-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make sending data to sentry opt-in #117
Comments
considering that borg's passphrase might be in an environment variable (or in memory or ...), this is a highly critical issue esp. for borgbase.com users because the author of vorta (owner of the related sentry instance) is also the operator of borgbase (having access to the repo storage). also, sentry.io is another 3rd party that might get unwanted data in a crash report. in repokey mode, having the repo and the passphrase for the key (which is stored inside the repository in encrypted form) means total control over the repo contents. so, if anyone else than the legitimate user has them, it means a potential loss of confidentiality and authenticity. there should be no need to trust here, even if we think any involved party is trustworthy. of course similar thoughts apply to the code the user is running to do the backups (i.e. vorta and borg code), but while you can see the code (FOSS), you can't see the actual data transmitted to sentry. |
when defaulting this to "don't send", of course any issue will not get transmitted at first. i personally would still prefer manually transmitting stuff from a log or traceback, though. |
I've fully removed Sentry from Vorta. The bug reports weren't as useful recently anyways. Instead I added a link to open a Github issue in the Misc tab. As a next step it could catch crashes, display a window with the error message and offer to send a bug report, as you suggested. |
by default, vorta sends data to sentry.io (e.g. if vorta crashes).
it is not really transparent to the user what data is sent and whether any private / secret data really gets removed (the privacy policy says so and also anybody interested could review the code, but still there could be bugs).
i am not sure if this is already good-enough to comply with GDPR and similar law, but i think it would be better to make that opt-in instead of opt-out.
The text was updated successfully, but these errors were encountered: