As a privacy conscious user I expect LibreOffice to write my name (like I entered in settings) and probably some metadata (like timestamp and maybe a build tag) to a file whenever I save it. People who want to create or edit files anonymously are hopefully aware of those and can act accordingly. What I would not expect is to find my printer name in a file which I just minimally edited (not created, not printed nor actively print-previewed). Printer names can be unique, they can potentially identify your workplace or organization. They are also system wide, meaning that creating a separate user account for anonymous editing will not prevent your identification. This can become a huge issue for whistleblowers or people who need to edit something anonymously for any reason. We must assume that intelligence organizations have databases of such metadata and will use it for de-anonymization. Technicalities -------------- After unzipping a document, check settings.xml for the config:name "PrinterName" and "PrinterSetup", the latter also contains the name and some settings base64 encoded. Reproduce on Linux ------------------ 1. Move an ods file to an empty directory 2. `unzip myfile.ods` 3. Optionally format xml files in place. (Don't run it in the wrong directory, it may overwrite or clear your xml files when errors occur.) `find . -maxdepth 3 -type f -iname "*.xml" -exec xmllint --format '{}' --output '{}' \;` 4. `rg Printer` (or use any other grep or searchtool you like to search for Printer) 5. Optionally decode PrinterSetup: `echo "yourbase64" | base64 --decode Example file ------------ https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/OPCUA/OPCUA_Sicherheitsmechanismen_odt.ods?__blob=publicationFile&v=1 (I haven't looked at the contents, just found this randomly with a google "filetype:ods security" search. The last editor apparently had a default printer named "5_703_COL_simplex".) Further notes ------------- - Someone else also mentioned this on Stackoverflow: https://superuser.com/a/1831528/551544 - Reported against Calc because this is what I tested and I didn't see an "all" component. - It is documented here, but disabling the "save" feature does not seem possible: https://help.libreoffice.org/7.0/en-US/text/shared/optionen/01010200.html?DbPAR=SHARED
Maybe can help Menu>File>Properties>Apply user data
Created attachment 199867 [details] Settings.xml from the unzipped ods file
Created attachment 199868 [details] Test file created as described in post #3
(In reply to m_a_riosv from comment #1) > Maybe can help > Menu>File>Properties>Apply user data No it doesn't. It only makes this issue more serious in my opinion. Users may assume that this feature would be sufficient to for anonymous editing but the PrinterName is still written to settings.xml. Steps to reproduce ------------------ 1. Open calc 2. Menu>File>Properties>Apply user data: Disable Checkbox and Apply 3. Save file 4. Proceed as previously described Expected Results ---------------- There should be no or as little as possible user identifiable information in the file Actual Results -------------- settings.xml contains my default printer name. See Attached files.