• AstridWipenaugh@lemmy.world
    link
    fedilink
    English
    arrow-up
    83
    arrow-down
    9
    ·
    5 months ago
    • Your Device’s Internet Protocol address (e.g. IP address), - absolutely necessary for anti-ddos techniques
    • browser type, browser version, - necessary for UX to build a functional website for the browsers that customers actually use
    • the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, - critical for determining what is popular and what isn’t to improve how the interface is designed and what parts are pulled forward and what parts are hidden in menus
    • unique device identifiers and other diagnostic data. - useful for determining how often you switch devices and the performance and other experience metrics to drive making the app more user friendly

    I work on web software professionally and this is a pretty minimal list that is completely justifiable for maintaining operations. If you can’t answer basic questions like “what are users doing with the app?”, you can’t make intelligent decisions about how to improve it.

    There’s a lot of the same stuff here: https://legal.lemmy.world/privacy-policy/

    I don’t know anything about this app or company so I’m not going to defend them, but there aren’t any real red flags here. If this amount of data collection bothers you, you really should stop using the internet in general.

    • Chozo@fedia.io
      link
      fedilink
      arrow-up
      30
      arrow-down
      3
      ·
      edit-2
      5 months ago

      Sorry, I kinda got lost in the sauce on my original comment, lol. My issue isn’t so much with the data collection, itself. My problem is that their FAQs say things that appear to be outright lies. Not even just embellishing the truth or something, but complete falsehoods.

      I don’t care so much that they collect a bit of data. But if they’re wiling to lie to a potential user about their data collection, I can’t help but wonder what else they might be willing to be dishonest about. I already have doubts about their crypto claim in the FAQ based on their founder’s history with NFTs, so I worry that this might also be something they’re not being truthful about.

    • FelipeFelop
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      5 months ago

      I think you’ve missed the point. It’s not the data they are collecting but the fact they say they don’t collect data.

      • AstridWipenaugh@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        5
        ·
        5 months ago

        It’s pedantic, but you are not your computer. They don’t collect (according to them) PII other than phone numbers.

        • FelipeFelop
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          2
          ·
          5 months ago

          Not sure I agree entirely. The actions I take are definitely data about me.

          Also, in many jurisdictions data that could be combined (even in the future) with other data to identify you or something about you, is considered personal data.

          For example, Device ID is AstridWipenaugh’s device and they use the app in the morning.

          • Ghoelian@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            5 months ago

            (I don’t like this kind of data collection either fwiw, not trying to defend them or anything)

            On Android at least, device id’s are unique per app, and reset when you reset your phone to factory. In theory they can’t use this data to cross-track you personally, since every service that uses a device id has a different one for the same user.

            They can probably still build up a pretty accurate profile of you based on other data they collect though.

            • FelipeFelop
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              5 months ago

              Yes, that’s exactly the point. Combining data is something that must be considered. (And in some jurisdictions like the EU you even need to consider if it could be combined in future with other data)

    • Knossos@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      5 months ago

      And just to piggyback on this comment, I’m an Android developer and we this information is critical for determining similarities for bug solving.

      You would not believe how often there is a bug caused by a specific model of phone. That connection you can only know if you log that for every crash you get.

    • ayaya@lemdro.id
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      4
      ·
      5 months ago

      Yeah as someone who has worked in web development for over 20 years everything in here is completely standard. Almost every major website in existence collects this kind of analytical data.

        • ayaya@lemdro.id
          link
          fedilink
          English
          arrow-up
          12
          arrow-down
          3
          ·
          edit-2
          5 months ago

          Like the comment I replied to already explained, this information is necessary to make informed development decisions. If you don’t know who is using what feature you might be wasting resources on something barely anyone uses while neglecting something everyone needs.

          You also need some of that data for security purposes. You can’t implement rate limiting or prevent abuse if you can’t log and track how your services are being interacted with.

          And this is aggregate data. I can promise you not a single person cares about what any individual user is doing (assuming it’s not illegal)

          • Cryophilia@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            5 months ago

            It should all be opt in. Aggregate data can be used to personally identify, and even when it’s not, it has its own negative effects.

            • ayaya@lemdro.id
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              5 months ago

              It should all be opt in

              Then you introduce self-selection bias and the data is worthless.

              Aggregate data can be used to personally identify

              You can’t identify someone based on how they interact with a service. If you spend 5 minutes on one page and 2 minutes on another that could be anyone. Even if you for some reason personally knew someone’s browsing habits it would be nearly impossible to pick them out in a sea of millions of data points.

              I see you linked privacyguides.org in the thread as “alternatives”, one of the services it recommends is Proton (Mail, Drive, etc.). Look at their privacy policy:

              2.1 Visiting proton.me or protonvpn.com website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally (and not on the cloud). IP addresses are not retained and stored for such analytics.

              When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software (e.g. fabric.io) app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting to send crash information to our developers in order to rapidly fix bugs.

              Or how about addy.io that privacyguides recommends for email forwarding? From their privacy policy:

              We use a self-hosted instance of Umami, an open-source, privacy-focused and lightweight option for website analytics. All the site measurement is carried out absolutely anonymously.

              ALL online services collect this kind of data. Even the privacy-focused ones. There is nothing nefarious about it.

              • Cryophilia@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                5 months ago

                “Analytics are anonymized whenever possible” is vastly more reassuring than “we use all this data”.