Skip to content
This repository has been archived by the owner on Dec 15, 2022. It is now read-only.

Opt-out should not send telemetry #33

Open
sneak opened this issue Nov 26, 2019 · 4 comments
Open

Opt-out should not send telemetry #33

sneak opened this issue Nov 26, 2019 · 4 comments

Comments

@sneak
Copy link

sneak commented Nov 26, 2019

Description

Atom violates a user's consent by silently spying on them (transmitting their opt out) across the network to Microsoft processes running on Amazon servers/network.

Steps to Reproduce

  1. Launch Atom for the first time
  2. Opt Out of Telemetry

Expected behavior:

No telemetry is sent.

Actual behavior:

Telemetry is sent.

Reproduces how often:

100% of the time a user selects opt out.

Versions

1.41.0

Additional Information

The text "We only register anonymously that you opted-out." is a false statement.

The "registration" is a network request that is absolutely not anonymous: it includes your IP address, which, in the right hands, is a physical location. The method used by Atom to transmit the information cannot transmit anonymously.

It's compounded by the fact that you have explicit withdrawal of consent to such tracking, and yet you're still spying by transmitting user activity data. This is really, really bad.

When the user opts out of tracking, you don't get to make any more tracking web requests using their computer. Doing so makes the opt-out button fraudulent. As others have pointed out in atom/atom#12281, the text below it does not even plainly indicate that it's going to be transmitting this information to thousands of other people, instead opting for the weasel word "register", which could be interpreted to mean only locally (which is what a reasonable person would guess considering they're opting out of tracking). Instead, you enable them to be tracked.

It doesn't matter that you don't see the IP address; many others at GitHub, Microsoft, and Amazon, as well as those who have access to Amazon's network data, can. This is thousands, perhaps hundreds of thousands of people (over 1M humans have a TS clearance in the USA). Thanks to people like Ed Snowden, we now know that permanent logging of such information by third parties is routine, and thanks to the extent of their reach, we know that they can easily resolve IP addresses to physical location.

@Arcanemagus

This comment has been minimized.

@sneak
Copy link
Author

sneak commented Nov 26, 2019

It's not silent, the dialog directly tells you this will happen

The dialog does not indicate that it will happen via the network. Even if the text is updated, it is absolutely not reasonable to transmit telemetry data when the user explicitly clicks the "please don't send telemetry data" button.

"current" as a version doesn't tell us anything 6 months later, please fill this out

Edited.

Atom hasn't used Google Analytics for quite a long time, data is sent directly to an internal GitHub pipeline

Edited. I updated the version and the name of the tracking companies in the issue.

@sneak
Copy link
Author

sneak commented Nov 26, 2019

FYI, the software attempts to connect to central.github.com on first launch prior to selecting anything in the telemetry dialog.

@Arcanemagus Arcanemagus changed the title Atom still spies on user even after consent has been explicitly denied Opt-out should not send telemetry Nov 27, 2019
@sneak
Copy link
Author

sneak commented Dec 9, 2019

@Arcanemagus - your updated title for the issue is incorrect. The software is connecting to central.github.com prior to the user opting in or out. It's not simply the opt-out sending telemetry - it sends the telemetry automatically, silently, before the user does anything at all.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants