MCprep icon indicating copy to clipboard operation
MCprep copied to clipboard

Published 20 hours ago verified publisher icon TheDuckCow

Make the Privacy Policy more obvious to the end user

Open StandingPadAnimations opened this issue 2 years ago • 4 comments

Basically what the title says, I think we need to make the privacy policy more obvious to the end user. There are a multitude of ways we could do it, including

  • Confirmation dialogue when MCprep installed with an opt-out checkbox
  • Popup when it changes
  • A way for users to request the data collected from them (if possible)

As someone who's keen on privacy and transparency, I think it's important that we try to make users more aware of MCprep's anonymous data collection

StandingPadAnimations avatar Jan 07 '23 23:01 StandingPadAnimations

I support this, and you're right that we should be doing it more up front.

Steps to make I'd say:

  • Provide a prompt as a banner, much like the update notice, when the user first opens MCprep. Or, this could be part of the new "helpful horse" panel so that it only appears in one yet prominent place. There should be a way to either acknowledge or change the setting in a single click.
    • This should not be a literal popup dialogue, as that is disruptive.
    • A more aggressive but acceptable approach would be to not draw any UI and just put the checkbox with a word-wrapping description, and a "confirm" button underneath, with extra whitespace above and below.
    • Defer the "install" event until this confirmation button or acknowledge action occurs, so there's no ambiguity about install events being fired (and of course, don't send the install event until that moment, so we can remove the somewhat goofy/impractical clause about having your internet off when the addon starts the first time).
  • Not sure about the popup when it changes, what do you have in mind? My thinking the tick box better serves its purpose but happy to hear thoughts otherwise. We could link to more on the page which addresses what data is sent and how it is used (and the very explicit fact that no third party data controllers are used, from a GDPR perspective).
  • On data removal, users can ask to have their data removed only if they can email their MCprep addon folder's mcprep_addon_tracker.json file to support [at] theduckcow.com with the subject line "Please delete my data", requests will be removed within 30 days. This file is the only way we can associate the user, so if they do not have this, we are unable to comply with any request as it is already anonymized (generally speaking, data removal requests have to do with data which includes personal info, so offering to delete even non-personal info is a bit above and beyond, but I'm happy to offer it unless it starts to get out of hand).
  • Addendum: I should probably update the privacy policy to mention something specific around the "apply skin from username" feature, since that is technically a third party website (they'd only get your search term, but nonetheless).

TheDuckCow avatar Jan 12 '23 01:01 TheDuckCow

Not sure about the popup when it changes, what do you have in mind?

If the privacy policy ever changes, there could be a popup in MCprep (similar to the one created by the updater) telling users to read the new policy

On data removal, users can ask to have their data removed only if they can email their MCprep addon folder's mcprep_addon_tracker.json file to support [at] theduckcow.com with the subject line "Please delete my data"

I'm curious if it will be possible to have an operator in MCprep that "automates" this, as in opening the email client, setting the subject and recipient, and then attaches the file, so that requesting deletion of data is just a one button to press

A more aggressive but acceptable approach would be to not draw any UI and just put the checkbox with a word-wrapping description, and a "confirm" button underneath, with extra whitespace above and below.

I think that's a pretty good compromise. If possible, I think also adding a way to opt-out would also be a good idea. Personally, I would prefer an opt-in system and then have a UI that may look something along the lines of:

If you so wish, MCprep can send anonymous data to be used to help further improve MCprep. MCprep 
shall only send the following
* MCprep version
* Blender version
* OS
* Unexpected errors (with an option to send a description of what you were doing)
* Whatever other information is sent, though from what I can tell from the analytics panel that's all MCprep sents

This is not structly required for MCprep to function, although it does help with development.
[ ] - I give MCprep permission to send anonymous data to help improve the addon

[Confirm or "I do not wish to give MCprep anonymous data" depending on what the user selected]

The main concern I have of course is that by making this more obvious, there's room for misunderstanding on how data collection works

StandingPadAnimations avatar Jan 12 '23 02:01 StandingPadAnimations

Adding this to the list of 3.5.1 priorities (high priority as it deals with user privacy).

Thinking about this further, would it be possible to add a "delete my data" operator in MCprep itself? After all, MCprep has access to the JSON file (unless there's some issues related to Google Analytics permissions that prevent us from deleting data from MCprep's side).

StandingPadAnimations avatar Aug 21 '23 14:08 StandingPadAnimations

Looking into it, it also seems like that MCprep enables tracking by default, despite tracking.py saying it's opt-in. From what I can tell, it seems to be due to how Blender selects the default option for enums (“Enable Tracking” is the first item in the enum and as such will be the default), but we really need to fix this soon.

StandingPadAnimations avatar Sep 18 '23 18:09 StandingPadAnimations