[HN Gopher] Wacom drawing tablets track the name of every applic...
___________________________________________________________________
Wacom drawing tablets track the name of every application that you
open
Author : marginalia_nu
Score : 491 points
Date : 2021-10-31 13:31 UTC (9 hours ago)
(HTM) web link (robertheaton.com)
(TXT) w3m dump (robertheaton.com)
| dreamcompiler wrote:
| At this point I don't think there's a solution for this crap
| except regulation. Any PM of practically any product that has a
| software component is now expected to include revenue-generating
| spyware in the package; if she doesn't she gets fired. Regulation
| is the only solution.
|
| And the fines need to be stiff, like $10,000 per incident per
| user. It's gotta hurt or companies won't stop doing it.
| Iefthandrule wrote:
| Don't companies lobby legislators to prevent this?
| krylon wrote:
| The sad thing about this is that there are perfectly valid
| reasons for Wacom to want certain information, like what hardware
| do their customers connect the drawing tablets to, what operating
| systems and applications do they use. This is useful information
| to have, in the sense that Wacom can choose where to put their
| resources, what applications to test for, etc.
|
| But the very fact they are so damned sneaky about it makes it
| look really shady. Why not openly ask the users those questions
| and show them what information would be sent to the vendor? (And
| I am pretty sure Wacom is but one of many companies behaving this
| way.)
|
| I vaguely recall using some applications built-in crash report a
| couple of years ago, and it was a) explicitly opt-in, and b)
| showed me (after asking me if I wanted to see it), verbatim, the
| data it was going to send to the vendor, including stack trace
| and stuff like that, and then asked me _again_ if I wanted to
| send that crash report. (Unfortunately, I do not recall what
| software that was, though. _sad emoji_ )
|
| So I know it is not only possible to handle these things
| differently, but some people/companies actually do that.
| jodrellblank wrote:
| > " _Why not openly ask the users those questions and show them
| what information would be sent to the vendor?_ "
|
| Why not pay money to people who spend time helping Wacom
| improve their products? Then lots of people would willingly
| help, fill in surveys, test configurations, write feedback,
| etc.
| nottorp wrote:
| No need to pay money even. Just ask the customers: "what
| applications are you using our product for?"
|
| No one who buys such a peripheral would mind; they'd all like
| it to work better with their drawing software.
| tsumnia wrote:
| This is why I reject the counter arguments "Your data is why
| X service is free" or "If you're not paying for it, you are
| the product". Even when we are paying for something, we're
| still getting spied on.
| 8note wrote:
| It's capitalism. Every potential revenue stream will be
| exploited to its fullest potential.
|
| To show similar growth to their shareholders, they'd have
| to charge you more, so you're data is still paying for X
| Lev1a wrote:
| IIRC correctly Steam has a (yearly?) hardware survey which
| their users have the option to take part in, collecting
| information about parts in the computer and about connected
| periphery devices, i.e. model names, no. of monitors,
| resolution, amount of RAM, ...
| duskwuff wrote:
| And Valve is very transparent about how that works -- the
| survey displays a detailed opt-in each time the user's data
| is collected, and the results of the survey are public
| (https://store.steampowered.com/hwsurvey).
| jsnell wrote:
| Because for the data to be useful even for totally benign
| purposes, it probably can't be collected just once. For
| example, the biggest signal I would try to extract for product
| purposes is users who open an app, try using the pen, and then
| give up and continue using it with the mouse instead. You can't
| get that information by collecting information at install time.
|
| Could you write a trigger in the driver to detect this, and
| only ask for consent then? Probably not, since that gives you
| only the numerator without a denominator.
|
| Now, if they really aren't asking at all, that is shady. But
| asking just once rather than on every interaction seems
| basically mandatory to get the data needed for product
| development.
| coldacid wrote:
| Mozilla products used to do this, but I don't think they do
| anymore.
| [deleted]
| jacquesm wrote:
| I don't see any valid reason for Wacom to look at what
| application people use. And in a proper operating system that
| information should not be easily available (not without the
| users' consent).
| Igelau wrote:
| The author oversimplified by calling it "essentially a
| mouse". Pressure sensitivity is arguably the main feature
| that distinguishes a drawing tablet from just being a pen-
| shaped mouse. It's understandable that they might want to
| know what applications it's being used in so they can make
| sure that it works.
|
| But they really could do that in a less shitty way.
| robert_tweed wrote:
| There is a valid reason, which is custom configuration for
| each application. How you want a tablet to act in Blender is
| likely not the same as you would want in Photoshop. A lot of
| mice do the same thing.
|
| Once the user has agreed to that valid use-case, there's not
| a lot the OS can do to stop the data being logged
| permanently.
| userbinator wrote:
| Doing that locally is perfectly fine; it's the (surprising)
| act of sending it over the network which isn't acceptable.
| jacquesm wrote:
| That can be handled quite well by local customization.
| littlecranky67 wrote:
| Any examples for those proper OSes? I can only imagine those
| often critized for being walled gardens, namely iOS, Android,
| and proprietary hardware like gaming consoles. On any UNIX
| used as a desktop, you will not have trouble finding a list
| of running processes.
| jacquesm wrote:
| Qubes. It's essentially VMs around every application,
| browser instance or service.
| littlecranky67 wrote:
| And that has what market share amongst wacom tablet
| users?
| lolpython wrote:
| Market share describes what state the world is in. I
| don't see what bearing that has on a discussion of what
| the world _should_ be.
|
| OpenBSD implemented the ASLR security mitigation as
| default in their operating systems first. Windows and
| macOS followed years later. I don't think they did so
| because of OpenBSD's market share.
|
| https://en.m.wikipedia.org/wiki/Address_space_layout_rand
| omi...
| kapp_in_life wrote:
| The need to know what art applications to test their product
| against and what hardware configurations they might need to
| write drivers for. For example, is 99% of their customer base
| using GiMP or are they using Photoshop? Its important to know
| how to allocate their testing resources.
|
| They could ask permission first but this sort of telemetry is
| a nothingburger in my opinion, as unpopular as that might be
| on this forum.
| redwall_hp wrote:
| For art, probably neither actually. Those are both photo
| retouching/raster manipulation programs.
|
| Something like Krita or Clip Studio Paint is more likely
| for drawing.
| kapp_in_life wrote:
| Plenty of artists I know personally use Photoshop with
| tablets, and a few use clip studio or sai. Probably
| depend on the circles you know.
| jacquesm wrote:
| > They could ask permission first
|
| No, they _must_.
|
| > this sort of telemetry is a nothingburger
|
| I strongly disagree, what runs on my computer is my
| business and if Wacom wants to know, they can ask, and I'll
| tell them 'no, sorry that is not something you need to
| know'.
|
| It's called consent and it's not up to Wacom to decide that
| _I_ will think it is a nothing burger.
|
| > in my opinion, as unpopular as that might be on this
| forum.
|
| That's the whole point of consent: some people give it,
| others withhold it. You are just as entitled to your
| opinion as I am to mine and _that_ is why they should ask,
| it 's not that you get to decide for me that it's a nothing
| burger, just like I won't decide for you that it isn't.
| kapp_in_life wrote:
| You consented when you ran their drivers to use the
| hardware, just like you consent to being recorded on CCTV
| when you enter a shop or stop at a gas station.
|
| Don't like it? Read the privacy policy for software you
| run. That, or you can write or rely on libre drivers for
| the tablet to run on your specific hardware setup. And
| deal with all the issues unsupported/maintained drivers
| have.
| ygjb wrote:
| Well, or as an alternative, we could regulate the
| collection, retention, and use of data by applications.
|
| Consumers can't meaningfully consent isn't meaningful
| when businesses don't have an obligation to disclose what
| data is being collected especially when it is described
| as
|
| "[including] aggregate usage data, technical session
| information and information about [my] hardware device."
|
| Far more consumers would be outraged if each application
| or license agreement had to: a) provide a detailed list
| of information collected and transmitted to the vendor b)
| acknowledge each time that list of data changed c) had to
| do this for each business they dealt with on a regular
| basis
| Bilal_io wrote:
| > You consented when you ran their drivers to use the
| hardware
|
| Is it mentioned in the privacy policy agreement? Or are
| you saying that any driver I install on my machine is
| equal to my consenting that the driver's author can
| collect whatever data they want?
| kapp_in_life wrote:
| I'm sure its mentioned in the privacy policy or else
| Wacom's legal team is completely incompetent.
| robin_reala wrote:
| Might be the case in the US, but GDPR in the EU requires
| informed consent for this sort of analytics gathering.
| With the keyword being informed.
| kapp_in_life wrote:
| Hence my comment on the privacy policy statement. I'm
| sure its included with the tablet, or Wacom's lawyers are
| completely incompetent. Sending data necessary to the
| functioning of the device(ex: knowing what programs to
| support compatibility with) is generally allowed through
| Art 6 https://gdpr-info.eu/art-6-gdpr/, I'm not your
| lawyer though.
| dylan604 wrote:
| macOS does this any time an application "quits unexpectedly".
| You can Ignore, View Report, Send Report from the dialog.
| duskwuff wrote:
| Some parts of the report are deliberately anonymized, too --
| for example, if an executable is running from the user's home
| directory, that path is literally displayed as "/Users/USER/"
| rather than including the actual username.
| Sindisil wrote:
| Most Linux distributions have a similar mechanism.
| m4rtink wrote:
| AFAIK for example on Fedora this (ABRT) is opt in and only
| sends "thing crashed" if you opt in. You need to explicitly
| manually check and confirm a full crash dump before sending
| it, so really not anything being done without the user
| knowing, at least on Fedora.
| [deleted]
| haxiomic wrote:
| This was a wonderful read
|
| I think when I was younger I'd assumed the sheer number of
| technical users out there would mean it would be hard for
| companies to get away with things like this but these days I
| realize this sort of analysis and public exposition is actually
| rare and the number of skilled developers investing time in this
| is slim
|
| Perhaps collectively as a community we can create public bug and
| privacy bounties that enable and incentivise more work like this
| mikeodds wrote:
| That's an interesting idea, specifically the privacy bounty
| part, I imagine one of the difficulties here would be who
| handles the adjudication of it's a privacy issue or not /you
| get paid or not.
| haxiomic wrote:
| As much as I struggle to personally get behind crypto, this
| is exactly the sort of motivating use case that DAOs
| (decentralized autonomous organizations) are intending to
| solve. User would pool their crypto currency, gaining voting
| rights in the process, researchers can submit to the pool to
| collect a bounty and members of the DAO get the opportunity
| to vote on bounty release. All this is would be built to
| happen autonomously
|
| It's a funky idea, at the moment I'm suggesting more as a
| curiosity rather than thinking it's the right approach for
| something like this
|
| My immediate criticism is you could end up with an
| organisation that _is_ ultimately centralized but now the
| major players would be hidden. Currently crypto seems to
| generally tend towards oligarchic growth, so I imagine you'd
| have a few players that control most of the shares and many
| people controlling negligible portions. Perhaps these issues
| (not to mention the energy costs) can be solved, but right
| now I'm curious but skeptical about these ideas
| tailspin2019 wrote:
| > Perhaps collectively as a community we can create public bug
| and privacy bounties that enable and incentivise more work like
| this
|
| Interesting idea! If it was ethical (ie still properly followed
| responsible disclosure processes etc) I'd donate to something
| like this.
|
| EDIT: Also if supported by someone like the EFF maybe there
| could be a degree of legal cover for any potential issues.
| yjftsjthsd-h wrote:
| What ethical issue do you see? What is there to responsibly
| disclose? Software vendors do this on purpose; they don't
| need notification.
| tailspin2019 wrote:
| > Software vendors do this on purpose; they don't need
| notification.
|
| I must admit I didn't put much thought into my comment on
| ethics but I guess what I had in mind is perhaps a scenario
| where the behaviour is not actually intentional, and the
| vendor should at least be properly informed that there may
| be leakage (to them) of private data as opposed to just
| jumping straight to blogging about it.
|
| So rather than "responsible disclosure" perhaps just a code
| of conduct to ensure that such a program doesn't just
| attract people looking for glory and blog posts, but
| actually has a standardised way to report these issues to
| the vendor and give them an opportunity to fix and/or
| respond.
|
| I don't mean to dilute the core of the idea though, it's a
| good one, and it definitely needs to be geared towards
| being in favour of the consumer rather than letting the
| vendor off the hook.
| wyager wrote:
| "Responsible disclosure" is a concept mostly proposed by
| companies looking to accommodate their own willful
| irresponsibility. This is even more true in the case of
| intentional privacy violations by software vendors. The
| responsible thing is to immediately put these companies on
| blast the moment this kind of spying is uncovered.
| tailspin2019 wrote:
| I do see your point, but I still think a standardised way
| to at least make sure the vendor is aware of the issue
| would be needed if we're talking about a formal program.
| Not necessarily holding off publishing to do so though.
|
| But I don't mean to back the side of vendors unduly here...
| derekjdanserl wrote:
| Short of a comprehensive political challenge to the American
| oligarchy that prioritizes the dominance of the American empire
| over the well-being of American citizens, essentially nothing
| can be done about this kind of thing in the United States.
|
| Understand the GDPR is only able to exist as a tool of leverage
| in international markets. The benefits to individual privacy
| are little more than a means to that end.
| vorpalhex wrote:
| Wacom collecting kinda intrusive information (likely
| justified under knowing what applications to test their
| product against) is not some sort of oligarchial/royalty
| based plot.
|
| I mean, everything you wrote sounds great, it just doesn't
| mean anything or have any relation to reality.
| redwall_hp wrote:
| Wacom (wakomu, or wakomu) is also a Japanese company, not
| American.
|
| It's weird to presuppose that the US even matters when
| Wacom is a multinational company that operates domestically
| in Japan and also in Europe. This _is_ probably a GDPR
| issue for Europeans.
| convolvatron wrote:
| are you saying that in reality, as opposed to leftist
| fantasy world, that the US strikes an appropriate
| legislative balance between the general benefit of the
| populace and the desires of the business which operate
| there?
|
| that...doesn't seem right.
| jacquesm wrote:
| Can we keep this kind of tone off HN please? Thank you.
| DangitBobby wrote:
| Sarcasm aside, no, it doesn't sound right.
| pacija wrote:
| It is becoming harder and harder to troubleshoot which apps
| talk what to which servers because all off them, including OS,
| talk something all the time.
|
| Back in the day if user told me they have a problem accessing
| some Internet content I would instruct them to close all the
| applications and start to dump their traffic on firewall and
| proxy. There wouldn't be any traffic from their IP address.
| Then, when they started the application I would see if traffic
| goes through proxy or directly through firewall, and make
| adjustments, like putting destination domain on an exclusion
| list in proxy or destination ip and port on an exclusion list
| in firewall.
|
| Nowadays, Windows 10 without any applications started sends
| hundreds of requests per minute to dozens of IPs. Something
| respects global proxy settings, something not. I guess Android
| is even worse.
| DaiPlusPlus wrote:
| Protip: you can configure Windows Firewall to block all
| outbound traffic on a per-process basis. It's not advertised
| as a feature though. There's also 'netsh http' too. (I'm not
| sure how to block HTTP requests originating in the kernel
| though)
| dr_kiszonka wrote:
| I really like the bounty idea.
|
| There are tons of highly skilled and wealthy folks in the HN
| community, who are upset about issues such as privacy in tech,
| poor security in public sector organizations (utilities,
| education), etc. With some good, informal, leadership, we could
| put the community's resources to good use and help solve these
| problems.
|
| Folks who don't see meaning in their regular jobs could find
| contributing their skill or money to this and similar projects
| fulfilling and rewarding.
| tailspin2019 wrote:
| So who's going to take the lead on setting up the Hacker News
| Consumer Privacy Program? :)
| shadowgovt wrote:
| Not only is this kind of technical user rare, but public
| response to a post like this is also demonstrably rare. Of the
| people who read this, only a fraction will consider changing
| their configuration to stop Wacom from sending this data.
|
| Incentives are well aligned for a corporation to just try it.
| fouc wrote:
| I think we all as the end users could use a bit more support
| in terms of getting access to good information on configuring
| all the things we might use, being able to make better and
| more effective choices overall.
|
| For example, one thing that jumped to mind was we seem to be
| lacking any objective measures of the speed of various OS
| versions, so everybody is always upgrading and claiming its
| faster, but is it objectively faster every time? What kind of
| regressions might happen?
|
| There's nobody that is spending the time figuring out this
| kind of information, so everyone is kind of uninformed and
| there's more pressure to always upgrade.
| dahart wrote:
| > we can also come up with scenarios that involve real harms.
| [...] I personally use Google Analytics to track visitors to my
| website.
|
| This was a well-written fun read, and I also both care about
| privacy a lot and have also used Google Analytics on a site too,
| but at the same time I'm a little bit floored how quickly his own
| use of GA was assumed benign while Wacom's was assumed malicious.
| (Using GA is handing tracking data to Google, after all.) I don't
| think the "it's just a mouse" is a valid justification for this
| double standard. My browser is "just a viewer"; I'm getting
| tracked _before_ I click on anything on your page. If we're going
| to care about privacy deeply, I think we need to be a little more
| rigorous together.
|
| This makes me wonder something as a developer - it's not just
| tempting to have analytics and telemetry, it's very, very
| valuable data if you care about the customer experience. And for
| companies that don't do anything with this data other than
| improve the customer experience and fix crashes, this data is
| also valuable to the customers and users. So the big question
| here for developers is how can we collect usage data safely
| without compromising privacy? What data is safe to track, and
| what data is not safe to track? Personally I assume there are
| many kinds of seemingly innocuous data that could be misused.
| Even tracking mouse location can reveal things to an adversary.
| What can we do as developers to prevent customer experience from
| becoming adversarial? Is the only answer to not send any data? Or
| is there a technical way to establish and maintain trust between
| users and apps?
| prox wrote:
| I think one way is to show the actual data being sent, rather
| than a black box with a sign "trust us, send us your telemetry"
|
| Some companies allow you to see what they are going to sent. It
| still takes trust, but it goes a long way.
| Tijdreiziger wrote:
| https://en.wikipedia.org/wiki/K-anonymity
| ryandrake wrote:
| > So the big question here for developers is how can we collect
| usage data safely without compromising privacy?
|
| Consent and control. Do not collect anything without obtaining
| the user's active, voluntary, informed consent, and give the
| user the control to withdraw consent later. That's really all
| there is to it.
|
| Active: you don't hide it in the TOS. You make consent an
| action that the user is requested to do.
|
| Voluntary: to the user, the software should behave identically
| with or without user consent for data collection. Don't make
| consent a condition of using the product or features.
|
| Informed: the user knows what he is consenting to and can
| understand what data is in play. No simple "check this box to
| help us understand stuff LOL".
| jodrellblank wrote:
| > " _it's very, very valuable data if you care about the
| customer experience. [...] What can we do as developers to
| prevent customer experience from becoming adversarial?_ "
|
| _Pay money_ for the very very valuable data, instead of taking
| it and trying to hide behind legalese and finger-pointing and
| distraction and affront. If studying how people use your thing
| adds value to your company, run a usability lab where you pay
| people to study how they use your thing. Contact a company with
| a lot of users and arrange to give them discounts in exchange
| for data, agree up front what data will be shared and how it
| will be used. Offer discounts like Amazon 's Kindle-with-ads is
| cheaper than Kindle. Make it opt-in with limited things you
| collect and what you do with it, and be trustworthy enough that
| people believe you only do that.
|
| Microsoft PowerShell collects telemetry and it's opt-out, which
| is annoying for a shell/programming language. But there is a
| public help document about what is collected and how to opt-
| out[1] and the source code is on GitHub[2]. Even then I
| wouldn't be surprised if that was the proverbial straw which
| broke the camel's back. As developers keep abusing people's
| trust and taking liberties, _something_ will be. It 's a
| tragedy of the commons situation, why would you stop abusing
| the ~~environment~~ customer a little bit for a good reason
| when others are doing worse and they won't stop?
|
| [1] https://docs.microsoft.com/en-
| us/powershell/module/microsoft...
|
| [2]
| https://github.com/PowerShell/PowerShell/blob/master/src/Sys...
| cma wrote:
| Windows Terminal does telemetry too. Super creepy.
| akira2501 wrote:
| > Pay money for the very very valuable data
|
| I would assume a primary internal use for this would be to
| test their driver against specific applications and to
| develop enhancements and improvements for them. The driver
| offers application specific mappings, so perhaps they want to
| know what applications are actually being used to better
| inform their efforts.
|
| If the drivers are continuously updated with this information
| to provide an improved experience for the largest parts of
| their user base, then they are effectively paying back for
| the use of this data.
|
| If that's as far as their use of this data goes, then what
| more do they directly owe you for the data?
| Jiro wrote:
| "Pay money to get the data from the user" doesn't mean "pay
| money whether the user wants it or not, and take the data
| whether the user wants to or not". It means that the user
| has to engage in a voluntary transaction where he can
| decide whether the price he's paying is worth it or not. No
| price is "worth it" if the decision that the price is worth
| it is a one-sided decision that comes from the company.
| dahart wrote:
| Like the sibling comment, my reaction, and my intent when I
| said "valuable", was referring to developer quality and
| customer experience value, not financial value -- _assuming_
| the data is not being sold for financial gain, and it is only
| used for development and UX. I personally loathe reducing all
| things to financial value on principle, because I think it
| cheapens relationships and reduces trust, and anyway the
| conversion rate is often wildly wrong. However, I also think
| you have a reasonable and valuable point, and maybe paying
| for the data really is how we make this work. It certainly
| would be okay in my book if there was a large financial
| penalty for companies found doing things with data that
| aren't in the customer's best interest and that they didn't
| make clear from the start.
| lvass wrote:
| Would I be compromised if I once ran `$ important-command
| --key=secret-key`, having a drawing tablet?
| nkozyra wrote:
| Not enough data presented in the article to say. All it
| included was foreground app changes, so based on that you'd
| just get Terminal opening log messages.
| bogwog wrote:
| Considering Wacom feels justified in collecting whatever they
| want without disclosing it, I think it's safe to assume that,
| yes, you would be compromised. It's better to be safe than
| sorry.
| jaclaz wrote:
| Besides the specific Wacom related issue, I find this snippet
| fantastic:
|
| >The first is a principled fuck you. I don't care whether
| anything materially bad will or won't happen as a consequence of
| Wacom taking this data from me. I simply resent the fact that
| they're doing it.
|
| I have rarely seen the concept expressed in such a clear, direct
| manner.
| contingencies wrote:
| I am a long time Wacom customer and this pisses me off too. I
| will certainly be trying out alternative brands in future. How
| about organizing an open source hackfest for alternative tablet
| brands? Some alternative tablet manufacturers:
| https://www.veikk.cn/products/ (Hui Ke ) https://www.huion.cn/
| (Hui Wang ) https://www.gaomon.net/Pen_Tablet/ (Gao Man )
| https://www.ugee.com.cn/ (You Ji ) https://www.parblo.cn/
| (Parblo) http://www.penpower.com.tw/ (Meng Tian ; Taiwan)
| https://www.xp-pen.com/ (XP-Pen; Japan)
| citboin wrote:
| I've been avoiding those products because they're Chinese.
| Can a pihole be used to stop tracking?
| contingencies wrote:
| Some are Chinese, some are Taiwanese or Japanese. Open
| source solves the bad-actor-driver issue.
| KerryJones wrote:
| I came here to say the exact same thing.
| dpacmittal wrote:
| I don't understand why desktop operating systems still don't ship
| with mobile style sandboxing. It would be so darn useful to
| restrict applications from using filesystem, or have access to
| only certain folders, or restrict them from internet access.
|
| I recently wanted to install a crypto currency wallet on my linux
| machine but I was terrified of the fact that every single
| software on my machine can access the whole of filesystem and can
| easily steal keys to the wallet. Eventually decided it's just not
| worth the constant worrying.
| jiveturkey wrote:
| macos does and has for a few releases now.
|
| in this case it's a kernel driver that interacts as an HID with
| every application. it also loads app specific macros so it
| needs to know WHAT app is running.
| amelius wrote:
| Apple does the same thing. Phones home for every application you
| open.
| userbinator wrote:
| I strongly believe this sort of behaviour comes from companies
| who for some reason think they need their products to have some
| sort of "experience", usually the ideas of marketing people.
|
| I remember many years ago buying an unbranded tablet from Alibaba
| -- direct from an OEM -- for a fraction of the cost of a Wacom,
| and it didn't even need drivers to start functioning. What
| drivers did come with it on the CD were minimal, unsigned (very
| common at the time, along with the instructions to click past the
| warning when installing) and surprisingly even had source code.
| The configuration utility wasn't a bloated abomination and didn't
| add itself to autorun on startup.
|
| In other words, it felt like a humble servant ready to work for
| you, rather than attempting to coerce you into its "experience".
| It probably wasn't as responsive or featureful as a Wacom, but
| worked decently for the cost.
| SavantIdiot wrote:
| From another perspective, this was a great intro to BurpSuite.
| I've always wanted to get around to using it, this was a cool
| demo.
| hiccuphippo wrote:
| I block google analytics at the DNS level so I guess I'm safe?
| It's good that they don't send the tracking data to the same
| domain that sends driver updates.
| Pxtl wrote:
| ... this is a strong argument for a pihole. Easy network-wide
| anti spy functionality.
| Pxtl wrote:
| I assume it's because the Wacom has some value-adds for specific
| software, like custom software-specific hot buttons, erase
| functionality, the zoom circle, etc. and they want to know which
| applications users are using with the Wacom.
|
| But the fact that there's a legitimate customer-oriented
| explanation doesn't make this okay.
|
| I mean, if I added an always-on internet connected forward-facing
| camera and mic to a washer and dryer, I don't think we'd accept
| "to help you debug issues" as a good answer.
| JKCalhoun wrote:
| I never thought I would want a "walled garden" on my desktop, but
| these shit software stacks that companies are integrating into
| their products are forcing me to want to fight back to lock down
| my machine.
|
| I would love a simple utility that could not only neatly
| encapsulate and display the data being sent from my machine out
| on the network but also allow me to merely check a box to block
| that traffic.
|
| A smart initial config of course would "allow list" the usual web
| traffic from my browser(s), mail traffic from my mail client,
| etc.
|
| I don't want to mess with proxies, don't want to have to block
| ports using a command-line tool or by wading through my router
| config.
|
| Maybe I am asking for too much.
| throwaway09223 wrote:
| I think you want the opposite of a walled garden (app store). I
| think you want a completely open garden, such as we have with a
| typical Linux distro.
|
| A walled garden just changes the entities which can control
| your devices. It doesn't fix the problem of agency, trust,
| choice and consent.
|
| My tablets can't have spyware, because the drivers are stock
| open source. The folks making the hardware aren't in control of
| the driver software that runs the device. I can trust the
| community that any attempts to do this nonsense in an open
| source driver will make the news. The track record against
| spyware in the linux kernel is spotless.
|
| This kind of nonsense is only a problem with closed source
| software.
| Mollythedog wrote:
| If I am not mistaken, there was, back in the day, a small
| program called Proxomitron that did this.
| userbinator wrote:
| I still use it. Unfortunately, apps that don't respect the
| system proxy settings are common. (And now we have browsers
| that don't respect system DNS, but that's another rant...)
| jacquesm wrote:
| https://www.qubes-os.org/
| ant6n wrote:
| Does anybody remember ZoneAlarm? At some point later these
| firewalls became a standard of windows, and then when later
| they went away again.
| marderfarker2 wrote:
| Back in the Windows XP days my dad installed an Enterprise
| copy on the family PC. You could see per application network
| access in real-time, and would ask for permission whenever an
| application tries to make an outgoing connection, unlike
| Windows Firewall which seems to be extremely leaky.
| xoa wrote:
| > _I would love a simple utility that could not only neatly
| encapsulate and display the data being sent from my machine out
| on the network but also allow me to merely check a box to block
| that traffic._
|
| Does Little Snitch not meet your needs there? I believe even
| with the challenges caused by Apple's unfortunate elimination
| of kernel extensions it's still powerful and effective. The GUI
| is solid and I've had solid success over many years with it for
| this sort of thing.
| azalemeth wrote:
| It's worth mentioning that an excellent FOSS alternative is
| LuLu -- https://objective-see.com/products/lulu.html or
| https://github.com/objective-see/LuLu [last commit a week
| ago!]
| JKCalhoun wrote:
| Thank (both of) you. I don't know why, I had always assumed
| Little Snitch was command-line. I'll play with it.
|
| In my line of work I had used Charles (but no, that is not
| something I would consider was to use).
| d3nj4l wrote:
| OpenSnitch is a good equivalent for Linux users, btw. Don't
| assume you're not being mined for data because you're on
| Linux!
| Multicomp wrote:
| > Don't assume you're not being mined for data because
| you're on Linux!
|
| You make a good point that I'd not really considered. When
| I'm on Linux, I have a tendency to think I'm less likely to
| be tracked for stuff since mostly I just use the open
| source drivers.
|
| I have a wacom tablet connected to my machine running
| Fedora and didn't install wacom drivers, it 'just worked'
| using whoever's amazing open source graphics tablet driver
| contributions.
|
| But if I didn't know that or I had to install Wacom's
| sneaky drivers anyways? If I had to use Little / Open
| Snitch either way to use a particular piece of hardware,
| the thought occurs to me (this may be OT) that it I may
| just wander back to what I'm used to from the past:
| Windows.
|
| Gravity pulls me to Windows because I'm familiar with its
| UX, I have lots of software I run on it, and it's less
| fragmented than desktop Linux.
|
| But I am using Fedora here because it has a superior
| privacy stance, is not going to force me to update, is not
| going to violate my express preferences by willfully
| ignoring or un-setting my settings, and because there's
| less third party drivers required (provided I do the
| special Linux-friendly hardware dance).
|
| I guess I'm trying to say one's personal computing choices
| are a constantly changing balance and your statement caused
| me to re-evaluate my balance there, so thank you for the
| thought provoking comment.
| rocqua wrote:
| It doesn't take much of a walled garden to prevent mouse
| drivers from surreptitious network access. It only takes a
| capability based permission system.
| m4rtink wrote:
| Or open source drivers, ideally maintained as part of a
| community project. Good luck slipping spyware into that.
| JKCalhoun wrote:
| You're right. I shouldn't have said "walled garden" -- a
| permissions system is a perfectly adequate solution.
| ivanmontillam wrote:
| We could go a bit further with MAC (Mandatory Access
| Control). Something like SELinux.
|
| Properly understood, SELinux can provide rock-solid
| security. Of course, it's not a replacement of other
| security software, but it can prevent most of sneaky
| leakages such as the we had just seen in this post.
|
| MacOS doesn't ship with SELinux, but I believe it has
| something similar.
| jodrellblank wrote:
| Can it? (Genuine question). I understand SELinux can
| block processes from opening network sockets for example,
| but aren't drivers modules loaded into the kernel and not
| their own process, so you'd have to block the kernel from
| doing things or not? Or can SELinux go more granular than
| that?
| wtallis wrote:
| When a proprietary/vendor-supplied out of tree driver
| includes analytics/telemetry/spyware, it's most likely
| going to be in a userspace component. Such drivers will
| almost always include at least a userspace configuration
| tool and often a userspace daemon.
| jeroenhd wrote:
| I don't know if it's SELinux or the containerisation API,
| but such a mechanism is also in play with sandboxed Linux
| applications (Flatpak, Snap). On Ubuntu there are many
| apps you can disable a lot of permissions for because of
| the snappification of the OS.
| Willamin wrote:
| If you're on MacOS, there's a third party program that's
| relatively simple to use that does exactly what you've
| described: Little Snitch
| encryptluks2 wrote:
| Start voting with your wallet. I think this is specific to Wacom
| tablets, but there are many vendors that provide Wacom hardware
| without their specific OS. I wonder if there is a good open
| source ROM for drawing tablets?
| numpad0 wrote:
| Wacom tablets are special purpose input devices, like
| Kensington trackballs or 3Dconnecxion SpaceMouse. What is
| needed is an open source Windows driver.
|
| Possible common choices for pen technologies are {Wacom EMR,
| Wacom AES, Microsoft Pen Protocol(formerly N-trig),
| Synaptic(unnamed?), Apple Pencil}. Apple Pencil and AES/MPP are
| well received on lower ends as well as for non-graphic
| purposes(especially note taking, where EMR is near unusable),
| so wallet voting can happen in markets for those, but nothing
| had replaced Wacom EMR in professional spaces if I understand
| right. That's why the company gets to keep pathetic 32", 4K,
| non-HDR, 310 nits, 1000:1 contrast, 98% Adobe RGB display for 4
| grand as their absolute flagship product. Apple Pro Display XDR
| has same size of 32", but is 6K XDR(HDR), with up to 1000 nits
| brightness, has 1mil:1 contrast, has P3 wide color support, for
| 5 grand.
|
| Also I think it's worth considering how or where Wacom got this
| idea. As Wacom EMR pen market used to be a very stagnating
| space with zero competition until it had been incorporated into
| 1st- and 2nd-gen Surface only to be replaced by N-trig on
| Surface 3 onwards, I think it could be argued that it was that
| influx of capital that caused them realize they could
| "modernize" this way.
| JKCalhoun wrote:
| HUION is the larger "Cintiq-clone" product I have used, but I
| have no reason to believe their software is Boy Scout honest.
|
| Of course Apple's "Side Car" means your iPad is a pretty good
| tablet.
| amelius wrote:
| Voting does not work if the majority of voters doesn't care.
| dylan604 wrote:
| I think it's slightly worse because I seriously doubt the
| majority of users are simply unware of something needing to
| be cared about. So they aren't just dubiously doing
| something, they are doing it knowing that most people won't
| know it is being done.
| Kye wrote:
| Wacom is the best, in general. Huion gets 90% there for half or
| less of the price. They favor a different pressure curve that
| likely works well enough for most people while, I'm sure,
| saving on nibs and/or whatever's in the pen. The digitizer
| itself is equally or more accurate in positioning.
|
| While some people take an understandable but cynical view due
| to the close ties between most Chinese companies and the
| government, that's exactly why I don't worry. Any whiff of
| spying would be a diplomatic hazard.
|
| Think of the ruckus when Bloomberg accused Supermicro of
| installing spy chips for the Chinese government.
|
| https://9to5mac.com/2021/02/12/super-micro-spy-chip-story/
|
| Now imagine actual, confirmable spying. This would be the end
| to a huge part of Huion's business in markets it's worked hard
| to build a good reputation in for access to people who likely
| don't deal much in the kind of information a government wants
| to steal.
| tigerBL00D wrote:
| > Some applications, like web browsers, co-operate very well with
| proxies. They allow users to explicitly specify a proxy for them
| to to send their traffic through. However, other applications
| (including the Wacom tablet drivers) provide no such
| conveniences. Instead, they require some special treatment.
|
| You may be able to tweak your /etc/hosts to direct traffic to a
| machine you control, just look out for certificate issues.
| ovalanche wrote:
| I have depressingly started to believe (accept?) that everything
| I use tracks the name of everything else that I use.
|
| Agreeing with the author's conclusion: >"This isn't the dataset
| that's going to complete the embrace of full, totalitarian
| surveillance capitalism. Nonetheless, it's still deeply
| obnoxious. A device that is essentially a mouse has no legitimate
| reasons to make HTTP requests of any sort."
|
| Also, I always disable those "experience programs," like
| Nvidia's. They just give off data collection vibes:
|
| >"If you too have a Wacom tablet (presumably this tracking is
| enabled for all of their models), open up the "Wacom Desktop
| Center" and click around until you find a way to disable the
| "Wacom Experience Program"."
| onlyrealcuzzo wrote:
| Android and iOS phones definitely track EVERY app usage down to
| the millisecond - and they have since pretty much the
| beginning...
| mleonhard wrote:
| The real problem here is that our OSes do not let us control the
| outgoing connections from software that we use. Device drivers
| should not have network access, unless they are drivers for
| network devices. The OS should enforce an allowlist for each
| application with the network names/protocols/ports it is allowed
| to use. Users should have control over this allow-list. The OS
| should require the user to review the allow-list before they can
| use a newly installed program.
|
| Software must install and work properly even when the user
| restricts its network access. When software fails to do so, the
| OS maker should not sign the software or allow it to market
| itself as "OS-compatible".
|
| We cannot depend on good intentions. Good quality of life
| requires accountability for all.
| _trampeltier wrote:
| I think in future we have to have a law, every App has to have
| the option, to show you all what they send in cleartext logfile
| if you wan't. It can't be, we have just to trust every company in
| good faith.
| marcodiego wrote:
| That doesn't makes sense. This is just a piece of hardware and
| the only way for it to do that is through the driver. But you can
| easily check it: https://elixir.bootlin.com/linux
| /latest/source/drivers/hid/wacom.h https://elixir.bootlin.c
| om/linux/latest/source/drivers/hid/wacom_sys.c https://elix
| ir.bootlin.com/linux/latest/source/drivers/hid/wacom_wac.c
| https://elixir.bootlin.com/linux/latest/source/drivers/hid/wacom_
| wac.h
|
| If you're using a different driver it is your choice. Wacom does
| not advertise their support but I bought one and I just had to
| plug it to make it work. AFAIK, they pay developers to maintain
| the drivers.
|
| At the least, the title should say it is a specific driver that
| has such problem.
| zenexer wrote:
| This article was written more than a year ago and received
| significant attention at the time. I suspect Wacom may have
| made some changes since then--at least, I hope they did. I
| can't be sure because the official drivers aren't actually open
| source.
|
| This article's analysis took place on macOS. The drivers to
| which you linked are for Linux. It's not unreasonable to assume
| that official closed-source drivers, especially when bundled
| with other software, might be more intrusive. For example, many
| Wacom tablets have buttons that can be remapped, but only if
| you install Wacom's software.
|
| Dismissing it as the user's choice really isn't fair. I'm not
| going to berate my mother for failing to use Linux, but that
| doesn't mean she wants all her activity sent to Wacom.
| marcodiego wrote:
| I'm sure macOS supports hid devices out-of-the-box. Users
| should pressure Wacom to correctly support it. They do it
| correctly on linux, it is a shame users from other OS's are
| not treated as first-class citizens.
| asxd wrote:
| To be fair, that is the exact intention of this article.
| throwaway09223 wrote:
| Obviously there isn't spyware in the open source linux driver.
|
| The article was written about OSX. These types of spyware
| behaviors in drivers are very common on Windows and OSX.
| marcodiego wrote:
| As I said: "At the least, the title should say it is a
| specific driver that has such problem."
| nbzso wrote:
| For OS X: Little Snitch. For Linux: Open Snitch. The other
| option: Offline first, air-gapped. There is no way that I run a
| computer without host-based application firewall.
| no_time wrote:
| simplewall for Windows. Or a separate hardware firewall device
| given how much trust microsoft products deserve.
| terramex wrote:
| > For OS X: Little Snitch
|
| And for open-source (GPL3) macOS solution - LuLu. Switched form
| Little Snitch about a year ago with no issues.
| reaperducer wrote:
| I use Little Snitch, but find it a bit... intrusive. I find
| myself turning it off occasionally just to get work done.
|
| For those of you who are in this same boat, there are Little
| Snitch config files you can download that come pre-loaded with
| lots of blocked hosts, so you don't have to do them on your own
| one-by-one, which is frustrating on a new system.
|
| What I wish I could find is a Little Snitch list that only
| filters out tracking and profiling. I'm OK with seeing ads. I
| know the web sites have to make money. But I don't want to be
| tallied by some random social media company just because I
| visited a web site about artisanal brake clamps. Something that
| will allow ads.google.com, but not analytics.google.com. Or if
| they're the same, then dump the whole thing.
| marcodiego wrote:
| Reading the article: Last week I set up my tablet
| on my new laptop. As part of installing its drivers I was asked
| to accept Wacom's privacy policy.
|
| And this is where I stopped. You're doing it wrong. Drivers
| belong to the kernel. You should not have to manually install it.
| You should pressure the vendor to correctly support their
| devices.
|
| I have a Wacom device, tried it in different recent distros,
| different computers and never needed to manually install a
| driver.
| tubby12345 wrote:
| >And this is where I stopped
|
| God I'm so sick of these holier than thou Richard Stallman
| level unrealistic dismissals. This take isn't brilliant - we
| all, at all times, know that we have the option to not ____ if
| we so choose. Not unlike how people say things like "well I
| would just choose not to work at ____". That we often choose
| otherwise means we can't but.
|
| >You should pressure the vendor to correctly support their
| devices.
|
| Cool like by means of a blogpost that makes it to the top of hn
| that details how annoying the vendor's process is?
| marcodiego wrote:
| > >And this is where I stopped > > God I'm so
| sick of these holier than thou Richard Stallman level
| unrealistic dismissals.
|
| I understand your position, but they correctly support their
| device on linux, I'm sure they can do it on other OS's.
| > >You should pressure the vendor to correctly support their
| devices. > > Cool like by means of a blogpost
| that makes it to the top of hn that details how annoying the
| vendor's process is?
|
| I think this is a good step. But people not buying it and
| pressuring the vendor to correctly support the device is not
| mutually exclusive.
|
| We must consider that it is lack of knowledge and complacency
| from users that incentivizes vendors to act in such an
| abusive way.
|
| Sorry to sound stallman-like. I just wanted to raise
| attention to an important point that is mostly ignored.
| m4rtink wrote:
| Is it actually Wacom maintaining the Linux Wacom drivers or
| is it community maintained ?
| marcodiego wrote:
| Copyright in https://elixir.bootlin.com/linux/latest/sour
| ce/drivers/hid/w... include an e-mail with "@wacom.com".
| So, AFAIK, they pay developers to maintain the drivers.
| AshamedCaptain wrote:
| By the same logic:
|
| I'm sick of those that proselytize electric cars, since not
| everyone has the option.
|
| I'm sick of those that proselytize walking/biking to work,
| since not everyone has the option.
|
| I'm sick of those that proselytize recycling, since not
| everyone has the option.
|
| I'm sick of those that proselytize philanthropy, since not
| everyone has the option.
|
| I'm the first one who thinks these small sacrifices are
| probably not worth it since the sacrifice is usually way too
| much (handicapping yourself significantly) and the benefits
| practically negligible (i.e. small droplet in the ocean and
| all that). Much better to spend your efforts on political
| campaigns rather than this type of small-time stuff which
| yes, is mostly just for the show.
|
| But what I'm sick of is the people who not only refuse to
| just bow down and shut up when presented with people that do
| make the sacrifice, but are instead outright hostile to them.
| wtallis wrote:
| It _is_ possible to promote better alternatives without
| being smug or taking a holier-than-thou attitude. But you
| 're not going to convince anyone to switch with a comment
| that presumes your alternative is already the default and
| that everyone will know what you're talking about, rather
| than actually name and explain the alternative.
| marcodiego wrote:
| I want to make it clear that "taking a holier-than-thou
| attitude" was never my intention. I wanted to highlight
| the fact that the title is wrong, and it indeed is, and
| that users complacency with abuse from the vendors do not
| help.
| wtallis wrote:
| You really weren't trying to communicate clearly.
| Repeatedly referring to "a different driver" or "a
| specific driver" when you meant "the driver for a
| different operating system", and writing comments that
| presume (but only implicitly) a Linux context when the
| original blog post is analyzing the macOS driver is _less
| than helpful_. You also seemed to be going out of your
| way to avoid mentioning other operating systems by name.
|
| Everything you've said in this thread could have been
| more clearly and helpfully condensed to "the Linux driver
| doesn't include this behavior, and probably never could
| because it's open-source and upstreamed to the kernel".
| marcodiego wrote:
| You're right on this one. I unnecessarily adopted a
| provocative stance. I'll try better control my temper and
| be more clear the next time.
| jacquesm wrote:
| If you're so sick of those comments then what are you doing
| here, with your 50 day old account telling people off that
| have been here for many years?
|
| This community has been a bit sharper than most when it comes
| to the kind of side-effects that seem to be part and parcel
| of the tech world and if that's not to your liking it
| confuses me why you would join.
| hyperstar wrote:
| I recently bought a Wacom tablet, but didn't install any drivers
| except those that are in the free-software repository of Void
| Linux, which I suppose don't do this. I wish it were easier in
| general, though, to find out whether hardware requires
| proprietary software to function. For example, I'd like to get a
| document scanner, but, since I don't know of any model that can
| run on free software, I just do without.
| m4rtink wrote:
| I have MF645C (combined laser printer and scanner) from Cannon
| and it works perfectly fine (over network) from my Fedora
| systems without the need to install any proprietary drivers &
| using the auto discovery system over network.
|
| Other printers and scanners from Cannon might work good as
| well.
| bdavisx wrote:
| There's a reason that Wacom tracks what application is running -
| it can change the functionality of the pad based on the program
| in the foreground. They probably want the information so they
| know what programs are most popular with their customers. That
| doesn't make it right, but it's part of the reason.
| emmelaich wrote:
| Wacom drivers have often been a clusterfuck. And they were
| absurdly secretive in the earlier days of Linux about their
| hardware.
|
| Generous view -- they're attempting to find combinations of
| software in an attempt to correlate software and their own
| issues.
| Buttons840 wrote:
| I've used a Wacom tablet with Linux and an open source driver.
| [deleted]
| Why_O_My wrote:
| I assume that pointing google-analytics.com to 0.0.0.0 in the
| hosts file is enough to stop this BS right?
| djbusby wrote:
| No, it takes loads more work to protect yourself online
| codedokode wrote:
| There is a myth that if you are a paying customer then you are
| not a product. As we see, for more and more companies like Wacom,
| Microsoft or Apple you are a product no matter if you pay or not.
|
| Have some self respect and vote with your wallet against such
| companies.
| Someone wrote:
| I thought the phrase was that, if you're not paying, you're the
| product. "If you're paying, you're not the product" doesn't
| follow from that.
| woolion wrote:
| So is it "with proprietary software you're always the
| product, but some offer you to pay for the privilege"?
| redwall_hp wrote:
| It's not true anyway, because of FOSS. There are also
| services that exist to provide a social good without a profit
| motive; that's why nonprofit designations exist.
|
| That phrase has always seemed like an overly cynical take
| that normalizes antisocial/exploitive behavior by setting an
| expectation that free services should exploit the user in the
| first place.
| na85 wrote:
| Do Wacom tablets have any relevant competition?
|
| I have one that I use for hobbyist purposes and when it comes
| time to upgrade I'd be interested in not buying another Wacom.
| josephg wrote:
| > Do Wacom tablets have any relevant competition?
|
| I'm not sure what you mean by "relevant" but I'm migrating
| away from my Wacom tablet to an iPad + Apple Pencil. Drawing
| directly on the iPad is great. (Procreate is excellent). And
| an iPad can act as an external display for a Mac - and when
| connected, the Apple Pencil works as a stylus in macos
| applications.
|
| It's way more expensive though - especially with the Apple
| Pencil. And (I assume) macos only.
| bogwog wrote:
| Huions are pretty great. Very affordable and very high
| quality. I'm guessing the premium you pay for Wacom has more
| to do with the brand name than the actual product.
|
| I'm not a professional artist though, so maybe Huions are bad
| for pro work. Idk, but I'm happy with my Huion.
| na85 wrote:
| Given that Huion is headquartered in Shenzhen, I'm
| skeptical that the privacy aspect will be much better.
| userbinator wrote:
| It's much better when the company focuses on the hardware
| and doesn't have the aspirations to turn into a spyware-
| driven "cloud-first" megacorp.
| woolion wrote:
| I spent a few years with a Huion screen tablet (GT-19
| series), but pressure sensitivity response was really bad
| compared to a Cintiq. However we are comparing a 400EUR
| product to one that is about 3KEUR; second-hand it can
| trade for under 1K, and then it is a reasonable
| alternative.
|
| With a Huion 1060+ the pressure response felt amazing;
| however that was on Windows, I never got it to work under
| Linux. For a hobbyist it is a really much better choice
| than the cheap Wacom (e.g. Bamboo line), because it is
| important to have a big drawing area, so that you can draw
| from your elbow and not from your wrist.
| m4rtink wrote:
| AFAIK Wacom drivers on Linux are good & upstream. The
| various Chinese tablets are much more involved to get
| running on Linux, if possible at all.
|
| Also, being fully open source I don't think the Linux
| Wacom drivers do any of the shady stuff the Windows ones
| apparently do.
| woolion wrote:
| I only use Linux and indeed, drivers work OOtB and don't
| require you to sign any privacy policy. Although you
| don't have the fancy GUI that they have on Windows.
|
| The Huion GT works OOtB with the Wacom drivers. For the
| 1060+, I tried all the out-of-tree drivers without any
| luck, but that was about 3 years ago.
|
| https://digimend.github.io/drivers/digimend/tablets/
|
| (support was added in 2018, so now it probably works
| after minimal work)
| thejohnconway wrote:
| I guess the question is, what data does Huion's software
| send back?
| the_flinstoned wrote:
| The Wacom data collection program is OPTIONAL. Mr. Heaton buries
| this in his rant in the second to last paragraph.
|
| Any professional digital artist (especially 3d) will tell you
| they use multiple pieces of software and that many benefits from
| having the tablet buttons assigned differently to facilitate
| efficiency as an artist. This is (probably) why Wacom products
| track the software you're using.
|
| Finally, "Being a mostly-normal person I never usually read
| privacy policies." - Robert Heaton
|
| Sure, blame Wacom for your impatience, Mr. Heaton.
| mkl wrote:
| > The Wacom data collection program is OPTIONAL. Mr. Heaton
| buries this in his rant in the second to last paragraph.
|
| I don't see that in the second to last paragraph, and the word
| "optional" doesn't seem to appear anywhere.
|
| The driver being aware of which software is active makes sense
| and is legitimate. The driver sending that information to
| others is unnecessary and illegitimate (since explicit consent
| was not given).
| jodrellblank wrote:
| Discussed before, and brought up in comments:
|
| - https://news.ycombinator.com/item?id=22247292 (this article,
| earlier thread)
|
| - https://news.ycombinator.com/item?id=22803484 (comment by the
| author of the article)
|
| - https://news.ycombinator.com/item?id=22512696
|
| - https://news.ycombinator.com/item?id=27963867
|
| One of those links was me mentioning it, and this got so under my
| skin it took Wacom's brand from "premium, respectable, best in
| class" to "untrustworthy, garbage, barrel scraping, avoid even if
| the alternatives function less well" in my head just instantly.
| Like Lenovo's "let's ship spyware with Thinkpads" did.
| kibwen wrote:
| _> Like Lenovo 's "let's ship spyware with Thinkpads" did._
|
| One hopes that companies would value their brand and reputation
| over some short-term profit (and yet nobody here is holding
| their breath). To this day I refuse to buy any Lenovo product,
| and as the tech guy in my family I warn everyone who asks from
| considering them at all.
| 7thaccount wrote:
| Same. It only takes one mistake of that magnitude to lose me
| as a customer forever.
| breakingcups wrote:
| I take it you both also boycott Sony Music Group?
| wizzwizz4 wrote:
| I mean... lots of people do. Personally, I've never
| bought from them; wouldn't really call it a boycott on my
| part, though.
| eliaspro wrote:
| Took them off my "don't buy" list when my smartphone
| broke and I immediately needed a replacement and the only
| reasonable one available at my local store was a Sony
| Xperia XZS. I still regret it to this day. Worst 499EUR
| ever spent.
| playpause wrote:
| If boycotting something comes at a personal cost to the
| boycotter (such as having to put up with a lesser product
| that fits their principles better), and they don't have
| the time or energy to boycott everything that challenges
| their principles, does that mean they should boycott
| nothing at all?
| kadoban wrote:
| I still do. One rootkit per lifetime is enough. Probably
| has cost them $5000 by now from me.
| B1FF_PSUVM wrote:
| I haven't bought a Sony branded anything since 2000 or
| so. I almost forgot what it was about (yeah, the CD root
| kit and the battery-draining DRM shenanigans). I just put
| them out of consideration for any purchase.
|
| (Yeah, I know, "not really the same company, etc". It is,
| and it's the brand. Live by it, die by it.)
| 7thaccount wrote:
| For the spyware/DRM on CDs in the early 2000's? It helps
| that I mostly just listen to music on YouTube. It's a
| little easier to remember to not buy something when
| you're buying a company product like "Lenovo" I guess
| than something nebulous like Sony Music.
| DaiPlusPlus wrote:
| A sizeable chunk of artists you likely listen to are
| still part of Sony Music.
| 14 wrote:
| Sadly I bought my son a Lenovo couple Christmas ago
| forgetting all about their crappy behaviour. Forget the
| spyware their build quality is just garbage. The hinges broke
| a few weeks after warranty so had to fix it myself. They look
| nice and shiny but once you use it for a bit can feel the
| cheapness. And this was an expensive gaming laptop. I am
| turned off of their products from that experience.
| [deleted]
| userbinator wrote:
| Did they actually do that to ThinkPads, or was it the much
| cheaper "consumer" IdeaPad line that had it? I seem to remember
| it was the latter.
| LeifCarrotson wrote:
| It was both; the Superfish malware was just the low end but
| later instances hit ThinkPads and Thinkcenters as well:
|
| https://www.computerworld.com/article/2984889/lenovo-
| collect...
| GuB-42 wrote:
| > Why does a device that is essentially a mouse need a privacy
| policy?
|
| There are mice that require you to create an account nowadays...
| jasonlotito wrote:
| ... which is perfectly acceptable because there are customer
| facing features enabled with this account. Which is shared in
| the marketing for said mice. And then there are mice which
| don't require accounts.
|
| And technically, the mice do _NOT_ require you to create an
| account.
| littlecranky67 wrote:
| it is only acceptable as an opt-in. Companies right and left
| try to collect as much data as possible, to a large extend
| not feature driven but marketing/sales driven, because having
| the users Email account, country, language etc. opens a sales
| channel. Oculus' Fb Account requiremet the most prominent
| example, but I remember also buying a GoPro Hero Black ~2016
| that would require the companion App to create a GoPro
| account, just so you can change the settings of the camera
| (which some items were not changeable through the on-camera
| buttons).
| lampenrad wrote:
| Previous discussion from last year:
| https://news.ycombinator.com/item?id=22247292
___________________________________________________________________
(page generated 2021-10-31 23:01 UTC)