-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self-managed telemetry Privacy Statement notice shown in Cloud environment #110638
Comments
Pinging @elastic/kibana-core (Team:Core) |
This is from here: kibana/src/plugins/home/public/application/components/welcome.tsx Lines 146 to 152 in 66a06f9
ATM, the only condition to display this notice is the presence of the @alexfrancoeur should the rule be changed to only display it if telemetry is enabled and if we're not on cloud? By greping the message, I see another occurrence, that seems to be displayed as a notification kibana/src/plugins/telemetry/public/services/telemetry_notifications/telemetry_notifications.ts Lines 48 to 53 in ed2e544
If we hide the message from the home, we may want to also adapt the logic in kibana/src/plugins/telemetry/public/plugin.ts Lines 225 to 233 in b6a9f03
Note that checking if we're on cloud may be tricky, as the This 'are we on cloud env' need comes back frequently. Maybe we should have this information exposed from cc @afharo btw, @alexfrancoeur, do you know if the |
Thanks, @alexfrancoeur for opening this issue. I thought we had one somewhere, but I couldn't find it. |
Just took a look at this as well. I was able to reproduce on a fresh 7.14.1 cloud deployment, so I do not think it is a regression, however something is definitely broken in our logic (and has been from the beginning)
This is true for the "to learn about usage data" section, but for the "to stop collection, disable usage data here" line, we are also checking kibana/src/plugins/home/public/application/components/welcome.tsx Lines 78 to 82 in 61503fb
kibana/src/plugins/telemetry/public/plugin.ts Lines 208 to 210 in b6a9f03
I think if we added a check for
1 & 2 will be true for Cloud users spinning up a fresh deployment, but 3 should always be set to My remaining questions for @alexfrancoeur and @thesmallestduck are:
|
The plan sounds reasonable to me. Aside: I wish we could clean this logic up a bit but I can't think of a cleaner way to implement it right now. |
chatted with @thesmallestduck, and we decided the answer to both of these is "yes" |
Just wanted to ping this again as I noticed this bug in a 7.15 production trial deployment. Can we prioritize this fix in a patch release by any chance? Responding to the comments above, I'm not sure if we need to show the "learn more" link. This is presented to them as part of the EULA they agree to when signing up for Cloud. It seems like duplicative information and from my previous experience, it is not legally necessary. Though we can follow up with legal on that one. |
@alexfrancoeur Yep, I think we can likely get this in a 7.15.x patch release, just not sure which one. We are still focused on critical 7.16 priorities, but we have this on our list of items to pick up when we have the capacity.
This part is a little tricky. As Pierre mentioned in his comment above, this creates a circular dependency: the There are, of course, ways around this, but they involve restructuring our plugins to get rid of the circular dependency, and changes of that nature are likely not something we'd want to backport to a patch release. My recommendation, if you think it'd be an acceptable UX, would be to simply hide the link to opt in/out as a first step, and treat the |
This will definitely not be ready for any 7.15 patch or even 7.16, but for more mid-term considerations: Should I open an issue to discuss about exposing some cloud related API (thinking about |
++ To be clear, I was suggesting getting a fix in 7.15.x where we remove the opt in/out link. The learn more link is a bigger question.
Yeah IMHO we should... this just keeps coming up so it might be time to make a decision on it. |
Opened #113734 |
Thanks for following up folks. When this functionality was originally introduced in 7.5, we did not showcase the message on Cloud. At some point something must have changed. We have a number of different configurations that modified what was seen in the UI (https://www.elastic.co/guide/en/kibana/7.15/telemetry-settings-kbn.html).
++ I'd be fine with that. Would this also impact the telemetry banner should the interstitial welcome page not show? I'm not sure if this is also now being incorrectly shown on Cloud. |
Following up on this because I saw that the notice is on Cloud staging with a 7.16 snapshot. Are we able to resolve this issue and backport before the 7.16 release? |
In #113734, we came to the consensus that we did not want to have Now, for this specific telemetry issue, as atm That way, we'll have:
@lukeelmers as this is a bug, this could be done post FF. However the changes, even if not enormous, are important, are we confident trying to do this for |
@pgayvallet I think we should try to remove the Then we could treat the (IMHO less critical) @alexfrancoeur Are you comfortable with that plan, or is the |
@lukeelmers @pgayvallet this sounds like a good plan to me!
I agree it's less critical, but I'd like to continue to track this piece of work. |
👍 Sounds good. I have a PR up to address the first part: #116867 We can leave this issue open until we are able to address the rest of the issue. |
@lukeelmers do you think it's worth changing the title and description so we know the remaining scope of the issue? I think we are referring to:
|
@afharo We've already removed the In order to do that, we need to align on the items you mention above (basically, designing a way to do this so we don't create a I'll update the issue description to clarify. |
FYI: #126238 moves the piece of logic to the Once it's merged, we'll be able to add the additional piece of logic to fully hide the privacy statement link on Cloud deployments. |
As @afharo mentioned, the circular dependency is no longer an issue thanks to code refactoring. Now, ATM there are 4 places where the Privacy statement notice can appear:
❓Questions for @alexfrancoeur and @arisonl
Whilst waiting for feedback from @alexfrancoeur and @arisonl, I will create a PR to tackle (1) using strategy (B). |
Hey @gsoldevila, thanks for the detailed summary and questions. Generally, we do not need to reference any telemetry collection in Cloud because end users have already agreed to product usage collection in our EULA when signing up for our service. I believe that originally, all text referencing collection was hidden in Cloud and that there was a regression that exposed it within the interstitial page. With that said, I'll answer questions directly below.
We want to get rid of the whole paragraph in Cloud only. It is not necessary and generally causes confusion as there is no way to disable it.
I'm not quite certain which option is best, but we want to hide any reference to telemetry in Cloud. Operational and product usage collection is agreed upon when accepting the EULA. I would think we should be consistent about our approach to disabling in Cloud. Whichever option is best suited for those two requirements works for me 😄
I am fine with the two risks shared unless others have strong objections. There is no reason for Cloud to enable this configuration and if they do, it's a quick fix. As for an on-premise installation, I would not expect this setting to be configured either. If it is, there is a good chance the administrator read the documentation and the outcome was expected.
Showing and hiding these values based on whether or not the deployment is on Cloud should be the outcome we're looking for. The actual configuration used is less important to me as long as we standardize on one. What would be interesting to understand is if whether or not other "Cloud only experiences" are dependent on this flag. If there are more using the
I'd be open to this approach too but am not sure I fully understand the benefits for supporting both parameters. |
Kibana version:
7.15 BC3 on Cloud
Describe the bug:
The telemetry notice should not be shown in Cloud as it's covered in the EULA
We've already removed the
To stop collection, disable usage data here
link on the page portion of the noticeThe remaining task is to remove the
To learn more about how usage data helps us manage and improve our products and services, see our Privacy Statement
linkSteps to reproduce:
Expected behavior:
Not telemetry notice or CTA shown on the interstitial page
Screenshots (from before we removed the last part of the text in #116867):
Any additional context:
Unless we're doing something different in the UI now, there should be settings in the
kibana.yml
file pre-configured in Cloud to disable this: https://www.elastic.co/guide/en/kibana/current/telemetry-settings-kbn.htmlThe text was updated successfully, but these errors were encountered: