Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Privacy leak] - Bugsnag tracking server get's called on every app start (!) #526

Open
gonewild22 opened this issue Apr 19, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@gonewild22
Copy link

commented Apr 19, 2019

First things first: I really like standard notes and their strong commitment to privacy. (https://standardnotes.org/privacy) Such commitment is essential for an app like this and I've had full faith in the development team (till now). Why?

I've just realized that on every (!) app start a bugsnag server (sessions.bugsnag.com) for monitoring & diagnostics gets called. I've come a long way to find the perfect foss app for note taking which doesn't send any information about my phone, ip and used hardware to 3rd party services like this (yeah it has been SN) to just realize that this has changed now.

Don't get me wrong I'm aware that such tools are very helpful for development but this has to be transparent (the user has to know!) and should even be able to decied if he or she wants to transmit such data or not.

Furthermore this is a clear contradiction to your own privacy statement:

We are utterly and completely transparent about reporting exactly what we track, and why. We announce when we update those policies. And we confirm with you that you are comfortable with those changes. To date, our applications, including web, desktop, and mobile, contain no analytics or tracking software whatsoever.

For how long has this been implemented and will it be changed again? (couldn't find this information in any changelog!)
And do other SN apps (like desktop versions) contain this framework as well or is only the android app concerned?

@gonewild22 gonewild22 changed the title Privacy leak - Bugsnag tracking server get's called on every app start (!) [Privacy leak] - Bugsnag tracking server get's called on every app start (!) Apr 19, 2019

@mobitar

This comment has been minimized.

Copy link
Member

commented Apr 19, 2019

We use Bugsnag for crash reporting on mobile. We talk about this here:

For crash reporting on our mobile app, we use Bugsnag. Bugsnag is non-invasive, and collects only what it needs to produce helpful crash reports for mobile that help us maintain application stability.

None of the information Bugsnag collects is personally identifiable, and certainly doesn't include any IP addresses. Device models are particularly important in the Android ecosystem in identifying problems. We've had a few releases in the past where the app would crash at launch, and without Bugsnag, it would have been almost impossible to track these issues down.

When the app first starts, it's likely an onActivityResumed event being sent to Bugsnag to track the application lifecycle.

Although, I do agree with you that the user should have the option to turn this off. I'll make a note of this and hope to include it in a near future release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.