Atom is designed for programmers GitHub launched a cross-platform text editor. Yesterday, the user has to put Atom issue called collect user data without consent.
"When you first start Atom, it will be without the consent of the Contact Microsoft / GitHub processes running on the Amazon server, and give my IP address and time stamp to the manufacturer, the fact that I use the Atom (through the station request) is transmitted to other people and thousands of organizations. "
The user name is Jeffrey Paul indicates that the problem is encountered when you first start Atom. He found that after their information has been collected and sent out, the main application window was open dialog box asking whether the connection to the server. And this problem can reproduce 100%, that is not a fortuitous event.
Paul pointed out that the user's IP address, and tracking / telemetry / analysis / Automatic Updates target host IP and other information is transmitted when you first start out, the first two data also includes a time stamp. "The tuple (user source IP, atom.io target ip, TCP port, TLS SNI hostname, timestamp) when sent from a user's computer, it will use the information leaked to thousands of different people: ISP, hosting providers, network switching, information service providers, Microsoft internal system administrator, GitHub Amazon system administrators and network administrators. users do not have the opportunity to opt out or block it, without even realizing it's happening. "
Spyware is a case of software, sometimes even gather information about a person or organization without their knowledge of the situation, and without the user's consent - to this end, Paul was angry, and in accordance with the definition of "spyware" send such information to another entity - the Atom classified as spyware.
他还提到,这种情况的出现意味着 PR #12281 上的工作尚未完成。这是 2016 年 Atom 团队提出的“添加遥测同意设置”,该设置用于确定是否收集用户的使用信息。而目前,根据 Paul 的描述,甚至没有出现同意对话框,数据就已经被上传了。
Atom 团队的 Arcanemagus 随后在下方回复,表示“Atom 设计为在连接网络的环境中运行,可以执行诸如检查更新之类的操作而不会提示用户……您当然可以自由地阻止网络访问,并且如果您愿意,Atom 也可以在脱机模式下运行。”
但显然,这一说法不够有说服力,Paul 提出反击:“没有人说它不应该使用网络,它只是在用户授予其权限之前不应该使用网络,否则会造成数据泄漏,这就是同意对话框存在的意义。”
Arcanemagus 仍然认为阻止网络访问即可,还说,“这不是 Atom 团队当前有兴趣更改的东西”。
来自 Atom 团队的 Lee Dohm 发表了最终回应,承认遥测程序包不应该在单击按钮之前发送信息,并将调查它与 central.github.com 的过早连接。但另一方面,他坚持 Atom 的设计模式如此,剩下的部分,特别是自动更新检查,仍保留当前的设计方式。以及,再次表明,“如果您想要一个可以完全脱机工作且没有任何网络连接的编辑器,则 Atom 不适合您。”
此外,经过复现实验,Paul 还提出了另一个 issue,他发现即便明确拒绝同意并退出遥测,遥测信息还是会被发送。这一情况的复现率也为 100%。
在 2016 年那条添加遥测同意设置的 PR 下,又有网友展开了新的讨论。其中一名用户说道,“按目前的情况,这可能违反了 GDPR(General Data Protection Regulation,一般数据保护条例)。”