[Bug 57685] New: Spam: Obsfucate email addresses on reports and elsewhere even when logged in
https://bugs.winehq.org/show_bug.cgi?id=57685
Bug ID: 57685 Summary: Spam: Obsfucate email addresses on reports and elsewhere even when logged in Product: WineHQ Bugzilla Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: bugzilla-unknown Assignee: wine-bugs@winehq.org Reporter: dav75uk@yahoo.co.uk CC: austinenglish@gmail.com Distribution: ---
A Spammer is likely using Wine bugzilla since I had no spam before recently interacting with wine bugzilla and now a ton every day from a few domains. No other major interactions with my email around the start date except with a pension company (far less likely to be the source). Spammers just need to create an account here and scrape bug reports.
For most things there is no reason to show email addresses to the public as that is not necessary for most use cases. In the rare case where it is necessary to contact someone related to a bug or out of interest, it should go via a request to wine maintainers, not allow anyone to contact anyone unsolicited. This also probably breaches privacy laws (GDPR etc).
https://bugs.winehq.org/show_bug.cgi?id=57685
Olivier F. R. Dierick o.dierick@piezo-forte.be changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |o.dierick@piezo-forte.be
--- Comment #1 from Olivier F. R. Dierick o.dierick@piezo-forte.be --- Hello,
Confusing simultaneity and causality is a frequent mistake. It is possible that you have been targeted by a spammer for reasons completely unrelated to Bugzilla (packet sniffing; security breach at your provider; random dictionary attack).
Then, WineHQ has no control over Bugzilla. Bugzilla support can be found there: https://www.bugzilla.org/support/
GDPR doesn't directly forbid any specific processing of personal information. Anything is permitted if it complies with the GDPR principles. You may read about the principles relating to the processing of personal information there: https://gdpr-info.eu/art-5-gdpr/
Bugzilla requires an user account to be created to report bugs and comment existing ones. --- quote from https://bugs.winehq.org/createaccount.cgi --- A user account is required to report new bugs or to comment into existing ones, as you may be contacted for more information if needed. This also lets other users clearly identify who is the author of comments or changes made into bugs. Note that your email address will never be displayed to logged out users. Only registered users will be able to see it. (...) PRIVACY NOTICE: Bugzilla is an open bug tracking system. Activity on most bugs, including email addresses, will be visible to registered users. We recommend using a secondary account or free web email service (such as Gmail, Yahoo, Hotmail, or similar) to avoid receiving spam at your primary email address. --- end quote ---
Bugzilla offers no integrated messaging feature. It currently relies on the users providing their emails and their public display. Changing that would require a major overhaul of Bugzilla's user management.
If you want to change that, you should direct your query to the Bugzilla project to the link above. There is nothing WineHQ can do about it.
Since there is currently no other way for Bugzilla users to contact other users than to know their emails and contact them directly and this is stated explicitly when creating an account, this is a legitimate processing of personal information that complies with GDPR.
Regards.
-
WineHQ Bugzilla