this post was submitted on 22 Jan 2024
60 points (98.4% liked)

Open Source

31359 readers
216 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

If I create a OSS app with analytics to detect & log crashes with feature use, is it a bad practice? I think analytics is really helpful in finding:-

  • which features are worth developing &
  • which bugs needs to be solved first.

Edit...

Things Collected

  • IP Address for use ping (for country)
  • All crashes with IP
  • Feature use with IP Crashes are store for upto 6 months to solve bug but rest are collected and delete after 3 months

It is opt-out but user are informed about it during first / install time. To disable analytics Settings --> Privacy

I want to know right way to introduce analytics in OSS

all 28 comments
sorted by: hot top controversial new old
[–] Jimbabwe 40 points 10 months ago (1 children)

All depends on what you collect, how it’s stored, how transparent you are about it, and how easy it is to opt out of. It can definitely be done well.

[–] Zachariah 19 points 10 months ago

I prefer opt-in.

[–] [email protected] 25 points 10 months ago* (last edited 10 months ago) (1 children)

Generally people make a huge issue out of something like that (some will even call it spyware, etc).

I think the best approach is to ask the actual community of users what they're ok with before you start. You probably want to make sure it's opt-in as opposed to opt-out, and be very clear about what information you do and don't collect, and make sure it's stored securely.

[–] [email protected] 11 points 10 months ago

It's not even always necessarily about trust, but risk management as well. I've definitely coded a crash handler that exposed my database credentials in it. There's also the network aspect of it: your ISP/job/coffee shop can see the DNS request and TLS server name from the telemetry ping. That can be used to track you, or maybe you trigger some firewall alarm at work because of the ping.

We've kind of just started accepting that most apps will phone home and that there's constantly some chatter on the network from all those apps. But if you actually start looking at what all your devices and apps are doing in the background with say, a PiHole, it's pretty shocking.

I'm not that paranoid and would certainly accept some level of telemetry if asked nicely. "Hey I'm a small dev, I appreciate receiving detailed crash reports to make the app better". And as a developer, users might be willing to offer way more than what would be reasonable to do in the background. I might even agree to submit a screenshot on crash, but if and only if I've been asked before and told what it's used for, and I get the option to disagree if I'm going to be handling private information and don't want to risk my data be part of a stack trace.

[–] [email protected] 14 points 10 months ago

Biggest question to me is why you need an IP in the first place?

[–] [email protected] 13 points 10 months ago

For foss apps, I mostly allow analytics to track to help the dev out more. Complete 180 for any big tech since whenever they ask for it, they sell that information to the highest bidder.

[–] akrot 9 points 10 months ago

As an OSS user, and developper, OPT-OUT is a shitty practice. It should be opt-in to users who face crashes issues if they want to share that data (they care enough to provide their info to the dev to fix it). I know this makes users sound entitled, but otherwise the "opt-out" permission will be exploited by someone which will make users even more paranoid about OSS apps.

[–] AnyOldName3 8 points 10 months ago

There are kinds of analytics that are incompatible with the GPL, as you can't restrict what users do with GPL software, and that includes asking children not to submit analytics containing information you're not allowed to know about children under COPPA. The only options are to hope your software is only used by adults, or not implement any kinds of analytics that collect the relevant kinds of personal information.

[–] [email protected] 8 points 10 months ago

I will not use software that has analytics that I have to opt out of if there is an alternative that has analytics off by default with the ability to opt-in.

The psychology surrounding opt-out vs opt-in is very well understood, and choosing to include analytics with an opt-out structure is taking advantage of people to make development potentially easier. Not cool.

[–] [email protected] 8 points 10 months ago* (last edited 10 months ago) (1 children)

Many people who deliberately choose open source, are also into privacy. I'm not sure what people like. But you'll definitely face some rejection by people like me. I like to file bugreports myself. I get my apps from F-Droid and they usually strip those telemetry libraries from the source. But for people who use Obtanium or Google Play, it'll work. I think there is a good share of users who are fine with crashreports. Maybe the majority. You could make the app ask for confirmation before sending the report. Or offer two variants of the app, one normal and one without. Or let people like F-Droid offer the latter.

If it's more than crash reports, I think it should be opt-in rather than opt-out.

I like the old fashioned way of doing free software. Have a community around the project, a bugtracker and engage people in a discussion about future developments. I'm happy if that's baked into an app if it's opt-in and it's an open backend or something simple, meaning you don't include the whole Firebase, Crashlytics, ... stuff. But it's up to the developer. If you like it, and your audience isn't privacy nerds, include it and see if people complain.

[–] catalog3115 9 points 10 months ago (1 children)

Or offer two variants of the app, one normal and one without. Or let people like F-Droid offer the latter.

I like the idea of providing two variant one normal & another without any analytics whatsoever on F-Droid. Users can create a issue/support ticket on GitHub providing logs themselves. Their app will not even ping back whatsoever.

I will create app with analytics with a compile switch so analytics part is not even compiled and completely stripped from the build

[–] [email protected] 5 points 10 months ago* (last edited 10 months ago)

Yeah, the maintainers of F-Droid will probably appreciate you did the work for them.

And I think it's a sound approach. I mean the Linux ecosystem works the same way. We have upstream developers, and distributions and maintainers who adapt the packages for the user. We can have all the diversity, modern tools and also distributions like Debian that swich everything to privacy per default because their users like that. I think the same approach works for android and I really appreciate I get to choose between F-Droid, Obtanium and the Google Play store.

[–] [email protected] 8 points 10 months ago (1 children)

Do not collect more data than you need. If you need IP for some reason then that needs to be relevant. Is your app geographically based, for instance? And does the location or IP impact how the app works?

Beyond that, if you're collecting personal or sensitive data it should be opt-in from a privacy focused perspective.

[–] catalog3115 1 points 10 months ago (1 children)

Only reason we collect IP address is to evaluate which country is most active & focus localisation(language etc)

[–] [email protected] 1 points 10 months ago

Not that usefull probably. I am in Italy but I use english language for most of the software I use daily, for example.

For this I think it is better to have a simple way to contribute with or ask for the translations.

[–] [email protected] 7 points 10 months ago

It is opt-out

Yeah, you are doing it wrong. As I am guessing you already know, even if you haven't fully admitted it to yourself yet. All telemetry should be opt-in.

[–] bbuez 6 points 10 months ago

Prompt after a crash, include verbatim data sent, send only this time or opt in for automatic reporting, IMHO best practice as a user who respects the need for valueable analytics

[–] [email protected] 6 points 10 months ago

It takes years to build a good reputation in OSS, and only one dumb thing (like opt-out of personal data) to ruin it.

(Yes, IPs may be considered personal data in that they can be used to identify individuals, and so subject to the GDPR and, potentially, the very high fines associated with that. Unless you're evil, don't collect any personal or identifying data unless you absolutely have to, and very triple sure the user knows what you're sending and why)

[–] [email protected] 5 points 10 months ago (1 children)

I think if you use your own Matomo instance I'm way more ok with it, than if you include google.

If your app could also be used by people from the EU, you have to be GDPR complaiant as IP adresses are considered personal information. The question if crash reports are necessary (in the sense of GDPR Art. 6) hasn't been decided yet AFAIK.

[–] catalog3115 3 points 10 months ago (1 children)

Crash reports really helps developers. A app can crash for various reason sometimes it's the device itself(not the concern of developers) but mostly some type of bug. We use analytics to prioritise which bug to solve.

For Example:- There are 2 bugs one in share feature another in export. If lots of people use share feature, then we priorities share feature bug

[–] [email protected] 4 points 10 months ago

No I understand, I really do. I develop myself. The thing is, if it's opt-out, then it does not seem to be necessary. If it's necessary, then you have to show that your interest in bug fixing outweights the users right to privacy.

[–] [email protected] 4 points 10 months ago
[–] [email protected] 1 points 10 months ago

Not if it's opt-in hidden in the settings.

This is at least the only way i share analytics.

[–] [email protected] 1 points 10 months ago

As a user, if something like this was implemented in anything I use, as long as it's opt-in (not opt-out), I would probably agree after I make sure I'm ok with the data I would be sharing.

Opt-out is always an instant "hell no" for me. It feels too much like a pusher.