OpenWolf/TremZ is gathering your private data

[/dev/humancontroller]

to my surprize, the OpenWolf engine behind the upcoming TremZ [which is to be renamed] can execute the following piece of code when disconnecting or throwing an error:

Code: [Select]

HTTP_PostUrl( "http://www.openwolf.com/user/log", callhome, &i, "message=ERROR:%s\n%s\n", com_errorMessage, Con_GetText(0) );
which means that whenever you disconnect, all the text in your console, including your private chat and rcon passwords you've typed, will be sent to a malicious domain.

[TheDushan]

Well, that part of code what is in quote should be related only if and when client get error. I am not owner of openwolf.com and that site is added only as example nothing else.
Functionality of that if game is compiled with USE_HTTP is in case of error, engine is capable to call "home" address and post error report.
In code you can find more related stuff about that.
I even planned to use MANTIS, so in case of error, engine can automatically open ticket and provide screenshot of error, with UI popup so client can write info how "maintainer" of game/engine can reproduce error and fix it.

EDIT #1: whole point all HTTP stuff in engine is that I tried to bring forum functionality into UI and engine (with MySQL), so from game, you can use basic forum stuff [read, post your score, create profile (character ...), use user search, messaging stuff, adding friend/buddy ...].
Nothing related to your server settings and private data.
Currently engine want to log in on non-existent website with username::password and hang there because website do not exist. That username::password is related only for forum/mantis and nothing else.

That part of code is highly under development.

Personally I don't see anything bad in having that. But others might think different.

EDIT #2: This is one example what should be added in reportingbug.menu what is related and what is called when game crash.
P.S. I didn't post whole.

   menuDef
   {
      name      "reportingbug"
      backcolor   0 0 0 0.5
      style      WINDOW_STYLE_FILLED
      rect      0 0 640 24
      visible
      focusColor   0.3 .2 .1 0.25
      popup

      onOpen   { setFocus "report" ; editclear report ; editfield report }
      menuKey K_ESCAPE   { close "reportingbug " }
      onClose   { uiScript closebugreporting }

      ...

      itemDef
      {
         textalignx   ITEM_ALIGN_LEFT
         textaligny   ITEM_ALIGN_LEFT
         forecolor   MM_INGAMETITLETEXT
         type      ITEM_TYPE_EDITFIELD
         
         ...
         
         action { exec "screenshot bug" ; close reportingbug }

         name      "report"
         rect      0 0 640 32
         bordersize   1.000000
         visible
         text      "Bug"
         textscale   0.300000
         textdivx   32
         cvar      "r_bugreport"

Stuff like that.

EDIT #3: In case of other questions, I am here.

[/dev/humancontroller]

Well, that part of code what is in quote should be related only if and when client get error.

technically, a disconnect is an error case internally.

whole point all HTTP stuff in engine

Nothing related to your server settings and private data.

yet that piece of code transmits potentially private and confidential data. confidential data = chat on a server (for example, between admins), typed rcon password lines, etc..

Personally I don't see anything bad in having that. But others might think different.

you've gotta be kidding me. unacknowledged transmission of private contents is not even legal. the program can, strictly speaking, act like a virus. sure, the GPL says that "there is no warranty", but does such a statement legalize viral activity? (obviously not, as then virus writers would only require victims to click on an "i understand and agree with these terms", which is easy.)

[1337-Kynes]

From the tremz dev channel, earlier this morning:

Code: [Select]

07:44 < Erwin_Rommel> so you were just trying to create forum drama devhc?
07:44 < DevHC_> lalalaaa...

Take this topic with a grain of salt

[TheDushan]

Well I do not know his motives, but he have shown point and concern about this.
Basically problem "was" what will "maintainer" do with extra info when he receive "real" crash report.
It's problem but that depends more from person to person.
User should receive UI popup and accept or decline right to give extra info about crash.
If he accept, he will provide console log along with standard crash report (map, description of problem, steps how to reproduce it), if not then only standard crash report.

[/dev/humancontroller]

From the tremz dev channel, earlier this morning:

Code: [Select]

07:44 < Erwin_Rommel> so you were just trying to create forum drama devhc?
07:44 < DevHC_> lalalaaa...


because i can fix all concerns, for i have commit access to the code repository.

User should receive UI popup and accept or decline right to give extra info about crash.
If he accept, he will provide console log along with standard crash report (map, description of problem, steps how to reproduce it), if not then only standard crash report.

no. if he doesn't accept, then nothing is sent. though he will have the option to send any combination of: the error string, a screenshot, the console text, the backtrace, the binary state of the program, a description on how to reproduce the problem, and contact information. furthermore, as we're getting into collaborating with users, there ought to be simple, personal-contact-info-free method of letting a user communicate with a developer; examples:

• open a small chat client connected with 1 developer (though this almost requires a full-time employee)
• open a small IRC client shipped with the release, and connect the client to a reporting channel
• the non-built-in equivalent of the above: direct the user's browser to a web-IRC page
• store a (secure, hardly guessable) ticket number on the crasher's system, and ask the following question on subsequent program starts: "would you like to check on the status of the crash report you've submitted earlier? it is possible that there is a useful reply or some questions."

[Creative1]

But wouldn't the devs be the only one capable of getting this information? I mean I don't think any of them are out to get rconPasswords, and I honestly wouldn't really mind that much....

This just looks more like an opportunity to flame the TremZ devs, rather than a real concern.

And seriously, did you have to put this on Tremulous forums instead of discussing it on TremZ's forum/irc?

[Qrntz]

devhc is stealing your private data
don't reply or your cookies are in his filthy hands

[UniqPhoeniX]

Tremz/OpenWolf don't own that domain.

[Celestial_Rage]

But wouldn't the devs be the only one capable of getting this information? I mean I don't think any of them are out to get rconPasswords, and I honestly wouldn't really mind that much....

This just looks more like an opportunity to flame the TremZ devs, rather than a real concern.

And seriously, did you have to put this on Tremulous forums instead of discussing it on TremZ's forum/irc?

DevHC is a TremZ dev.

[ULTRA Random ViruS]

Which tremz forums? Last time i remember looking for the official site i ended up finding 2 or more results.

EDIT: Exaggeration.

[Qrntz]

Which tremz forums? Last time i remember looking for the official site i ended up finding 5 or more results.

Please, take your medication. Thanks.