LibreWolf 'leaking' info about visited URLs to systemd journal (logs)

If you are on Linux…

How exactly is system level logging “leaking”? Is systemd making connections to servers?

I don’t see any issue with this. In what scenario would this be an issue? If an attacker has access to your local systemd journal, then you have bigger problems than leaked JS errors. Regardless, it appears this has been fixed and will be pushed out on the next update.

No, it’s a local issue. A place where this could be a issue is in offices, but I guess no office uses Linux , and even if there was, I doubt anyone installing Librewolf. Like @CrocodileDundee said, this really is a low severity issue and doesn’t affect a whole lot of users.

Imagine you live in a country where enjoying the freedoms others take for granted is illegal, the police kick in your door and on the computer they find a log of all websites you have visited, they then throw you in jail or shoot you in the head.

There is zero reason to add the information to the system log, not unless the user explicitly enables debug level logging.

Yes it does, on any system that is using rsyslog.

Yeah that’s what got them not the 400 TB of child photography. Those darn logs! Dude there is no country that acts that brazenly ever not China not Nazi Germany not anywhere. Your reasoning is insane if there truly existed cops who killed any citizen based on that there would be no country. Why not kill Joe because he has cat pictures as well or his grandma because she turned on her computer at 10 am and 12pm. Also HDD encryption exists and a list of websites wont be the only thing on there that could be of concern. There are threat models for these edge cases but hyper focusing on logging is not going to help them. Broad solutions that cover all their bases will. And you just mentioned a reason for logs debugging most applications crash a ton so logs are expected. There really is no issue with what you’ve described you are using a false dichotomy to justify your beliefs. The police in that scenario are way more likely to kill you if you try to hide anything via encryption or lying. Regardless you’re actual life here and now isn’t hindered in any way by system logging we should be focusing on actual issues. This thinking fragments an already broken privacy community and it needs to stop.

I’d argue it’s not an issue because at that point you’re boss would be sniffing the network or something to that effect.

1 Like

400 TB of CP, case of a thief thinks everyone steals?

You can easily get thrown in jail for 34 for using Twitter, there are lots of place where sexual, religious, or political orientation can get you killed.

Lots of people have legit reason to fear for their life, just for wanting the freedom others have.

People using Librewolf usually don’t have a threat model like you described. While it’s true the devs of Librewolf messed up, there is literally no reason to panic for the average Joe. Also these kind of bugs happen on Firefox every Saturday, so nothing new I guess. Another reason to switch to Chromium.

Moving the goal post. And how does this relate to system logging again?

This is appealing to the extreme. I understand that others are in more difficult situations, but if someone’s threat model is high enough to include state actors, then I don’t think we can get too upset at LibreWolf for being the point of failure. Clearly, there are better browser solutions out there when the stakes are so high… I get that this bug (that’s been fixed) was an issue, but I would still partially blame the user in the scenario you described.