Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reinstate link to NiM in debug documentation. #1923

Closed
june07 opened this issue Dec 3, 2018 · 21 comments
Closed

Reinstate link to NiM in debug documentation. #1923

june07 opened this issue Dec 3, 2018 · 21 comments

Comments

@june07
Copy link
Contributor

june07 commented Dec 3, 2018

As no response has been received to #1908 since nearly a week, I am opening this issue.

@fhemberger Would be great to get some feedback on this.

For the record, I've compared NiM's Chrome web store page with that of 10 different companies, all of whom have items in Google's Chrome web store, FOUR (EBay, Paypal, Walmart, and LinkedIn, of whom are among "10 Global Companies Using Node.js in Production" according to Google. And none of which I would think the Node.js community would have a problem "recommend"ing if that is what it means to add a link on the https://nodejs.org/en/docs/guides/debugging-getting-started/ page.

I have compiled current pictures of all 10 companies’ chrome web store pages, as well as the privacy policy pages for each of the 5 which actually have them referenced, and uploaded them to Google photos (see link below). As far as the other 5, there are a number of valid reasons why they may not have privacy policy links, just as NiM did not, but I don’t want to digress.

https://photos.app.goo.gl/y4TN5dT1JeNbED2KA

I can say with strong conviction that data collected by NiM is minuscule by every measure when compared to that collected by these larger companies. Further, no data has ever been used for ill purposes and will not ever deviate from that found in our new privacy policy (link again: https://app.termly.io/document/privacy-policy/04164179-f943-4e87-ac8b-5afd0367dc6c#infocollect) And again, @ea167’s statement that “this requirement was added recently.” is simply NOT the case as can be determined by reading the GitHub project history.
THIS is where/when the extra permissions were added on Feb 9, 2017, close to 2 years ago. As the removal was partly predicated on that statement, I bring it up again.

I do regret not having a privacy policy in place sooner. To my defense, unlike these larger organizations, I don’t really have spare man/woman power to go around. That said, the focus for me has been on trying to make NiM great for the betterment of like-minded Node.js developers. I should point out that I make zero monetary gain from NiM, and it is a side project for me.

So, if they weren’t before, I believe that all of the bases are now covered. I would like to get the Chrome web store link for NiM back and would be more than happy to submit a PR for such.

Please advise...

-Respectfully to all

https://chrome.google.com/webstore/detail/nodejs-v8-inspector-manag/gnhhdgbaldcilmgcpfddgdbkhjohddkj

@MylesBorins
Copy link
Contributor

/cc @nodejs/tsc

@MylesBorins
Copy link
Contributor

As this has to do with potential legal stuff it may need to be surfaced to the foundation for guidance... but lets see if we can reach consensus within the TSC first

@june07
Copy link
Contributor Author

june07 commented Dec 11, 2018

Thank you again, Myles, for nudging this.

@mcollina
Copy link
Member

I'm fine in having that link in.

@june07
Copy link
Contributor Author

june07 commented Dec 12, 2018

Not sure my messages were going thru on https://www.youtube.com/c/nodejs+foundation/live. I will submit a PR for the change.

@ChALkeR
Copy link
Member

ChALkeR commented Dec 12, 2018

I would prefer not recommending any browser extensions, for security reasons.

@gabrielschulhof
Copy link

Perhaps we should keep it generic and mention that the Chrome Web store provides additional tools that help with debugging. We can even add a link with a keyword search that would bring up NiM, but would also bring up other extensions that satisfy the keywords. Nevertheless, if NiM were the first of many such helpers and would be closely associated with the keywords it would, at least for the beginning, be the first search result. We can then maybe tune the keywords to keep a sufficient distance between making a specific recommendation while allowing other tools to show up as they are being developed, and being too generic.

@ChALkeR
Copy link
Member

ChALkeR commented Dec 19, 2018

@gabrielschulhof that seems ok to me, but imo we shouldn't actively promote the usage of browser extensions for this task. A note that those exist (without explicitly calling people to install those, and without linking to any specific one) would be fine enough in my opinion.

@june07
Copy link
Contributor Author

june07 commented Dec 19, 2018

I sort of get the hand waving and wide eyes about "browser extensions" and "security reasons" by some but in all fairness, as developers, I think we are held to a slightly higher level of sophistication as it relates to understanding how to stay safe. Using that same safety paradigm, should we pull all references to any Inspector Clients from the debugging-getting-started page?! After all, we are all aware of the NPM "security" issues of late, and I am safe to say that a full-on executable has much more ability to wreak havoc on a system vs a Javascript sandboxed web application. NiM wasn't even listed as a primary option but rather a sub-option to Chrome DevTools, a very suitable place for it. Of course, we shouldn't remove listings to other Inspector Clients. If anything, more should be added if they are deemed as helpful as NiM has proven to be (see the rating/feedback). Many have asked or commented on the fact that they wished they had found NiM sooner!

This conversation seems to be diverging from the initial issue (privacy policy). The issue was resolved over two weeks ago. And now it would be great to reinstate the URL.

@june07
Copy link
Contributor Author

june07 commented Dec 19, 2018

@nodejs/tsc has delegated the issue back to the web working group. Apparently that was the wrong place to surface this issue. Can someone from the wwg chime in please. @fhemberger

@mhdawson
Copy link
Member

This was discussed in the TSC meeting this week: Consensus was that it is not the time to escalate to TSC and let website team lead the discussion, reach a discussion.

@MylesBorins
Copy link
Contributor

Reopening as I don't think that this issue needs to be closed

@MylesBorins MylesBorins reopened this Dec 19, 2018
@ChALkeR
Copy link
Member

ChALkeR commented Dec 20, 2018

Yes, I believe that closing it was probably accidential.

@june07 june07 changed the title Re-enstate link to NiM in debug documentation. Reinstate link to NiM in debug documentation. Dec 21, 2018
@fhemberger
Copy link
Contributor

fhemberger commented Dec 30, 2018

(First of all sorry for the delay in my answer. It was Christmas time after all and I've been busy like the rest of you, I guess.)

I'm still strongly opposed to add this extension back to the list of recommendations in its current form.

For the record again, the email address of the user (taken from the Google account used to install the extension on Chrome) is sent every second to Google Analytics.

There is no need to collect personal data for the extension to work, and this can be considered a violation of the GDPR.

To sum up the arguments you brought up against this so far:

  • "We added a visible link to our privacy policy, which the user accepts with downloading and using out extension." – That's a good thing, although the privacy policy mixes use of your website and the app. And it doesn't inform the user about the email collection.

  • "We want to collect the data to maybe contact the users in the future" – as @oncletom already stated before, GDPR is about being given consent by the user. So if you want to collect data not required for using this extension, it has to be explicitly opt-in.

    If you just wanted to have statistical data about the daily usage of your extension, there'd be other options (like using a hash which can't be used to personally identify the user).

  • "Other companies are doing things much worse." – sorry, but I won't even discuss this statement.

Now, if those changes are made I'd be willing to reconsider my position.


At the same time, we're already discussing more broadly in #1932, #1963, #1964 and #1965 what kind of third party content should be collected on the Node.js website at all (also making sure that it doesn't mean this content is promoted/endorsed by the Node.js Foundation in any way).

/cc'ing @Trott (who rose two of the issues mentioned above) and @amiller-gh (as this is also relevant for @nodejs/website-redesign).

june07 pushed a commit to june07/NiM that referenced this issue Dec 31, 2018
june07 added a commit to june07/NiM that referenced this issue Dec 31, 2018
@june07
Copy link
Contributor Author

june07 commented Dec 31, 2018

So in the name of (... Greyskull?!), I've removed the emails from Google Analytics. My initial thought was to encrypt the data but ultimately the extra work isn't worth it to me. I don't profit from this and honestly, it's just not worth it to spend any more of my time on it.

Please see the PR I merged into my own code base. AS WELL, I've pushed an updated version to the Chrome Web Store that tracks the change.

That should kill all the friendly birds with just one stone! Cheers.

@fhemberger
Copy link
Contributor

Waiting for the PR to land, closing this.

@eyedean
Copy link

eyedean commented Jun 12, 2019

Well, it seems like the "Sending Email to Google Analytics" which was removed in December apparently, is back as of 29 days ago and it's currently in master: https://github.com/june07/NiM/blob/master/background.js#L151

We should probably edit the docs and mention that this is still happening and it's a recurring issue that apparently comes back!

@fhemberger shall we reopen this issue? (I just discovered this problem in nodejs/node#28185 a few hours ago on my own, and @joyeecheung guided me to here.)

PS. A friendly note to the author of the plugin: Your great work is much appreciated. But as I suggested in my own ticket, maybe replacing the email address with a randomly generated UUID, stored in the client-side for your tracking consistency, can make everyone feel better. :)

@fhemberger
Copy link
Contributor

Thanks for reopening, let's discuss matters over there.

@june07
Copy link
Contributor Author

june07 commented Jun 12, 2019 via email

@june07
Copy link
Contributor Author

june07 commented Jun 12, 2019 via email

@eyedean
Copy link

eyedean commented Jun 12, 2019

Let's centralize our conversation in #1908. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants