this post was submitted on 22 Jan 2024
58 points (96.8% liked)

Open Source

30206 readers
264 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
58
If I create a OSS app with analytics to detect & log crashes with feature use, is it a bad practice? (lemmy.world)
submitted 7 months ago* (last edited 7 months ago) by catalog3115@lemmy.world to c/opensource@lemmy.ml
28 comments fedilink hide all child comments
 

If I create a OSS app with analytics to detect & log crashes with feature use, is it a bad practice? I think analytics is really helpful in finding:-

  • which features are worth developing &
  • which bugs needs to be solved first.

Edit...

Things Collected

  • IP Address for use ping (for country)
  • All crashes with IP
  • Feature use with IP Crashes are store for upto 6 months to solve bug but rest are collected and delete after 3 months

It is opt-out but user are informed about it during first / install time. To disable analytics Settings --> Privacy

I want to know right way to introduce analytics in OSS

you are viewing a single comment's thread
view the rest of the comments
[โ€“] jonne@infosec.pub 26 points 7 months ago* (last edited 7 months ago) (1 children)

Generally people make a huge issue out of something like that (some will even call it spyware, etc).

I think the best approach is to ask the actual community of users what they're ok with before you start. You probably want to make sure it's opt-in as opposed to opt-out, and be very clear about what information you do and don't collect, and make sure it's stored securely.

[โ€“] Max_P@lemmy.max-p.me 11 points 7 months ago

It's not even always necessarily about trust, but risk management as well. I've definitely coded a crash handler that exposed my database credentials in it. There's also the network aspect of it: your ISP/job/coffee shop can see the DNS request and TLS server name from the telemetry ping. That can be used to track you, or maybe you trigger some firewall alarm at work because of the ping.

We've kind of just started accepting that most apps will phone home and that there's constantly some chatter on the network from all those apps. But if you actually start looking at what all your devices and apps are doing in the background with say, a PiHole, it's pretty shocking.

I'm not that paranoid and would certainly accept some level of telemetry if asked nicely. "Hey I'm a small dev, I appreciate receiving detailed crash reports to make the app better". And as a developer, users might be willing to offer way more than what would be reasonable to do in the background. I might even agree to submit a screenshot on crash, but if and only if I've been asked before and told what it's used for, and I get the option to disagree if I'm going to be handling private information and don't want to risk my data be part of a stack trace.