privacy assurance while reporting errors

3.19: addx/privacy rights/reporting errors:
. if an error should be reported to the coder
the report should be generated in such a way that
the user can see it contains no personal data;
or, it should say it does contain data
and ask if it is too sensitive .
. it should then attempt to use the addx mailer
which the user may have disabled;
if so then you need to ask them to email it for you .
. might consider making an authenticity code
to assure you that some mischievous user
didn't generate a false report;
but, encryption could be seen as a source of
private data leakage;
in fact, if they don't trust you*
they can't even trust plain text,
because you could use choice of words and formatting
to encode the private data;
but most won't have a reason to be that paranoid;
nevertheless, the less trust your program needs
the less there is to be abused
in the event addx is hijacked by malware .
* 4.29:
. that seems rather elaborate,
esp'ly given that addx is open source;
but, addx will be distributing binaries,
so this increases the risk of corruption;
because, these binaries will be uploaded by net,
so net-based crackers might be able to modify
both the binary and the page that gives
the binary's digital signature ?