From 552296a74113a7f56babe232e7f554f1279484c5 Mon Sep 17 00:00:00 2001 From: dan-shaw <51385773+dan-shaw@users.noreply.github.com> Date: Thu, 14 Nov 2019 13:12:36 -0800 Subject: [PATCH] [vcpkg] update telemetry --- docs/about/privacy.md | 45 +++++++++++++++++++++++++++-------- scripts/bootstrap.ps1 | 8 +++++++ scripts/bootstrap.sh | 6 +++++ toolsrc/src/vcpkg.cpp | 4 ---- toolsrc/src/vcpkg/build.cpp | 10 +++++++- toolsrc/src/vcpkg/install.cpp | 5 ++-- toolsrc/src/vcpkg/metrics.cpp | 12 +++++++--- 7 files changed, 70 insertions(+), 20 deletions(-) diff --git a/docs/about/privacy.md b/docs/about/privacy.md index 91d7093721c..bc78b234705 100644 --- a/docs/about/privacy.md +++ b/docs/about/privacy.md @@ -1,22 +1,46 @@ +## vcpkg telemetry and privacy -# Privacy and Vcpkg +vcpkg collects telemetry data to understand usage issues, such as failing packages, and to guide tool improvements. The collected data is anonymous. +For more information about how Microsoft protects your privacy, see https://privacy.microsoft.com/en-US/privacystatement#mainenterprisedeveloperproductsmodule -## Do you collect telemetry data? What is it used for? +# Scope -We do collect telemetry data from usage of "vcpkg.exe". We explicitly ONLY collect information from invocations of the tool itself; we do NOT add any tracking information into the produced libraries. We use this information to understand usage issues, such as failing packages, and to guide tool improvements. +We explicitly ONLY collect information from invocations of the tool itself; we do NOT add any tracking information into the produced libraries. Telemetry is collected when using any of the `vcpkg` commands, such as: -## What telemetry is collected? +``` +vcpkg install +vcpkg build +``` -We collect the command line used, the time of invocation, and how long execution took. Some commands also add additional calculated information (such as the full set of libraries to install). We generate a completely random UUID on first use and attach it to each event. -In order to opt-out of data collection, you can re-run the boostrap script with the following flag, for Windows and Linux/OSX, respectively: +# How to opt out + +The vcpkg telemetry feature is enabled by default. In order to opt-out of data collection, you can re-run the boostrap script with the following flag, for Windows and Linux/OSX, respectively: ```PS> .\bootstrap-vcpkg.bat -disableMetrics``` ```~/$ ./bootstrap-vcpkg.sh -disableMetrics``` -For more information about how Microsoft protects your privacy, see https://privacy.microsoft.com/en-us/privacy. +# Disclosure -Here is an example of an event for the command line `vcpkg install zlib`: +vcpkg displays text similar to the following when you build vcpkg. This is how Microsoft notifies you about data collection. + +``` +Telemetry +--------- +vcpkg collects usage data in order to help us improve your experience. The data collected by Microsoft is anonymous. You can opt-out of telemetry by adding -disableMetrics after the bootstrap-vcpkg script. + +Read more about vcpkg telemetry at docs/about/privacy.md +``` + +# Data Collected + +The telemetry feature doesn't collect personal data, such as usernames or email addresses. It doesn't scan your code and doesn't extract project-level data, such as name, repository, or author. The data is sent securely to Microsoft servers and held under restricted access. + +Protecting your privacy is important to us. If you suspect the telemetry is collecting sensitive data or the data is being insecurely or inappropriately handled, file an issue in the Microsoft/vcpkg repository or send an email to vcpkg@microsoft.com for investigation. + +We collect various telemetry events such as the command line used, the time of invocation, and how long execution took. Some commands also add additional calculated information (such as the full set of libraries to install). We generate a completely random UUID on first use and attach it to each event. + +Here is an example of an event for the command line `vcpkg install zlib`. You can see the telemetry events any command by appending `--printmetrics` after the vcpkg command line. ```json [{ "ver": 1, @@ -46,6 +70,7 @@ Here is an example of an event for the command line `vcpkg install zlib`: ``` In the source code (included in `toolsrc\`), you can search for calls to the functions `TrackProperty()` and `TrackMetric()` to see every specific data point we collect. -## Is the data stored on my system? +# Avoid inadvertent disclosure information -We store each event document in your temporary files directory. These will be cleaned out whenever you clear your temporary files. +vcpkg contributors and anyone else running a version of vcpkg that they built themselves should consider the path to their source code. If a crash occurs when using vcpkg, the file path from the build machine is collected as part of the stack trace and isn't hashed. +Because of this, builds of vcpkg shouldn't be located in directories whose path names expose personal or sensitive information. \ No newline at end of file diff --git a/scripts/bootstrap.ps1 b/scripts/bootstrap.ps1 index d2632e57be7..ce92f0c821c 100644 --- a/scripts/bootstrap.ps1 +++ b/scripts/bootstrap.ps1 @@ -412,6 +412,14 @@ if ($ec -ne 0) } Write-Host "`nBuilding vcpkg.exe... done.`n" +Write-Host @" +Telemetry +--------- +vcpkg collects usage data in order to help us improve your experience. The data collected by Microsoft is anonymous. You can opt-out of telemetry by adding -disableMetrics after the bootstrap-vcpkg.bat script. +Read more about vcpkg telemetry at docs/about/privacy.md + +"@ + Write-Verbose "Placing vcpkg.exe in the correct location" Copy-Item "$vcpkgReleaseDir\vcpkg.exe" "$vcpkgRootDir\vcpkg.exe" diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 55859d1f82e..4ebe970f6a2 100644 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -262,3 +262,9 @@ mkdir -p "$buildDir" rm -rf "$vcpkgRootDir/vcpkg" cp "$buildDir/vcpkg" "$vcpkgRootDir/" + +echo "Telemetry" +echo "---------" +echo "vcpkg collects usage data in order to help us improve your experience. The data collected by Microsoft is anonymous. You can opt-out of telemetry by adding -disableMetrics after the bootstrap-vcpkg.sh script." +echo "Read more about vcpkg telemetry at docs/about/privacy.md" +echo "" \ No newline at end of file diff --git a/toolsrc/src/vcpkg.cpp b/toolsrc/src/vcpkg.cpp index 9cd0ddf190f..c336d2f63a5 100644 --- a/toolsrc/src/vcpkg.cpp +++ b/toolsrc/src/vcpkg.cpp @@ -304,7 +304,6 @@ int main(const int argc, const char* const* const argv) SetConsoleCP(CP_UTF8); SetConsoleOutputCP(CP_UTF8); - const std::string trimmed_command_line = trim_path_from_command_line(Strings::to_utf8(GetCommandLineW())); #endif Checks::register_global_shutdown_handler([]() { @@ -335,9 +334,6 @@ int main(const int argc, const char* const* const argv) { auto locked_metrics = Metrics::g_metrics.lock(); locked_metrics->track_property("version", Commands::Version::version()); -#if defined(_WIN32) - locked_metrics->track_property("cmdline", trimmed_command_line); -#endif } System::register_console_ctrl_handler(); diff --git a/toolsrc/src/vcpkg/build.cpp b/toolsrc/src/vcpkg/build.cpp index 618e4126bae..c606594af6f 100644 --- a/toolsrc/src/vcpkg/build.cpp +++ b/toolsrc/src/vcpkg/build.cpp @@ -580,7 +580,15 @@ namespace vcpkg::Build { auto locked_metrics = Metrics::g_metrics.lock(); - locked_metrics->track_buildtime(spec.to_string() + ":[" + Strings::join(",", config.feature_list) + "]", + + locked_metrics->track_buildtime(Hash::get_string_hash(spec.to_string(), Hash::Algorithm::Sha256) + ":[" + + Strings::join(",", + config.feature_list, + [](std::string feature) { + return Hash::get_string_hash(feature, + Hash::Algorithm::Sha256); + }) + + "]", buildtimeus); if (return_code != 0) { diff --git a/toolsrc/src/vcpkg/install.cpp b/toolsrc/src/vcpkg/install.cpp index 21be2d7b0f8..d1c4a4b2d88 100644 --- a/toolsrc/src/vcpkg/install.cpp +++ b/toolsrc/src/vcpkg/install.cpp @@ -1,6 +1,7 @@ #include "pch.h" #include +#include #include #include #include @@ -690,9 +691,9 @@ namespace vcpkg::Install // log the plan const std::string specs_string = Strings::join(",", action_plan, [](const AnyAction& action) { if (auto iaction = action.install_action.get()) - return iaction->spec.to_string(); + return Hash::get_string_hash(iaction->spec.to_string(), Hash::Algorithm::Sha256); else if (auto raction = action.remove_action.get()) - return "R$" + raction->spec.to_string(); + return "R$" + Hash::get_string_hash(raction->spec.to_string(), Hash::Algorithm::Sha256); Checks::unreachable(VCPKG_LINE_INFO); }); diff --git a/toolsrc/src/vcpkg/metrics.cpp b/toolsrc/src/vcpkg/metrics.cpp index b8c55919e88..7aaa852c307 100644 --- a/toolsrc/src/vcpkg/metrics.cpp +++ b/toolsrc/src/vcpkg/metrics.cpp @@ -184,9 +184,15 @@ namespace vcpkg::Metrics if (buildtime_names.size() > 0) { if (props_plus_buildtimes.size() > 0) props_plus_buildtimes.push_back(','); - props_plus_buildtimes.append(Strings::format(R"("buildnames": [%s], "buildtimes": [%s])", - Strings::join(",", buildtime_names, to_json_string), - Strings::join(",", buildtime_times))); + props_plus_buildtimes.append( + Strings::format(R"("buildnames": [%s], "buildtimes": [%s])", + Strings::join(",", + buildtime_names, + [](std::string buildname) { + return to_json_string(vcpkg::Hash::get_string_hash( + buildname, Hash::Algorithm::Sha256)); + }), + Strings::join(",", buildtime_times))); } const std::string& session_id = get_session_id();