[Feature Request]: Provide source code for the telemetry module #43
Comments
So you didn't notice the message in the Output after installation? Well, if you do not want telemetry to be collected at all, then in the same commit that you specified, it is clearly visible that telemetry is enabled only in production builds that are run manually before release. At the moment, you can use, for example, Wireshark and see that my addon generates only 1-2 requests (actually more because of the encryption) when starting the editor to indicate the beginning and end of sessions. I am currently using Godot's tools to make requests, which means that you can view an unencrypted string with data that is being sent to my server. There will be information about the language, OS, version and duration of the session. The user's UID is just random characters generated at the first launch. The Session id is the current Unix time. It also sends a request with "I refuse telemetry" once, after which requests no longer occur until telemetry is enabled in the settings. I don't want to make the telemetry source code public. Also, if I add more events that will be sent to my server, then lines like I just wanted to know that godot with my addon has already been launched over 66,000 times, As far as I understand, I do not even violate strict EU laws regarding data collection, because I provide an opportunity to opt out of telemetry and do not collect personal data. |
|
Thank you for your great and honest reply. I did not know that you could opt-out of telemetry, as I did not want to run unknown code on my computer. I'm aware that one can build the addon themself to remove the telemetry module but it really isn't a practical option for most people as it requires building natively on all platforms. I know I can use wireshark to monitor network connections. I can also decompile the code and try to figure out what the telemetry module does but that's not the point. The point is all of this is obfuscated and that there is no easy way for anyone to know for sure that the code does what you say it does.
I understand. That's fair. And to be clear I'm not accusing you of any malicious intents. There have been examples, quite recently, where backdoors have been included in software by using similar methods. I guess the only safe option is to compile the code myself. I also sympathize with the fact that it's hard to make a living off of open source project. |
Only builds for the editor/debug (only when running inside the editor). I am not interested in the statistics of the end users of the game/application. Perhaps when I make the code more universal, I will make it public. But anyway, it will be a module that only works with my private server🤷♂️ |
Feature description
Hi!
I want to preface this by saying this library is absolutely awesome and your work is exceptional, one of the best godot addons out there.
However, I'm wary of running code that I cannot read on my computer.
I see that you added a telemetry module in 1.3.0.
This is fine, this is your addon after all. It would be courteous to provide an option to opt-out but whatever.
What I don't like about the current approach is that the code used for telemetry is in a private repo meaning that nobody can audit it.
Implementation Ideas
No response
The text was updated successfully, but these errors were encountered: