Most Loved Programming Language Rust Sparks Privacy Concerns

An Anonymous Coward writes:

Most loved programming language Rust sparks privacy concerns

Rust developers have repeatedly raised concerned about an unaddressed privacy issue over the last few years. [...] However, for the longest time developers have been bothered by their production builds leaking potentially sensitive debug information.

In early 2017, a Rust developer filed an issue on the Rust lang's GitHub asking, "How can I stop rustc [from] including system specific information such as absolute file paths of the source it's compiled from in the binaries it generates? [...] These absolute path names revealed the developer's system username and the overall structure of directories, including the home directory."

[...] On a first glance, this "leak" of usernames and absolute paths may seem trivial to a reader. However, over years, many more developers were left surprised to notice such information being included not just in debug builds but their production Rust builds as well [1, 2, 3, 4, ...] and pushed for a change.

[...] Interestingly, despite being a privacy risk, the inadvertent inclusion of metadata such as absolute paths may aid computer forensics experts and the law enforcement as the path could reveal system usernames. Of course, any developer who is aware of this issue can trivially build their Rust applications inside of a container, and use a pseudonymous username to minimize impact from the issue.

Read more of this story at SoylentNews.