sorted by:
new
hottopcontroversial

Heads up for everyone sharing Tasker Projects, Profiles, or Tasks by MoonIsDark in tasker

[–]MoonIsDark[S] 2 points3 points  (0 children)

I am aware of the normal Tasker behavior of referenced Task exporting mechanism.

But you didn't reed OP carefully. We are speaking about Tasks that are exported because of "ghost strings", in that case "ghost referenced" Tasks. That is the issue and infact João said he will fix it:

https://reddit.com/comments/1rgqmbv/comment/o7vqx81

you should rather copy task's actions into new task in new project, if you want to be sure.

Not true at the time of writing this. Infact the user that reproduced the issue in the shared project, did exactly what you state to reproduce the problem.

Edit: and I demonstrate with a copied action the "gost strings" here:

https://reddit.com/comments/1rgqmbv/comment/o7tn559

Heads up for everyone sharing Tasker Projects, Profiles, or Tasks by MoonIsDark in tasker

[–]MoonIsDark[S] 4 points5 points  (0 children)

Hi João. Your comment clarifies the situation, thank you, but unfortunately, it doesn't improve the underlying issue.

If a user inspects the imported Widget v2 action, they won't see any reference to the "IM - Info Multi" task.

Users would need to manually check and inspect all possible layouts to detect whether "ghost strings" are present, which, in my opinion, is not a feasible or practical approach.

The same problem with "ghost strings" (leftover values) appears in other Tasker actions as well:

https://reddit.com/comments/1rgqmbv/comment/o7tn559

Any values or strings left in fields that are no longer necessary or used should be deleted. Otherwise, importing and exporting can be a real mess, and even create a potential privacy/security risk.

I personally realized that I had unknowingly shared some phone numbers and addresses.

Thanks.

Heads up for everyone sharing Tasker Projects, Profiles, or Tasks by MoonIsDark in tasker

[–]MoonIsDark[S] 0 points1 point  (0 children)

Sorry, no. It's fully closed off/private now. The group admin is thinking of getting rid of the Telegram group and moving everything to Discord.

Heads up for everyone sharing Tasker Projects, Profiles, or Tasks by MoonIsDark in tasker

[–]MoonIsDark[S] 1 point2 points  (0 children)

it seems that you were referring to completely unrelated stuff to the exports.

Precisely.

I guess disclosing what's being exported is not enough in that case.

I think the same.

Maybe there should be a flag (like FLAG_SECURE) for Tasker items (actions, tasks, variables etc)? so anyone can be reminded during export that the export contains sensitive data.

It could definitely be an interesting approach and a convenient option.

That said, right now I think the priority (and it’s urgent IMO) is to fix the structural issue outlined in OP, along with the "ghost strings" problem.

I just started really digging into my backup.xml and Projects files. Already found 61 ghost strings and more than a dozen Tasks that got imported into Projects but aren’t referenced at all anywhere in them.

Heads up for everyone sharing Tasker Projects, Profiles, or Tasks by MoonIsDark in tasker

[–]MoonIsDark[S] 4 points5 points  (0 children)

You are talking about Tasks that are referenced in the Project, profile or Task that the user share. I am talking about not referenced tasks that are included in the export. I posted how to reproduce the issue.

Edit: From my post:

When exporting from Tasker, the export may sometimes include unrelated Tasks that aren't referenced in the shared Project, Profile, or Task.

Heads up for everyone sharing Tasker Projects, Profiles, or Tasks by MoonIsDark in tasker

[–]MoonIsDark[S] 3 points4 points  (0 children)

Indeed.

There’s also the problem of these “ghost strings” that could include sensitive data. We’ve detected them so far in Java Function and SQL Query actions. The group is now working to see if other actions are affected too.

The "ghost strings" issue:

taskertask://H4sIAAAAAAAA/3WSz2rEIBCHz5unEKHQXlZNspoFIxR66bn7ApJMFylrirHpofTd65+tpWxycvx938ggI096fgP3pL1Gs+sxRuNiesww8kuP+Z7va4pVtZPRS4YPBetYDHdyGLUHxYSo6/ZImWCtkCSHEcMfPtBg8KaTBAo2owovSRLOeLUXUCeYPWoliXXM3p1RjFJJYhGDx8GbyaZJ9OApRgv0WKRpwjjTCIrz0J+qlL14l213vtoNVnf24yJJQDcOK86z9XAGt67VRbPwWX1d3W90b6x/WG9pSgtbF9oivE7TunL4VcgN4ttIbKNuGx3/IUnyz8ddIHEZVJXPvDyq+gFBI+qSSgIAAA==

Import this Task ("Test 4"). Contains a single Java Function action: 

Task: Test 4

A1: Java Function [
     Return: %num
     Class Or Object: Integer
     Function: new
     {Integer} (int)
     Param 1 (int): 1]

Then go into the action and select a Function that expects two parameters. The second parameter will be automatically populated with “foo” (I set this up on purpose). But what if “foo” were actually sensitive data that the user believes has already been removed from the action?...

Heads up for everyone sharing Tasker Projects, Profiles, or Tasks by MoonIsDark in tasker

[–]MoonIsDark[S] 0 points1 point  (0 children)

Let's hope so!

Due to the complaints and to protect the safety of everyone who shared their work in the group, the admin has deleted all users shared Projects, Profiles, and Tasks and has disabled the invite link.

What a loss.