Wacom Drawing Tablets Track the Name of Every Application That You Open (robertheaton.com) 73
Software engineer Robert Heaton writes: Last week I set up my tablet on my new laptop. As part of installing its drivers I was asked to accept Wacom's privacy policy. Being a mostly-normal person I never usually read privacy policies. Instead I vigorously hammer the "yes" button in an effort to reach the game, machine, or medical advice on the other side of the agreement as fast as possible. But Wacom's request made me pause. Why does a device that is essentially a mouse need a privacy policy? I wondered. Sensing skullduggery, I decided to make an exception to my anti-privacy-policy-policy and give this one a read.
In Wacom's defense (that's the only time you're going to see that phrase today), the document was short and clear, although as we'll see it wasn't entirely open about its more dubious intentions. In addition, despite its attempts to look like the kind of compulsory agreement that must be accepted in order to unlock the product behind it, as far as I can tell anyone with the presence of mind to decline it could do so with no adverse consequences. With that attempt at even-handedness out the way, let's get kicking. In section 3.1 of their privacy policy, Wacom wondered if it would be OK if they sent a few bits and bobs of data from my computer to Google Analytics, "[including] aggregate usage data, technical session information and information about [my] hardware device." The half of my heart that cares about privacy sank. The other half of my heart, the half that enjoys snooping on snoopers and figuring out what they're up to, leapt. It was a disjointed feeling, probably similar to how it feels to get mugged by your favorite TV magician.
In Wacom's defense (that's the only time you're going to see that phrase today), the document was short and clear, although as we'll see it wasn't entirely open about its more dubious intentions. In addition, despite its attempts to look like the kind of compulsory agreement that must be accepted in order to unlock the product behind it, as far as I can tell anyone with the presence of mind to decline it could do so with no adverse consequences. With that attempt at even-handedness out the way, let's get kicking. In section 3.1 of their privacy policy, Wacom wondered if it would be OK if they sent a few bits and bobs of data from my computer to Google Analytics, "[including] aggregate usage data, technical session information and information about [my] hardware device." The half of my heart that cares about privacy sank. The other half of my heart, the half that enjoys snooping on snoopers and figuring out what they're up to, leapt. It was a disjointed feeling, probably similar to how it feels to get mugged by your favorite TV magician.
Users trained to just click Accept (Score:5, Insightful)
Re: (Score:2)
Around 2002 or so one of the more popular legal-oriented web sites (Groklaw, I think) changed their web site usage police to include a phrase similar to "By clicking OK the user hereby agrees to hand over perpetual custody of their first-born child to the owners of this web site." They inserted this in the third or fourth paragraph and required users to click through to acknowledge accepting the usage policy change. After three months in which not a single user noticed they published the results of their
Re: (Score:2, Funny)
"By clicking OK the user hereby agrees to hand over perpetual custody of their first-born child to the owners of this web site."
I'm surprised that a few parents didn't take them up on their generous offer. It would be a great way to get some post-school kids out of the house.
Re: (Score:3)
Re: (Score:2)
I think it is time to legislate that click-through agreements do not meet the minimum bar of informed consent.
Except what is? Pretty much everything requires an agreement. Without the ability for that to be click through, or implied acceptance when opening the product (provided you were capable of reading it in the first place) what minimum bar do you put in?
Hey cool I just bought my new {insert cool thing}, I look forward to using it once the company sends me the unlock code in exchange for the signed affidavit I sent in saying I completely read through their agreement.
Re:Users trained to just click Accept (Score:5, Insightful)
No, each thing I buy doesn't require a unique agreement to use it. I can go to a retailer and buy some shit and the only thing I have to agree to is how much money to hand over.
Just because something has silicon and electronics in it doesn't mean it shouldn't also be this way.
Re: Users trained to just click Accept (Score:2)
Re: (Score:1)
Re: (Score:2)
I wonder if they do this in the EU (Score:2)
In the EU they have to ask for explicit, clear opt-in permission. Text buried in a privacy policy isn't enough, it needs to clearly ask the user if they want to allow this data collection with a separate yes/no opt-in, defaulting to no.
I'm going to try to install their drivers in a VM to test.
Re:I wonder if they do this in the EU (Score:5, Informative)
Re: I wonder if they do this in the EU (Score:2)
And we sing the The Star-Spangled Banner while business gives us the business. U!S!A!U!S!A!
Re: (Score:2)
Until, of course, their data is released in the wild. Then it's a matter of 'national security'.
Re:I wonder if they do this in the EU (Score:4, Informative)
Consensual oral sex (which she boasted about to friends) is a rape? When did that change?
Re: (Score:2)
I'm sorry, I just do NOT buy into all this "they were too powerful over me, so I said yes and took my clothes off and fucked, but I wasn't in control....
Really?
At this point in our lives, we're all supposed to be "adults" making adult
Re: (Score:3)
Oh, gods, this absurdity again. So every groupie who threw herself/himself at a rock star or actor was a rape victim. Right.
By all the gods above, below and nonexistent I will never understand the stupidities that conservatives so eagerly embrace.
Re: (Score:2)
power dynamic of an intern and the President of the United States makes 'consent' an impossibility.
The problem with this view is that it insists upon aristocracy. If you copulate outside of your caste, one of the parties is a rapist.
Re: (Score:2, Informative)
A) Consensual sex is not rape.
B) Whether he had sex with another woman was in no way an impeachable offense since it was not related to his job.
C) The precedent has now been set that a president, any president, can ignore the rule of law and not turn over documents requested by Congress.
D) The precedent has also been set that a president, any president, can now withhold aid from foreign governments unless they cough up information, even if it's fake information, on a political opponent.
E) The precedent has
Re: (Score:1)
It's not consensual. There can be no consent between a man in the power structure and a woman below him. Didn't you get the workplace training? Sex without consent is rape.
Sad to see DNS-and-BIND diminishing actual rape victims with his unfortunate ill-informed remarks.
He was impeached for lying about it, although he should have resigned once the details of the rape became public. You know, he would have gotten away scot-free if his rape victim didn't keep the semen-stained dress unwashed in her closet. Eww
There are plenty of actual rape allegations against Clinton that it is not necessary to cheapen actual rape victims with such uninformed garbage.
Oh knock off the histronics. Biden was the one threatening a foreign government. Imperial, what a laugh. It's not rigged, you're just losing.
Threats are what United States foreign policy are all about. There are whole federal bureaucracies dedicated to administering and following thru on threats such as the Office of Foreign Assets Control.
The reason Trump was impeached was not because he made a threat. I
Re:I wonder if they do this in the EU (Score:5, Informative)
I just tried installing the Wacom driver. It presented the privacy policy which seems to be different to the one in TFA because it doesn't mention data collection.
Looks like it noticed that you are in the EU and disables data collection, or at least I hope it does. It certainly doesn't ask permission to collect it.
Re: (Score:2)
In other words, when you install something, pretend you're a EU citizen if you value your privacy...
Re: (Score:2)
I dislike distinctions like this. Data collection is not all evil. The info about what apps you're using can help them better tailor which programs their drivers work with, as well as track down crashes and incompatibilities more quickly. People who exempt themselves from it essentially become leechers - getti
Re: (Score:2)
This is interesting.
I recently had to remove and re-install Wacom drivers for my pen/tablet.
Wacom customer support gave me this like to work here HERE [wacom.com].
Look at the section where it mentions doing the re-install:
Re: (Score:2)
I dislike distinctions like this. Data collection is not all evil.
It's uncategorically evil if you don't ask first.
The info about what apps you're using can help them better tailor which programs their drivers work with, as well as track down crashes and incompatibilities more quickly. People who exempt themselves from it essentially become leechers - getting these benefits without giving up anything themselves.
It's what testing, focus groups, soliciting and listening to customer feedback is about. You know actually developing a relationship with your customers. This notion that you need to collect data from people behind their back to make products "better" is indefensible, lazy and a receipt for people to gather metrics which comport to their presuppositions.
Like people who use Google Maps' traffic while not allowing Google to track their location for generating traffic data. Or who expect blood to be available at the hospital if they're injured, while not donating blood themselves.
Is Wacom a charity? Are they giving their products away for free?
It's better if everyone is treated the same - everyone's data is collected, or nobody's data is collected.
Or they could... you know....... ASK...
Re: (Score:1)
Re: (Score:2)
If you want to know what applications I use, ASK ME. If, and only if, I'm inclined to tell you, I will.
Re: (Score:2)
How well does this work for people who don't even know what all applications are installed on their computers?
Re: (Score:2)
In this case you might want to inform people about your application being on their computer. If they know or should know and don't report in, chances are that they don't use your application.
Applications installed but not in active use (Score:2)
If they know or should know and don't report in, chances are that they don't use your application.
I'm thinking of two scenarios: an application that came installed when the user bought a computer, or an application that the user installed long ago and then forgot about. Even though the user does not actively use these applications, they may still have lingering background processes that interfere with the tablet's ability to adapt the workspace scaling or other application-specific features.
And even if a user is technical enough to enumerate all foreground and background processes, I doubt that a user c
Re: (Score:2)
In this case, ask me to run a program you provide for the express purpose of collecting my running processes to help me troubleshoot a problem.
Which gets us back to the ASK ME part. No matter how you spin it, there is simply no reason to collect data behind my back.
Re: (Score:2)
If the Wacom driver installer is anything like a typical Microsoft installer since the introduction of the Customer Experience Improvement Program, it probably did ask the user during the installation wizard. Perhaps the problem is that users forget not only what they have installed but also what they have agreed to.
Re: (Score:3)
Aha! So:
(1) Use a VPN when you install the drivers for your WACOM tablet.
(2) Set your location to an EU country.
(3) Profit.
Re: (Score:2)
If they haven't pulled the plug on the whole thing, as they seem to have done with the author I think there's one important thing to keep in mind for you or anyone else trying to use gdpr; _unless it can be established that personal data is collected everything else becomes moot_.
I'd suggest that you contact wacom and ask for your data in accordance with the right to access gdpr article 15: https://en.wikipedia.org/wiki/... [wikipedia.org] I'm anticipating that they'll say that there is no personable identifiable data, bu
Possibly (Score:3)
Re:Possibly (Score:4, Informative)
That might explain why the wacom drivers on your machine need to know which application is active, but it doesn't explain why they need to send that information anywhere else.
Re: (Score:2)
That might explain why the wacom drivers on your machine need to know which application is active, but it doesn't explain why they need to send that information anywhere else.
Exactly!
That's explained by the Kickback from Google to Wacom.
Re: (Score:2)
But they're not "giving" the data to Google. They're using Google Analytics, the web service. Google is a cloud provider, Wacom is their customer. It's still Wacom's data, Wacom is just using Google services. This would be the same as saying that if you pay for AWS you're "giving" your data to Amazon.
Re: (Score:2)
Point being: no data is going to Google, and they're not paying Wacom for it. Wacom is paying Google to use the Google Analytics platform to collect data for Wacom's use.
It is useful information (Score:3)
Wacom wants to know what applications people are using so they can concentrate on the important applications for their users. I don't have a huge problem with this. I have a Wacom tablet as well, and I want Wacom to know that Photoshop isn't the only image editing program out there (I use Affinity Photo), so they can ensure their product works well with it.
But sending this to Google is annoying.
Re: It is useful information (Score:1)
Re: (Score:2)
Assuming users register their devices, would a questionnaire not answer the same question far less invasively?
Re: (Score:3)
Assuming users register their devices, would a questionnaire not answer the same question far less invasively?
Maybe for week 1, month 1, or even year 1, but do you only ever use the same applications on your computer? I imagine that creative types that use a Wacom tablet are trying out programs more often than replacing the tablet and, I imagine, this information wouldn't get regularly updated. This would make it difficult for them to support newer or more obscure applications that weren't part of the survey or weren't expected to be used when the users completed the survey the day they registered.
Please don't as
Re: (Score:2)
Re: (Score:2)
Presumably sales are ongoing so there's always new registrations. If that sample isn't large enough, or they're not selling the product anymore, it's highly unlikely they'd be going out of their way to fix an incompatibility anyway.
Somehow I doubt that end users always know what programs they're going to end up using the tablet for, regardless of how well informed they are on the application front of their industry. I've often found myself using software with a piece of hardware that I never thought I'd use together and I'd imagine people who can draw decently (a subset of the populace I am not part of) would be in a similar situation.
They could also have a normal bug report system and feedback option. But that wouldn't yield data they could monetize.
You trust normal end users to file useful bugs and feedback?
Re: (Score:2)
Re: (Score:2)
Because white lists don't work and would marginalise small starting companies. I prefer them to know you're using TorBrowser (and ignoring you like they are) than to have my device only tested with {insert mega popular commercial program here}
Re: (Score:2)
underlord, overlord, sidelord tap dance (Score:2)
Spy on me fine, but don't use a middle-man. As if any IT service on this planet in 2020s is middle-man free.
Of course, down the road, when Equifax purchases Wacom, you've got no defense there either. Because all these contracts have a hemorrhagic fever clause.
Re: It is useful information (Score:1)
If they said 'Hey dearest valued customer! It would be nice if you'd share which programs you use with your Wacom tablet, so we can prioritize development and enhancement of our drivers for the applications you use every day; do you consent for us to collect this information y/n'
That would be informational, courteous to your customers, show that you're interested in supporting your customers, and that you're not just being a data vacuum for no resason. Most people would probably click ok anyway.
Hi Rick... who else is out there? (Score:2)
Well, the paranoid part of me says that if the XML response of Rick could be a configuration setting. "Rick" results in just the application information being sent to analytics, but maybe "Bob" results in more nefarious info being collected. It's an unknown, and unacceptable for a company to be collecting data like this. It's done all the time, but that doesn't make it right!
Not on Linux (Score:5, Informative)
Re: (Score:2)
Even for the (new/lat)est models?
Re: (Score:2)
Works on Debian and Ubuntu out of the box. Needs minimum kernal version 3.13 and minumum input-wacom version 2.6.30
builds a case for better tools to monitor and filt (Score:4, Insightful)
I guess that this article builds a strong case for more securely monitoring and filtering outgoing net traffic. I could easily imagine blocking any out going connections to Google analytics would simply block this exfiltration. Time to look at ipchains again...
Re:builds a case for better tools to monitor and f (Score:4, Insightful)
MOD UP.
All of the spying/snooping/analytics IPs and names should be black-holed.
Wrong, Misleading, Fake News (Score:3)
The tablets don't track anything, and drivers for them are built into Windows and Linux. I plug my tablet in, load up Fire Alpaca and go hog wild.
Shitty bundled software is shitty bundled software and shitty bundled software does what shitty bundled software does.
Re: (Score:3)
Yes, they track stuff, and they've been doing it for years. The question is how much data they send back home.
I have an Intuos 1, one of the oldest tablets in the series that I've been using under XP for ages. When I updated to Win7, I also updated to the newest driver, and immediately I noticed a HUGE amount of input lag that wasn't there before. After I investigated a bit using Process Monitor, I found the new driver streams all of your inputs (both movements and selections) to a log file. Constantly.
What's with the creative writing? (Score:1)
How to Opt-Out (Score:5, Informative)
The driver allows you to customize the various buttons and / or remotes, pen settings, touch settings, and other paramaeers associated with the Cintiqs.
( WHY they need to send this data anywhere is a mystery as the tablets run just fine without it )
If you're running Windows 10, here's how you opt out:
Start -> Wacom Tablet -> Wacom Desktop Center -> More ( right side of window ) -> Privacy Settings
From here it's a simple matter to turn off the " Participate in the Wacom Experience Program ".
( Make sure to recheck this setting if you ever update the driver to ensure it stays off )
If you're truly paranoid about it, block it at the firewall.
Re: (Score:2)
MOD_UP informative
drives supplied with OS (Score:2)
that's why i like that linux has all the drivers build into the kernel, which are open source, with exception if you're using nvidia for example.
sure, some hardware might not work, but what do you care about most?