2016-05-28 - Re: [GRASE-Hotspot] grase reports page is a breach of security and privacy

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: b3e8f33a9c01acb1b8ad42719da22afafa0c267edf3b995cde17be1a86b6af69
Message ID: <CAESLx0KgFnne6r_Snw_LNWZbcVc-Nvzu6xfUhq6e1DVhUFkyvA@mail.gmail.com>
Reply To: <1f9ecbd4ffd5c741ccb1dc484ec95302.squirrel@www.pc-networking-services.com>
UTC Datetime: 2016-05-28 15:24:17 UTC
Raw Date: Sun, 29 May 2016 08:24:17 +1000

Raw message

As already pointed out by others, you can lookup the Google API's being
used, and see that it's not uploading anything to google, but using the
Google charts library locally in your browser to render graphs. Google does
not get any of your private information, it's not stored in any account.

Being open source, you can also see all the code, so feel free to browse it
on Github. The page in question is
https://github.com/GraseHotspot/grase-www-portal/blob/master/files/usr/share/grase/www/radmin/templates/reports.tpl

If you have a problem with Google libraries, please stop using the Grase
Hotspot, or just stop using the Reports page.

I've never hidden any part of the hotspot system, the code is all public on
Github. I welcome security audits as no one is paying for any, so feel free
to pay for a security audit.

Tim

On Sat, May 28, 2016 at 7:57 PM, 'Christopher Gregory' via Grase Hotspot <
gr***t@grasehotspot.org> wrote:

> Hello Tim,
>
> To say that I am angry is the understatement of the year.
>
> You have absolutely NO right using google to submit peoples server stats.
> That is exactly what you are doing.
>
> A reports page is PRIVATE INFORMATION, yet I have clearly found that you
> call https://google.com in your reports page.
>
> What account are you storing peoples PRIVATE information on?
>
> As you have created this, despite that you have exams at uni I demand to
> know ALL the places that you have placed such hidden no disclosed pieces
> of  code.
>
> As a systems administrator of a number of years of PAID employment I
> DISABLE google as they are pure SCUM.
>
> I want the exact location on google that you are putting people's private
> information and I want it PURGED NOW.
>
> If needs be I will take personal legal action against you.
>
> Yes I am publicly posting this on the list.
>
> Christopher.
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f9ecbd4ffd5c741ccb1dc484ec95302.squirrel%40www.pc-networking-services.com
> .
>

Thread