Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Opt-out should not send telemetry #33

Open
sneak opened this issue Nov 26, 2019 · 3 comments

Comments

@sneak
Copy link

@sneak sneak commented Nov 26, 2019

Description

Atom violates a user's consent by silently spying on them (transmitting their opt out) across the network to Microsoft processes running on Amazon servers/network.

Steps to Reproduce

  1. Launch Atom for the first time
  2. Opt Out of Telemetry

Expected behavior:

No telemetry is sent.

Actual behavior:

Telemetry is sent.

Reproduces how often:

100% of the time a user selects opt out.

Versions

1.41.0

Additional Information

The text "We only register anonymously that you opted-out." is a false statement.

The "registration" is a network request that is absolutely not anonymous: it includes your IP address, which, in the right hands, is a physical location. The method used by Atom to transmit the information cannot transmit anonymously.

It's compounded by the fact that you have explicit withdrawal of consent to such tracking, and yet you're still spying by transmitting user activity data. This is really, really bad.

When the user opts out of tracking, you don't get to make any more tracking web requests using their computer. Doing so makes the opt-out button fraudulent. As others have pointed out in atom/atom#12281, the text below it does not even plainly indicate that it's going to be transmitting this information to thousands of other people, instead opting for the weasel word "register", which could be interpreted to mean only locally (which is what a reasonable person would guess considering they're opting out of tracking). Instead, you enable them to be tracked.

It doesn't matter that you don't see the IP address; many others at GitHub, Microsoft, and Amazon, as well as those who have access to Amazon's network data, can. This is thousands, perhaps hundreds of thousands of people (over 1M humans have a TS clearance in the USA). Thanks to people like Ed Snowden, we now know that permanent logging of such information by third parties is routine, and thanks to the extent of their reach, we know that they can easily resolve IP addresses to physical location.

@Arcanemagus

This comment was marked as resolved.

Copy link
Member

@Arcanemagus Arcanemagus commented Nov 26, 2019

A few points here:

  • It's not silent, the dialog directly tells you this will happen
  • "current" as a version doesn't tell us anything 6 months later, please fill this out
  • Atom hasn't used Google Analytics for quite a long time, data is sent directly to an internal GitHub pipeline
@sneak

This comment has been minimized.

Copy link
Author

@sneak sneak commented Nov 26, 2019

It's not silent, the dialog directly tells you this will happen

The dialog does not indicate that it will happen via the network. Even if the text is updated, it is absolutely not reasonable to transmit telemetry data when the user clicks the "please don't send telemetry data" button.

"current" as a version doesn't tell us anything 6 months later, please fill this out

Edited.

Atom hasn't used Google Analytics for quite a long time, data is sent directly to an internal GitHub pipeline

Edited. I updated the version and the name of the tracking companies in the issue.

@sneak

This comment has been minimized.

Copy link
Author

@sneak sneak commented Nov 26, 2019

FYI, the software attempts to connect to central.github.com on first launch prior to selecting anything in the telemetry dialog.

@Arcanemagus Arcanemagus changed the title Atom still spies on user even after consent has been explicitly denied Opt-out should not send telemetry Nov 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.