search

i1skn / ironbelly

Grin 📱wallet you've deserved
https://ironbelly.app
Apache License 2.0
93 stars 18 forks source link

Privacy, user data, analytics collection #69

Closed TheTrunk closed 3 years ago

TheTrunk commented 4 years ago

Application shares quite large portion of user data with personal analytics server. Data of incoming, outgoing transactions, its state and more is being sent to https://analytics.i1skn.dev The terms nad privacy policy of the application says this may be collected and happening.

BUT I do feel that this needs to be stressed out and users notified much more about collection of their data. Especially considering Grin (MW) being a privacy coin.

Thank you for considering additional notifications to the end user.

// findings based only on skimming through the code

i1skn commented 4 years ago

First of all, I really appreciate you've skimmed thought the code and came with the suggestion đź‘Ť In the future let me know if I can help/guide you somehow if you would like to contribute :)

Regarding the analytics

  1. I'm using Digital Ocean virtual server, which runs Countly Community Edition. I've done so to avoid using any Google Analytics like solutions.
  2. The list of data it collects when user accepts Terms and Conditions in the app is here - https://support.count.ly/hc/en-us/articles/360037501372-Security-privacy-FAQ#default-metrics-properties-collected. Important: Countly doesn’t store any IP address, but rather converts IP to user’s city and then discarding the IP. For customers where this is an issue, Countly has the ability to completely remove city and country information.
  3. Also, I explicitly track when a wallet was created and when a transaction was moved from one stage to another (say from stage S1 to S2). I do not pass any additional data to these events, so the only thing I learn is that some user in some city, say, have created a transaction, but I have zero knowledge on this exact transaction (no amounts, no slate id, no outputs, etc.).
  4. This data helps me with the following: a. Figure out the amount of people which are actually using the app. b. Figure out what device with which OS version should be testing before a release. c. Figure on what languages should Ironbelly be first translated to. d. Alerting if amount of posted transactions is very low comparing to the ones been finalised. This could flag that the node is malfunctioning. e. Learning how user experience for sending transactions is improved over time by looking on conversion between amount of created and posted transaction.

Why this way?

Because Ironbelly's T&Cs covers analytics and I only send events when user has accepted it, initially I've decided not to introduce a special screen where I explicitly ask to opt-in for analytics. But, if community feels strongly on this I'm up to do so or completely remove analytics from Ironbelly.

What's next?

I will create a poll in the telegram channel: https://t.me/ironbelly to hear community feedback.

grn1 commented 4 years ago

Also, I explicitly track when a wallet was created and when a transaction was moved from one stage to another (say from stage S1 to S2). I do not pass any additional data to these events, so the only thing I learn is that some user in some city, say, have created a transaction, but I have zero knowledge on this exact transaction (no amounts, no slate id, no outputs, etc.).

I am pretty sure that I am the only grin user in my city, so this makes me feel uncomfortable enough to get rid of Ironbelly until it got rid of the analytics.

i1skn commented 3 years ago

Analytics was completely removed in https://github.com/i1skn/ironbelly/commit/ece485c0ef9e66d17af1d744da535ff1b54fa653.

4.0.0 will have no analytics in it, hence closing this one.