Connect and File Attachments
Recently, an email exchange occured between myself and a Connect user. This person was wondering why Connect didn't allow users to download files attached from other users. An example scenario would be that when a user files a bug, they might attach a screenshot. This type of data would be very useful for other users, in that they could verify if they are experiencing the same problem.
So, given that file attachments are useful not only to the developers attempting to reproduce and diagnose your bugs but potentially to other testers, why don't we allow file attachments to be downloaded?
The answer is that file uploads provided to Connect are not allowed to be downloaded for a myriad of reasons, some technical, several policy-related.
One major issue is security; even screenshots can contain sensitive data and we don't wish to take a risk of exposing that data to other people, whether by accident or design. Also, many of our beta programs involve pre-release software, and exposing screenshots, memory dumps, debug logs and stack traces of bugs being diagnosed is not a good way to keep either customer information or intellectual property safe.
Microsoft takes personally identifiable information extremely seriously (you should see the training and lectures we get about it). The risk of exposure of personal data, such as that which might be found in a memory dump, or in a screenshot, is one we simply cannot take. Frankly, I like my job and don't want to lose it because I did something that caused a customer's personal data to be compromised.
Also, providing the ability to fetch files that have been attached to feedback items means keeping those items in a state where they can be retrieved. Once a file is attached it is no longer available to the web servers, for security reasons and because we don't really want to attach that much storage to the web servers- the volume of file attachments we process is pretty significant.
Another major issue with such a feature is the potential for abuse; it's not hard to come up with several scenarios that would not look good for Microsoft if we allowed file attachments to be retrieved by users after they've been uploaded. Imagine what one person who wanted to embarrass Microsoft could do if screenshots or other file attachments could be fetched by users other than the one who submitted them. It would be quite simple to label something quite unsavory or even illegal as a screenshot, attach it to a bug report and then notify the media and/or tech websites and blogs.
The short answer is that Connect is not a file-sharing system and the potential for abuse far outweighs any utility we might realize from it.
Having said all this- We're working on features to make it possible for testers to share data with each other in more effective ways. We want to increase your coordination with other testers because that increases the quality of bug reports and reduces the number of duplicates. But we are absolutely constrained to do that in a responsible manner which safeguards your personal information and Microsoft's intellectual property.
I'm not really able to discuss the specifics of these features right nowo mostly because we're still brainstorming them, but they're all geared toward making the experience of working with Connect both more interactive and connect you with other testers and their activities. If you have suggestions, I encourage you to file them at http://connect.microsoft.com/Connect/feedback.
