Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Confidential info posted in test software reports


  • Please log in to reply
7 replies to this topic

#1 Nanobyte

Nanobyte

  • Members
  • 431 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 19 November 2012 - 08:36 AM

In the forums, analysis reports (Speccy etc) are often requested to be posted. I'm sure that in most cases the subject posts the information with no thought to what it contains. People are too trusting / naive / stupid to realize that they are putting a lot of info on the Net for others to data mine. Anything from the computer name to IP address to company proprietary software to fave porn service to who they are currently connected to online. Some of these things are irrelevant to the forum issue and nobody else's business. I think that when someone is requested to submit these reports, that some warning is given about what they will contain. For example, if you are online to your company you may want to get disconnected while the test software is running.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:08 PM

Posted 19 November 2012 - 09:50 AM

Hello,

Thank you for raising your concerns.

We at Bleeping Computer do take the privacy of our community members quite seriously. Upon close review you will find that the overwhelming majority of scan reports posted here contain no personally identifying information. This means that you cannot be identified as an individual using only the information contained within the report. Many of our tools are in fact designed to minimize the possibility of posting such sensitive information. However, it is impossible for us to predict every possible situation and it is a possibility that sensitive information could be included in such a report. In the event such information is posted, a Moderator should be contacted and we will take steps to remove the sensitive pieces of information from public view.

That being said, the very nature of Bleeping Computer is that of an open forum. As such, by choosing to use our service as a posting member seeking help you will be likely be required to post relevant information in order to reach a successful resolution. That is simply the nature of the boards here and is unavoidable. If these are unacceptable terms, then this service is not right for you. Not because we don't want to help (we do), but because relevant information is required to diagnose a problem.

I would like to caution members that they should not alter scan reports or logs without first checking with their helper. Each and every piece of information collected in these reports is potentially relevant to your issue, and altering the report may cause the individual helping you to be deprived of a key piece of information that prevents a successful diagnosis and repair of your problem. If a member is concerned about a particular entry in their reports, then they should broach the subject with either the helping member (if appropriate) or a member of the Moderation/Administration teams.

Hope that helps.

~Blade
Forum Administrator

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Nanobyte

Nanobyte
  • Topic Starter

  • Members
  • 431 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 19 November 2012 - 12:19 PM

Intentions are no substitute for doing something about it. As an absolute minimum, whenever one of those reports is requested, the person who is expected to run the report should be warned to inspect the data and be aware that all the data will be public knowledge. They then have the opportunity to publish or not. Personally I would replace any info I considered sensitive with "Removed for security reasons". Why not produce a list of items that are not required for reports and can be deleted/obscured without asking?

Supposed non-personal information is no defence. It can quickly become personal information. If your post is saying, "I spend lots of money on high end equipment and I have problems with my firewall and this is my IP address and this is the name of my network". Not good. In a small community, the IP address may fix where you live. IP address may fix where you work. The software you run and other details may identify you among those that know you. Suppose your computer name is "Cedric's Beast". How many Cedric's are there in Hicktown, AnyState? Data miners probably have your range of IP addresses already and can correlate who you are. Now they have one heck of a list of what you are interested in and more.

People who have problems don't wade through all the FAQs before posting. They need to get their problem fixed and will blindly follow what they are told. There is so much concern about kids giving away sensitive information on the Internet and here we are encouraging people without skills or patience to do exactly that. This forum is not unique, everyone does it. Personally, if I suspect someone I'm helping is liable to post information they should not I warn in advance.

#4 Pilate

Pilate

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moscow
  • Local time:05:08 AM

Posted 12 February 2013 - 09:50 AM

Hello,

Thank you for raising your concerns.

We at Bleeping Computer do take the privacy of our community members quite seriously. Upon close review you will find that the overwhelming majority of scan reports posted here contain no personally identifying information. This means that you cannot be identified as an individual using only the information contained within the report. Many of our tools are in fact designed to minimize the possibility of posting such sensitive information. However, it is impossible for us to predict every possible situation and it is a possibility that sensitive information could be included in such a report. In the event such information is posted, a Moderator should be contacted and we will take steps to remove the sensitive pieces of information from public view.

That being said, the very nature of Bleeping Computer is that of an open forum. As such, by choosing to use our service as a posting member seeking help you will be likely be required to post relevant information in order to reach a successful resolution. That is simply the nature of the boards here and is unavoidable. If these are unacceptable terms, then this service is not right for you. Not because we don't want to help (we do), but because relevant information is required to diagnose a problem.

I would like to caution members that they should not alter scan reports or logs without first checking with their helper. Each and every piece of information collected in these reports is potentially relevant to your issue, and altering the report may cause the individual helping you to be deprived of a key piece of information that prevents a successful diagnosis and repair of your problem. If a member is concerned about a particular entry in their reports, then they should broach the subject with either the helping member (if appropriate) or a member of the Moderation/Administration teams.

Hope that helps.

~Blade
Forum Administrator

I'm very, very glad to hear this. IMO, some malware removal tools (e.g. OTL) collect too much information. Not all collected information required for properly malware removal.


Edited by Pilate, 13 February 2013 - 05:38 AM.

OS: Windows XP with all updates; Office Suite: LibreOffice

FW: Online Armor Free; AV: Avira Free, ESET Online Scanner

AS: MBAM Free

 Browser: Firefox with NoScript, AdBlockPlus, CookieMonster, BetterPrivacy,

Backup Software: ERUNT, Cobian Backup


#5 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 12 February 2013 - 04:02 PM

Originally Posted by NanoByte
In the forums, analysis reports (Speccy etc) are often requested to be posted. I'm sure that in most cases the subject posts the information with no thought to what it contains. People are too trusting / naive / stupid to realize that they are putting a lot of info on the Net for others to data mine.


Yes and its sickening isnt it???

People dont care about thier privacy anymore.... (Amoung other things (Good quality,etc))

They have all been brainwashed/conditioned to be this way..... Its quite sad and upsetting!

Edited by 4dude, 12 February 2013 - 04:05 PM.


#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:08 AM

Posted 13 February 2013 - 06:13 PM

Hello,

Thank you for raising your concerns.

We at Bleeping Computer do take the privacy of our community members quite seriously. Upon close review you will find that the overwhelming majority of scan reports posted here contain no personally identifying information. This means that you cannot be identified as an individual using only the information contained within the report. Many of our tools are in fact designed to minimize the possibility of posting such sensitive information. However, it is impossible for us to predict every possible situation and it is a possibility that sensitive information could be included in such a report. In the event such information is posted, a Moderator should be contacted and we will take steps to remove the sensitive pieces of information from public view.

That being said, the very nature of Bleeping Computer is that of an open forum. As such, by choosing to use our service as a posting member seeking help you will be likely be required to post relevant information in order to reach a successful resolution. That is simply the nature of the boards here and is unavoidable. If these are unacceptable terms, then this service is not right for you. Not because we don't want to help (we do), but because relevant information is required to diagnose a problem.

I would like to caution members that they should not alter scan reports or logs without first checking with their helper. Each and every piece of information collected in these reports is potentially relevant to your issue, and altering the report may cause the individual helping you to be deprived of a key piece of information that prevents a successful diagnosis and repair of your problem. If a member is concerned about a particular entry in their reports, then they should broach the subject with either the helping member (if appropriate) or a member of the Moderation/Administration teams.

Hope that helps.

~Blade
Forum Administrator

I'm very, very glad to hear this. IMO, some malware removal tools (e.g. OTL) collect too much information. Not all collected information required for properly malware removal.

 

With all due respect, how do you know this? How do you know what information is useful and what is not? For example, account names, currently installed programs & settings and a list of recently created files are all required. As Blade has so eloquently put it, tools show us what we need to see to be sure we can help you. If you're not comfortable with posting this information online then an online forum isn't the place to seek help.

 

We will always edit information posted if it is sensitive and if the poster asks.

 

Casey


Edited by Casey_boy, 13 February 2013 - 06:14 PM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Pilate

Pilate

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moscow
  • Local time:05:08 AM

Posted 14 February 2013 - 12:29 PM

I completely understand you. I do not object to the publication of the collected information in public view.


Edited by Pilate, 14 February 2013 - 12:41 PM.

OS: Windows XP with all updates; Office Suite: LibreOffice

FW: Online Armor Free; AV: Avira Free, ESET Online Scanner

AS: MBAM Free

 Browser: Firefox with NoScript, AdBlockPlus, CookieMonster, BetterPrivacy,

Backup Software: ERUNT, Cobian Backup


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:08 AM

Posted 15 February 2013 - 01:52 AM

I would like to add that in my few years here, I have only ever had 1 person say we asked for too much.

All I asked for was a Speccy and a Screen 317 Security report, as they related to the specific problem.

Add to this that I have been sent PMs, with emails listed, asking for off line help (that I always refuse).

 

I list that I am Male and I live in Victoria, a state in Australia, while I note that Pilate lists Moscow as home -

These items are optional for you to list - Most people asking questions rarely list a Country or Gender, and often due to the installed programs etc. we do need to ask if it is a personal / school or company computer or combined.

 

As per Blade, "this is an open forum", so people do, and will come and go at their own free will -

It you read some comments, there are 1st time posters who say they have followed this forum for ages and used the free and open listings of downloads, and general given advice. But often there come a time when they must post personally for their own specific problems or general advice on a topic not listed -

If they read the forum first, they will know of generally used tools, and questions that are usually asked.

 

That is my bit - Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users