search

petea / sage

A feed reader for Firefox.
http://sagerss.com
27 stars 8 forks source link

Add an option to disable the "Metrics" collection. #125

Open BrockA opened 10 years ago

BrockA commented 10 years ago

While investigating the source code to discover why Sage was locking up my browser on a regular basis, I discovered that it appears to be posting user data on just about every operation! (Install, add feed, update feed, open/close sidebar, etc.).

So far, the data looks fairly innocuous, but I noticed there is no option to turn it off and no notice to users that this extension is reporting on them. Not cool.

If this is legitimate data with no potentially harmful content, then many users will still enable it. But hiding the data collection makes it seem that much more suspicious.

Add an option to disable the "Metrics" collection.

Also note that this appears to be a violation of the Developer Agreement which states, in part:

if any information about the user or usage of the AMO Contribution is collected or transmitted outside of the user's computer, the details of this collection will be provided in the description of the AMO Contribution and you will provide a link to a privacy policy detailing how the information is managed and protected;

There is no such detail in the add-on's description, nor is there a link to any privacy policy.

petea commented 10 years ago

Like virtually every website you visit, Sage collects anonymous usage data that allows us to improve the product as well as detect when something might be wrong. This is good for you. While I don't currently plan to offer an option to disable metrics collection, to your point, it's probably a good idea to outline what is being reported in a privacy policy document.

BrockA commented 10 years ago

Yeah, I saw that the data seemed to be fairly benign, that's why I posted here first and didn't make a bigger stink about it. But note that damn few websites, I visit, collect anything I don't explicitly permit them, thanks to the numerous extensions I use.

By allowing users to opt out of the collection, you are signaling that you understand their concerns about "spyware". Those that care about such things will be much more supportive of the add-on. While most users never check the options and won't know they can opt out -- so you still have most of your user-base reporting.

However, if the perception gets around that you are automatically collecting data "in secret" and with no way to shut it off (besides hacking the source code), the community has not been historically kind in those situations.

petea commented 10 years ago

Fixed. Sorry about the noise.

On Tue, Dec 10, 2013 at 2:00 PM, Brock notifications@github.com wrote:

Petea, can you edit your previous post? The way this issue thread reads now, it looks like I was the rude one -- not that other guy.

— Reply to this email directly or view it on GitHubhttps://github.com/petea/sage/issues/125#issuecomment-30272572 .