Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enduser.id should not be captured by default #9740

Closed
philsttr opened this issue Oct 23, 2023 · 0 comments · Fixed by #9751
Closed

enduser.id should not be captured by default #9740

philsttr opened this issue Oct 23, 2023 · 0 comments · Fixed by #9751
Labels
bug Something isn't working

Comments

@philsttr
Copy link
Contributor

Describe the bug

The General Identity Attributes convention for enduser.* attributes states:

Given the sensitive nature of this information, SDKs and exporters SHOULD drop these attributes by default and then provide a configuration parameter to turn on retention for use cases where the information is required and would not violate any policies or regulations.

However, the existing servlet instrumentation currently captures the enduser.id attribute in a couple places (here and here) by default, without requiring the user to explicitly enable those attributes.

Steps to reproduce

  1. Execute an authenticated request against a servlet based application.
  2. Observe enduser.id attribute captured by default.

Expected behavior

I expect the enduser.id attribute to not be captured by default.
I expect that I am required to explicitly enable capturing of the enduser.id attribute.

Actual behavior

enduser.id attribute captured by default without requiring the user to explicitly enable it.

Javaagent or library instrumentation version

1.31.0

Environment

No response

Additional context

No response
@philsttr philsttr added bug Something isn't working needs triage New issue that requires triage labels Oct 23, 2023
@philsttr philsttr changed the title enduser.id should not be captured by default for servlet applications enduser.id should not be captured by default Oct 23, 2023
@philsttr philsttr mentioned this issue Oct 23, 2023
Open
@mateuszrzeszutek mateuszrzeszutek removed the needs triage New issue that requires triage label Oct 23, 2023
@laurit laurit mentioned this issue Oct 24, 2023
Merged
@philsttr philsttr mentioned this issue Oct 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Move capturing enduser.id attribute behind a flag laurit/opentelemetry-java-instrumentation
2 participants
@philsttr @mateuszrzeszutek