Opt in for error reports and usage statistics

Nowadays I just don’t use software which comes bundled with adware and spyware (namely balena etcher).

250kb alternative (etcher uses more than 400MB, why?) is called usbimager, does things right, respects your privacy and is true foss ❤️

It’s 100% GDPR compatibly and comes without opt-in (or opt-out) because it doesn’t suck your data 😮

Hi everyone. I wanted to give an update to where we are with this issue. There are multiple issues raised so I will address them individually.

We should separate the discussion between what’s legal and required by GDPR and requests that go beyond what the law requires. Specifically, GDPR requires opt-in consent for personally identifiable data, not for anonymous data collection. It is not our intention, nor is it useful for us, to collect personal identifiable information (see Purpose section bellow). So the first question is “Are we collecting personally identifiable information by mistake?” and the second question is “Is making the usage statistics opt-in the best decision for the project?”

Personal data collection

We conducted an extensive audit of all the data we collect from the Etcher application to make sure no personally identifiable data is collected by mistake. Collecting data by mistake might sound strange, but it can easily happen in a desktop application. For example, the mixpanel library will include information about the current system user by default when ran in an Electron app. Whenever we became aware of such issues in the past we prompty fixed them.

The results of our investigation showed that Etcher will make connection to the following systems:

The large number of unintended connections happened as a side-effect of loading content from our balena.io website that includes these libraries automatically. Action item: We are removing all instances of those connections from Etcher

Furthermore, we audited all the data we collect to make sure none can be characterised as personally identifiable. To do this properly are consulting our EU based lawyers that can provide an expert opinion on what the GDPR and EU law in general requires. It is important to refrain from making legal claims unless someone is intimately familiar with the legislation. Unfortunately, there have been a number legal claims in this and other threads with questionable validity.

To make this extremely clear, we are taking the law seriously and are investing time, money, and effort, to consult experts in the field to guide us on this matter. We do this because it is the right thing to do. We’ve done it before (for balenaCloud) and we’ll happily do it for all the products we offer.

Even though our conversation with our legal team is still ongoing we have identified a couple of cases where PII is sent to our data collection system. Sentry, our error collection tool, will log a stacktrace when Etcher hits a critical error that can potentially include a path in the system which includes the username of the user. The IP address of the event was also logged. Action item: We are fixing both of these problems and will remove or anonymise any data our legal team deems PII

Purpose of data collection

With the legal stuff out of the way, I wanted to touch on the reason we are collecting data which will hopefully help guide the discussion about whether it should be an opt-in or opt-out feature.

For most software engineers writing an image flashing application sounds easy. After all, at the very core it is a simple block copy operation that we’ve known how to do for ages. It can’t possibly be that complex. However, this is far from the truth! After releasing etcher for the first time, and as the tool was gaining adoption we were seeing it run in more and more obscure combinations of systems. This produced a (very) long tail of issues that we couldn’t have predicted or tested during development. It was through constant sieving through error reports and measuring success rates across deployed versions that we managed to reach the level of quality that you see today.

When we say that usage data helps develop etcher we’re not talking about some abstract possibility. This is very real and has shaped the etcher we know and love. The list of bugs fixed is endless.

Discussion on making collection opt-in

With the full context fleshed out we can now re-engage in the discussion of making data collection opt-in. As mentioned above, we have to make the decision that is best for the project and somehow balance what the users expect from a privacy point of view with what the users expect from a robust piece of software point of view. Given the benefits we’ve already seen this is not a clear-cut decision. At the same time the userbase of Etcher has grown tremendously and one could argue that most issues have already been seen. Unfortunately I don’t have a concrete way forward to offer just yet, but we haven’t ruled it out as a possibility.

Finally, to further steer the discussion towards the right direction I will change the title of the issue to just the opt-in discussion. @rradar if you still think there is a legal issue please open a separate ticket clearly explaining the problem. Rest assured that we are working with our legal professionals to ensure we are not breaking the law.