Sign in to follow this  
TriggerAu

Question re: Add-on Posting Rules [July 24th 2014] - going into effect August 21st 20

Recommended Posts

If I'm not mistaken (and it's been a few years) a mod that issues a request with only a version number and an IP address is not dealing with PII.

That sounds interesting.

Share this post


Link to post
Share on other sites
Multiplayer add-on rules are still not clear. Multiplayer works by gathering data and storing it, especially IP addresses for bans. If personally identifiable data must be deleted, what's to prevent IP bans from being completely ineffective.

You're refering to this part of the rules:

Add-ons that gather personally identifiable information and send this information to another network or computer system must:

(...)

  • Grant a user the option to review and remove all personally identifiable information that is within control of the person who maintains the add-on.

Note the bit that says "within the control of the person who maintains the add-on": it was specifically added to make an exception for mods that send this data peer-to-peer. The mod author cannot control each individual server so the data stored on those third party servers is exempt from this clause.

Share this post


Link to post
Share on other sites

Question:

What does that rule-adjustment mean for add-ons like ModStats?

Frankly I've been waiting for this rule, because I don't want any data to be sent unless I say I want to send that data and I don't want to be required to jump through hoops in order to prevent it.

The problem in this particular case being, that it tends to be included in a couple of mods now and it's opt-out by default. The argument could and has been made that only the IP and the mods you use don't qualify as personally identifiable data, so am I right to assume that under the new rules nothing will have to change?

Share this post


Link to post
Share on other sites
The argument could and has been made that only the IP and the mods you use don't qualify as personally identifiable data, so am I right to assume that under the new rules nothing will have to change?

That is indeed a very good question. Perhaps the rules should be adjusted further such that the type of data that the rule is meant to address is very clearly identified in the text.

Share this post


Link to post
Share on other sites
Question:

What does that rule-adjustment mean for add-ons like ModStats?

Frankly I've been waiting for this rule, because I don't want any data to be sent unless I say I want to send that data and I don't want to be required to jump through hoops in order to prevent it.

The problem in this particular case being, that it tends to be included in a couple of mods now and it's opt-out by default. The argument could and has been made that only the IP and the mods you use don't qualify as personally identifiable data, so am I right to assume that under the new rules nothing will have to change?

Modstatistics assigns your installation with a pseudorandom identifier (think a random string like "ww27hf73t43ths9"). This uniquely seperates users to a statistical certainty so such data is easily considered to be personally identifiable. This means that ModStatistics will have to provide you with everything it says in the rules. The system is opt-in, you can disable it from the space center menu and you have the right to view and delete the data gathered on you as far as Majiir controls it.

That is indeed a very good question. Perhaps the rules should be adjusted further such that the type of data that the rule is meant to address is very clearly identified in the text.

I've thought about that but it would lead to a very long list that still wouldn't cover everything. If clarification is needed in a particular case just approach someone from the staff :)

Share this post


Link to post
Share on other sites
you can disable it from the space center menu

If I remember correctly, the App Launcher is not available at the space center. But I might be mistaken.

I've thought about that but it would lead to a very long list that still wouldn't cover everything. If clarification is needed in a particular case just approach someone from the staff :)

And how is staff deciding if my data is subject to the rule or not? Is there a list of guidelines? If so, those could just be appended to the rule instead :)

In the end, it all comes down to eliminating guesswork.

Edited by blizzy78

Share this post


Link to post
Share on other sites
In USA.comcast, they change basically when you vacate the IP for long enough for it to be given to somebody else; so you may have the same IP for months if your network is stable

This varies by ISP. I have Cox and they invalidate IP leases every two weeks; I know because every Sunday afternoon, without fail, my internet shuts down for a few minutes when the lease is up and my router gets a new address.

Share this post


Link to post
Share on other sites
Modstatistics assigns your installation with a pseudorandom identifier (think a random string like "ww27hf73t43ths9"). This uniquely seperates users to a statistical certainty so such data is easily considered to be personally identifiable. This means that ModStatistics will have to provide you with everything it says in the rules. The system is opt-in, you can disable it from the space center menu and you have the right to view and delete the data gathered on you as far as Majiir controls it.

As far as Majiir controls it or as far as the person writing the addon that implements it controls it? Do the individual addons have to provide their own disabling method or for that matter, reporting information? I ask because I'm coming from Bukkit development where a "global opt-out" is considered insufficient and simply linking to some else's list of what is reported is also insufficient. As a plugin developer there, I have to include a way in my plugin to disable stat reporting and I also have to list all reported items on my plugin page, even if there is a global opt out for all plugins and even if someone else has already made that list.

Edited by Alshain

Share this post


Link to post
Share on other sites
As far as Majiir controls it or as far as the person writing the addon that implements it controls it? Do the individual addons have to provide their own disabling method or for that matter, reporting information? I ask because I'm coming from Bukkit development where a "global opt-out" is considered insufficient and simply linking to some else's list of what is reported is also insufficient. As a plugin developer there, I have to include a way in my plugin to disable stat reporting and I also have to list all reported items on my plugin page, even if there is a global opt out for all plugins and even if someone else has already made that list.

Only a single instance of Modstatistics runs (it doesn't really have an API for plugins to report statistics to, to report those to the server on the plugin's behalf), it just reports on all assemblies loaded into the KSP address space/.net appdomain. There's no way for your plugin to opt-out of it's statistics collection (other than compiling against .net 4.5 like the Squad/KSP assemblies, in which case Modstatistics crashes itself and possibly your plugin- I forget if both crash or not).

Share this post


Link to post
Share on other sites
Only a single instance of Modstatistics runs (it doesn't really have an API for plugins to report statistics to, to report those to the server on the plugin's behalf), it just reports on all assemblies loaded into the KSP address space/.net appdomain. There's no way for your plugin to opt-out of it's statistics collection (other than compiling against .net 4.5 like the Squad/KSP assemblies, in which case Modstatistics crashes itself and possibly your plugin- I forget if both crash or not).

That may be, but the fact remains that other mods disseminate it, so are those mod developers that choose to disseminate it responsible for it's actions?

Share this post


Link to post
Share on other sites
That may be, but the fact remains that other mods disseminate it, so are those mod developers that choose to disseminate it responsible for it's actions?

IANAL, the following does not constitute legal advice or create an attorney-client relationship. I'm not an expert on software law (and especially not international law), but you're distributing his software under his license, so I would expect he would be found to be liable for all criminal or civil issues arising from abuse of the software (and since he's ARR, with no limitations on liability in the license, and it's distributed by him personally not an LLC, that could be an interesting civil suit). However if you're distributing your software in regions with restrictions on data collection the argument could be made that you should not have bundled the software/library that's in violation of that region's privacy laws.

Share this post


Link to post
Share on other sites
IANAL

Ya got me, I thought I was up to date on all these abbreviations but I haven't a clue there.

the following does not constitute legal advice or create an attorney-client relationship. I'm not an expert on software law (and especially not international law), but you're distributing his software under his license, so I would expect he would be found to be liable for all criminal or civil issues arising from abuse of the software (and since he's ARR, with no limitations on liability in the license, and it's distributed by him personally not an LLC, that could be an interesting civil suit). However if you're distributing your software in regions with restrictions on data collection the argument could be made that you should not have bundled the software/library that's in violation of that region's privacy laws.

Lol, well I wasn't talking about that kind of "responsible". No lawsuits or legal proceedings, I was just asking what Squad would view this as. I presume there will be consequences for not following the rules, I would think the thread/mod would be deleted from the forums/Curse. So lets say hypothetically a mod statistics service were found to be breaking the rules, would all addons disseminating that statistics service be considered breaking the rules by extension and fall to the same consequences?

Share this post


Link to post
Share on other sites
Ya got me, I thought I was up to date on all these abbreviations but I haven't a clue there.

I Am Not A Lawyer (it's kind of an old abbreviation)

Lol, well I wasn't talking about that kind of "responsible". No lawsuits or legal proceedings, I was just asking what Squad would view this as. I presume there will be consequences for not following the rules, I would think the thread/mod would be deleted from the forums/Curse. So lets say hypothetically a mod statistics service were found to be breaking the rules, would all addons disseminating that statistics service be considered breaking the rules by extension and fall to the same consequences?

That would probably require a Squad interpretation. I would assume so since you're distributing a DLL which violates forum rules so they would close your thread and remove download links until you brought it into compliance.

Share this post


Link to post
Share on other sites

We consider ModStatistics in its current form subject to rule 6. If your mod includes Modstatistics and it doesn't comply with this rule on August 21st it will be subject to removal from the forums, Curse etc.. I think the rules are very fair and we've allowed the mod authors several weeks to update their mods accordingly. Removal can be best avoided if Modstatistics is updated to comply with these new rules a.s.a.p. so that everyone can update their downloads to include the new version of ModStatistics. In case this doesn't happen the only option here will be to remove Modstatistics from your mod, as annoying as it may be.

And how is staff deciding if my data is subject to the rule or not? Is there a list of guidelines? If so, those could just be appended to the rule instead :)

In the end, it all comes down to eliminating guesswork.

I appreciate your point but if there was a simple set of guidelines that covers every situation it would've been in the rules. In case of doubt, ask.

As far as Majiir controls it or as far as the person writing the addon that implements it controls it? Do the individual addons have to provide their own disabling method or for that matter, reporting information? I ask because I'm coming from Bukkit development where a "global opt-out" is considered insufficient and simply linking to some else's list of what is reported is also insufficient. As a plugin developer there, I have to include a way in my plugin to disable stat reporting and I also have to list all reported items on my plugin page, even if there is a global opt out for all plugins and even if someone else has already made that list.

ModStatistics is an add-on in its own right. In this case the data is controlled by him and the conditions about opt-in, data access and such fall to him. As indicated above though, if you bundle your mod with modstatistics and it violates the rules when they become applicable, it will be subject to removal.

Share this post


Link to post
Share on other sites

Understood, I'm out of questions.

Share this post


Link to post
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this