URGENT - Anonymized log files still contain private information

[Scott D 69]

In the process of uploading log files for another issue, it came to my attention that "Anonymized" ffmpeg log files still contain the web address used to access my server.

Please be advised that this could become a huge security risk for those uploading log files.

[ebr 16185]

1 hour ago, Scott D said:

this could become a huge security risk

Hi.  While I agree we should mask those, I think the above statement is a bit of an overstatement.  Your IP address is not a secret to the internet at large and there are many systems out there constantly probing and port scanning.  So, your server's address should be assumed by you to be known and you should take steps to secure your network beyond that knowledge.

[Scott D 69]

I agree that we should assume that there will always be those looking to break in (or just poke around), but just like Todd Davis of Lifelock learned, it is not advisable to go around publishing your private information.  It saves those looking to cause harm a great deal of time when the information is right out front.

I have been a user for several years, and on almost all interactions with the developers, I am asked to upload log files.  With the introduction of the "Anonymize" function, one might make the terrible assumption that any personally identifiable information would be obfuscated.   No need to make things easier for those we want to keep out.  Trying to bring problems to the attention of those that may want to know.  Just my 2 cents.

[Luke 42080]

Hi there, can you please provide a specific example ?Thanks.

[Scott D 69]

If you are asking for a specific example of the log file, look at an ffmpeg log file just before the "User policy for..."  Approximately the 13th line in the log file.

[Happy2Play 9782]

15 minutes ago, Luke said:

Hi there, can you please provide a specific example ?Thanks.

You mean this.  Ofiscated url and api key

2024-02-20 15:59:03.114
Operating System: Microsoft Windows 10.0.19045
OS/Process: x64/x64
Emby Server version: 4.8.1.0
Operating system: Microsoft Windows NT 10.0.19045.0
Command Line: Y:\Emby-Server\system\EmbyServer.dll

App: Emby Web 4.8.1.0
Microsoft Edge Windows
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0

https://xxxxxxxxxxxxxx.homeserver.com:8920/emby/videos/497385/main.m3u8?DeviceId=26208d54-2a43-4d07-8d4e-5cf2aac12943&MediaSourceId=e03f8f7e49922362523dd200bbe9b22d&StartTimeTicks=99733270&PlaySessionId=1551070637f34b1c8563d8dc263004c2&api_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb&VideoCodec=h264,h265,hevc,av1&AudioCodec=ac3,mp3,aac&VideoBitrate=3360002&AudioBitrate=640000&MaxWidth=1920&AudioStreamIndex=1&TranscodingMaxAudioChannels=2&SegmentContainer=m4s,ts&MinSegments=1&BreakOnNonKeyFrames=True&SubtitleStreamIndexes=-1&ManifestSubtitles=vtt&h264-profile=high,main,baseline,constrainedbaseline,high10&h264-level=62&hevc-codectag=hvc1,hev1,hevc,hdmv&TranscodeReasons=ContainerBitrateExceedsLimit,DirectPlayError&allowVideoStreamCopy=false

https://xxxxxxxxxxxxxx.homeserver.com:8920/emby/videos/497385/hls1/main/3.ts?PlaySessionId=1551070637f34b1c8563d8dc263004c2

{"Protocol":"File","Id":"e03f8f7e49922362523dd200bbe9b22d","Path":"Z:\\ServerFolders\\Videos\\Kids-Animation\\Movies\\The Addams Family (Animated) Collection\\The Addams Family (2019) [tmdbid=481084]\\The Addams Family (2019) [tmdbid=481084].mp4","Type":"Default","Container":"mp4","Size":4196369920,"Name":"The Addams Family","IsRemote":false,"HasMixedProtocols":false,"RunTimeTicks":52212160000,"SupportsTranscoding":true,"SupportsDirectStream":true,"SupportsDirectPlay":true,"IsInfiniteStream":false,"RequiresOpening":false,"RequiresClosing":false,"RequiresLooping":false,"SupportsProbing":false,"MediaStreams":[{"Codec":"h264","CodecTag":"avc1","Language":"eng","TimeBase":"1/24000","VideoRange":"SDR","DisplayTitle":"1080p H264","DisplayLanguage":"English","NalLengthSize":"4","IsInterlaced":false,"BitRate":5783093,"BitDepth":8,"RefFrames":1,"IsDefault":true,"IsForced":false,"IsHearingImpaired":false,"Height":1040,"Width":1920,"AverageFrameRate":23.976025,"RealFrameRate":23.976025,"Profile":"High","Type":"Video","AspectRatio":"24:13","Index":0,"IsExternal":false,"IsTextSubtitleStream":false,"SupportsExternalStream":false,"Protocol":"File","PixelFormat":"yuv420p","Level":40,"IsAnamorphic":false,"ExtendedVideoType":"None","ExtendedVideoSubType":"None","ExtendedVideoSubTypeDescription":"None","AttachmentSize":0},{"Codec":"ac3","CodecTag":"ac-3","Language":"eng","TimeBase":"1/48000","DisplayTitle":"English AC3 5.1 (Default)","DisplayLanguage":"English","IsInterlaced":false,"ChannelLayout":"5.1","BitRate":640000,"Channels":6,"SampleRate":48000,"IsDefault":true,"IsForced":false,"IsHearingImpaired":false,"Type":"Audio","Index":1,"IsExternal":false,"IsTextSubtitleStream":false,"SupportsExternalStream":false,"Protocol":"File","ExtendedVideoType":"None","ExtendedVideoSubType":"None","ExtendedVideoSubTypeDescription":"None","AttachmentSize":0}],"Formats":[],"Bitrate":6429720,"RequiredHttpHeaders":{},"AddApiKeyToDirectStreamUrl":false,"ReadAtNativeFramerate":false}

>>>>>>  User policy for Media
        Enable Playback Remuxing: True
        Enable Video Playback Transcoding: True
        Enable Audio Playback Transcoding: True
        Global Remote Bitrate Limit: 7,750,000 bps

 

No different then Referer in log also

 Referer=https://xxxxxxxxxxxx.homeserver.com:8920/web/index.html

Pretty sure there were others depending on ones setup.

[Luke 42080]

Thanks.