If I create a OSS app with analytics to detect & log crashes with feature use, is it a bad practice? I think analytics is really helpful in finding:-
- which features are worth developing &
- which bugs needs to be solved first.
Edit…
Things Collected
- IP Address for use ping (for country)
- All crashes with IP
- Feature use with IP Crashes are store for upto 6 months to solve bug but rest are collected and delete after 3 months
It is opt-out but user are informed about it during first / install time. To disable analytics Settings --> Privacy
I want to know right way to introduce analytics in OSS
All depends on what you collect, how it’s stored, how transparent you are about it, and how easy it is to opt out of. It can definitely be done well.
I prefer opt-in.
There are kinds of analytics that are incompatible with the GPL, as you can’t restrict what users do with GPL software, and that includes asking children not to submit analytics containing information you’re not allowed to know about children under COPPA. The only options are to hope your software is only used by adults, or not implement any kinds of analytics that collect the relevant kinds of personal information.
As an OSS user, and developper, OPT-OUT is a shitty practice. It should be opt-in to users who face crashes issues if they want to share that data (they care enough to provide their info to the dev to fix it). I know this makes users sound entitled, but otherwise the “opt-out” permission will be exploited by someone which will make users even more paranoid about OSS apps.
Do not collect more data than you need. If you need IP for some reason then that needs to be relevant. Is your app geographically based, for instance? And does the location or IP impact how the app works?
Beyond that, if you’re collecting personal or sensitive data it should be opt-in from a privacy focused perspective.
Only reason we collect IP address is to evaluate which country is most active & focus localisation(language etc)
Prompt after a crash, include verbatim data sent, send only this time or opt in for automatic reporting, IMHO best practice as a user who respects the need for valueable analytics
It takes years to build a good reputation in OSS, and only one dumb thing (like opt-out of personal data) to ruin it.
(Yes, IPs may be considered personal data in that they can be used to identify individuals, and so subject to the GDPR and, potentially, the very high fines associated with that. Unless you’re evil, don’t collect any personal or identifying data unless you absolutely have to, and very triple sure the user knows what you’re sending and why)
This doesn’t really have anything to do with open source software. It’s more of a privacy topic. You can harvest as much data as you want and still be GPL.
I would view it as basically a research ethics question, as in I owe the participants of this experiment to be made fully aware about what I am collecting and why. Giving them the ability to remove their analytics seems obvious as well.
I agree with opt-in policies. The only ethical case for opt-out is if you obtain informed consent ahead of the participation of the user which is de facto opt-in.
I don’t think opt-in is necessarily required ethically but having clear information available about the entire extent of the use of the data and the ability to remove it should be practiced. In the same way I might conduct a human trial on someone who agrees to engage as a participant, but I’m not giving them all of the information at the onset so as to not bias their response. Though I do provide a full summary once I’m finished collecting the data (i.e. the study is over).
I will not use software that has analytics that I have to opt out of if there is an alternative that has analytics off by default with the ability to opt-in.
The psychology surrounding opt-out vs opt-in is very well understood, and choosing to include analytics with an opt-out structure is taking advantage of people to make development potentially easier. Not cool.
As a user, if something like this was implemented in anything I use, as long as it’s opt-in (not opt-out), I would probably agree after I make sure I’m ok with the data I would be sharing.
Opt-out is always an instant “hell no” for me. It feels too much like a pusher.
deleted by creator
