Office-js: Data collection from office-js

Created on 9 Feb 2018 · 14Comments · Source: OfficeDev/office-js

Hi,

I've noticed that when I include the script for the office integration a POST request is sent to the following address https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application/bond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.1.1&x-apikey=db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439&client-time-epoch-millis=1518000010111&time-delta-to-apply-millis=use-collector-delta

This happens for both the debug version (https://appsforoffice.microsoft.com/lib/1.1/hosted/office.debug.js) and the production version (
https://unpkg.com/@microsoft/office-js/dist/office.js)

This request appears to be collecting a fair amount of data.

Can you please be transparent about what data you're collecting and why you're collecting it.
Is this data collection 'feature' documented any where?
Can I turn this 'feature' off?
What impact, if any, does this have on my users when GDPR compliance comes into force in May?

Thank you.

author feedback doc bug

Source

roebuk

👍4

Most helpful comment

Seen as GDPR is now in force and data is being collected without the users explicit, I see this as a clear violation of GDPR. An update on this would be greatly appreciated.

roebuk on 29 May 2018

👍7

All 14 comments

Adding @trmini. And also @kbrandl and @Rick-Kirkham to make sure this is documented (if it's not already)

Zlatkovsky on 9 Feb 2018

👍2

I'll created a VSO item for this work. For MS internal folks only: https://office.visualstudio.com/OC/_workitems/edit/2141899

Rick-Kirkham on 9 Feb 2018

👍2

I would really like the answer to the question

Can I turn this 'feature' off?

Our application is making a request to 'https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html' due to the inclusion of
<script src="https://appsforoffice.microsoft.com/lib/1/hosted/Office.js"></script>

It is interfering with our requests and causing some trouble while loading it.
Even if we get around it, we would really like to give the control to the user, whether they want the telemetry to happen. So, at the user's discretion we can turn this feature on/off.

thinksysprem on 28 May 2018

Seen as GDPR is now in force and data is being collected without the users explicit, I see this as a clear violation of GDPR. An update on this would be greatly appreciated.

roebuk on 29 May 2018

👍7

1. Can you please be transparent about what data you're collecting and why you're collecting it.

[Phil] The data we are collecting is to ensure that our infrastructure is healthy and that there aren’t specific add-ins causing customers issues. The data we are sending and collecting is in compliance with GDPR per our privacy policy

2. Is this data collection 'feature' documented any where?

[Phil] Not in detail other than what is covered by our privacy policy

3. Can I turn this 'feature' off?

[Phil] We are working on a feature to allow a customer to turn off the feature within the Office Client. It won’t be exposed as a developer option to turn on/off per add-in. This does not impact the current level of GDPR compliance of the feature

4. What impact, if any, does this have on my users when GDPR compliance comes into force in May?

[Phil] The relationship for this data is between Microsoft and the customer. As for any other data collected by Microsoft the customer can request a Data Subject Request (DSR) to request an Export/Delete of the data

PhilSmail on 30 May 2018

👎7 👍3 😕1

at this point all questions are answered.

JuaneloJuanelo on 15 Feb 2019

Any update on office client feature to turn off the telemetry?

smndtrl on 26 Feb 2019

👍1

Just found that this is running every 10 seconds or more frequently on Microsoft Planner (https://tasks.office.com/ - which, can we talk about the inconsistent URL scheme for that and Stream vs other Office URLs?), which over a three day period amounted to over 28,000 requests for an idle website on an inactive computer. This is the kind of thing that ought to happen once: on page load.

Tyler-H on 29 Apr 2019

I would really like the answer to the question

Can I turn this 'feature' off?

Our application is making a request to 'https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html' due to the inclusion of
<script src="https://appsforoffice.microsoft.com/lib/1/hosted/Office.js"></script>

It is interfering with our requests and causing some trouble while loading it.

Even if we get around it, we would really like to give the control to the user, whether they want the telemetry to happen. So, at the user's discretion we can turn this feature on/off.

Hi @thinksysprem , can you tell me how do you work around it.

slgray on 26 Jun 2019

Hello @slgray

Thank you for bringing this issue to our attention,

Could you please share:

the office application you are developing your Add-In for {Outlook, Excel, PowerPoint, etc...} ?
the client you are seeing this issue on {web, Windows, Mac etc..} ?
the version of the client you are seeing the issue on?

This will help us investigate further,

Have a Terrific Thursday!

wandyezj on 27 Jun 2019

Hi @wandyezj

Thank for your help.

Here are the information you need:

Our add-in is for Outlook
Windows client
We have issue on Office 2013, Office 2016 and Office 365

slgray on 27 Jun 2019

Hello @slgray

Thank you for your patience,

I believe the previous answer by @PhilSmail covers your telemetry question. On newer builds of Office, users have full/basic control of telemetry events.

We are trying to understand how the request to 'https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html' interferes with an application. Could you provide further details?

wandyezj on 3 Jul 2019

I know this ticket is closed but a really quick question, how do i disable my addin from dialing into to this url : 'https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html' ??

That yields a 404 now if i check the captured data packets.