为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Is firefox crash report secure/anonymous?

  • 7 个回答
  • 2 人有此问题
  • 33 次查看
  • 最后回复者为 FredMcD

more options

Is firefox crash report secure/anonymous? Does it capture ip address of the report sender? If the address of the page submitted during the crash contains personal information, should there be any privacy concern? I think the url during the crash is not visible in the crash report, but what is it used for and who has access to it?

Is firefox crash report secure/anonymous? Does it capture ip address of the report sender? If the address of the page submitted during the crash contains personal information, should there be any privacy concern? I think the url during the crash is not visible in the crash report, but what is it used for and who has access to it?

所有回复 (7)

more options

I think the site URL and email are protected and cannot be viewed using the public link to the crash-stats server. I've never noticed any IP address in the data. That seems very unlikely to be useful in figuring out the cause of the crash, so I would be surprised if it were collected with crash data.

IP addresses are usually stored in web server logs, which may be kept for varying length of time, but form data usually is not in web server logs, just the address of the page to which the form data was submitted.

more options

Even though the url of the page is not published in the crash report for public viewing, it is captured anyway and what is it used for? Will be accessed by any chance and if the url contains personal information, should there be any privacy concern?

more options

When the Mozilla Crash Reporter dialog pops up, you can select/deselect including the URL of the page in your report. I think the box is checked by default so if you did not deselect it then it probably was sent. Crash reports are used for detecting trends and major problems to prioritize developer attention. URLs sometimes are useful in this process. For example, if suddenly there are 500 new crashes a day only on one website after a change in Firefox, that could lead to reaching out to the site to have them change something, or at least help figure out the problem.

Now, regarding the URL leading to a page containing personal information, if the URL does not require a login to see the information, then you probably should not include it with your report. But my guess is that most personal information is protected by a login, and your crash report should not contain that information unless it is in the URL. It would be terrible security if a site included your username and password in the URL! There are sites that do not use cookies to keep track if your session and instead put a (usually long) code into the URL (sometimes called an sid or session id). Depending on the site's design, that sid might expire after some period of inactivity, or it might only work when used from one IP address, or it might be a magic key to the page. To void an sid, make sure to log out of a site to end your session as soon as you are done working with the site.

more options

Thanks jscher2000 for the helpful reply!

more options

The crash reporter shows what data is send to the server apart from the actual crash data and you check and edit this data if you see that it includes data that you consider personal. This data includes the website URL where the crash occurs and installed extensions.

more options

cor-el said

The crash reporter shows what data is send to the server apart from the actual crash data and you check and edit this data if you see that it includes data that you consider personal. This data includes the website URL where the crash occurs and installed extensions.

Hi cor-el, thanks for the advice but how does one check and edit the data sent?

more options

Next time you have a crash, look carefully at the box. You have the option of what gets sent, and can view it yourself before sending it.