FreeNAS capturing private information

[JoshDW19]

I understand that GDPR is very broad in what it considers personal information, but as an American with no business contacts in .eu, it's mainly a matter of curiosity for me--I'd expect that you actually need to comply with it though. But my point was less about strict compliance with that legislation, than about the situations/concerns that lead to such legislation (poor as it is) being enacted. Again, even stipulating everything I previously mentioned, you're collecting data from your end users without their knowledge or consent, and with no way to opt out. That your devs found the time to code in the data collection apparatus, but not time to code in a checkbox to turn it off (or, really, to turn it on, which should be the case) doesn't speak well of your "do the right thing" bona fides.

The GDPR is broad in a lot of places but it gets pretty specific about the type of data you can collect and how it should be managed. It does depend on the type of use though. If I'm collecting a lot of personal information say on a forum, then there are additional steps according to GDPR that I have to abide by. However, for anonymous data, then the GDPR does not apply. Information about anonymous data can be found in Recital 26 of the GDPR.

Regardless, I agree with you and I can understand your frustration. Transparency is important and we should have done a better job of communicating the change. One thing I will say is there is a way to opt-out as we discussed earlier by issuing a middleware command. Going forward, we have a plan in place to make sure this doesn't happen again and will make sure there is an easy and clear way to disable error reporting from the GUI.

Thanks everyone,

Josh

 

[alexr]

FWIW, server names and file paths can easily contain PII.

I've had the same concern several times while looking at the freenas_debug output. It would worthwhile to automatically scrub known PII-type data (e.g. MAC addresses, hostname, etc.) when preparing these dumps.

 

[MatthewSteinhoff]

I'm glad iXsystems is making data/error collection opt-in. I'm sad it took them a couple weeks to own up to what was going on. Still, better than most companies I work with.

I don't mind giving up diagnostic information on betas and release candidates and even wouldn't mind that being the default (with opt-out available) for those distributions. At full production release, however, it should be opt-in if at all.

As much as this irritates me, iXsystems is working toward doing right and seems more sloppy than sinister. Just as they learned from the Corral fiasco, I doubt they'll make this mistake again. As someone who hasn't paid them a dime (though I'd be happy to), my level of ire is held in check.

Cheers,
Matt

 

[danb35]

One thing I will say is there is a way to opt-out as we discussed earlier by issuing a middleware command.

...but you also said:

I was told this option works for middleware only

...which suggests that there are parts of the data collection it doesn't disable. If I've misunderstood that, that's good to know.

 

[JoshDW19]

...but you also said:

...which suggests that there are parts of the data collection it doesn't disable. If I've misunderstood that, that's good to know.

Oh I think we misunderstood each other. That middleware command will disable the collection altogether. I just meant there's not a GUI option yet.

 

[danb35]

Yes, that clarifies it. Thanks.

 

[JoshDW19]

JoshDW19, can u give us the link to the ticket please?

Yes. Here's the ticket governing this specific issue.

https://redmine.ixsystems.com/issues/64392

 

[fracai]

our goal is to be transparent when we collect data and we're going to make sure that we address this promptly

Yes. Here's the ticket governing this specific issue.

https://redmine.ixsystems.com/issues/64392

Thanks, but that says it's targeted at 11.3, which isn't scheduled for release until the end of May, over 4 months away. That doesn't sound very "prompt".

In the mean time, is there a document that describes what data is collected (the more detailed the better), where it is sent (at least any hostnames sentry.ixsystems.com?), and when it is collected(scheduled, on GUI action, on crash, reboot, etc.)?

 

[Kris Moore]

Just thought I'd chime in here. While we are working on the ability to disable Sentry entirely (via the UI), I wanted to quickly clarify on how Sentry is setup / used on our end. Right now we have enabled the Privacy-scrubbing options, as well as option to not store IP addresses:

https://docs.sentry.io/data-management/sensitive-data/

We'll be keeping an eye on this, since even if folks opt-in, we want to keep the data fully anonymous at all times. We only care about the debug output so we know when stuff breaks.

 

[Chris Moore]

Aaaaaaand for everyone who puzzles at policies such as "administrative workstations shall not have Internet access" ... a classic example of why.

Exactly why we have whole networks that are air-gaped from each other and from the internet. It isn't just to keep Microsoft from pushing unwanted updates.