Crash reports sent with screenshot?!

Spike

New Member
I have recently had a number a fatal errors from Eraser. When I restart the program it kindly offers to send a crash report to the developers. On inspecting the report that is to be sent I was surprised, to say the least, to see that each crash report seems to contain a screenshot of my desktop.

I am alarmed by this behaviour, even more so when Eraser is supposed to be a privacy protection tool. The screenshots created by Eraser on my computer included emails and anything else that was open on my desktop. I have never seen this behaviour in any other software I use and am now concerned about using this software any longer. I feel the developers should at least explicitly announce that a screenshot of their computer will be sent as part of the crash report.

The crash reporets are held at:
D:\Users\.\AppData\Local\Eraser 6\Crash Reports
I am running Eraser 6 build, 1884 on WIndows 7 64 bit

are any of the developers willing to comment on this? Perhaps I am somehow mistaken?
 
You're definitely not mistaken, and I think you make a good point. All the snapshot should show is the Eraser window. I'm not a developer, but I have a Trac login, and have posted a fault report on this.

David
 
Thank you for posting a report. For the information of others, the screenshot shows your entire desktop, not just the Eraser window. The attached image is an edited version of what I found in the error log folder. In this case I have blurred everything except the Eraser dialog - my email was open and ironically was displaying my username and password for this forum. The program is more likely to crash when you try to delete something, in which case this behaviour, rather than safely remove the information from your computer, uploads an image of the details of what you were trying to erase - plus anything else on your desktop, to some unspecified location of which you have no control.
I would like to hear fom the developers that they have deleted my personal data that they uploaded to their servers.
 

Attachments

  • EraserReport-Screenshot.jpg
    60.1 KB · Views: 4,463
Well, the data you provide is kept securely and for the sole purpose of solving particular issues users experience. Upon the fixing of the problem, the reports are securely erased (using Eraser, yes.)

If the assurance isn't enough, it did occur to me during the development of the crash reporter that such a problem may occur. Indeed, even Microsoft's crash reporting includes a privacy policy (stating that the data, if anything is confidential will not be used to identify the user submitting the report, to that effect.) While we can't give the same wordings and such as afforded by the Privacy policy Microsoft has (which is written by lawyers), like the Microsoft crash reporting Eraser allows the user to preview the contents of the report prior to uploading. Users are free to delete any part of the report before the uploading commences, although this greatly impedes debugging the program.

The rationale for including the full screen as part of the screenshot is that Eraser isn't always running in the foreground and errors may be triggered. In such situations, the position of the cursor, the things the user has clicked (even beyond the Eraser program) serves as a large pool of information which can give clues to the cause of the error. I have fixed a handful (10 or so) reports based on the screenshot alone (out of the 110 or so submitted to date.)

Spike, if you so wish to have that report deleted immediately please PM me, I've not looked at my incoming queue yet.
 
Edit: I'll keep the Trac ticket on hold while discussion continues.
 
Thanks for the quick response and assurance. Since no one else has commented on this feature being a problem, I am assuming I am in a minority, so I cannot expect features to be desinged around my wishes. The issue for me is that the screenshot potentially includes sensitive data that has to be retained within the European/US regions for data protection reasons. I don't know what servers the data is being uploaded to and don't have the reassurance of a privacy policy (which cannot be expected of freeware). For these two reasons I cannot let these images be uploaded. I also suggest that if the developers are gathering personal information from users they may be putting themselves under data protection obligations?

Perhaps you could put more specific text "the crash report includes a screenshot of your desktop" to alert users to this, or perhaps you could restrict this feature to be present only in beta versions which are more prone to crashes? I certainly feel, considering the privacy protection function of Eraser, that it should not be behaving in this way without explicitly warning me.

The principle is illustrated by the fact that you have created software which has automatically sent a screenshot of my password and username for this forum; someone with whom I have no legal relationship has taken my password and username for an online service without my explicit permission. I appreciate the fact that it helps your debugging, but quite frankly that is almost the behaviour of spyware or a trojan.
 
While I understand Joel's point, I think that uploading the screenshot without the user's knowledge or consent raises serious privacy issues. Heidi is based in an EU country, and I'd be surprised if the action is permissible under EU law; I know that it would contravene the relevant UK legislation. Personally, I'd only have the screenshot uploaded with the user's explicit and informed consent. That would also go for any part of the crash dump that could contain personally identifiable data. Sorry, Joel; while I'd hesitate to describe Eraser as malware, I can see where Spike is coming from on this, and it's not an issue that concerns only him or me.

David
 
OK: I'll modify the disclaimer on the crash upload dialog.
 
Hows does this sound:

Eraser has encountered problems while running earlier.

The program's state and other information about the error, as well as the state of your computer, have been stored on your computer as reports and can be sent to the Eraser developers for review. The recorded information was gathered automatically, and includes a screenshot, and a memory dump of the program. As a result, the information contained therein may contain potentially sensitive information and you are advised to go through the report before uploading it. Data will be stored on a server which only Eraser developers have access to and personally identifiable data, if any, will be kept confidential and not used to identify the reporter. Reports will be completely erased upon the completion of bug fixing.

Select the reports you wish to submit by checking the name of the report below; the contents of each report can be viewed by double-clicking on the report name below. Editing the contents of the report will result in a modified report being uploaded: deleted files in the report will not be uploaded, and modified files will be uploaded as you have modified them. Do note that by doing so, you are however reducing the usability of the crash report in fixing the bug.

Reports not selected for submission will be discarded after the rest have been submitted.
 
In addition, I would like to state that the BlackBox component which handles crashes are currently only available on the 6.1/6.2 branch. I have no intention to bundle the DLL in stable builds when 6.2 is out for the simple reason that it generates a LOT of crash reports (I can get up to 10 reports a day, even for the nightlies, let alone a stable.)
 
OK, how does one completely disable all error reporting so that they don't even encounter a prompt to submit an error report?

The user may have a password manager open and visible, displaying all of their login information... the user may have a document open that is protected by attorney client privilege... the user could have a document open that is proprietary to the company they work for... all sorts of highly confidential information could be displayed on the screen at the time and inadvertently captured. I wouldn't even want to risk having this error report generated and me somehow accidentally clicking on a submit button. I'd prefer to turn it off.
 
That works too, thanks for your input.
 
Joel, from what you say, it makes sense to have the crash reporting turned off by default, even on the nightlies. There then needs to be a mechanism for the user to turn it on, say in response to a request on the forum; at that point warnings about the need to protect private data and a suitable reference to the Eraser privacy policy would be in order. In my book, those measures would allay all reasonable privacy concerns.

David
 
I'm a little shocked by this. I submitted a report only the other day on a nightly build. Luckily I had only just rebooted and Eraser popped up the window immediately after Windows started so nothing was really on display apart from the desktop with a single recyle bin icon (I like to keep a tidy house). But it's still a bit disconcerting nonetheless. I did not read the disclaimer either which on past thought I really should have if I am that concerned about privacy.

I'll be very aware of this from now on.

EDIT: Actually does it take a screenshot after the crash? My system BSOD'd so not sure how it can screencap from that situation anyhow. Or does it just screencap when the pop up appears?
 
Deadman said:
Actually does it take a screenshot after the crash? My system BSOD'd so not sure how it can screencap from that situation anyhow. Or does it just screencap when the pop up appears?
Probably, with a BSOD, it wouldn't get the chance to take a screenshot. Normally, however, it does, and it's the whole screen that is captured. The capture occurs, I think, at the moment the Eraser debug code detects the crash. I suppose that the debug code is removed from 'stable' releases. Unfortunately, the current 'stable' release (build 1376) has proved to be anything but stable.

If the program crashes again, look in the Appdata\Local\Eraser6\Crash Reports folder in your User folder, and you will find a folder named for the date and time of the crash. The contents of that folder (all of them, I think, including the memory dump) are what gets uploaded. The folder will be deleted once it has been uploaded. Incidentally, when you get the upload dialog (typically on start-up), you can un-tick all the entries, tell Eraser to proceed; nothing then gets uploaded, and all the crash reports are deleted.

David
 
Alright I'm back for a little while with a bit of time on my hands. I'll have a go at getting this fixed (including the plugin suggestion, but that'll take a while; I'll implement the updated message first)

However my current priority is release 6.0.7 (the next stable) to address all the bugs fixed in the source tree after 6.0.6 (which is, I say, a lot.)
 
Spike said:
Thanks for the quick response and assurance. Since no one else has commented on this feature being a problem, I am assuming I am in a minority, so I cannot expect features to be desinged around my wishes. The issue for me is that the screenshot potentially includes sensitive data that has to be retained within the European/US regions for data protection reasons. I don't know what servers the data is being uploaded to and don't have the reassurance of a privacy policy (which cannot be expected of freeware). For these two reasons I cannot let these images be uploaded. I also suggest that if the developers are gathering personal information from users they may be putting themselves under data protection obligations?

Perhaps you could put more specific text "the crash report includes a screenshot of your desktop" to alert users to this, or perhaps you could restrict this feature to be present only in beta versions which are more prone to crashes? I certainly feel, considering the privacy protection function of Eraser, that it should not be behaving in this way without explicitly warning me.

The principle is illustrated by the fact that you have created software which has automatically sent a screenshot of my password and username for this forum; someone with whom I have no legal relationship has taken my password and username for an online service without my explicit permission. I appreciate the fact that it helps your debugging, but quite frankly that is almost the behaviour of spyware or a trojan.


So Eraser is now spy-ware from China. I mean someone has to say it out loud. That is what it is and it is undeniable since Joel added this without telling us. What exactly does he mean when he states that he will keep our personal information secure on a server in China? That in itself is an oxymoron.

I've been using Eraser now for 5 years. Even though it was free - I paid for it. When my os was xp, it worked great but now, that I have a multi-core processor and windows 7, I have tried to erase unused space 5 different times. Every time it locks my computer solid - freezes it up so hard that I have to pull the plug to get it unlocked. Fortunately I have not sent Joel a screenshot and logfile of my computer. I've just uninstalled Eraser.
 
Readers of the previous post might wish to be aware of the following facts.

  • The debug code and crash reporting feature is not included in the current stable version of Eraser (6.0.7), which is the version intended for general use.
  • The debug code is included in development (6.1) builds, but is switched off by default, as suggested by some of us.
  • With the plugin enabled in the settings pane, the crash reporter appears with a lengthy description of what is in the crash report (so responding to Spike's suggestion), and the user has the option not to upload the report, as I explained in an earlier post.
  • currently, the upload process is broken (server errors).
All in all, the good news is that Eraser doesn't really cut it as spyware.

David
 
Back
Top