Jump to content

The Great Controversy


DuoDex

Recommended Posts

I've seen several innocent threads hijacked (unintentionally) by disputants in the Great Privacy Controversy, and so I thought it'd be better for a thread dedicated to constructive discussion of this instead of small plugin threads devolving into mudslinging.

My opinions:

  • Privacy is good. I like knowing no-one else knows what I get up to in KSP. Squad has decided that the only data-collection programs will be opt-in, which I like. I might opt in, because I want to help plugin authors prevent crashes. You can opt out, because you think the programs are sketchy. However, there is only one thing that makes me angrier than doing things that affect me without my knowledge, and that is the level of mudslinging I've seen on the forums in the past week or so, which leads me into my second opinion.
  • Your decisions are your decisions. My decisions are my decisions, and there is no overlap. Going round in circles about whether the various issue trackers, version checkers, and data collection plugins are evil or not serves no purpose whatsoever. These add-ons were created with good intentions, and, in all likelihood, do not report to Google* or the government. If I wish to install one of these, it is no business of yours. I have not violated any laws. I do not deserve to be called an idiot, or a gullible fool for making my own decision.
  • No one on these forums genuinely wants your personal data. (I think). The level of data being collected is, frankly, low, compared to, say, Twitter's. Yes, your data is being collected, and that is creepy, but as I said before, these plugins do not report to Google. (the level of encryption has been questioned, but that's another discussion.) Some of the terms I've seen here liken crash and mod-detecting addons to "burgeoning data-collection empires", which is frankly ridiculous. Again, your data is being collected, but "burgeoning data-collection empire"? I think not. Facebook* is a data-collection empire. A version-checking addon is not. My point here is that some of the terminology and accusations being flung around are ludicrous. Especially "spyware".
  • Angst is pointless. The arguments about this seem to go on and on. And on. In June, when the first of the major contended plugins was published, the community response seemed to be "Cool! Let's go fix some bugs that are hard to replicate!". Now, as I said before, the imputations are flying thick and fast. Now the community says "Spyware. EXTERMINATE." Now, violent arguments break out everywhere.

Those are my opinions, for what they're worth. Please keep it constructive and don't let it devolve into another fight, and another threadlock. I'm hoping this will be a large discussion, not a huge dispute. If someone says something you disagree with, don't automatically condemn them.

Please lock this if it turns into a fight. I'm hoping for everyone to have a say, and then a friendly discussion. If it heads downward, break out the keys.

*While I'm trying to avoid a fight about the various plugins, I will gladly start one in PMs about how evil Google, Facebook, and Twitter are. You WILL lose.

Edited by DuoDex
added a piece about google.
Link to comment
Share on other sites

It's not YOUR data. It's just data that represents certain things you do. It's less invasive than cookies or social media.

How many people handwringing about this have Facebook, Twitter, Myspace or any other "social" media?

Not worth all the waaah.

Link to comment
Share on other sites

To be honest, it's rather depressing. I put a version checker into my plugin after I saw most streamers on twitch running 2, 3, sometimes even 5 version old copies of my plugin, which was causing severe bugs. It kinda upset me, cause I'd already lost vessels to some of those bugs, and I hated that I was ruining people's twitch streaming. I'd, at that point, seen several mods with built in update checks, and so I made the assumption that users where fine with that. I quickly added opt-in functionality to it as soon as I got feedback on how apparently wrong I was, but even with me backpedaling on that and adding privacy policies and such, it felt like nothing I could do was good enough. The latest addon rules already have me worried, as by a strict reading of the rules, I literally cannot have an update check and still comply with them. I use KerbalStuff for my update check, and therefore it's web traffic logs are outside of my control, and I can't access the data in them or verify that a user's IP has been removed. And yes, there are people that say that even an IP address is private data. I'm currently balancing on a narrow edge of just requesting that my thread be purged from the forum, and only having it up on KerbalStuff.

The truely depressing part of it is that I wrote DebRefund because I wanted it, and I published it because I thought others would want it. I don't make any money off it, and I don't even have anywhere to accept donations. But this controversy is making me regret posting it, and even turning me away from KSP as a whole.

Link to comment
Share on other sites

It's not YOUR data. It's just data that represents certain things you do. It's less invasive than cookies or social media.

And you're an international lawyer specialising in online privacy issues?

I'm no expert, but I can tell you now that under EU law at least any opt-out scheme is illegal, which makes it illegal to distribute any mod that uses this data harvester to EU based computers.

And as most addon makers don't even mention they're collecting data, unless MAYBE you dive through the small print in version control system change logs, it becomes even more icky.

Link to comment
Share on other sites

I've seen several innocent threads hijacked (unintentionally) by disputants in the Great Privacy Controversy, and so I thought it'd be better for a thread dedicated to constructive discussion of this instead of small plugin threads devolving into mudslinging.

My opinions:

  • Privacy is good. I like knowing no-one else knows what I get up to in KSP. Squad has decided that the only data-collection programs will be opt-in, which I like. I might opt in, because I want to help plugin authors prevent crashes. You can opt out, because you think the programs are sketchy. However, there is only one thing that makes me angrier than doing things that affect me without my knowledge, and that is the level of mudslinging I've seen on the forums in the past week or so, which leads me into my second opinion.
  • Your decisions are your decisions. My decisions are my decisions, and there is no overlap. Going round in circles about whether the various issue trackers, version checkers, and data collection plugins are evil or not serves no purpose whatsoever. These add-ons were created with good intentions, and, in all likelihood, do not report to Google* or the government. If I wish to install one of these, it is no business of yours. I have not violated any laws. I do not deserve to be called an idiot, or a gullible fool for making my own decision.
  • No one on these forums genuinely wants your personal data. (I think). The level of data being collected is, frankly, low, compared to, say, Twitter's. Yes, your data is being collected, and that is creepy, but as I said before, these plugins do not report to Google. Some of the terms I've seen here liken crash and mod-detecting addons to "burgeoning data-collection empires", which is frankly ridiculous. Again, your data is being collected, but "burgeoning data-collection empire"? I think not. Facebook* is a data-collection empire. A version-checking addon is not. My point here is that some of the terminology and accusations being flung around are ludicrous. Especially "spyware".
  • Angst is pointless. The arguments about this seem to go on and on. And on. In June, when the first of the major contended plugins was published, the community response seemed to be "Cool! Let's go fix some bugs that are hard to replicate!". Now, as I said before, the imputations are flying thick and fast. Now the community says "Spyware. EXTERMINATE." Now, violent arguments break out everywhere.

Those are my opinions, for what they're worth. Please keep it constructive and don't let it devolve into another fight, and another threadlock. I'm hoping this will be a large discussion, not a huge dispute. If someone says something you disagree with, don't automatically condemn them.

Please lock this if it turns into a fight. I'm hoping for everyone to have a say, and then a friendly discussion. If it heads downward, break out the keys.

*While I'm trying to avoid a fight about the various plugins, I will gladly start one in PMs about how evil Google, Facebook, and Twitter are. You WILL lose.

For about the last ten or so years, I have been involved in several different modding communities. The first, was the Morrowind community out at the official Elder Scrolls forums. At the time, great bunch of people. Most of them were adult who modded Morrowind with the mindset "I mod for my own game and character first, then I share to the community." There were no privacy concerns because the game, at first, did not allow it. We were limited to scripts that were part of the game engine, and the possibilities were very limited. When Morrowind Script Extender came out, we gained the ability to make function calls directly to the game engine and bypass Bethesda's restrictive API. It was a time of much cooperation and innovation. In fact, many of the mods for Morrowind were later incorporated as features for both Oblivion and Skyrim.

Then came Oblivion, and then came the main stream crowd. This was about the time that the Elder Scrolls Nexus was slowly becoming the center of the Elder Scrolls mod community. As the first couple of years passed, the demographics of the modding community changed. We began to see more and more younger people come into the scene. A lot of these people, were very talented. In fact, these people were some of the most talented people I have met in regards to modding. But, there came another crowd that was much more demanding. They're weren't modders, they were spoilt children who had never been spanked growing up, and I'm not talking about simply minors either. An issue would come up with a mod, and all the mod author would hear is about how their mod broke someone's game, or about how their mod sucked, etc... Eventually, one of the more prestigious modders who had been around the community for years, got up and left the Nexus with a rant. She had grown tired of the bullcrap, and had enough of it. She pulled the download links for her mods as well.

I tell this story to make a point here, as I see this community heading in a similar direction because of the privacy bit. Yes, we have a controversy. And yes, people are butting heads over this. But we need to be careful, as I personally feel as if through our concern for privacy, we may have alienated a very prestigious modder(s) on this forum simply because of lot of people went about expressing their fully legitimate concerns in the wrong way. I realize this may have not been some people's intentions, as tactfulness is a trait born of experience more than other sources.

It is also my opinion that since Squad has made an official policy, the controversy needs to die; lets bury the dead horse and move on before the community is split further.

Edited by Raven.
Link to comment
Share on other sites

So I have a suggestion that may quell some of the insecurities about all this; firstly I am only speaking of version checking.

What if there were a single mod doing this, that all other mods interfaced with in order to get the feature of version checking.

This singular mod would be open source, publicly managed, and offer support for vetted hosting services such as KerbalStuff, Curse if possible, Github Releases, Majiir.net, and any others that come into existence. The key will be that as a service it will only permit given services which the devs/community deem trustworthy. No custom servers.

This mod will go out of it's way to be very clear about everything happening and offer opt-directions clearly. It should also be a relatively small codebase, so it'll be easy for users to vet that it's not doing anything suspicious.

Other mods will then access the version checker via a standard interface that declares what host to check against and what to look the mod up as. The version checker will then collect these and process the checks all at once at a certain point during starting KSP, and present them to the user in an organized singular dialog.

With this singular mod we could then as a community ask mod makers to use the interface instead of handing it themselves, and mods could then advertise using it as a badge similar to the Intel Inside badge commonly found on computer towers.

One of the key points is that the version checker mod should not be included in any mod installs, forcing players to opt in by installing it; and no mod should be dependent on it so players can choose not to. This could be achieved by having modders add a certain class to their assemblies which the version checker mod finds, and that class has the information in it, similar how Update() works.

If we can get users to trust this one mod, and it prevents the private inquisition from torturing modders, that'd be worth it ya?

Link to comment
Share on other sites

So I have a suggestion that may quell some of the insecurities about all this; firstly I am only speaking of version checking.

What if there were a single mod doing this, that all other mods interfaced with in order to get the feature of version checking.

This singular mod would be open source, publicly managed, and offer support for vetted hosting services such as KerbalStuff, Curse if possible, Github Releases, Majiir.net, and any others that come into existence. The key will be that as a service it will only permit given services which the devs/community deem trustworthy. No custom servers.

This mod will go out of it's way to be very clear about everything happening and offer opt-directions clearly. It should also be a relatively small codebase, so it'll be easy for users to vet that it's not doing anything suspicious.

Other mods will then access the version checker via a standard interface that declares what host to check against and what to look the mod up as. The version checker will then collect these and process the checks all at once at a certain point during starting KSP, and present them to the user in an organized singular dialog.

With this singular mod we could then as a community ask mod makers to use the interface instead of handing it themselves, and mods could then advertise using it as a badge similar to the Intel Inside badge commonly found on computer towers.

One of the key points is that the version checker mod should not be included in any mod installs, forcing players to opt in by installing it; and no mod should be dependent on it so players can choose not to. This could be achieved by having modders add a certain class to their assemblies which the version checker mod finds, and that class has the information in it, similar how Update() works.

If we can get users to trust this one mod, and it prevents the private inquisition from torturing modders, that'd be worth it ya?

I am completely in favor of this, and would implement it the day it comes out.

Link to comment
Share on other sites

All is said I guess, people who never complaint against big and/or "evil" companies (google, facebook, twitter, ...), who keep theirs "spyphone" and spytablet up all the day long, use wifi to connect to internet, they suddenly gone mad against their "precious" privacy for a small mod, for one given game, and they just literally kill modders with a smile.

And using "legal" word is quite irrelevant, it's modding, it's:

1. free and source are provided,

2. you are not force to use any mod at all (as opposite to some "services" in real world),

3. its not companies made stuff, which means there is not a such strong legal perimeter as there is in any businesses, and many laws are just made to be there, not to be actually applied all the time,

4. we mod for fun, not to get bored as real life can be sometime or most of the time. We use mod for fun too.

As Vendan said: depressing :|.

And thanks to all those people who made this controversy, if you just wish to play stock, don't use mod, and keep your privacy shared with all the world thanks to google and co.

Link to comment
Share on other sites

Now the community says "Spyware. EXTERMINATE."

The current version has some serious security holes. It's a good enough reason not to share data with its creator's web site or allow it to run until those holes are patched, whatever your stance on privacy and data collection may be.

Link to comment
Share on other sites

What's the difference having one 'central' mod to manage this or doing it individually? Having a central data collection/distribution mod isn't going to prevent mod authors from being able to do whatever they want to do, so what problem does this solve for the tinhats?

Link to comment
Share on other sites

What's the difference having one 'central' mod to manage this or doing it individually? Having a central data collection/distribution mod isn't going to prevent mod authors from being able to do whatever they want to do, so what problem does this solve for the tinhats?

The code for a mod to interact with remote systems over the internet looks nothing like the code that will let that mod interact with the version checker mod; so it will be very easy to tell if that mod is doing something suspicious. Ideally mods that don't require network access won't have any at all, so anybody who knows how to learn will be able to check all their mods for misbehavior quickly.

Link to comment
Share on other sites

The code for a mod to interact with remote systems over the internet looks nothing like the code that will let that mod interact with the version checker mod; so it will be very easy to tell if that mod is doing something suspicious. Ideally mods that don't require network access won't have any at all, so anybody who knows how to learn will be able to check all their mods for misbehavior quickly.

Disclosure - I'm obviously late to the party, because I'm not aware of the 'great controversy' or who it drove away.

I can see what you're saying, but doing this kind of work is a sizeable effort for any decently sized mod. I certainly may be mistaken, but I would find it hard to believe anybody using mods to play a game is going to comb through the source for everything they're using to look for "something suspicious".

At the end of the day, you're letting a community member's untrusted code run on your machine - IMO if you don't trust the mod author, don't use the mod.

Link to comment
Share on other sites

It is also my opinion that since Squad has made an official policy ...

Where can I see this official policy? If there is one, and its clear, then I fail to understand why there is so much discussion.

Link to comment
Share on other sites

Disclosure - I'm obviously late to the party, because I'm not aware of the 'great controversy' or who it drove away.

I can see what you're saying, but doing this kind of work is a sizeable effort for any decently sized mod. I certainly may be mistaken, but I would find it hard to believe anybody using mods to play a game is going to comb through the source for everything they're using to look for "something suspicious".

At the end of the day, you're letting a community member's untrusted code run on your machine - IMO if you don't trust the mod author, don't use the mod.

I fully agree, don't run things you don't trust.

As to the controversy, the first post summarizes it excellently; a large number of loud disrespectful people have been causing a huff because of:

Mods that check for new versions

Mods that have network-accessing code which is not mandatory

Mods that collect anonymous statistics for various goals

As far as checking bigger mod's codes; yes it's daunting, but there are only so many ways to make network-accessing code, so you could check via a series of searches, you could even script it. By having a singular mod that is interfaced with via internal... things (ran out of big words), most mods would be able to do away with all of their network-accessing code so that if you ran such a series of scripted searches on the source, they wouldn't ping on the radar. It would be reasonably easy to say with reasonable faith whether a mod accesses the internet or not; saying what it does is more difficult especially in large codebases, but the central mod would not be large, and ideally it would have really good comments explaining everything so even people who don't know C# or .net could look at it, follow the comments, and understand.

Link to comment
Share on other sites

The current version has some serious security holes. It's a good enough reason not to share data with its creator's web site or allow it to run until those holes are patched, whatever your stance on privacy and data collection may be.

Yes. However, most of the aspersions thrown around were not about security, hence my lack of mention of that.

Link to comment
Share on other sites

There was a frank lack of mention of it anywhere. I point it out because even in this thread there are certain derogatory phrases being directed at critics when it's entirely reasonable to be upset. Addons that do what it does need the absolute highest level of scrutiny and control.

Luckily, the "controversy" got Squad's attention and policy is now being ironed out. That's good enough for me

Link to comment
Share on other sites

There was a frank lack of mention of it anywhere. I point it out because even in this thread there are certain derogatory phrases being directed at critics when it's entirely reasonable to be upset. Addons that do what it does need the absolute highest level of scrutiny and control.

Luckily, the "controversy" got Squad's attention and policy is now being ironed out. That's good enough for me

Squad has noticed, but the rage isn't going away in some places.

Link to comment
Share on other sites

I've been playing KSP since .18, and while reading the forums, I never registered. That is, until now specifically so I could write:

I want to thank SQUAD for seeing the absolute logic behind the opt-in and opt-out debate, and abiding by it.

If both sides of the argument are "It matters to us." and "It doesn't matter to us."; the first one weighs more.

Problem solved, now let's go build something, ignite it, and see what happens.

Edited by Hanuman
Link to comment
Share on other sites

The problem isn`t really the data sending but the fact it`s done without knowing or a way to disable it.

Then comes the issue with *that specific mod* to be distributed with other mods and when the popup appears, the user is left wonding "wtf" as there is no info being shown from where it comes, who created it and why it keeps cloning itself in the mod directory.

Wich brings me to another issue that is far greater then this, in my opinion:

Mods being distributed with other mods.

While I`m writing this, some dll or cfg nuked my entire game as some mod is using MM to screw with another and only see it now because I unlocked new parts.

STOP DISTRIBUTING OTHER MODS WITH YOUR MODS!

Add a required section! with links to required mods! so that we don`t override newer files because you didn`t update the ones that came with yours!

Module manager, Firespitter, KSPAPIExtensions.dll, scale.dll, b9/KW mm cfg`s and lets add for last out of my head RealSolarSystem.dll

Just stop it! I`d be happy with an opt-out if ya`ll would stop including old/other mod cfg`s!

Back on topic...

Don`t remember where it was posted that Squad classified version check as non gathering and did not require an opt-in, aslong as it`s only that.

Link to comment
Share on other sites

Don`t remember where it was posted that Squad classified version check as non gathering and did not require an opt-in, aslong as it`s only that.

It does not matter where Squad posted it. It needs to be stated clearly in the forum rules. You can't expect someone to abide by the rules if they can't readily see them in a specific place.

Link to comment
Share on other sites

It does not matter where Squad posted it. It needs to be stated clearly in the forum rules. You can't expect someone to abide by the rules if they can't readily see them in a specific place.

I'm forced to agree. I did see KasperVld state something about how a version check was OK, but this is stated nowhere in the "official" rules. I know what the revised rules are meant to address, but frankly how they are written now brings up more questions than answers. What about multiplayer?

Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...