencoded..) within URL, HTML, Http Headers. Same for any other information. It will only make debugging/fixing lot harder.
__________________
JD-Dev & Server-Admin |
#9
|
||||
|
||||
Quote:
__________________
JD-Dev & Server-Admin |
#10
|
||||
|
||||
Please don't hesitate to comment/discuss
PS: I've discussed some more changes that we will implement over time
__________________
JD-Dev & Server-Admin Last edited by Jiaz; 20.04.2018 at 17:20. |
#11
|
||||
|
||||
@Jiaz
thx for the clarification, I wasn't aware of those changes
__________________
raztoki @ jDownloader reporter/developer http://svn.jdownloader.org/users/170 Don't fight the system, use it to your advantage. :] |
#12
|
|||
|
|||
Quote:
[suggestion]As for me it would be great to see: a) set of files that will be send and quick overview what they are for b) summary information about "sensitive" data being sent: ip, login, password, connection dates and time, filenames, machine details (if they're being sent) like configuration, computer name, folder names that files are unpacked to etc. @Jiaz @raztoki Last edited by Jiaz; 23.04.2018 at 15:40. |
#13
|
|||
|
|||
Quote:
I don't know if these ideas are in the area of your interest but I thought I can share this: (excuse my english) - I hope you (@raztoki @Jiaz) can see/read this below(?): I think you could make great deals with reselling VPN's - WITHOUT favour any of them (unless there will be a special suited offer for jdownloader - lots of proxies, connection through TOR, more privacy etc.) - this is a very fast growing industry with great affiliate possibilities. Great site that you could use to make your VPN offer: **External links are only visible to Support Staff****External links are only visible to Support Staff** You could be also the biggest hosters reseller And if someones premium account is going to finish SOON - you could propose him new -that you will have cheaper, registered on new disposable e-mail (for privacy) etc. What would be interesting is you as some kind of "firewall" between the hoster and user. So user might pay you money in EUR, USD etc and you could buy account for him in cryptocurrency. You could probably get (if users agree) a list of most downloaded files and put them on yours premium accounts and add a "TOP 100" chart to Jdownloader - so people would buy and / or download the files with your referrer. [/ISSUE] ======== In general I think you could gain a lot more interest by working on privacy - look: signal / telegram / cryptocurrencies etc . People are not aware of what's happening and those who are hate the fact that we are being spyed on all the time. Care for users privacy more than they can do it by themselves That's my 5 cents on business model which you probably already have managed See you around! nemO Last edited by Jiaz; 23.04.2018 at 14:30. |
#14
|
|||
|
|||
The adware is a browser toolbar that is (supposedly) optional. Most malware programs flag the JD2 installation because it contains said useless and hard to remove adware toolbar in the installer.
|
#15
|
||||
|
||||
Quote:
__________________
JD-Dev & Server-Admin |
#16
|
||||
|
||||
@neme: We will look into changing the log handling/dialog/upload but can't promise any eta. Please don't think that this isn't important to us but I'm drowning in work and other work and paper work and support and .....
__________________
JD-Dev & Server-Admin |
#17
|
||||
|
||||
Quote:
see https://support.jdownloader.org/Know...g-installation
__________________
JD-Dev & Server-Admin |
#18
|
||||
|
||||
@neme: I have some more privacy optimizations in mind for logging but those require major changes and will take some time
__________________
JD-Dev & Server-Admin |
#19
|
|||
|
|||
I'm essentially worried about how this data is stored and transferred. Stored in both my machine, yours and the path in between.
Worried that it might be susceptible to government level type adversaries. It would be like shooting fish on a barrel if they, or high profile rogue hackers would be able to access said information. Some of us are pretty high value targets (not me, lol), dealing with large amounts of currency and such. Although i gather that big players would bring in a level of sophistication that would mitigate their vulnerabilities to a certain extent. I am worried about whether you are compelled to deliver personal data, logs and such on your jurisdiction if a court order is approved, during an ongoing investigation and if we would be notified. Now, regarding the clipboard observer. Are you keeping logs on everything from my clipboard? That would be an even greater liability. Sure we must trust someone. I trust microsoft. I trust ProtonVPN. I even trust Google to respect my privacy settings. I trust my addons, because i have trust in Google, Firefox and PrivacyTools, lol. As far as applications go. I have to trust my AV. Good firewalls exist so we can control who, when and if it goes in or out, but not what. There are ways to conceal this information within encrypted channels deemed legitimate. I mean, these things have to work properly, because if they don't, an article appears on thehackernews and we all get to know about the leaks. But what if something happens with JD? Look at what happened with NordVPN. Even the most secure applications and organizations commit security blunders. I know you guys are good at what you do, but... I just wanna know how much of a liability am i facing. Sure i have nothing to hide, but it don't matter. I wanna be able to have something to hide and still not being worried about whether my system is jeopardized. Without having to use Qubes or Parrot OS and being a nerd, i hate nerds! Thug life! Lol... I believe in hiding in plain sight. Most amusing strategy there is. No risk, no fun. Listen, i just wanna know if i am making it hard on the bad guys. :D |
#20
|
||||
|
||||
Their is risk in everything you do in life.
Whats in them is what's present in /logs/ you can see this yourself. JD logs are of what you've been doing in that session (Timestamps). logs/sessionid/ They are provided by yourself when you require help. We typically ask that you provide logs from a session that doesn't have to much background noise (heavy session with non related content happening in the background). Just inflates logs, and the storage requirement. Clipboard isn't logged (for memory), urls that match patterns are. this then triggers plugin activity. Feel free to run JD in debug mode or via a debugger and you can see everything the application does. Else have a read of the source code. raztoki
__________________
raztoki @ jDownloader reporter/developer http://svn.jdownloader.org/users/170 Don't fight the system, use it to your advantage. :] |
#21
|
|||
|
|||
Thank you for the clarifications! As always, we have to chose whom to trust, and taking additional security measures if necessary. I am worried that JD might be prone to be hacked, is all.
|
#22
|
|||
|
|||
Logging bad UI, and probably breaks data protection regulation.
Today I wanted to see if the logs said anything about why my captchas were failing. So I look around for the logs and I see there's a "Create Log" button. That seems like a good button to press to see my logs I figured. Okay when did it happen, I click the times that were interesting. And click continue. Then the window just dissapears and it tells me to give some string to my support agent. NEVER does it mention that it will upload logs, it doesn't even _suggest_ that it would send the logs anywhere in _any_ button or dialouge. Continue is not a button one expects to start uploading shit. "Create a log" is not a button one would expect to upload data to some remote server.
I then explored to see if the logs were in some other folder, finding the logs I am then appalled to see it includes my proxy passwords and god knows what else. This is immoral behavior for a program. And should be fixed ASAP. The "Create Log" button needs to be changed to "Upload logs" and the dialog updated to say "Upload", or "Finish" as a first step. Next steps would be to have some text explaining what and where its being uploaded to, a Privacy Policy. After that it would be good to work on more granular log uploads and letting the user see (THE CONTENT) and opt out of each log that is supposed to be uploaded. If you want to go the extra mile, E2E encrypt the data and have the user send the key to decrypt it through your support channels. And for god sake, start removing secrets in the logs that are written to disk, and are getting uploaded... I feel betrayed by JDownloader and this experience has left a really poor taste. It's inexcusable to have this language and it really feels like you've _stolen_ data from me. I know there are some threads on this from 2017, so its absolutely ridiculous that this hasn't been fixed. |
#23
|
||||
|
||||
@plaintext/bugmenot
generalised response from my knowledge and quick research. You can find a Privacy Policy should be terms and conditions and privacy policy should be displayed within the installer. Though I believe its also present here: privacy policy, and terms and conditions . some background that Im aware of, logs are uploaded over encrypted stream, they are stored on encrypted volume, log ids are randomly generated, there is no way to link ids to a person unless you give us the id (custom uri). They are also automatically deleted after a time period. Since you never provided anyone with your logid, your log will be purged without anyone seeing it. for pending log issue tickets https://svn.jdownloader.org/issues?u...d_on&group_by= Not to justify but more so indicate only minor changes have been made in JD2 since release. No significant GUI changes have been made, although it would require seemly minor change in order to add text descriptions to give significant clarification (assuming people read it) about whats about to happen and inclusion. Larger changes in respects to how logging works, Jiaz indicated above that it was a 'major changes' and would require time. But logs are located within the install path if end users want to review (read with your favourite text viewer). You can change log settings, you can find all log settings within settings > advanced settings > filter: log. In respects to passwords and download activity, we will not utilise your logins (hoster/proxy/etc) without your express permission and only if required. If the project wanted access to this information without your permission or knowledge, we could already do this (covered numerous times before), but doing so would kill the project reputation instantly with end users and providers. If you trust us with your information within utilising JDownloader, providing logs should not be too much of an extension from this. Please wait for Appwork offical response, it should be not long after the Easter break. raztoki
__________________
raztoki @ jDownloader reporter/developer http://svn.jdownloader.org/users/170 Don't fight the system, use it to your advantage. :] Last edited by raztoki; 13.04.2020 at 06:39. |
Thread Tools | |
Display Modes | |
|
|