Deployer: Privacy: Add opt-in for phoning home

Created on 8 May 2017  路  12Comments  路  Source: deployphp/deployer

| Q | A
| ----------------- | ---
| Issue Type | Bug, Feature Request
| Deployer Version | 4.3.0
| Local Machine OS | OSX
| Remote Machine OS | Linux

Description

While trying out Deployer for the first time, I found out, that Deployer is phoning home stats for every task it executes. I understand that stats may help developing Deployer. But at least inform the users about this behavior, better, provide an opt-in for reporting stats.

I see that there is no personal data included in the stats being sent. However I have issues with task names being logged, together with a unique project hash. This may reveal too much about a private project.

This is what is being logged:

array(11) {
  ["status"]=>
  string(7) "success"
  ["command_name"]=>
  string(4) "test"
  ["project_hash"]=>
  string(40) "***"
  ["servers_count"]=>
  int(1)
  ["deployer_version"]=>
  string(6) "v4.3.0"
  ["deployer_phar"]=>
  bool(false)
  ["php_version"]=>
  string(6) "7.0.12"
  ["extension_pcntl"]=>
  bool(true)
  ["extension_curl"]=>
  bool(false)
  ["os"]=>
  string(3) "OSX"
  ["exception"]=>
  NULL
}

This connection to the Deployer server also triggers issues with the SSL certificate on every task I run:

PHP Warning:  file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /Users/me/Workspace/deployer/vendor/deployer/deployer/src/Util/Reporter.php on line 58

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /Users/me/Workspace/deployer/vendor/deployer/deployer/src/Util/Reporter.php on line 58
PHP Warning:  file_get_contents(): Failed to enable crypto in /Users/me/Workspace/deployer/vendor/deployer/deployer/src/Util/Reporter.php on line 58

Warning: file_get_contents(): Failed to enable crypto in /Users/me/Workspace/deployer/vendor/deployer/deployer/src/Util/Reporter.php on line 58
PHP Warning:  file_get_contents(https://deployer.org/api/stats?status=success&command_name=test&project_hash=***&servers_count=1&deployer_version=v4.3.0&deployer_phar=0&php_version=7.0.12&extension_pcntl=1&extension_curl=0&os=OSX): failed to open stream: operation failed in /Users/me/Workspace/deployer/vendor/deployer/deployer/src/Util/Reporter.php on line 58

Warning: file_get_contents(https://deployer.org/api/stats?status=success&command_name=test&project_hash=***&servers_count=1&deployer_version=v4.3.0&deployer_phar=0&php_version=7.0.12&extension_pcntl=1&extension_curl=0&os=OSX): failed to open stream: operation failed in /Users/me/Workspace/deployer/vendor/deployer/deployer/src/Util/Reporter.php on line 58
feature
Source
picture FlorianMoser
👍1

Most helpful comment

In my opinion, it should default to false and ask on init, not just send without asking.

picture barryvdh on 12 May 2017
👍5

All 12 comments

Hi,

I understand your point, let's find some solution what may be appropriate for most users.
You can disable anonymous statistic by adding this line of code to your _deploy.php_ file:

~php
set('allow_anonymous_stats', false);
~

Maybe include question about allowing anonymous stats in _dep init_ command? That way we inform user about it and can describe why this is important for developing and planning better tool.

antonmedv picture antonmedv on 8 May 2017 
set('allow_anonymous_stats', false);

That's good to know, thank you.

Maybe include question about allowing anonymous stats in dep init command?

That's also what I thought. You could always default it to yes, but showing the option informs the user and offers the option to disable reporting.

While investigating I was also reading the documentation on deployer.org, but couldn't find anything there. Maybe you could add a note about privacy there?

FlorianMoser picture FlorianMoser on 8 May 2017
👍1

What about asking the user first time deployer is invoked whether the binary is allowed to send usage stats ...? That way all users are aware of the feature and can decide whatever they like

staabm picture staabm on 8 May 2017

Force to ask some question during deploy is bad user expirience. I think to find proper way of doing this.

antonmedv picture antonmedv on 8 May 2017

I think any information about reporting is better than none.

However maybe some developer are willing to submit stats for some projects, but not for others.

Force to ask some question during deploy is bad user expirience. I think to find proper way of doing this.

Not during deployment. But maybe during dep init (while being asked, what project type to start with)?

FlorianMoser picture FlorianMoser on 8 May 2017
👍1

@FlorianMoser i agree, dep init sounds right like place.

antonmedv picture antonmedv on 8 May 2017

Yep, thats what I meant. Init time would be great.

staabm picture staabm on 8 May 2017

Did not see nothing while dep init. Or did I miss it?

ivangretsky picture ivangretsky on 11 May 2017

@ivangretsky not implemented yet.

antonmedv picture antonmedv on 11 May 2017

@salarmehr deployer collect only anonymous usage statistic, no sensitive data collected.
You can turn request completely:

set('allow_anonymous_stats', false);
antonmedv picture antonmedv on 12 May 2017

In my opinion, it should default to false and ask on init, not just send without asking.

barryvdh picture barryvdh on 12 May 2017
👍5

Done. Now dep init command will tell about this function and ask confirmation. Also i improved init command a little bit.

antonmedv picture antonmedv on 14 May 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

JonasDoebertin picture JonasDoebertin  路  4Comments
chouex picture chouex  路  4Comments
sweebee picture sweebee  路  3Comments
flashios09 picture flashios09  路  4Comments
greatwitenorth picture greatwitenorth  路  4Comments