Open Eideren opened 1 year ago
manio143
commented
1 year ago There's actually per country requirements for opt-in vs opt-out and EU for example requires opt-in by GDPR I believe. I founds this article that summarizes the cases for opt-in/opt-out https://termly.io/resources/articles/opt-in-vs-opt-out/
xen2
commented
1 year ago I was wondering, if we have to make it opt-in, does it still make sense to use since we won't be able to track proper installation counts?
manio143
commented
1 year ago I'm thinking - while the collection of personal data requires explicit opt-in, things like non-personal telemetry are exempt. So we can still send the metrics on install provided we cannot differentiate the users (no system related identifiers, IP, etc). And if users don't want to send us even this then it's their choice. So if we ensure we only collect non-personal metadata I think having opt-out would still be correct.
NicusorN5
commented
1 year ago I think there won't be many users that would disable metrics, knowing that their data is only used to increase some counters.
I assume it may make sense to still use metrics, since we can estimate that ~90 % of users have metrics turned on?
xen2
commented
1 year ago Yes if it's default on and only few users opt-out it, stats should be fine (as opposed to default off and opt-in).
Here are two things I can think of that might problematic privacy-wise:
InstallGuid (source). Ideally I was hoping it could be kept, otherwise it will be difficult to understand who is an active user vs a new user.Another note: we had our own system, frontend and server for metrics. If you know of any other option/library to make maintenance easier, I am open to suggestions!
xen2
commented
1 year ago Sorry, I have just remembered a last one: the crash report system.
I am not even sure it is working still (backend is probably off), but when we used it at Silicon Studio it was receiving stacktrace and some env variables.
I think we did our best to hide sensitive info at the source before sending it, i.e. by hiding USERNAME/USERPROFILE directories https://github.com/stride3d/stride/blob/6a2e29b6aa4aeaf852631f9466b05b201d182142/sources/editor/Stride.GameStudio/CrashReportHelper.cs#L181
There is probably a bit more we could do (i.e. a toggle to hide stacktrace that doesn't start with Stride for user code privacy in case it's irrelevant?).
However it is opt-in (user has to explicitly accept sending the crash info), and probably no backend running right now.
NicusorN5
commented
9 months ago Opting out during installer
Option to opt out on first run of the editor
I think it may be enough if an user could opt out from the installer.
cybernaut4
commented
2 months ago Well, I'm annoyed that the installer didn't warn me about data collection BEFORE installing.
No opt-out option here.
Please @ me when it can be used without accepting any privacy policy and I'll have my first time with it by then.
Edit: If anyone knows of a fork without the telemetry, that'd be useful to know.
VaclavElias
commented
2 months ago @cybernaut4, while this is being sorted out, if you're interested, you can try the code-only approach without installing Stride Studio. Check it out here: https://stride3d.github.io/stride-community-toolkit/manual/code-only/create-project.html
cybernaut4
commented
2 months ago @cybernaut4, while this is being sorted out, if you're interested, you can try the code-only approach without installing Stride Studio. Check it out here: https://stride3d.github.io/stride-community-toolkit/manual/code-only/create-project.html
Good to know, though I wish my first time was with the user interface. In the meantime, I'll take that into account. Thanks
Do we need to update the privacy policy for those changes @xen2 ?