telemetry privacy issue

[life-on-mars]

EDDI version in which issue is found

3.5.3-b3

VoiceAttack version in which issue is found (as applicable)

current steam

Steps to reproduce

internet connection

Expected

no telemetry sent when eddi not in use

Observed

50-100kb/s traffic of data to rollbar.com even without eddi profile selected and elite not opened

Are you guys recording everything I say and send it to rollbar?

[Hoodathunk]

OP. I assume by "without eddi profile selected", you are running Voice Attack. For the record, Voice Attack is 'hearing' everything you say, not EDDI.

EDDI is a standalone app that also acts as a plugin to Voice Attack. If you installed the EDDI folder into Voice Attack's 'apps' folder, then EDDI is running when Voice Attack is running, regardless of which Voice Attack profile you have selected.

EDDI tracks the journal, communicates with Inara, EDSM, etc.

In particular, Rollbar is a ubiquitous, trusted service which we have included in EDDI to track, report runtime errors as they occur , and centralize the occurrences to a secure account. Rollbar has become essential tool in our quest to keep EDDI bug-free.

We have gone to great lengths to anonymize the data going to Rollbar.

If you are still not comfortable with Rollbar sending us data to improve EDDI reliability, then by all means, delete the 'EDDI' folder within VoiceAttack's 'apps' folder.

I am closing this issue, as EDDI is working as intended, but you will still be able to add additional comments, even while closed, if you so choose.

[Tkael]

Yes, if EDDI is installed as a plugin and plugins are enabled then EDDI is running in a windowless mode whenever VoiceAttack is running. The window can be opened from VoiceAttack using plugin commands (the default EDDI.vap includes commands like "Open EDDI" and "Configure EDDI" which invoke the plugin command to bring up the window).

We redact and anonymize data before it is sent to Rollbar (https://github.com/EDCD/EDDI/blob/develop/Utilities/Redaction.cs). A random ID is generated so that we can associate data from the same app instance, but the ID is not constant from one session to the next. We don't even attach an IP address to error reports.

The application is open source. If you are inclined to inspect the source code, unhandled exceptions (the kind that can crash EDDI) will send telemetry data to Rollbar. Logging.Error will indicate handled exceptions where we are sending telemetry data to Rollbar. In either case, the messages that are sent to Rollbar are also logged locally in EDDI's .log files (at %appdata%/roaming/EDDI/).

o7 commander!

[life-on-mars]

Of course. This is all about choices. I can simply remove the plugin. Yes.

I can also prevent EDDI from sending any data at all. Or fork EDDI into a version that doesn't send telemetry in the first place.

You say you went "to great lengths to anonymize the data going to Rollbar". Did you make any effort to enlighten your users about it? Are you telling anyone that EDDI could be sending 1 GB of data each 24 hours it is running? Is that how it is "intended" to be?

There are people who use voiceattack for other things. Yes they have a choice to remove the plugin but you're essentially not giving them the choice by not telling them. This behaviour can also cause actual damage when EDDI is running in the background while a laptop is hooked up to mobile data.

The only place where you seem to mention telemetry is in the licence. However, there is no warning about the amount of data or that it keeps sending data while not in use.

You also can add an "opt in" option for telemetry unless of course you made the deliberate choice not to do so.

There just a few "Logging.Error" entries in %APPDATA%\EDDI btw. By far not enough to explain this behaviour.

[Hoodathunk]

Thank you for your comments, we will consider an 'opt in' option for Rollbar reporting.

Also, feel free to fork EDDI, as it is open source project maintained by volunteers.

[Tkael]

For the record, users are informed via the license terms published in the installer. We're not trying to do this "under the table".

EDIT: I see you mentioned the license terms above.

[life-on-mars]

Are you telling users that EDDI can cause 1 GB of traffic per day? Are you telling users that EDDI might do so in the background while it's not in use? Are you asking users to explicit consent for sending telemetry data? Are you sure everyone realises what you're doing there?