Sentry is a security / data protection risk

[lukestanley]

Postbird seems pretty great but debug logs probably shouldn't be sent without explicit consent, especially considering they may be expected to contain sensitive data or connection info. (Even if Sentry claim to scrub it, it's still sent out.)
This is a massive data protection / GDPR / privacy risk to Postbird users.
By default, sensitive data probably should not be leaked.
Consent should probably be gathered and stored.

[Paxa]

You are right, I should ask user confirmation before sending. Will fix it in next version

Currently it send computer name, system username, system version, postgres server version, user IP (I don't know how to turn if off) and stack trace.
Database credentials are not sent to sentry

postbird/lib/error_reporter.js

Line 35 in bb49261

exception.client = "CUT!";

I guess all of that is not personal, what do you think?

[lukestanley]

Thanks for acknowledging it and committing to a fix, that's excellent! 👍

My understanding is that under GDPR, user names and IP's are typically considered potentially sensitive.

Regarding the contents of the data sent:
While traceback may not have the connection string's manually added to it, I don't see anything preventing them from being sent up as a natural part of a traceback.
For example, even if there was a connection string parsing traceback, without doing a HTTPS MITM to check, it might not be obvious what it's sending but it sends up a lot for sure.