Understanding how a product is used is helpful, in the long run, to end-users.In Wacom’s defence, using systems such as Google Analytics to gather data on how customers are using a product might be justified on two counts: Heaton even uncovered a killswitch function that Wacom could use to remotely turn Google Analytics collection off and on. The latter behaviour isn’t referred to in the privacy policy, or at least it’s not mentioned explicitly. ![]() ![]() What requires more explanation is why Wacom think it’s acceptable to record every time I open a new application, including the time, a string that presumably uniquely identifies me, and the application’s name. Some of this was as expected – when the Wacom driver was started and stopped – which he decided was justifiable. With perseverance and a lot of fiddling, Heaton was eventually able to proxy the driver’s traffic to Google Analytics to take a more detailed look at the data being collected. The earliest mentions of Wacom integrating Google Analytics with tablet Windows and macOS drivers for the Intuos range appear to date back to version 6.3.27 released for Windows and macOS in late 2017. The privacy policy for US-based users is a lot more permissive, although not all sections of this would apply when simply installing a driver. This data should not reveal real identities:Īs the IP anonymize function is activated in the Tablet Driver, your IP address will, within Member States of the European Union or other contracting states of the Agreement on the European Economic Area, first be shortened by Google The Privacy Notice posted to GitHub by Heaton relates to users in the EU and is upfront about this when it explains in a succinct 770 words what data Google Analytics collects, including things like when during the day tablets are used, and which functions are popular. The official answer is for the same reason many other companies’ applications do the same thing – to analyse how customers are using a product to see whether it can be improved. This struck him as intrusive for a drawing tablet which is “essentially a mouse.” Why would such a thing need a privacy policy anyway? In section 3.1 of their privacy policy, Wacom wondered if it would be OK if they sent a few bits and bobs of data from my computer to Google Analytics, aggregate usage data, technical session information and information about hardware device. ![]() In a blog, software developer Robert Heaton said he was first alerted to the behaviour when he read the company’s Experience Program Privacy Policy while installing some Wacom drivers on his computer. If you want to disable this snooping, open your Wacom Desktop Center, find the slightly hidden More link, click on it, go to the privacy settings, and opt out of "Wacom's Experience Program." Note that you may have to opt out again after updating your driver installation: this data collection is enabled by default.An engineer has detailed how graphics tablet company Wacom’s privacy policy allows it to collect data unconnected to its products, such as which applications users open on their computers. Interestingly enough, while poking around with this code, Heaton noticed the XML disappeared for a while then reappeared containing a curious Easter Egg: Rick If the XML file was not present, the driver would not spill any details to Google, and note in its logs the telling line: "Analytics disabled either locally or from server kill switch." In other words, the XML file acted as a kill switch. ![]() Why does a device that is essentially a mouse need a privacy policy?" Kill switchĪfter firing up Burp Suite to observe his network traffic, Heaton found that his peripheral's macOS driver would query the presence of an XML file on a server, and if this document was present, the software would feed notifications of applications being opened into Wacom's Google Analytics account.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |