don't expose emails from ssh keys and gpg keys in Launchpad

Obfuscation of jabber addresses is bug 62632. I'll leave this bug open to deal with obfuscation for ssh keys and gpgp keys.

while it is easy to remove jabber id from launchpad and change comment in ssh key, you can't use many features of launchpad without valid gpg key, so I think it's worth attention.

Thanks

  Morg

Marking launchpad task as Invalid since this will be tracked on launchpad-registry

I favour making keys and jabber hidden to anonymous user. Obfuscation is required then the text must be shown to all users.

I looked around at a couple of other systems. It looks like SourceForge does not allow anonymous users access to the ssh or gpg keys. Savannah allows access to the GPG key, through a download link.

OT1H I can appreciate the privacy concerns, but OTOH you /are/ talking about keys that are intended to be public. Many people post their pubkeys on their websites, or publish their GPG keys in public keyservers, easily accessible by keyid.

I always make sure any comment fields in public keys do not have valid fully qualified email addresses. We could obfuscate them or hide the keys behind a login, but it has the feel of a finger-in-the-dike solution. I'm +0 on hiding keys from anonymous users.

Excellent point about keys Barry. The jabber is issue is problematic. Launchpad's policy is that it does not show email addresses to anonymous users; it will be a source for email harvesting. We added obfuscation to comments because users do post email addresses inadvertently.

I still favour hiding ssh, gpg, and jabber since anonymous users do not need this data. If they do need this information, we should obfuscate it.

I think it would be silly to hide SSH public keys. If the comment on a key looks like an email address, then we can obfuscate that (i.e. just the comment) without removing a useful feature. People do use Launchpad as a trusted place to retrieve people's SSH public keys; see e.g. <https://lists.launchpad.net/launchpad-users/msg03145.html>.

ssh keys is the least problem here - one can easily change its comment (that's what I did for example).

The most problematic thing is gpg key without which one can't use all features of launchpad like ppa. I agree that public keys are intended to be public, but providing just the key id without a link to the key server is enough for people and would stop most stupid email harvesters that just crawl the web following the links.

Thanks

  Morg

I favour obfuscating ssh, gpg, and jabber information when the user is anonymous.

By obfuscating you mean replacing the content with a "Log in for ...", just like the one we already have for email addresses? If we do that for jabber, ssh and gpg, we'll end up cluttering that part of the page quite a bit.

Jabber IDs are already somewhat obfuscated -- we rewrite them using HTML hex entities. We could easily do the same for ssh keys, but for OpenPGP keys we have to either remove the link from the key ID or replace the key ID with a link to +login.

So maybe it would be good idea to replace all involved info (email, jabber, ssh gpg) with one sentence like "please login to see contact information" with link to login form?

Cheers

  Morg

I was thinking of the tales formatter [1]:

    <tal:jabber
      tal:condition="not:view/user"
      tal:content="content context/jabber/fmt:obfuscate-email">
    <tal:jabber
      tal:condition="view/user"
      tal:content="content context/jabber">

[1] If the tales formatter used getUtility(ILaunchBag).user, we would
not need to write near identical code. I was young and naive when I
wrote the formatter.

Piotr Morgwai Kotarbiński wrote:
> So maybe it would be good idea to replace all involved info (email,
> jabber, ssh gpg) with one sentence like "please login to see contact
> information" with link to login form?

No, at least for SSH info. There's no reason to hide SSH public keys from
anonymous users, and good reasons to allow it. SSH keys aren't contact
information anyway.

Btw, I think at one point REVU (and/or maybe other projects?) depended on the
+rdf page for a team including the GPG keys of the team's members. I'm sure
their script would have been doing an anonymous HTTP GET of that page.
Hopefully they are using OpenID or launchpadlib now, but it might be worth
checking.

I think HTML entities stopped being an effective obfuscation technique in about 2003. <http://www.unicom.com/blog/entry/173>

Unless I am mistaken, no action has been taken to obfuscate or hide email addresses in SSH key comments. Was it decided that this is not to take place, or has this erroneously been marked as fixed?