Friday Facts #231 - Belt compression & Crash log uploading

Regular reports on Factorio development.
User avatar
bobingabout
Smart Inserter
Smart Inserter
Posts: 7350
Joined: Fri May 09, 2014 1:01 pm
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by bobingabout »

DMFan79 wrote:I started having random crashes with version 16.25 (IIRC). I can't really link the crash to something specific I was doing in the game. I never reached this tech level before though, so maybe it could be originated from the increased complexity of my base.

I'm using a Ryzen 1600x processor on a Windows 10 OS. My RAM is OCed from the BIOS using the default OC profile.
There is a known issue specifically with Ryzen processors. They're shit, you should be using an Intel i9 like the devs!

No, seriously though, There is a known issue with Ryzen processors. Nobody really knows why they're randomly crashing as of yet. The devs are looking into it, but need more Ryzen crash reports.
The issue is only known because of the automated crash dumps, and eventually they'll help fix the issue.
Creator of Bob's mods. Expanding your gameplay since version 0.9.8.
I also have a Patreon.

ikarikeiji
Long Handed Inserter
Long Handed Inserter
Posts: 93
Joined: Sun Jul 12, 2015 6:28 pm
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by ikarikeiji »

My thoughts on the privacy / crash report issue:

1. I personally agree with Factorio sending crash reports
2. I understand what you mean by users being in the habit of not sending reports or turning off reports out of habit and that they would opt out for no good reason if it was an explicit choice
3. I feel like it should be made clear what is being sent to every player before they have a chance to play - even those who don't read the FFF's or the release notes

What's implemented currently satisfies 1 and 2 but not 3.
Displaying an explicit opt-in dialog on the first time the game starts up would satisfy 3 but not 2.

So here's my idea to satisfy all of them:

On first game start (after install or update), display a message box with only an OK button that reads something like:
To help fix bugs, we automatically send crash reports.
These contain no personal information.
If you would like to read more about what these reports contain or how to opt out then please read [clickable link to FFF 231 blog post].
That way everyone knows that it sends crash reports, but a lazy user who just wants to click a shut-up button will click OK and play, without turning off the reporting.
But someone who for whatever reason wants to opt out will be told that crash reports are a thing, and told to read the blog post for info on how to disable it, which states that it can be disabled from the options menu, while also explaining the rationale hopefully changing their mind.

User avatar
eradicator
Smart Inserter
Smart Inserter
Posts: 5205
Joined: Tue Jul 12, 2016 9:03 am
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by eradicator »

ikarikeiji wrote:2. I understand what you mean by users being in the habit of not sending reports or turning off reports out of habit and that they would opt out for no good reason if it was an explicit choice
And who gets to decide what a "good reason" is? And why does anyone need to justify their reasons for not wanting to send reports? Any opt-out system inheritly priorizes the desires of the data collector and only leaves the possibility to opt-out at all because it is a legal requirement in most countries. And it only works because most of the time people don't even know that data is being collected or the opt-out process is purposely engineered to be annoying. If every company had to rely on opt-in they'd be a lot more careful with the data they collect. Because if they mess anything up they'd never get consent again.

Metuk
Burner Inserter
Burner Inserter
Posts: 5
Joined: Mon Dec 18, 2017 5:35 pm
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by Metuk »

milo christiansen wrote:IMHO crash reports are missing one simple thing: A GUID that is added to the sent data AND displayed to the user as a way to link a specific crash report to a forum bug report. When the game crashes, the report is sent, and the user is told "If you want to report more details about what happened, feel free to do so on the forum, and use this ID in your post."

This way sent and forum reports can be linked to each other (if the user wants) in a quick and simple way.

Adding my support for this, since it's an excellent idea.

User avatar
Oktokolo
Filter Inserter
Filter Inserter
Posts: 880
Joined: Wed Jul 12, 2017 5:45 pm
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by Oktokolo »

ikarikeiji wrote:On first game start (after install or update), display a message box with only an OK button that reads something like:
To help fix bugs, we automatically send crash reports.
These contain no personal information.
If you would like to read more about what these reports contain or how to opt out then please read [clickable link to FFF 231 blog post].
+1

It's all about consent. Wich has information as a prerequisite. The one-time message box + opt out available in the options menu should be okay for anonymized chrash logs.

cgdpr
Manual Inserter
Manual Inserter
Posts: 2
Joined: Wed Mar 07, 2018 11:17 pm
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by cgdpr »

Regarding the privacy issue I would like to chime in (as a developer involved in GDPR) to let you know that making this opt-out is very likely to be a violation of GDPR. You must collect my unambiguous consent regarding that specific collection, storage and use of my data - crash reports/dumps when/if the game crashes which may (will) contain and/or include PII. My IP address 100% is PII, so if you don't even bother with the logs or dumps, you will still be in risk of violation. Remember that you also have to explicitly name what kind of data you might collect (that is PII) when I give consent - any PII collected outside of that is a breach of GDPR.

You already stated that you see the file paths, which is identifiable information (c:/users/xxxx or even the pirated path you used as example since that is likely to be somewhat unique to me). If we assume that you solve those problems without asking for consent and somehow is in compliance with GDPR, how do you properly guarantee that no identifiable information in no circumstance ever leaves my computer or network in any of the logs or dumps?

You have a few months before this will hit, but having a simple welcome screen where you inform about the crash dumps and how they help (show this fff) and let the user chose (remember - no bias toward the opt-in option) to give their consent is the correct choice.

User avatar
eradicator
Smart Inserter
Smart Inserter
Posts: 5205
Joined: Tue Jul 12, 2016 9:03 am
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by eradicator »

cgdpr wrote:You have a few months before this will hit, but having a simple welcome screen where you inform about the crash dumps and how they help (show this fff) and let the user chose (remember - no bias toward the opt-in option) to give their consent is the correct choice.
Is the "no bias towards either option" actually a legal requirement? A few threads ago i joked about giving only two highly suggestive options: [No, not this time][Yes, always].

Loewchen
Global Moderator
Global Moderator
Posts: 7759
Joined: Wed Jan 07, 2015 5:53 pm
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by Loewchen »

eradicator wrote:
cgdpr wrote:You have a few months before this will hit, but having a simple welcome screen where you inform about the crash dumps and how they help (show this fff) and let the user chose (remember - no bias toward the opt-in option) to give their consent is the correct choice.
Is the "no bias towards either option" actually a legal requirement? A few threads ago i joked about giving only two highly suggestive options: [No, not this time][Yes, always].
Informed consent is only a requirement if consent itself is the basis for lawfulness of the data processing, but consent is obviously not the basis for it since other recitals (for example 47) are already satisfied (this is just how I understand it, not an official statement obviously).
But if consent would be the basis, then yes you would have to act to give the consent, be informed in plain language and there can not be any retaliation for not doing so.

cgdpr
Manual Inserter
Manual Inserter
Posts: 2
Joined: Wed Mar 07, 2018 11:17 pm
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by cgdpr »

eradicator wrote:
cgdpr wrote:You have a few months before this will hit, but having a simple welcome screen where you inform about the crash dumps and how they help (show this fff) and let the user chose (remember - no bias toward the opt-in option) to give their consent is the correct choice.
Is the "no bias towards either option" actually a legal requirement? A few threads ago i joked about giving only two highly suggestive options: [No, not this time][Yes, always].
The bias must not be towards opt-in - e.g. it cannot be a pre-checked checkbox or in any way give the impression that opt-in is the "right" choice. If for instance the opt-out button is named "Cancel" and colored red, while the opt-in button is named "I agree, proceed" and colored green, I am given the impression that I cannot proceed without clicking the green button. I believe your suggestion would be perfectly fine - though very annoying if it crashes alot and you decide to opt-out every time :)
Loewchen wrote:
eradicator wrote:
cgdpr wrote:You have a few months before this will hit, but having a simple welcome screen where you inform about the crash dumps and how they help (show this fff) and let the user chose (remember - no bias toward the opt-in option) to give their consent is the correct choice.
Is the "no bias towards either option" actually a legal requirement? A few threads ago i joked about giving only two highly suggestive options: [No, not this time][Yes, always].
Informed consent is only a requirement if consent itself is the basis for lawfulness of the data processing, but consent is obviously not the basis for it since other recitals (for example 47) are already satisfied (this is just how I understand it, not an official statement obviously).
But if consent would be the basis, then yes you would have to act to give the consent, be informed in plain language and there can not be any retaliation for not doing so.
How is 47 satisified in your opinion?
(47) The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party,may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.

(...)
Underlines by me. If you ask a random sample of gamers whether they expect games to phone home with some gamelogs + dumps which may contain PII, I believe you would find that it is not within reasonable expectations or interests - especially considering the recent incidents with other games/software phoning home. It could be argued that it is in their interest (at least not enough of a disinterest) to improve the game and if you make enough of an effort to protect their privacy before data leaves my computer that it might be fine. Its not clear cut whether it is ok or not, but if you are confident that you will be GDPR compliant, please give more details in the context of GDPR - that would really show us that you take our privacy very seriously.

It would be interesting to consider the case where someone pirated the game - they are not your customer so they will not give you the benefit of having the customer/client relationship, but they will still be protected under GDPR as EU citizens and will require consent for data processing. This might even support the notion that companies should acquire explicit consent for every data processing process as it might make companies liable by having an opt-out policy vs opt-in for the grey areas. Assuming of course a case that is not covered by all the exceptions in the recitals

Zeblote
Filter Inserter
Filter Inserter
Posts: 972
Joined: Fri Oct 31, 2014 11:55 am
Contact:

Re: Friday Facts #231 - Belt compression & Crash log uploading

Post by Zeblote »

Instead of thinking so much about the consent, it would be much simpler to just remove all potential PII from the crash logs and call it a day. For example, the path is most likely not useful when you just want the stack trace..

Post Reply

Return to “News”