Titanium JIRA Archive
Appcelerator Daemon (DAEMON)

[DAEMON-257] Remove all paths from telemetry payloads

GitHub Issuen/a
TypeStory
PriorityCritical
StatusResolved
ResolutionFixed
Resolution Date2018-05-24T10:53:35.000+0000
Affected Version/sn/a
Fix Version/sAppc Daemon 1.1.3
Componentsappcd-core, appcd-plugin
Labelsgdpr
ReporterChris Barber
AssigneeChris Barber
Created2018-05-22T20:39:47.000+0000
Updated2018-05-30T16:35:52.000+0000

Description

The Appc Daemon has telemetry enabled by default. It currently sends 4 different events: appcd.server.start, appcd.server.shutdown, appcd.plugin.added, and appcd.plugin.removed. Most of these events include data that may violate the GDPR (General Data Protection Regulation).

Collected Data

The appcd.server.start event includes process.argv which leaks the user's username. process.argv will be removed from the payload. The appcd.plugin.added and appcd.plugin.removed events include each plugin's path which also leaks the user's username. All plugin paths will will be removed and a packageName will be added. We collect this data to track usage and versions of the Appc Daemon and its plugins. We can use this data to determine if we can deprecate versions, platforms, features, and be able to track what plugins and versions are being used so we can focus testing and integration.

Disabling Telemetry

Telemetry can be completely disabled by running: If you have Appc Daemon globally installed:
appcd config telemetry.enabled false
If you have the recent Appc CLI:
appc appcd config telemetry.enabled true
Also note that we have ticket DAEMON-254 to prompt for opt-in first run, but still defaults to enabled.

Comments

  1. Chris Barber 2018-05-23

    https://github.com/appcelerator/appc-daemon/pull/329
  2. Ewan Harris 2018-05-24

    [~cbarber] fixVersion should be 1.1.3?

JSON Source