Add to event after the fact #1257
Description
Our biggest problem with Sentry is that there's no way for users to give consent to what gets uploaded. The most useful crash is one that contains everything and the kitchen sink, user work, screenshots, logs, but we can't just upload that without asking.
We've requested this feature for years, and have ended up building a system using our own servers. It works, it has a nice UI, but we still think it's very silly that we have to do this. If Sentry wanted to be more concerned about consent and personally identifying information, it would have to adopt a similar system.
Basically, we cannot wholesale upload before asking like Sentry does. We HAVE to do it only after asking the user. If we ask ahead of time, like when installing the app, users panic and the answer is a guaranteed "no".
When a crash happens, we schedule a crash dialog using Sentry's crash ID, and set aside any files that may need to be uploaded after consent has been obtained. Then on the NEXT launch, we present this dialog:
Here we can ask for everything. If the user opts out completely, we have only their stack trace and breadcrumbs. If they opt in, we have everything. We remember their opt-in status, and especially their email address, because people otherwise only type it the first time.
Upon pressing OK, we upload this to our own servers, and augment the sentry crash with user feedback text, which is the only thing we're allowed to add to a Sentry crash after the fact. In the Sentry crash viewer, it looks like this.
A field further down provides a direct link to the crash uploads in our system. This field was submitted with the original crash, but only points to a valid link if crash data files were subsequently uploaded.
In our system, the crash upload is unzipped, and the files are accessible.
FEATURE REQUEST SUMMARY:
- Sentry should allow augmenting a crash after the fact by uploading attachments, logs, screenshots and fields to ADD to an existing crash, which allows the user to give consent.
- Sentry should have easy ways to view these attachments. We format the logs as plain text or JSON depending on the file. We'll add an image viewer as well.
Consider that Sentry encourages a perverse incentive of uploading as MUCH as possible ahead of time, while being morally and legally obligated to upload as LITTLE as possible without asking consent. It just doesn't fly.
There's no reason we should have to side-load an entire second crash viewer just so we can ask the user permission first. This entire problem can be solved by allowing subsequent uploads to an existing crash.