the-via / app

GNU General Public License v3.0
917 stars 209 forks source link

Is it necessary to transmit all macros and entire config to ingest.sentry.io? #226

Closed BangDroid closed 1 month ago

BangDroid commented 10 months ago

I run Pi-hole and tracked down connections to [string].ingest.sentry.io as coming from the via app.

I was curious what kind of data might be transmitted, I opened dev tools in the electron app and can see ~70kb of json as payload to the above url, which contains all my macros and what looks like the entire configuration for my keyboard and what looks like a few unique ID's. This happens at launch, periodically and every time you switch tabs.

I am wondering is this is really necessary, both the frequency and the scale of data shared. I would never store sensitive information in a macro, but I can't speak for everyone. Is this feature well known? Is there a privacy policy associated with it?

igorsantos07 commented 8 months ago

I am not related to VIA at all, but I am a developer which uses Sentry occasionally to track bugs, so I think I can give my two cents here.

I can tell you: your information is anonymized. Even if you were able to log in to the VIA app, it would be anonymized, unless the developers purposefully included personified information in your payload - and that's not easy. It is able to recognize common stuff like passwords and credit cards from the JS side, and clean that up before even sending through the network.

And then, I would say that the information is somewhat relevant to the VIA devs, given some bug might arise from an action you took. This way, they can follow what you were doing that triggered the bug, what's your current state and all, so they can reproduce it on their machines and fix the issue even before you bother reporting it (I mean, if you even noticed the issue, because sometimes I get bugs users don't even notice, and are just lurking around, waiting to combo with some other stuff to really crash our app).

That all said, I do understand it might be data-intensive, specially for big configuration payloads. I wonder if they could add a "data collection for bug reporting" toggle, in case data is indeed a problem for some users.

Niko-O commented 6 months ago

It is able to recognize common stuff like passwords and credit cards from the JS side, and clean that up before even sending through the network.

wikipedian_protester grafik

Of course it doesn't detect that it's a password. Like... how would it possibly know what to look for?

igorsantos07 commented 6 months ago

Via the field name 🙃

yadomi commented 6 months ago

This is a huge privacy concern. Collecting data without explicit and informed user consent, even for benign purposes like debugging, undermines user autonomy. Users should have control over their data and how it's used. Forcing or defaulting them into data collection without clear, understandable choices can be seen as manipulative.

Also:

your information is anonymized

If you think this protects you, Sentry collects IPs, UAs, etc. By "anonymized," it means there is no direct connection between you and the data, but that doesn't mean there is no indirect or inferred way to make that connection. A simple macro that types an email can reveal your identity, negating any claimed anonymity.

Furthermore, some of your macros might be stored somewhere on a third-party server without your knowledge while you thought you were just configuring a keyboard.

able to recognize common stuff like passwords and credit cards from the JS side, and clean that up before even sending through the network.

Why even bother? Firstly, you will never cover all cases. Secondly, it's just a waste of time that could be better spent focusing on what really matters: building an application to configure a keyboard, nothing else.

--

Respecting user privacy and maintaining ethical standards should be a priority. Let users opt-in if they want, but don't hide it.

I simply don't trust https://usevia.app/

gogades commented 4 months ago

Thank you for highlighting this issue. I had no idea my keeb config was being sent to sentry.io. I understand it's a legitimate site but it's still a huge invasion of privacy. There should absolutely be a toggle for this functionality, defaulting to off.

In the meantime I've blocked sentry.io at the router level and happy to report that the app still works normally.

Niko-O commented 1 month ago

So... any updates on this? Maybe a "Sorry that we sent people's private data off to the internet."? Possibly "We removed function from the app."? But maybe at least a "By default we don't send that data anymore, but for debugging purposes you can re-enable it in the settings."?

@igorsantos07 Care to give a proper follow-up of how your claim that sensitive data like credit-card information and passwords are "cleaned up" before sending them off was wrong? And, you know, maybe a "Sorry that I was making unsubstantiated claims that people have more security that they actually do."?

yadomi commented 1 month ago

No feedbacks or response for months from the devs for a privacy issue this big (on both opened issue about this) clearly tell me they don't care at all.

There is a reason why Mozilla (so Firefox ect...) doesn't support WebUSB, it's to avoid issues and abuse like this (even if it wasn't intentional or malicious in the first place)

ATT, the only way to ensure nothing is sent, is to run thevia.app locally by cloning the repo and removing each trackers (see: #244) (or use u-block or similar but can't be 100% reliable)

Cipulot commented 1 month ago

Addressed with https://github.com/the-via/app/pull/273

As a note, I joined the team recently to offload some work on the json additions for via detection. The scope of work in the app/reader department is outside of my usual field.

For now, I deemed it easier to remove the things I saw as problematic. While I don't have the details of user-submitted feedback and bug reports, I think that it's a thing to have and will be added back once the rest of the team agrees on the new implementation.