mirror/vcpkg
1
0
Fork 0
mirror of https://github.com/microsoft/vcpkg.git synced 2024-11-24 05:19:06 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Update privacy.md

Browse Source
This commit is contained in:
dan-shaw 2019-11-14 13:21:54 -08:00 committed by GitHub
parent 552296a741
commit 4984408bed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
docs/about/privacy.md
View File

@ -1,9 +1,9 @@
## vcpkg telemetry and privacy
# Vcpkg telemetry and privacy
vcpkg collects telemetry data to understand usage issues, such as failing packages, and to guide tool improvements. The collected data is anonymous.
For more information about how Microsoft protects your privacy, see https://privacy.microsoft.com/en-US/privacystatement#mainenterprisedeveloperproductsmodule
# Scope
## Scope
We explicitly ONLY collect information from invocations of the tool itself; we do NOT add any tracking information into the produced libraries. Telemetry is collected when using any of the `vcpkg` commands, such as:
@ -12,7 +12,7 @@ vcpkg install
vcpkg build
```
# How to opt out
## How to opt out
The vcpkg telemetry feature is enabled by default. In order to opt-out of data collection, you can re-run the boostrap script with the following flag, for Windows and Linux/OSX, respectively:
@ -20,7 +20,7 @@ The vcpkg telemetry feature is enabled by default. In order to opt-out of data c
```~/$ ./bootstrap-vcpkg.sh -disableMetrics```
# Disclosure
## Disclosure
vcpkg displays text similar to the following when you build vcpkg. This is how Microsoft notifies you about data collection.
@ -32,7 +32,7 @@ vcpkg collects usage data in order to help us improve your experience. The data
Read more about vcpkg telemetry at docs/about/privacy.md
```
# Data Collected
## Data Collected
The telemetry feature doesn't collect personal data, such as usernames or email addresses. It doesn't scan your code and doesn't extract project-level data, such as name, repository, or author. The data is sent securely to Microsoft servers and held under restricted access.
@ -40,37 +40,11 @@ Protecting your privacy is important to us. If you suspect the telemetry is coll
We collect various telemetry events such as the command line used, the time of invocation, and how long execution took. Some commands also add additional calculated information (such as the full set of libraries to install). We generate a completely random UUID on first use and attach it to each event.
Here is an example of an event for the command line `vcpkg install zlib`. You can see the telemetry events any command by appending `--printmetrics` after the vcpkg command line.
```json
[{
"ver": 1,
"name": "Microsoft.ApplicationInsights.Event",
"time": "2016-09-01T00:19:10.949Z",
"sampleRate": 100.000000,
"seq": "0:0",
"iKey": "aaaaaaaa-4393-4dd9-ab8e-97e8fe6d7603",
"flags": 0.000000,
"tags": {
"ai.device.os": "Windows",
"ai.device.osVersion": "10.0.14912",
"ai.session.id": "aaaaaaaa-7c69-4b83-7d82-8a4198d7e88d",
"ai.user.id": "aaaaaaaa-c9ab-4bf5-0847-a3455f539754",
"ai.user.accountAcquisitionDate": "2016-08-20T00:38:09.860Z"
},
"data": {
"baseType": "EventData",
"baseData": {
"ver": 2,
"name": "commandline_test7",
"properties": { "version":"0.0.30-9b4e44a693459c0a618f370681f837de6dd95a30","cmdline":"install zlib","command":"install","installplan":"zlib:x86-windows" },
"measurements": { "elapsed_us":68064.355736 }
}
}
}]
```
In the source code (included in `toolsrc\`), you can search for calls to the functions `TrackProperty()` and `TrackMetric()` to see every specific data point we collect.
You can see the telemetry events any command by appending `--printmetrics` after the vcpkg command line.
# Avoid inadvertent disclosure information
In the source code (included in `toolsrc\`), you can search for calls to the functions `track_property()` and `track_metric()` to see every specific data point we collect.
## Avoid inadvertent disclosure information
vcpkg contributors and anyone else running a version of vcpkg that they built themselves should consider the path to their source code. If a crash occurs when using vcpkg, the file path from the build machine is collected as part of the stack trace and isn't hashed.
Because of this, builds of vcpkg shouldn't be located in directories whose path names expose personal or sensitive information.
Because of this, builds of vcpkg shouldn't be located in directories whose path names expose personal or sensitive information.