New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Have metrics disabled by default, or completely removed #4966

Closed
greencopper opened this Issue Jan 9, 2015 · 103 comments

Comments

Projects
None yet
@greencopper
Copy link

greencopper commented Jan 9, 2015

You need to leave the metrics disabled by default and then at least ask users, first time they activate the editor, whether they would allow it to be enabled.

I for one will not allow spyware to run on my box, hence I disable or remove such applications, but Atom doesn't provide a clue in the application, so if someone haven't seen the FAQ, they don't know.

This is a problem because Atom is then collecting data WITHOUT consent, even if it is in the FAQ and even if the user has downloaded the application.

Besides, I find the whole concept of tracking users with the excuse of collecting useful data ridiculous!

In the entire history of Open Source this has never been needed and users are extremely helpful in sharing information, data, and reports about bugs, how they use the application, and other stuff.

The metrics package in Atom should to be removed from the default install, and then you can leave the package for anyone who want to install it by himself from the installation menu. Or as suggested, leave it OFF at first.

Another important point is that Atom is NOT simply collecting statistical data! If that where the case there certainly is no need to create a SHA1 of each installation MAC address. That is NOT collecting statistical data, that is specific and individual surveillance, which is unacceptable.

@50Wliu

This comment has been minimized.

Copy link
Member

50Wliu commented Jan 10, 2015

I guess putting a notice in Welcome.md might help, or do what lots of applications do on first startup: ask for permission (I'm guessing this is possible with Squirrel?).

About your point with 'this has never been needed': There are currently 68 open issues with the more-information-needed tag (and that's not counting issues where it was removed after the needed info was added). I'd guess at least half of the (total) issues don't include the OS or Atom version, and half of the issues coming from Notifications don't include reproduction steps.

@greencopper

This comment has been minimized.

Copy link

greencopper commented Jan 10, 2015

It should atleast be as "opt in", people need to make the choice when using the application the first time, and collecting SHA1 of MACs are unacceptable too! These can be reversed using rainbow tables.

https://en.wikipedia.org/wiki/MAC_address#Spying

Atom can generate a unique uuid on first time usage and use that instead!

$ uuidgen
93f466b2-fdfa-4482-89e2-52c09413c6bc

And data, are they send encrypted? If not, they should be.

There's a whole bunch of problems with the approach of the metrics package.

@aoighost

This comment has been minimized.

Copy link

aoighost commented Jan 14, 2015

This needs to be opt-in, not opt-out. This is a massive privacy issue otherwise.

@lee-dohm

This comment has been minimized.

Copy link
Member

lee-dohm commented Jan 14, 2015

Also relevant:

atom/metrics#16 (comment)

I guess putting a notice in Welcome.md might help

It is the first item in Welcome.md that is shown on every startup until it is disabled:

# Welcome to Atom!

1. To help us improve Atom, we anonymously track usage metrics. See the
   [atom/metrics](https://github.com/atom/metrics) package for details on what
   information is tracked and for instructions on how to disable it.
@ferdynice

This comment has been minimized.

Copy link

ferdynice commented May 24, 2015

+1

Pretty sneaky "feature" that is well hidden in the Metrics package. Just respect your users and disable the package by default.

@Skalman

This comment has been minimized.

Copy link

Skalman commented Jun 28, 2015

To help us improve Atom, we anonymously track usage metrics. See the atom/metrics package for details on what information is tracked and for instructions on how to disable it.

I don't believe "anonymously" is correct here: Google Analytics will get my IP number, and they likely save it. IPs are certainly personally identifiable information.
I'm also uneasy about using the MAC address for "anonymous" identification, as well as the fact that a desktop application is tracking my moves by default. Furthermore, the welcome notice text has really poor contrast on my screen.

Screenshot

@batjko

This comment has been minimized.

Copy link
Contributor

batjko commented Jun 28, 2015

Also, there is a more general issue open for this already:
#5669

To be sure, disabling the package by default is the same as decommissioning it entirely.
Very few people will make an effort to enable it, even if asked, which makes collecting statistics on a tiny minority all but useless.

@ferdynice

This comment has been minimized.

Copy link

ferdynice commented Jun 28, 2015

So be it. There is a pretty good reason to keep data collection disabled. Big companies (like Google) have repeatedly abused consumer trust. Why should we allow this abuse?

Our data belongs to us. No one else and certainly not to the big privacy abusers.

@mnquintana

This comment has been minimized.

Copy link
Member

mnquintana commented Jun 28, 2015

I don't believe "anonymously" is correct here: Google Analytics will get my IP number, and they likely save it. IPs are certainly personally identifiable information.

Unless you have a way of systematically / categorically disabling Google (and Yandex and others) Analytics across the Internet, I assure you that some Google Analytics instance already has data based on your IP address.

I just want to reiterate that Atom's metrics code is completely open source, so you can see for yourself exactly what data is being collected, and you can always disable it as it's just another package.
From the Readme, this is what is being collected:

  • A unique identifier that is generated by computing the SHA-1 of the machine's MAC address.
  • The screen width and height
  • The version of Atom being used
  • The name of each item opened in a pane such as EditorView, SettingsView, and MarkdownPreviewView
  • Exception messages (without paths)
  • Commands run (save core commands)
  • The amount of time the current window was open for
  • The amount of time the current window took to load
  • The amount of time the app took to launch
  • Deprecations: package name and version of each deprecation

I've also opened a PR for a new cross-platform "About Atom" that reiterates the notice about metrics, so it can be more apparent after users dismiss the Welcome Guide.

@Skalman

This comment has been minimized.

Copy link

Skalman commented Jun 28, 2015

@mnquintana, I do systematically disable as many third party trackers as possible, using both Ghostery and Noscript where possible.
I don't have a problem with Github knowing all of that, but I don't see why Google should. Why should Google even know which editor I'm using?

I appreciate that you're trying to inform about the tracking, but if possible I'd suggest linking to the package settings page (Settings>Packages>Metrics), where you could give the same information as on the web page, with the advantage of have the Disable button right there.

@ferdynice

This comment has been minimized.

Copy link

ferdynice commented Jul 1, 2015

I was wondering where the metrics package was in my installation, but it seems like the Webupd8 team already removed it! Great move I'd say.

https://launchpad.net/~webupd8team/+archive/ubuntu/atom
http://www.ubuntuupdates.org/package/atom/trusty/main/base/atom

(For anyone else wondering why they can't find the damned package.)

@bronson

This comment has been minimized.

Copy link

bronson commented Jul 7, 2015

I'd feel less creeped out by the metrics if you made the data you gathered available. I was happy to participate in Debian's popcon because it's in the open and produced interesting results.

I'm definitely not happy to participate in this though. And I dislike that I'm obligated to mention it when recommending Atom to friends. "Yes it's a great editor, but be careful: it sends data back to the mothership."

@batjko

This comment has been minimized.

Copy link
Contributor

batjko commented Jul 7, 2015

I'd second that notion.
@mnquintana Do you know whether the statistics gathered via the metrics package are going to be made publicly available somewhere?

@alvarouc

This comment has been minimized.

Copy link

alvarouc commented Jul 9, 2015

This is outrageous. Such a sneaky move.

@batjko

This comment has been minimized.

Copy link
Contributor

batjko commented Jul 10, 2015

@alvarouc Let's not get our panties in a twist.
It's hardly outrageous or sneaky when it is clearly documented and shown to the user.
See this comment above and this screenshot as well.

The question at this point is rather whether the default assumption should be changed to an opt-in approach, or otherwise if the metrics package could be made more visible to people to make up their minds about disabling it or not from the beginning.

@uok

This comment has been minimized.

Copy link

uok commented Jul 12, 2015

oh, there is this information - dark gray text on black background ... 😒
this must be opt-in with a clear yes/no popup

@50Wliu

This comment has been minimized.

Copy link
Member

50Wliu commented Jul 12, 2015

@uok disabling the package by default really isn't an option, like @batjko mentioned above:

To be sure, disabling the package by default is the same as decommissioning it entirely.
Very few people will make an effort to enable it, even if asked, which makes collecting statistics on a tiny minority all but useless.

@ferdynice

This comment has been minimized.

Copy link

ferdynice commented Jul 12, 2015

You got to ask yourself WHY very few people would opt in.....

Disabling the metrics by default is actually a very good option, until a there is a more privacy friendly option around. Such as: Ditching Google, don't use MACs.

@batjko

This comment has been minimized.

Copy link
Contributor

batjko commented Jul 13, 2015

I'm not sure that Google being the middleman is the main gripe people have about this.
Rather, the entire notion of collecting information about their usage, no matter how anonymized it may be, has a bad connotation to them and of course not without good reason.

So any product engaging in such statistics gathering has a rather heavy burden of proof as to its benevolence, and even though I personally don't particularly care, perhaps the devs haven't taken that challenge seriously enough so far.

Some extra effort to increase transparency regarding the data being collected could go a long way to put people's minds at ease.

@kubetz kubetz referenced this issue Jul 13, 2015

Closed

metrics removed #7871

@alvarouc

This comment has been minimized.

Copy link

alvarouc commented Jul 14, 2015

So, atom developers do not want to remove the metrics package as a default. Then lets generate more awareness of this issue.

@lee-dohm

This comment has been minimized.

Copy link
Member

lee-dohm commented Jul 15, 2015

So, atom developers do not want to remove the metrics package as a default.

I feel this statement, while strictly accurate, is potentially misleading. It is correct that the Atom team does not want to remove the metrics package from the default installation. Whether metrics are opt-in or opt-out is a separate issue from that.

@Zireael07

This comment has been minimized.

Copy link

Zireael07 commented Jul 15, 2015

Where do I opt out from metrics? The only place this info was found is the welcome panel. This info needs to be easier to find, whether it's opt-in or opt-out.

@izuzak

This comment has been minimized.

Copy link
Member

izuzak commented Jul 15, 2015

Where do I opt out from metrics?

See https://atom.io/packages/metrics:

If you do not want this information reported, you can disable this package. Open the Settings View by running the Settings View: Open command from the Command Palette, go to the Packages section, and then find and disable the Metrics package.

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 6, 2015

Do not forget:
https://github.com/atom/exception-reporting

It does not inform the user at all.

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 6, 2015

While lawyers give their benedict, use common sense.

Wikipedia talk about metrics:
https://en.wikipedia.org/wiki/Atom_(text_editor)

The community talk about metrics:
(Is only one example, much more in google)
https://aur4.archlinux.org/packages/atom-editor/

Package teams, removes metrics and exception-reporting:
https://launchpad.net/~webupd8team/+archive/ubuntu/atom/+sourcepub/5647473/+listing-archive-extra

To find out what users are saying, metrics are not required, you only have to go to:
https://github.com/atom/atom/issues?q=is%3Aissue+is%3Aopen+sort%3Acomments-desc
to realize that is one of the most contentious issues
ss245

@batjko

This comment has been minimized.

Copy link
Contributor

batjko commented Nov 6, 2015

Do not forget:
https://github.com/atom/exception-reporting

It does not inform the user at all.

@franbar Looks to me like it does:
https://github.com/atom/exception-reporting/blob/master/lib/reporter.coffee#L130-L133

I think all the valid points on both sides have been well made by now.

In the end, as @lee-dohm and @benogle mentioned, it is up to Github and their legal team to provide the legal guidance, on the basis of which the developers can decide to take further steps one way or another.

@vyp

This comment has been minimized.

Copy link

vyp commented Nov 6, 2015

Btw, for anyone reading who really wants this to be disabled by default before installing, you could theoretically just maintain a .patch file, and apply the patch before building and installing, assuming it's as simple as flipping an option/switch (I don't know). Chances are that other people already do this (I don't know again), or if distributions like Debian package atom, chances are they have patched atom to stop this by default. Of course, that doesn't solve this issue, but there's nothing more anyone can do (I think) if Github chooses to keep it opt-out, except for just completely not using atom of course.

@alvarouc

This comment has been minimized.

Copy link

alvarouc commented Nov 6, 2015

Saying that everyone collects your data is like saying everyone likes to
steal so we do the same

On Fri, Nov 6, 2015 at 5:17 AM, vyp notifications@github.com wrote:

Btw, for anyone reading who really wants this to be disabled by default
before installing, you could theoretically just maintain a .patch file,
and apply the patch before building and installing, assuming it's as simple
as flipping an option/switch (I don't know). Chances are that other people
already do this (I don't know again), or if distributions like Debian
package atom, chances are they have patched atom to stop this by default.
Of course, that doesn't solve this issue, but there's nothing more anyone
can do (I think) if Github chooses to keep it opt-out, except for just
completely not using atom of course.


Reply to this email directly or view it on GitHub
#4966 (comment).

@mehcode

This comment has been minimized.

Copy link
Contributor

mehcode commented Nov 6, 2015

Yes basically every website engages in 'tracking', but really atom is the only editor I've heard that engages in tracking usage stats by default (so far). Maybe there are more editors that do this which I haven't heard of, but I certainly don't think it is the norm, is it?

Is there a difference between an editor and a website? Does it matter? This is a strange argument.

Basically every website engages in "tracking" for the sole purpose of informing marketing (and often support). There are a few other reasons.. selling your data is valuable too. Atom is tracking anonymized data for the sole purpose of understanding how you use the editor in order to improve it. This information is worth far, far more than charging for the editor. It helps drive development and inform support.

Saying that everyone collects your data is like saying everyone likes to steal so we do the same

What I'm attempting to say is that Atom collects anonymized data for a purpose. It's far different from stealing.. Are you missing any possessions afterwords?

@alvarouc

This comment has been minimized.

Copy link

alvarouc commented Nov 6, 2015

What I'm attempting to say is that Atom collects anonymized data for a

purpose. It's far different from stealing.. Are you missing any possessions
afterwords?

I am missing my privacy and freedom


Reply to this email directly or view it on GitHub
#4966 (comment).

@vyp

This comment has been minimized.

Copy link

vyp commented Nov 7, 2015

@mehcode

Is there a difference between an editor and a website? Does it matter? This is a strange argument.

Yes. Maybe this is getting blurred with in-browser editors these days, but disregarding that, there is a difference between websites tracking your website visits and editors reporting on what you're doing in the editor.

It's far different from stealing.. Are you missing any possessions afterwords?

Missing the point, it's not that getting usage stats is stealing, it's that it is a 'bad' thing to do (by default), and other people doing bad things does not excuse us from doing bad things as well. So say if there are groups of bad people who actively engage in killing the innocent, it doesn't give us an excuse to kill only a few innocent, saying "oh well, all these other groups do a lot worse than us, so it's not that bad!". But really the point should be that killing even one innocent person is bad, so it's still not okay to do it. Yes, obviously tracking usage statistics is not the same as murder, I'm not saying it is.

So yes, to agree with this view, you have to agree that phoning home by default is a fundamentally 'bad' thing to do to others. Maybe getting paid a lot of money (by google) justifies this for atom, which I still may not agree with but at least I can understand where they're coming from. But I don't understand keeping it opt-out if that isn't the case, because it doesn't seem like usage statistics alone are all that useful (as in worth it to risk scaring off potential users, and thus contributors). Maybe I'm wrong about that though.

@190n

This comment has been minimized.

Copy link

190n commented Nov 11, 2015

+1

@Goddard

This comment has been minimized.

Copy link

Goddard commented Nov 12, 2015

This is not how open software is suppose to be. Maybe you need to talk to Mozilla on how to do things correctly. You need to at least prompt the user and inform them you are phoning home for any reason.

@Goddard

This comment has been minimized.

Copy link

Goddard commented Nov 12, 2015

@mnquintana A way to disable tracking exists it is called Ghostery in Firefox browser. You can also block certain DNS entries.

@jeancroy

This comment has been minimized.

Copy link
Contributor

jeancroy commented Nov 12, 2015

There's little point in complaining it is not opt-in.
There's some very acute assumption on both camp.
Maybe designing a proper opt-in experience could help lower the resistance or at least see better what's ahead of us.

Two things I see is there's no good place to put that opt-in, and the quality of statistics. We should replace the complains with an effort to solve the problem of improving atom with real life knowledge while respecting privacy.

For one, Squirrel team are against adding a GUI to select options, and that's probably for the better because check-box at install time really scream spyware toolbar. However we can have a "Help us improve Atom" notification with the opt-in check box. That notification can appears at first start and at a few key moments like on errors, install of new packages and updates. Notification would state it sends a bit of information from the past, that way may be able to rebuild the error.

I'm OK with Help us notification being a bit naggy. Small nag is far better than data capture without consent. (And it may not be the case, the emotional reaction is no different) Disabling metric package could kill the nags.

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 13, 2015

In case anyone still doubts the legality of collecting "anonymous" data in Europe:
http://www.bbc.com/news/technology-34765937

@jeancroy

This comment has been minimized.

Copy link
Contributor

jeancroy commented Nov 13, 2015

@franbar And most website deel with this the following way: A large bar at the top that say, this site use cookies, by using the site you agree to the privacy policy.

No cookie, no website.
Using the site = opt-in, not using it = opt out.

So atom position is at least as good as that. If it's not it would simply be a question of making the thing more visible.

@bronson

This comment has been minimized.

Copy link

bronson commented Nov 13, 2015

@jeancroy it's hard for me to interpret... Are you saying that Atom should have a large bar at the top talking about data collection?

@jeancroy

This comment has been minimized.

Copy link
Contributor

jeancroy commented Nov 13, 2015

What i'm saying is that an opt-in process does not HAVE to be a check box.
It can be anything as long as it's clear enough.
Using the product can be treated as an opt-in process for the law.

Now the definition of clear enough is a bit unclear, but for website it looks like top bar is often used.

My own personal preference would be to evaluate how a check-box opt-in experience could be designed to still allow quality statistic to improve the product. And in my head that means ask the user when the value proposition is the clearest. Eg: "You found something not quite rigth, help us improve Atom", "Your startup is unusually slow, Help us improve Atom" and so on.

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 13, 2015

The point is that before obtaining permission, you can not send cookies, store data, collect information, etc. let alone if they are "anonymous", supposedly registered users gave permission on register.

European law clearly says "unambiguously given his or her consent", any system that meets this requirement serves, simply indicate this on the privacy page do not comply.
http://ec.europa.eu/justice/data-protection/data-collection/legal/index_en.htm

@jeancroy

This comment has been minimized.

Copy link
Contributor

jeancroy commented Nov 13, 2015

Yeah if plenty of user feel cheated when discovering this, it may not be "unambiguous" enough.

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 13, 2015

Identifiers "anonymous" (is evil), imagine a user in a search engine.

Day 1, the user searches for "politically incorrect term 1" The search engine creates an identifier "anonymous10001" and send a cookie.

Day 2, the user searches for "politically incorrect term 2" search engine already knows is "anonymous10001"

Day 3, the user decides to register a search engine service, by the cookie is known to be "anonymous10001" so the record can be stored like this:

User = "John Doe"
Interests = "politically incorrect term 1", "politically incorrect term 2"

Same for anything other than a search engine and send some kind of identifier.

@jeancroy

This comment has been minimized.

Copy link
Contributor

jeancroy commented Nov 13, 2015

Even if true in principle, thing like startup time and commands that
occurred before an error, don't really fall into your political example.

On Fri, Nov 13, 2015, 11:09 FranBar notifications@github.com wrote:

Identifiers "anonymous" (is evil), imagine a user in a search engine.

Day 1, the user searches for "politically incorrect term 1" The search
engine creates an identifier "anonymous10001" and send a cookie.

Day 2, the user searches for "politically incorrect term 2" search engine
already knows is "anonymous10001"

Day 3, the user decides to register a search engine service, by the cookie
is known to be "anonymous10001" so the record can be stored like this:

User = "John Doe"
Interests = "politically incorrect term 1", "politically incorrect term 2"

Same for anything other than a search engine and send some kind of
identifier.


Reply to this email directly or view it on GitHub
#4966 (comment).

@lee-dohm

This comment has been minimized.

Copy link
Member

lee-dohm commented Nov 13, 2015

@franbar, as I stated before, we are going to leave the law to the lawyers. We've gotten plenty of feedback on this issue. Everyone has had a chance to make their case. GitHub is talking to their legal department (who are qualified to talk about the law). If this devolves into discussion about the law again, I am going to lock the comments.

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 13, 2015

@lee-dohm No, you're wrong, I can speak perfectly on any subject that I know the law or another, I understand that you may not.

@lee-dohm

This comment has been minimized.

Copy link
Member

lee-dohm commented Nov 13, 2015

Thanks everyone for your passion and feedback. Please subscribe to this issue for further updates.

@atom atom locked and limited conversation to collaborators Nov 13, 2015

@benogle

This comment has been minimized.

Copy link
Contributor

benogle commented Nov 13, 2015

We have talked to our lawyers. The plan is currently to add in a notification of some kind with a one click metrics disable. Metrics will not be sent to analytics until the notification is dismissed. Timeline is uncertain as we are nearing the holidays and many people are out, but it is near the top of our list.

@damieng

This comment has been minimized.

Copy link
Contributor

damieng commented Aug 2, 2016

Pull request for opt-in telemetry is now open at #12281

@50Wliu

This comment has been minimized.

Copy link
Member

50Wliu commented Aug 15, 2016

#12281 and related PRs have been merged. At the current pace of development metrics should be disabled by default starting in Atom 1.11.0.

@50Wliu 50Wliu closed this Aug 15, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.