Factorio Forums

bobingabout wrote:I like the part where it says anyone not following the rules can be fined €20M or upto 4% income, whichever is highest.

Yep. This time they really got it right. But that are the maximum fines and as long as the company is cooperative, they will not really get fined. The extreme fines are for the extreme violations by the same megacorps (including Microsoft) that keep ignoring the data protection laws despite beeing warned mutliple times.
Someone that tiny as Wube with rather mild violations would probably get help offered for fixing the problems.

Oktokolo wrote:Someone that tiny as Wube with rather mild violations would probably get help offered for fixing the problems.

The "problem" here isn't of any technical nature though. They're more than capable to implement a one-time opt-in screen. But they have stated concerns (in the FFF i quoted before) that they think asking the users to voluntarily upload crash reports would not generate enough debugging data due to users being conditioned to just click "no". Which is why i find it so unlikely they'll change their stance until something happens :/.

eradicator wrote:Which is why i find it so unlikely they'll change their stance until something happens :/.

Maybe not. Latest update, 0.16.47 includes the following.

The system data path is removed from the log when it's automatically uploaded by the crash reporter.
IP addresses are no longer hashed in the log file. All IP addresses are removed from the log when it's automatically uploaded by the crash reporter.

This probably satisfies MOST of the requirements.

eradicator wrote:

bobingabout wrote:You know, Opt in could simply be a clause in the EULA stating that during the event of a crash, they upload data. If you don't accept, you can't play, but at least it's following the law.

Are you sure an EULA would be sufficient? I thought the whole point of GDPR was to remove the possibility of selling your soul via small print. Not that i personally care because i live in Germany where EULAs are not legally binding in 95% of the cases because they're not handed to you before you sign the contract (=buy the game). Yes, that means EULA in the installer is invalid here.

EDIT: Found a fitting quote:

eugdpr.org wrote:companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent

Factorio developers clearly state EVERYTHING you need to know about privacy here. You don't even have to buy the game to know it.

eradicator wrote: @Gergely:
The problem is not with any one software developer who might or might not handle the data properly. The problem is that all stored data eventually will be used for purposes it was not originally collected for. No programmer is employed at the same place for eternity. And even if they were, other people would still need unchecked access to it.

Okay, there are several problems here...

First, the data is stored by the company, not the programmer.
Second, the data is not at all likely to be used for purposes other than what it was originally collected for. (I mean, why would it be?)
Third, the data is not even "personal data" to begin with!! It's just anonymous crash logs! (I mean, on the website you provided, the keep saying "personal data" everywhere.)
And finally, who are these "other people" who need "unchecked access" to this data?

eradicator wrote:The GDPR is a brand new European data protection regulation. As you seem to haven't even heared about it you are probably not even affected and thus all your points are in vain.

It is true that I haven't heard of it before someone brought it up on this forum. However, since I am a citizen of the EU, I am affected.

eradicator wrote:As for the specific things wube currently doesn't do i think this might be a good start. (that's the official site btw.)

At the time of collecting their data, people must be informed clea rly about at least:

• Who?: Wube Software
• Why?: Automated Feedback
• What?: There is no personal data being collected.
• Legal Justification... ?
• For how long will they keep the data... ?
• Who else has access?: No one.
• Will the personal data will be sent to... nope, it is not personal data.
• Can they have a copy of the data being sent?: Yes! In ".log" format!
• Do they have a right to file a complaint to... About what exactly?!
• Do they have a right to withdraw... YES! You can opt-out of this whole thing.
• The existence of an automated decision maker: Yes. The files are sent only if the game crashes.

There are some question marks because I don't know the answer to everything.
However, the initial assumption, that the data is personal and/or belongs to the person is incorrect to begin with, so I don't see how is that a violation.

To my understanding, "clea" and "rly" are not even English words, so this whole page is flawed anyway.

@Gergely:
Thanks for making it blantantly obvious that you're only trying to troll by "dismantling" a generic, non-factorio-specific answer that was meant to tell you more about GDPR because you asked. And you're apparently not even able to distinguish between a contract and a public information page.

Gergely wrote:To my understanding, "clea" and "rly" are not even English words, so this whole page is flawed anyway.

Riight... here's your fish <°)'|'|'|'|`=<<, now go away please?

eradicator wrote:<°)'|'|'|'|`=<<

Thank you!

FactorioBot wrote: Thu Feb 15, 2018 5:14 pm Minor Features

• When the game crashes, the crash log is uploaded to us. You can opt out by disabling it in the options menu.

This is not acceptable. The most serious way to earn user's confidence is to ask them before sending out any data. That is called:

Opt-in

It's a fact that sending out data always contents personal data, at least the so-called meta-data, formally the MAC address, the IP address and the target site, not to forget about the time which allows the creation of a user's profile. If its content is encrypted, noone can say what's sent while sender & receiver still stay visible; that's due to the fact of how internet works (you can't send a letter via snail mail without at least the addressee, either). If it's not encrypted, it can be read by any user on the internet, technically.

Because we're talking about a LOG file we can be sure that some elementary datas are saved in it, such as Factorio version, its path (I'd like to know it if I were a developer to cut out the possibility of file name discrepancies, for example), amount, type & the names of installed mods, together with a memory dump of the game. Oh, and the capability of the player's machine is also very important: is a weak CPU installed? or the graphic card driver obsolete? is RAM drained to zero?

All these things can and will contain at least some fragments of personal data. There's absolutely no way to avoid this -- except not to collect.

Arguments like "but all others are collecting data, too!" are not valid. Collecting data itself is an intervention into one's privacy. That can't be relativized by the (sheer) number of people doing it (knowingly) wrong.

This understanding about self-servicing data of other people has become a general problem in this world. I see this with suspicion. And, by the way, I'm consequent enough not to use Windows 10 -- just because of the reason that it's impossible to prevent the outsending of data (and I don't want to be told when and what updates to install, by the way).

Another argument what came up was "99% of the users won't become active to activate this feature". Well, 99% are not 100%. It underestimates that there're many people out there which like to help the developers voluntarily. And, by the way, the user is not the alpha or beta tester, even if it's formally a pre-release. By paying money to such a project the developers are in charge to protect private data. Asking the users is legitime; collecting data without questioning is not.

Factorio is a great game, even if the gameplay has an end (when you send the rocket to the sky). It makes fun to try other setups and changing things. The modding community is also great. I also like the documentation about changes even if I'd love to read what's the result of the change, not only the change itself.

But if something turns out into any form of spyware, then it's sure that I'm gone as user. After all, I have to speak out a big "Thanks!" to the developers supporting a non-Steam version. Please never do change it. To keep a straight line, the sending of crash reports must be opt-in. There's no way around it to stay serious.

Additionally, by asking the user to opt in there must be elementary data shown about what will be collected. A simple reference to privacy terms (which can always change) is not enough.

Apart the fact you're like 6 months late,

The log only contains basic system information (CPU, GPU and free memory), game display settings, operation log, crash stack trace for the main thread and in some rare cases a minidump. We send that information (if you didn't opt out), in our binary format, securely, through HTTPS to one of our servers. In the next version we even sanitized the log a bit so it does not contain anything that might be seen as a privacy breach, such as IP addresses. We also updated our EULA and included it in the game to mitigate any legal issues.

Source : https://factorio.com/blog/post/fff-231

If this still is not enough for you, you can opt-out.

Koub wrote: Mon Dec 03, 2018 10:08 am Apart the fact you're like 6 months late,

As I do see, the basic problem (still opt-out) didn't change, so time is actually no matter.

If this still is not enough for you, you can opt-out.

I don't understand why changing to opt-in is such a problem?

vangrunz wrote: Mon Dec 03, 2018 10:14 am I don't understand why changing to opt-in is such a problem?

Because then you would probably cut crash reports by 80-90%, which would defeat the point of adding automatic crash reporting.

If a crash occours, a dialogue can be presented, leaving the player the option to send or not to send (probably most will do). Some games do so, and I can go d'accord with it. But not with any opt-out option, sorry.

I do see that there's an interest in crash logs. But I also do see privacy conflicts. To me, privacy weights heavier than the desire to get crash logs. I don't want anything to be sent without my interaction.

PS: If you update to a new version, a window with version changes appears. Why not make an one-time question to automatically or manually send crash logs?

vangrunz wrote: Mon Dec 03, 2018 10:40 am PS: If you update to a new version, a window with version changes appears. Why not make an one-time question to automatically or manually send crash logs?

That window only appears in the stand alone version of the game, the steam version updates automatically

vangrunz wrote: Mon Dec 03, 2018 10:40 am probably most will do

My expectation is that only around 10 to 20% of users will send a crash report in that case, and most of those will actually file a bug report anyway.

Edit:
Quoting form the already linked FFF (https://factorio.com/blog/post/fff-231)

Since 0.16.24, Factorio uploads its crash log to us whenever it crashes (This can be disabled from the options menu).
For a very long time we wanted to be able to do this. I would often say that the crash reports we get in the Bug reports forum are a very small percent of the actual crashes, and that we don't really know what is important or not unless there is a major bug that many people report. This was proven to be true after releasing 0.16.24. We had received hundreds of crash logs but nothing was posted in the forum and we quickly found a major problem and fixed it.

The way it works is that when Factorio crashes and a crash log was generated, in its dying moments it starts a new process that tries to upload factorio-current.log (and in some rare cases factorio-dump-current.dmp). Once on our server, we parse the stack trace from it and organize it with identical crash logs into folder. This way we can know which crashes occur more often, and allow us to prioritize more effectively. Our interface looks something like this.

So far it has proven to be very useful. In just 2 days Rseding fixed about 12 crashes that were found by our reporting tool, none of which were reported on the forum.

vangrunz, nobody forces you to play. Don't play if you don't want to. If you want to play, accept what's given. And it's related to all games.

I could repeat the arguements from my request, but that let us nothing but turn in circles.

Enough is said by now. I only can hope that people understand sometimes in future that opt-out is in general a data privacy desaster, no matter how long it exists and/or how many are doing it. Doing so does not create trust.

I'm off from this topic, thanks for reading.

vangrunz wrote: Mon Dec 03, 2018 11:46 am I could repeat the arguements from my request, but that let us nothing but turn in circles.

Enough is said by now. I only can hope that people understand sometimes in future that opt-out is in general a data privacy desaster, no matter how long it exists and/or how many are doing it. Doing so does not create trust.

I'm off from this topic, thanks for reading.

Just please read the hundreds of posts from a few months ago before stating what others have said dozens of time.

I just hope that sending these informations without opt-in is against the General Data Protection Regulation and Wube is just FORCED to remove this shit. I like nearly all decisions of Wube, some I dislike - but this is the only one I actively hate and think is objectivly bad. Please reconsider that, at least for 1.0. These informations for early access is okay I think, but for the finished product? Please not.

Nova wrote: Mon Dec 03, 2018 9:40 pm I just hope that sending these informations without opt-in is against the General Data Protection Regulation and Wube is just FORCED to remove this shit. I like nearly all decisions of Wube, some I dislike - but this is the only one I actively hate and think is objectivly bad. Please reconsider that, at least for 1.0. These informations for early access is okay I think, but for the finished product? Please not.

I too was against the opt-out. But then they removed the privacy-related information from the logs and actually started fixing freak cases wich would have probably been unfixable without the logs from the ignorant masses.
It really seems to work better this way and the privacy issues got fixed - so it is okay in the case of Factorio now.
I even opted back in after the privacy fixes some months ago. But the game is rock stable for me since some versions - so no logs got actually uploaded from my installment.

Why am I getting a notification from an age old topic?

vangrunz wrote: Mon Dec 03, 2018 11:46 am I could repeat the arguements from my request, but that let us nothing but turn in circles.

Enough is said by now. I only can hope that people understand sometimes in future that opt-out is in general a data privacy desaster, no matter how long it exists and/or how many are doing it. Doing so does not create trust.

I'm off from this topic, thanks for reading.

Well I was on the defensive side and I even got some fish out of it. Feedback is very important as a programmer. You just can't see how valuable that information is.

This has to be on by default. No way around this. The average player doesn't check the settings "just in case there's a way I could help the developers", so opt-in is a bad idea. A popup after starting the game will be dismissed without much considering. For popup dialogs on crashes, I think Twinsen has you covered:

Twinsen wrote: Fri Feb 23, 2018 9:08 pm Apart from the extra implementation time, players will still often click "Don't send", either because that's what they have been doing for many years or because they just want to quickly get back in the game or because they feel that the crash was somehow their fault.

And you can always disable this feature anyway. Why do you even care if it's on or off by default? This thing is not supposed to create trust. It relies on trust. Your trust in the developers. It's in the EULA. Don't complain about things you blindly agreed to because that was your fault, not the developer's for not bringing this to everyone's attention. In my opinion, there shouldn't even be an option to disable this. Not for this kind of data at least.

If privacy is an illusion, it's probably best not to break it. I know that Windows 10 sends a lot of data. I also know that it sends much more than I think it does. But I don't care. I have nothing to hide from Microsoft. Or any other big company collecting feedback (that is only valuable to them and them only) AND statistics.

I'm not gonna continue further either because it's "unhealthy". Read the rest of the topic. I just felt like summarizing my points again.