I’m considering integrating @telemetrydeck to get anonymized user events. It would greatly improve product planing, decision and development. Anyone strongly opposed to that? And why?
@IceCubesApp@telemetrydeck I‘d rather prefer to not send telemetry data, not even anonymized. My reason is I want to try to define, what data to present to whom and at any time be in control of data flows. Being IT professional myself I understand the value you gain from user events. If you choose to implement such telemetry features, please make them opt-in for every user. Telemetry data should IMHO be transmitted only if the user accepts it in advance.
@IceCubesApp@telemetrydeck I think this is reasonable. Have you looked into @plausible? From what I can tell, they offer even more stringent privacy protection by using a daily-rotating salt to hash identifiers. That makes it impossible to measure retention over time but also protects against deanonymization (whether intentional or otherwise).
@IceCubesApp@telemetrydeck a lot would depend on how granular and specific the events are. Hashing the user identifier is all well and good, but if you include things like request URLs, or metadata from photos uploaded for example, you'd hardly need the original user id to identify the user associated with the hash. That's particularly true since they designed it to be able to reproduce the same hashed id across platforms.
Make clear that you are using it, make it opt in and I may consider it. Anonymized is good, but it’s not ever really anonymized these days since there are so many ways to fingerprint.
Even then, adding it may make me drop the app. You have done well to ask, but since you are considering it, my use of the app is now numbered. And limited.
@IceCubesApp Hm… Anonymized sounds not bad, but nevertheless I don’t like to be tracked. Imo it should be possible to disable it and it should be opt-in.
@speisekarte the app is completely opinionated based at the moment. But there is a limit of what you can improve and do without better data. Anyways for now it’s not happening.
@IceCubesApp@telemetrydeck I don’t have strong views. But it is a bit of a minefield. I’d definitely have a chat with them.
They claim to be 100% GDPR compliant which is a bonus but I’m always a little concerned about the GDPR broad definition of Personal Data (indirect identification - data that could be used to identify you in combination with other data in the future).
@IceCubesApp@telemetrydeck I have seen apps that became completely unusable when the telemetry framework couldn’t be loaded i.e. when a network-wide adblocker is active like Pihole or when behind a corporate proxy. Maybe keep that in mind.
@IceCubesApp@telemetrydeck
If it’s anonymous, it’s fine by me. 👍
If you’re worried, maybe make it opt-in but prompt users to opt-in after app updates with an explanation of why it’s helpful and what anonymization efforts are in place?
@kenny113@telemetrydeck if I do it it’ll probably be opt in by default with an option to opt out. Opt out by default would means very biased and low volume of data.
@IceCubesApp@kenny113@telemetrydeck
Just to point out that in some jurisdictions you MUST use opt-in. You can’t collect even anonymised data with explicit consent.
@IceCubesApp@PhilipKing@kenny113@telemetrydeck that feels like a very "I don't care about the users rights and law" way to view it... just because others don't respect users/laws doesn't mean it's what you should do...
@alex@PhilipKing@kenny113@telemetrydeck I’m not saying I’ll do it. I’m just saying that 99% of apps have telemetry in without asking users and without opt out.
@IceCubesApp@alex@PhilipKing@kenny113@telemetrydeck telemetry is not illegal. Collection of personal data is protected by GDPR but you can and should instrument your app to understand how your app is being used in order to find ways to improve it without using personal data.
@IceCubesApp@alex@PhilipKing@kenny113@telemetrydeck Privacy is (more likely to be) just taken more seriously by fediverse people. I do already think there’s skirting of this issue with stuff being sent to third parties with no explicit jurisdiction-correct statement/consents with the OpenAI integration.
Add comment