Hello, I'm developing a Transparent Proxy and I noticed that the Network Extension Framework logs in the Unified Logging System when my profile receives a flow, its source application, its destination endpoint, and my profile's decision regarding that flow.
I worry that this may compromise the user's privacy. So is there a way that I can turn off these logs at least in Distribution Configurations?
There are two parts to this:
-
What you log
-
What the system logs
With regards the first, you do need to be careful about the potentially private data that you log. Apple’s system log APIs let you tag each logged item with a privacy level. For more information about that, see the docs linked to by Your Friend the System Log.
With regards the logging done by the system, you can generally assume that the system is careful about what it logs. And while you can change the system’s log configuration using various facilities — on macOS that is, and see Your Friend the System Log for the details — I don’t think it’s wise to do that in a widely distributed software product. The log configuration should be under the user’s control (or the site manager’s control, in a managed environment).
With regards the specific info you’re seeing, I recommend that you retest in a production environment. The info you see logged during development is very different from the info you see logged in production, because various tools have mechanisms to force the recording of private data during development.
If this retest reveals private data that you don’t think should be recorded by default, I encourage you to file a bug about that.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"