Hi,

I've just searched for my Results and found something in the below Stderr-Output that makes me at least wondering:

Stderr output

<core_client_version>6.10.58</core_client_version>
<![CDATA[
<stderr_txt>
18:28:35 (4664): wrapper: starting
18:28:35 (4664): wrapper: running dnetc518-win32-x86-stream.exe (-ini dnetc.ini -runoffline -multiok=1 -e my.mailaddress@was.shown.here)

dnetc v2.9109-518-CTR-10092921 for ATI Stream on Win32 (WindowsNT 6.1).
Using email address (distributed.net ID) 'my.mailaddress@was.shown.here'
.
.
.

I've searched for other Users and found that if you don't hide your Computers then everyone can view your results and see the Mailaddress that is linked with your Account.

I'm quite confident that no one wants that, thus I'm asking if either the Computer(s) of all Users can be hidden by Default, or - perferrably - the Mailaddresses can be removed from the Stderr-Output.


Edit: I've searched a bit more and have to admit, ok, at least we've been warned that if we enter the Distributed.net-ID we could probably expose our Mailaddresses to the public Interest and they could probably get harvest by Spammers.
Now it's ok for me, as a Users Computer is visible to the public on one Hand but on the other Hand by default the Mailaddress isn't included. That serves my Concept of Security!


cheers
aendgraend

..then everyone can view your results and see the Mailaddress that is linked with your Account.
I'm quite confident that no one wants that, thus I'm asking if either the Computer(s) of all Users can be hidden by Default, or - perferrably - the Mailaddresses can be removed from the Stderr-Output.
.
.
...but on the other Hand by default the Mailaddress isn't included.

You are quite right, and I'm a bit worried about this output too. I explained this in our Privacy Policy and warned about in preferences pages, although I'm not sure everybody have even noticed them. (They are easy to miss.)

I think people also expect that the email address used in BOINC to remain hidden from public. And by default that's the address used as Distributed.net ID. (Especially after I get that default fixed.)

This ID can be revealed also on Distributed.net stats but you can these days change stats prefs there and show your real name or participant ID instead. So in that sense, maybe we should protect this ID a better too.

You can use a different email in account and as Distributed.net ID. But I'm not sure if this is enough. I could probably sanitize stderr output when it gets inserted in the DB.

OTOH, we wouldn't have this problem if one couldn't set a custom ID in the first place. And given things like DC Vault (thanks yoyo!) I'm begin to think this might be a good idea.. Or at least make the default not use your confidential email address.

-w