> we can also come up with scenarios that involve real harms. […] I personally use Google Analytics to track visitors to my website.
This was a well-written fun read, and I also both care about privacy a lot and have also used Google Analytics on a site too, but at the same time I’m a little bit floored how quickly his own use of GA was assumed benign while Wacom’s was assumed malicious. (Using GA is handing tracking data to Google, after all.) I don’t think the “it’s just a mouse” is a valid justification for this double standard. My browser is “just a viewer”; I’m getting tracked before I click on anything on your page. If we’re going to care about privacy deeply, I think we need to be a little more rigorous together.
This makes me wonder something as a developer - it’s not just tempting to have analytics and telemetry, it’s very, very valuable data if you care about the customer experience. And for companies that don’t do anything with this data other than improve the customer experience and fix crashes, this data is also valuable to the customers and users. So the big question here for developers is how can we collect usage data safely without compromising privacy? What data is safe to track, and what data is not safe to track? Personally I assume there are many kinds of seemingly innocuous data that could be misused. Even tracking mouse location can reveal things to an adversary. What can we do as developers to prevent customer experience from becoming adversarial? Is the only answer to not send any data? Or is there a technical way to establish and maintain trust between users and apps?
> So the big question here for developers is how can we collect usage data safely without compromising privacy?
Consent and control. Do not collect anything without obtaining the user’s active, voluntary, informed consent, and give the user the control to withdraw consent later. That’s really all there is to it.
Active: you don’t hide it in the TOS. You make consent an action that the user is requested to do.
Voluntary: to the user, the software should behave identically with or without user consent for data collection. Don’t make consent a condition of using the product or features.
Informed: the user knows what he is consenting to and can understand what data is in play. No simple “check this box to help us understand stuff LOL”.
> "it’s very, very valuable data if you care about the customer experience. [...] What can we do as developers to prevent customer experience from becoming adversarial?"
Pay money for the very very valuable data, instead of taking it and trying to hide behind legalese and finger-pointing and distraction and affront. If studying how people use your thing adds value to your company, run a usability lab where you pay people to study how they use your thing. Contact a company with a lot of users and arrange to give them discounts in exchange for data, agree up front what data will be shared and how it will be used. Offer discounts like Amazon's Kindle-with-ads is cheaper than Kindle. Make it opt-in with limited things you collect and what you do with it, and be trustworthy enough that people believe you only do that.
Microsoft PowerShell collects telemetry and it's opt-out, which is annoying for a shell/programming language. But there is a public help document about what is collected and how to opt-out[1] and the source code is on GitHub[2]. Even then I wouldn't be surprised if that was the proverbial straw which broke the camel's back. As developers keep abusing people's trust and taking liberties, something will be. It's a tragedy of the commons situation, why would you stop abusing the ~~environment~~ customer a little bit for a good reason when others are doing worse and they won't stop?
I would assume a primary internal use for this would be to test their driver against specific applications and to develop enhancements and improvements for them. The driver offers application specific mappings, so perhaps they want to know what applications are actually being used to better inform their efforts.
If the drivers are continuously updated with this information to provide an improved experience for the largest parts of their user base, then they are effectively paying back for the use of this data.
If that's as far as their use of this data goes, then what more do they directly owe you for the data?
"Pay money to get the data from the user" doesn't mean "pay money whether the user wants it or not, and take the data whether the user wants to or not". It means that the user has to engage in a voluntary transaction where he can decide whether the price he's paying is worth it or not. No price is "worth it" if the decision that the price is worth it is a one-sided decision that comes from the company.
Like the sibling comment, my reaction, and my intent when I said “valuable”, was referring to developer quality and customer experience value, not financial value -- assuming the data is not being sold for financial gain, and it is only used for development and UX. I personally loathe reducing all things to financial value on principle, because I think it cheapens relationships and reduces trust, and anyway the conversion rate is often wildly wrong. However, I also think you have a reasonable and valuable point, and maybe paying for the data really is how we make this work. It certainly would be okay in my book if there was a large financial penalty for companies found doing things with data that aren’t in the customer’s best interest and that they didn’t make clear from the start.
This was a well-written fun read, and I also both care about privacy a lot and have also used Google Analytics on a site too, but at the same time I’m a little bit floored how quickly his own use of GA was assumed benign while Wacom’s was assumed malicious. (Using GA is handing tracking data to Google, after all.) I don’t think the “it’s just a mouse” is a valid justification for this double standard. My browser is “just a viewer”; I’m getting tracked before I click on anything on your page. If we’re going to care about privacy deeply, I think we need to be a little more rigorous together.
This makes me wonder something as a developer - it’s not just tempting to have analytics and telemetry, it’s very, very valuable data if you care about the customer experience. And for companies that don’t do anything with this data other than improve the customer experience and fix crashes, this data is also valuable to the customers and users. So the big question here for developers is how can we collect usage data safely without compromising privacy? What data is safe to track, and what data is not safe to track? Personally I assume there are many kinds of seemingly innocuous data that could be misused. Even tracking mouse location can reveal things to an adversary. What can we do as developers to prevent customer experience from becoming adversarial? Is the only answer to not send any data? Or is there a technical way to establish and maintain trust between users and apps?