Collecting analytics on Helm charts about toc HOT 8 CLOSED

CNCF's parent, the Linux Foundation, recently conducted its GPDR audits. Based on my reading, Google Analytics (GA) is compliant with GDPR as long as no Personally Identifiable Information (PII) is captured, which it's not in this case. So, whether charts should default to supporting analytics is not, I believe, a legal question.

It does seem one that should be addressed by the Helm project maintainers and that could presumably be escalated to the Kubernetes Steering Committee.

For prior art, I would point to the Homebrew package manager, which had some controversy about using GA, and put together a clear explainer of what they were doing and how a user could turn it off.

https://github.com/Homebrew/brew/blob/master/docs/Analytics.md
https://news.ycombinator.com/item?id=11566720

Cc @michelleN

from toc.

To add my point of view, as I started with opposing the default:

My biggest concern (not my only one, though) is with regards to GDPR. I'm in the EU and the GDPR is a Big Thing:tm: over here. I'm not a lawyer or versed in legal issues in any way, but from what I've been told, it's very important that end-users in the EU need to explicitly approve any form of tracking. Defaulting to allow is not allowed any more.

I proposed two solutions to the developers:

1. Switch to default disallow and make a plea in the README and/or NOTES file to the user to enable the tracking. This would be my preferred solution.

2. Do not default the value at all, but require the user to make a conscious decision about it. This will make the Chart a little bit more work to install, but it solves the problem with the tracking while still leaving it up to the end user.

Defaulting to allow tracking is Not Done, imho. It's always been rather questionable and we're seeing more and more backlash against it (which I personally think is not unwarranted), so I expect a lot of users would not be amused by having the default set to allow tracking. There's no legal argument in that sentence, I'm aware, just wanted to voice my opinion as well.

from toc.

cc: @dankohn @bgrant0607 @technosophos @mattfarina @timstoop @unguiculus

from toc.

Thank you for your reply! That takes away the legal concerns then. I'll take the moral concerns to the project maintainers and have them decide whether it should be escalated to the Steering Committee or not.

from toc.

I'll close then unless @tamalsaha wants to add anything, but if you open an issue on the Helm repo can you please paste the URL here to link them for posterity.

from toc.

What is the full set of data sent to Google Analytics? This is not documented in the other PR or cli options, so it is hard to be sure if it is PII, or indeed reasonable or not.

from toc.

Thanks Dan! I think we can start having a discussion with those thoughts in our minds. Let's close this out and bring the discussion back to the charts/helm dev calls and report back.

I've filed a ticket here for discussion: helm/charts#4697

from toc.

Thanks @dankohn ! This is immensely helpful .

@justincormack , to answer your question, this is the actual logic, https://github.com/appscode/stash/blob/master/pkg/cmds/root.go#L36 .

Say, my cli has a command mycli get pods. Then we compute a client_id by taking md5 hash of clusters master ip. Then we send an event to GA where category=myapp, action=get/apps, version=git-version . If you have further question, please ask in the charts issue. I am happy to answer.

from toc.