Insights turned on by default from the cloud library without opting in


#1

I am just looking into using cloud services such as deploy and push, so I included ionic.cloud.min.js into my project. I did not use the insights module.

But when I looked at the web console, I noticed that it was attempting to send insights to the ionic cloud by default, and was only prevented from doing so because of the Content Security Policy.

[Error] Refused to connect to https://api.ionic.io/insights because it appears in neither the connect-src directive nor the default-src directive of the Content Security Policy.
[Error] Ionic Insights: Could not send insights. – Error: Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. — ionic.cloud.min.js:6
Error: Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. — ionic.cloud.min.js:6crossDomainError — ionic.cloud.min.js:6086
	error
	error (ionic.cloud.min.js:11:13215)
	(anonymous function) (ionic.cloud.min.js:11:12552)
	callback (ionic.cloud.min.js:7:2044)
	crossDomainError (ionic.cloud.min.js:7:2354)

Having insights turned on by default without developer opt-in seems like a pretty major overreach. In particular, sending out information about when the user navigates to certain screens could leak information (e.g. about their timezone, and thus about their possible location).

Many developers may not care about this, but some do and for those people, this is pretty egregious. In particular, I am using ionic for a research project in which I have to specify where the data collected will be stored and who will have access to it, and I cannot do that if data is being collected without my knowledge or approval.


#2

@max, @mhartington

I think the needs an official response. In our case we probably won’t opt out. But given that this is undocumented, it probably means we are already violating our own privacy policy. As a business we need to be fully aware of what kind of reach our dependencies have.


#3

Hi,

Insights is a tool that is provided for your benefit as an app developer. It helps you see active users, session length, etc. We are only tracking anonymous data through this tool. If you use push or auth, those services can generate identifying information as a side effect (such as their email or metadata in a push), so please be aware of that. Additionally, if your research app requires stringent data access requirements, please know that by using any of our Cloud services that data will be subject to our TOS and Privacy Policy which require us to have access to it to provide the service, which might conflict with your privacy requirements.

In the meantime, we are looking at adding a disable flag to the client for insights but don’t have an ETA on that.

Thanks.


#4

Hi @max,

I understand that data if I use ionic services, I might leak data. That’s why I store my data in my own server (I don’t use ionicDB) and I don’t use ionic auth - I wrote my own native wrapper to the google oauth library. I currently use deploy and am considering using push. My use of push should not leak any indentifiable information since I have not integrated with auth - I will maintain the mapping from user to token on my own server and invoke push with the device token directly.

I understand that insights are a useful tool for most developers, and I understand the allure of having some basic stats (app opens, etc) working out of the box. I definitely think you should keep working on it. I just think that developers don’t expect something to be running unless they have turned it on.

Here’s another concrete example of somebody who is surprised that insights is running without being turned on.

I took a quick look at the cloud library and it looks like the change would be fairly simple.
You would just need to change this to false

You would also then need to add documentation on how to enable it.

If you think that this is consistent with your goals for the platform, I am happy to submit a pull request to turn it off by default. Also, if there are other services that are enabled by default, just let me know and I’ll include them in the pull request too.


#5

Ah! The enable/disable option was added a couple of hours ago!

I think that making it disabled by default and documenting that you enable insights using

  $ionicCloudProvider.init({
    "insights": {
      "enabled": true
    }
  });

would be awesome.

Let me know if you would like me to submit a pull request…


#6

Great, and here’s how to do it in Ionic 2:

const cloudSettings: CloudSettings = {
  'core': {
    'app_id': 'APP_ID'
  },
  'insights': {
    'enabled': false
  }
};

#7

Thanks for the explanation.


#8

I assume the code that I specified would work in Ionic1 through code inspection but I haven’t tested it. Can you confirm that it works on ionic 1 as well? Has it been tested? Has it been pushed to npm?

Also, I would strongly recommend that you have insights disabled by default and have people enable if they want to use it. But I understand if that doesn’t fit your business plans…

Is it possible to highlight (maybe in a blog post) that insights are enabled by default and need to be opted out from?
Also, the docs need to indicate what the default value for the enabled flag is…

Properties

enabled: boolean

Whether or not insights collection is enabled.

#9

Also, can you confirm that there are no other on-by-default services?
What is the full list of on-by-default services that users would need to disable if they care about not leaking data?


#10

Where can app developers go to view the insights that are being sent & recorded? If the app is sending usage analytics, I’d like to be able to view them. I dug around in my ionic.io dashboard, but don’t see anything.