Privacy: Windows id is shared on every startup

[ShaneZlaros]

The user's Windows product key is sent to IP 185.28.100.135 (i.e. the default PlayniteServices endpoint) on every startup as part of PostUserUsage() in ServicesClient.cs

The transmission of this unique personal identifier without explicit user consent might be in breach of data protection provisions, e.g. https://en.wikipedia.org/wiki/Data_Protection_Directive#Principles

If a unique identifier for the client machine should be needed for PlayniteServices, please at least use a salted hash of this key (i.e. anonymize it), or better use a random identifier generated at first launch.

Also user consent should be required before using telemetry (as seen in most software nowadays "Share telemetry data with XX to help improve XY"-checkbox) and personal data should only be transmitted over a secure connection (see issue #480).

[JosefNemec]

It's not a product key, It's a unique key generated during Windows installation. Basically it would be similar if we generated our own, but this survives Playnite reinstall/uininstall without leaving additional footprint by Playnite.

But I agree that it will be safer to use our own data rather then Windows ones.

[DennoCoil]

Does this mean there's a sync function in Playnite? Or is it one of those diagnostic things? Either way, it's sketchy that's in there.

[JosefNemec]

It's there to track how many users Playnite has on what Windows versions. I use this to focus testing on most versions people use. For example I rarely test things on Windows 8 since almost nobody with Playnite uses it and also there's a big difference in Windows 10 versions used.

[JosefNemec]

Released in 4.1