Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude IP #295

Closed
PaulWoitaschek opened this issue Jul 25, 2015 · 13 comments
Closed

Exclude IP #295

PaulWoitaschek opened this issue Jul 25, 2015 · 13 comments

Comments

@PaulWoitaschek
Copy link

Is it possible to only exclude the ip from bug reports? I can see them on every report and I feel this is something private.
@william-ferguson-au
Copy link
Member

Which field are you referring to?

@PaulWoitaschek
Copy link
Author

user_ip

@william-ferguson-au
Copy link
Member

USER_IP is not one of the default ReportFields, so you must be explicitly including it. If you don't want it sent, then don't include it. See https://github.com/ACRA/acra/wiki/AdvancedUsage#choosing-which-fields-to-be-included-in-reports

@PaulWoitaschek
Copy link
Author

This is the way I'm using acra. I didn't include an IP knowingly.

@william-ferguson-au
Copy link
Member

Hmm, then that's very strange.

The only place that USER_IP is included is https://github.com/ACRA/acra/blob/master/src/main/java/org/acra/collector/CrashReportDataFactory.java#L502

Can you post a crash report created from that config, showing it.

@PaulWoitaschek
Copy link
Author

This is from my device.

@william-ferguson-au
Copy link
Member

None of the lowercase fields in that report are ACRA fields, including user_ip.
Since requestHeaders is one of those it makes me think that they are being added by the HttpRequest itself.

@PaulWoitaschek
Copy link
Author

I dont fully understand this. So it is acralyzer that saves these values to the log?

@william-ferguson-au
Copy link
Member

ACRA is the client side library. It is not adding these fields. The HttpRequest that ACRA is using to send to your back end (presumably ACRAlyzer) may well be adding these fields to the report.

ACRAlyzer (which I don't know a lot about) should just be logging the incoming request and aggregating it.

@william-ferguson-au
Copy link
Member

Try recompiling ACRA with ACRA.DEVLOGGING = true.
You should then see the log at https://github.com/ACRA/acra/blob/master/src/main/java/org/acra/util/HttpRequest.java#L154

I suspect that it is clean and that those fields are being added afterwards by the Apache HttpClient.

@PaulWoitaschek
Copy link
Author

I didn't configure anything for acralyzer. So this is a serious privacy leaking by acralyer? So I should file a bug there?

@william-ferguson-au
Copy link
Member

Well I don't think it's serious privacy leak. Every http call to a server
provides the IP address of the client.

But if you don't want it recorded on the server then, yes the server would
need not to record it. Or you could just not look at it.

Personally I think your fears are misplaced.

On Wed, 29 Jul 2015 3:52 am Paul Woitaschek notifications@github.com
wrote:

I didn't configure anything for acralyzer. So this is a serious privacy
leaking by acralyer? So I should file a bug there?


Reply to this email directly or view it on GitHub
#295 (comment).

@PaulWoitaschek
Copy link
Author

Thanks for the reply. I wouldn't personally care too much about this, but I state for the users of my app, that all data is recorded anonymously, so I would prefer to collect as less data as I can. (especially for data I don't need).

@PaulWoitaschek PaulWoitaschek mentioned this issue Jul 29, 2015
Open
@jngr jngr mentioned this issue Sep 23, 2016
Closed
@WebSabaki WebSabaki mentioned this issue May 20, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@william-ferguson-au @PaulWoitaschek