vcpkg/docs/about/privacy.md

# Vcpkg telemetry and privacy

vcpkg collects telemetry data to understand usage issues, such as failing packages, and to guide tool improvements. The collected data is anonymous.
For more information about how Microsoft protects your privacy, see https://privacy.microsoft.com/en-US/privacystatement#mainenterprisedeveloperproductsmodule

## Scope

We explicitly ONLY collect information from invocations of the tool itself; we do NOT add any tracking information into the produced libraries. Telemetry is collected when using any of the `vcpkg` commands.

## How to opt out

The vcpkg telemetry feature is enabled by default. In order to opt-out of data collection, you can re-run the boostrap script with the following flag, for Windows and Linux/OSX, respectively:

```PS> .\bootstrap-vcpkg.bat -disableMetrics```

```~/$ ./bootstrap-vcpkg.sh -disableMetrics```

## Disclosure

vcpkg displays text similar to the following when you build vcpkg. This is how Microsoft notifies you about data collection.

```
Telemetry
---------
vcpkg collects usage data in order to help us improve your experience.
The data collected by Microsoft is anonymous.
You can opt-out of telemetry by re-running the bootstrap-vcpkg script with -disableMetrics,
passing --disable-metrics to vcpkg on the command line,
or by setting the VCPKG_DISABLE_METRICS environment variable.

Read more about vcpkg telemetry at docs/about/privacy.md
```

## Data Collected

The telemetry feature doesn't collect personal data, such as usernames or email addresses. It doesn't scan your code and doesn't extract project-level data, such as name, repository, or author. The data is sent securely to Microsoft servers and held under restricted access.

Protecting your privacy is important to us. If you suspect the telemetry is collecting sensitive data or the data is being insecurely or inappropriately handled, file an issue in the Microsoft/vcpkg repository or send an email to vcpkg@microsoft.com for investigation.

We collect various telemetry events such as the command line used, the time of invocation, and how long execution took. Some commands also add additional calculated information (such as the full set of libraries to install). We generate a completely random UUID on first use and attach it to each event.

You can see the telemetry events any command by appending `--printmetrics` after the vcpkg command line.

In the source code (included in `toolsrc\`), you can search for calls to the functions `track_property()`, `track_feature()`, `track_metric()`, and `track_buildtime()`
to see every specific data point we collect.

## Avoid inadvertent disclosure information

vcpkg contributors and anyone else running a version of vcpkg that they built themselves should consider the path to their source code. If a crash occurs when using vcpkg, the file path from the build machine is collected as part of the stack trace and isn't hashed.
Because of this, builds of vcpkg shouldn't be located in directories whose path names expose personal or sensitive information.
Update privacy.md 2019-11-15 05:21:54 +08:00			`# Vcpkg telemetry and privacy`
Initial commit 2016-09-19 11:50:08 +08:00
[vcpkg] update telemetry 2019-11-15 05:12:36 +08:00			`vcpkg collects telemetry data to understand usage issues, such as failing packages, and to guide tool improvements. The collected data is anonymous.`
[vcpkg metrics] Allow someone to opt out after build (#11542) * [vcpkg metrics] start using json library Additionally, add floats to the JSON library since they're required. * [vcpkg metrics] allow users to disable metrics after the build Additionally, as a drive by, fix UUID generation * fix metrics data * code review 2020-05-30 05:09:03 +08:00			`For more information about how Microsoft protects your privacy, see https://privacy.microsoft.com/en-US/privacystatement#mainenterprisedeveloperproductsmodule`
Initial commit 2016-09-19 11:50:08 +08:00
Update privacy.md 2019-11-15 05:21:54 +08:00			`## Scope`
Initial commit 2016-09-19 11:50:08 +08:00
update telemetry 2019-11-23 07:07:00 +08:00			We explicitly ONLY collect information from invocations of the tool itself; we do NOT add any tracking information into the produced libraries. Telemetry is collected when using any of the `vcpkg` commands.
[vcpkg] update telemetry 2019-11-15 05:12:36 +08:00
Update privacy.md 2019-11-15 05:21:54 +08:00			`## How to opt out`
Initial commit 2016-09-19 11:50:08 +08:00
[vcpkg] update telemetry 2019-11-15 05:12:36 +08:00			`The vcpkg telemetry feature is enabled by default. In order to opt-out of data collection, you can re-run the boostrap script with the following flag, for Windows and Linux/OSX, respectively:`
Update documentation 2018-06-09 07:33:38 +08:00
Make bootstrap.bat parameters match bootstrap.sh 2018-06-13 08:12:33 +08:00			```PS> .\bootstrap-vcpkg.bat -disableMetrics```
Update documentation 2018-06-09 07:33:38 +08:00
Fix slash 2018-06-12 04:26:16 +08:00			```~/$ ./bootstrap-vcpkg.sh -disableMetrics```
Update doc 2018-06-09 09:33:27 +08:00
Update privacy.md 2019-11-15 05:21:54 +08:00			`## Disclosure`
[vcpkg] update telemetry 2019-11-15 05:12:36 +08:00
			`vcpkg displays text similar to the following when you build vcpkg. This is how Microsoft notifies you about data collection.`

			```
			`Telemetry`
			`---------`
[vcpkg metrics] Allow someone to opt out after build (#11542) * [vcpkg metrics] start using json library Additionally, add floats to the JSON library since they're required. * [vcpkg metrics] allow users to disable metrics after the build Additionally, as a drive by, fix UUID generation * fix metrics data * code review 2020-05-30 05:09:03 +08:00			`vcpkg collects usage data in order to help us improve your experience.`
			`The data collected by Microsoft is anonymous.`
			`You can opt-out of telemetry by re-running the bootstrap-vcpkg script with -disableMetrics,`
			`passing --disable-metrics to vcpkg on the command line,`
			`or by setting the VCPKG_DISABLE_METRICS environment variable.`
[vcpkg] update telemetry 2019-11-15 05:12:36 +08:00
			`Read more about vcpkg telemetry at docs/about/privacy.md`
			```

Update privacy.md 2019-11-15 05:21:54 +08:00			`## Data Collected`
[vcpkg] update telemetry 2019-11-15 05:12:36 +08:00
			`The telemetry feature doesn't collect personal data, such as usernames or email addresses. It doesn't scan your code and doesn't extract project-level data, such as name, repository, or author. The data is sent securely to Microsoft servers and held under restricted access.`

			`Protecting your privacy is important to us. If you suspect the telemetry is collecting sensitive data or the data is being insecurely or inappropriately handled, file an issue in the Microsoft/vcpkg repository or send an email to vcpkg@microsoft.com for investigation.`

			`We collect various telemetry events such as the command line used, the time of invocation, and how long execution took. Some commands also add additional calculated information (such as the full set of libraries to install). We generate a completely random UUID on first use and attach it to each event.`
Initial commit 2016-09-19 11:50:08 +08:00
Update privacy.md 2019-11-15 05:21:54 +08:00			You can see the telemetry events any command by appending `--printmetrics` after the vcpkg command line.

[vcpkg manifest] Manifest Implementation (#11757) ==== Changes Related to manifests ==== * Add the `manifests` feature flag * This only says whether we look for a `vcpkg.json` in the cwd, not whether we support parsing manifests (for ports, for example) * Changes to the manifests RFC * `"authors"` -> `"maintainers"` * `--x-classic-mode` -> `-manifests` \in `vcpkg_feature_flags` * reserve `"core"` in addition to `"default"`, since that's already reserved for features * Add a small helper note about what identifiers must look like * `<license-string>`: SPDX v3.8 -> v3.9 * `"feature"."description"` is allowed to be an array of strings as well * `"version"` -> `"version-string"` for forward-compat with versions RFC * Add the `--feature-flags` option * Add the ability to turn off feature flags via passing `-<feature-flag>` to `VCPKG_FEATURE_FLAGS` or `--feature-flags` * Add CMake toolchain support for manifests * Requires either: * a feature flag of `manifests` in either `Env{VCPKG_FEATURE_FLAGS}` or `VCPKG_FEATURE_FLAGS` * Passing the `VCPKG_ENABLE_MANIFESTS` option * The toolchain will install your packages to `${VCPKG_MANIFEST_DIR}/vcpkg_installed`. * Add MSBuild `vcpkg integrate install` support for manifests * Requires `VcpkgEnableManifest` to be true * `vcpkg create` creates a port that has a `vcpkg.json` instead of a `CONTROL` * argparse, abseil, 3fd, and avisynthplus ports switched to manifest from CONTROL * Add support for `--x-manifest-root`, as well as code for finding it if not passed * Add support for parsing manifests! * Add a filesystem lock! ==== Important Changes which are somewhat unrelated to manifests ==== * Rename `logicexpression.{h,cpp}` to `platform-expression.{h,cpp}` * Add `PlatformExpression` type which takes the place of the old logic expression * Split the parsing of platform expressions from checking whether they're true or not * Eagerly parse PlatformExpressions as opposed to leaving them as strings * Add checking for feature flag consistency * i.e., if `-binarycaching` is passed, you shouldn't be passing `--binarysource` * Add the `Json::Reader` type which, with the help of user-defined visitors, converts JSON to your internal type * VcpkgArgParser: place the switch names into a constant as opposed to using magic constants * In general update the parsing code so that this ^ works * Add `Port-Version` fields to CONTROL files * This replaces the existing practice of `Version: <my-version>-<port-version>` ==== Smaller changes ==== * small drive-by cleanups to some CMake * `${_VCPKG_INSTALLED_DIR}/${VCPKG_TARGET_TRIPLET}` -> `${CURRENT_INSTALLED_DIR}` * Remove `-analyze` when compiling with clang-cl, since that's not a supported flag (vcpkg's build system) * Add a message about which compiler is detected by vcpkg's build system machinery * Fix `Expected::then` * Convert `""` to `{}` for `std::string` and `fs::path`, to avoid a `strlen` (additionally, `.empty()` instead of `== ""`, and `.clear()`) * Add `Strings::strto` which converts strings to numeric types * Support built-in arrays and `StringView` for `Strings::join` * Add `operator<` and friends to `StringView` * Add `substr` to `StringView` * SourceParagraphParser gets some new errors 2020-07-01 01:40:18 +08:00			In the source code (included in `toolsrc\`), you can search for calls to the functions `track_property()`, `track_feature()`, `track_metric()`, and `track_buildtime()`
			`to see every specific data point we collect.`
Initial commit 2016-09-19 11:50:08 +08:00
[vcpkg metrics] Allow someone to opt out after build (#11542) * [vcpkg metrics] start using json library Additionally, add floats to the JSON library since they're required. * [vcpkg metrics] allow users to disable metrics after the build Additionally, as a drive by, fix UUID generation * fix metrics data * code review 2020-05-30 05:09:03 +08:00			`## Avoid inadvertent disclosure information`
Initial commit 2016-09-19 11:50:08 +08:00
[vcpkg] update telemetry 2019-11-15 05:12:36 +08:00			`vcpkg contributors and anyone else running a version of vcpkg that they built themselves should consider the path to their source code. If a crash occurs when using vcpkg, the file path from the build machine is collected as part of the stack trace and isn't hashed.`
Update privacy.md 2019-11-15 05:21:54 +08:00			`Because of this, builds of vcpkg shouldn't be located in directories whose path names expose personal or sensitive information.`