DietPi icon indicating copy to clipboard operation
DietPi copied to clipboard

Published 20 hours ago verified publisher icon MichaIng

OPT OUT of survery still uses `curl` to try and submit logs!!

Open nuke-web3 opened this issue 2 years ago • 1 comments

Creating a bug report/issue

Required Information

  • DietPi version | cat /boot/dietpi/.version

G_DIETPI_VERSION_CORE=8 G_DIETPI_VERSION_SUB=5 G_DIETPI_VERSION_RC=1 G_GITBRANCH='master' G_GITOWNER='MichaIng'

Steps to reproduce

  1. OPT OUT of servery on instailation
  2. Have a poorly connected (maybe offline too) dietpi
  3. update software used in any way:
[ INFO ] DietPi-Update | Current version : v8.5.1
[ INFO ] DietPi-Update | Latest version  : v8.5.1
[FAILED] DietPi-Survey | Purging survey data
 - Command: curl --key  -m 20 -sT 7730220e-1905-4466-b949-b6df9b32fadb.txt sftp://dietpi-survey:[email protected]/survey/

Expected behaviour

  • NO communication with external world about survey if opted out!!

Actual behaviour

-curl request to send data that "was purged" (not apparently!)

nuke-web3 avatar May 30 '22 17:05 nuke-web3

When you're not opted in, dietpi-survey generates and uploads an empty file:

  • This purges/overwrites any data which may have been uploaded before. Removing the file isn't possible since the public upload user for privacy reasons has no file listing support and hence cannot remove files via SFTP.
  • This additionally allows us to derive an overall DietPi system count, and a ratio between opted in and opted out users: https://dietpi.com/survey/
  • However, it is an empty file and we do no SFTP upload logs (aside for failing SSH authentication, for security reasons), so "curl request to send data" and "try and submit logs" is not true, no data or logs are sent. Logs are anyway never sent with dietpi-survey, check the "Show" option of the script to see the exact file content that would be uploaded when you opt in.

If your system is offline or has a poor connection, then usually the only two cases where dietpi-survey runs (DietPi update and software installs) would have failed before already. However, a failing survey upload does not break anything, the scripts continue regardless.

Your PR would break the "purging" or data which was already uploaded. The only option would be to make purging data a dedicated option, or place a flag when this has been done already to skip the empty file upload from then on. However, while we had discussions about that in the past, so far no argument was found that this in any way violates user's privacy. And since the overall DietPi system count is very valuable for a small project like us (being able to prove notability to SBC manufacturers and e.g. Wikipedia and other platforms), we do not intend to change this for now.

MichaIng avatar May 30 '22 18:05 MichaIng

I'll mark this as closed. Feel free to reopen if required.

MichaIng avatar Sep 17 '22 14:09 MichaIng

+1 for this report

Even uploading of an empty file reveals some private information that I may wish not to reveal. I think I will add a fake /etc/hosts entry for ssh.dietpi.com in my startup script to block any attempts to do it. This is my system and I must be in control of every request to the public internet it makes. No offence to the author, of course, I do not question the intentions but I simply state that the current implementation, in my opinion, is misleading and leaks the information.

ngrigoriev avatar Oct 17 '22 13:10 ngrigoriev