Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security

Wacom Drawing Tablets Track the Name of Every Application That You Open (robertheaton.com) 73

Software engineer Robert Heaton writes: Last week I set up my tablet on my new laptop. As part of installing its drivers I was asked to accept Wacom's privacy policy. Being a mostly-normal person I never usually read privacy policies. Instead I vigorously hammer the "yes" button in an effort to reach the game, machine, or medical advice on the other side of the agreement as fast as possible. But Wacom's request made me pause. Why does a device that is essentially a mouse need a privacy policy? I wondered. Sensing skullduggery, I decided to make an exception to my anti-privacy-policy-policy and give this one a read.

In Wacom's defense (that's the only time you're going to see that phrase today), the document was short and clear, although as we'll see it wasn't entirely open about its more dubious intentions. In addition, despite its attempts to look like the kind of compulsory agreement that must be accepted in order to unlock the product behind it, as far as I can tell anyone with the presence of mind to decline it could do so with no adverse consequences. With that attempt at even-handedness out the way, let's get kicking. In section 3.1 of their privacy policy, Wacom wondered if it would be OK if they sent a few bits and bobs of data from my computer to Google Analytics, "[including] aggregate usage data, technical session information and information about [my] hardware device." The half of my heart that cares about privacy sank. The other half of my heart, the half that enjoys snooping on snoopers and figuring out what they're up to, leapt. It was a disjointed feeling, probably similar to how it feels to get mugged by your favorite TV magician.

This discussion has been archived. No new comments can be posted.

Wacom Drawing Tablets Track the Name of Every Application That You Open

Comments Filter:
  • by sinij ( 911942 ) on Thursday February 06, 2020 @10:25AM (#59697676)
    I think it is time to legislate that click-through agreements do not meet the minimum bar of informed consent.
    • by cusco ( 717999 )

      Around 2002 or so one of the more popular legal-oriented web sites (Groklaw, I think) changed their web site usage police to include a phrase similar to "By clicking OK the user hereby agrees to hand over perpetual custody of their first-born child to the owners of this web site." They inserted this in the third or fourth paragraph and required users to click through to acknowledge accepting the usage policy change. After three months in which not a single user noticed they published the results of their

      • Re: (Score:2, Funny)

        by Anonymous Coward

        "By clicking OK the user hereby agrees to hand over perpetual custody of their first-born child to the owners of this web site."

        I'm surprised that a few parents didn't take them up on their generous offer. It would be a great way to get some post-school kids out of the house.

    • You're right that it doesn't, but that would never happen, and even if it did, businesses would just do the next closest thing which would be mildly more inconvenient and people still wouldn't read it. People don't pay attention to legalese because most people can't even decipher legalese, let alone the kind that goes on for pages.
    • I think it is time to legislate that click-through agreements do not meet the minimum bar of informed consent.

      Except what is? Pretty much everything requires an agreement. Without the ability for that to be click through, or implied acceptance when opening the product (provided you were capable of reading it in the first place) what minimum bar do you put in?

      Hey cool I just bought my new {insert cool thing}, I look forward to using it once the company sends me the unlock code in exchange for the signed affidavit I sent in saying I completely read through their agreement.

      • by Whatsisname ( 891214 ) on Thursday February 06, 2020 @01:58PM (#59698672) Homepage

        Pretty much everything requires an agreement

        No, each thing I buy doesn't require a unique agreement to use it. I can go to a retailer and buy some shit and the only thing I have to agree to is how much money to hand over.

        Just because something has silicon and electronics in it doesn't mean it shouldn't also be this way.

      • This is why in Europe,l (I believe) after sales agreements are non-binding. It's crazy to think that they you can sell something then add legal constraints after the fact.
      • If companies didn't collect data, then they wouldn't need these agreements, to begin with. If I buy a hammer, I'm not agreeing to consent to use the hammer. Yet, if I buy and use a mouse, I have to consent to its use through its driver or nearly any other peripheral. This is not the way it should be.
    • The Congress will agree to impeach such products but not convict the offender.
  • In the EU they have to ask for explicit, clear opt-in permission. Text buried in a privacy policy isn't enough, it needs to clearly ask the user if they want to allow this data collection with a separate yes/no opt-in, defaulting to no.

    I'm going to try to install their drivers in a VM to test.

    • by FudRucker ( 866063 ) on Thursday February 06, 2020 @10:28AM (#59697686)
      since the USA is governed by a bunch of lying thieving two-faced back stabbing carpet baggers they dont care if corporate america bends the consumer over a barrel and shafts them
      • And we sing the The Star-Spangled Banner while business gives us the business. U!S!A!U!S!A!

      • Until, of course, their data is released in the wild. Then it's a matter of 'national security'.

    • by AmiMoJo ( 196126 ) on Thursday February 06, 2020 @10:58AM (#59697784) Homepage Journal

      I just tried installing the Wacom driver. It presented the privacy policy which seems to be different to the one in TFA because it doesn't mention data collection.

      Looks like it noticed that you are in the EU and disables data collection, or at least I hope it does. It certainly doesn't ask permission to collect it.

      • In other words, when you install something, pretend you're a EU citizen if you value your privacy...

        • Unless the drivers are different for the EU and the rest of the world, I'd assume they just have your computer do a location check. And if it detects it's in the EU it disables the data telemetry.

          I dislike distinctions like this. Data collection is not all evil. The info about what apps you're using can help them better tailor which programs their drivers work with, as well as track down crashes and incompatibilities more quickly. People who exempt themselves from it essentially become leechers - getti
          • Unless the drivers are different for the EU and the rest of the world, I'd assume they just have your computer do a location check. And if it detects it's in the EU it disables the data telemetry.

            This is interesting.

            I recently had to remove and re-install Wacom drivers for my pen/tablet.

            Wacom customer support gave me this like to work here HERE [wacom.com].

            Look at the section where it mentions doing the re-install:

            To ensure that the installation does not get blocked, please disconnect from the internet and disa

          • I dislike distinctions like this. Data collection is not all evil.

            It's uncategorically evil if you don't ask first.

            The info about what apps you're using can help them better tailor which programs their drivers work with, as well as track down crashes and incompatibilities more quickly. People who exempt themselves from it essentially become leechers - getting these benefits without giving up anything themselves.

            It's what testing, focus groups, soliciting and listening to customer feedback is about. You know actually developing a relationship with your customers. This notion that you need to collect data from people behind their back to make products "better" is indefensible, lazy and a receipt for people to gather metrics which comport to their presuppositions.

            Like people who use Google Maps' traffic while not allowing Google to track their location for generating traffic data. Or who expect blood to be available at the hospital if they're injured, while not donating blood themselves.

            Is Wacom a charity? Are they giving their products away for free?

            It's better if everyone is treated the same - everyone's data is collected, or nobody's data is collected.

            Or they could... you know....... ASK...

          • If you want to know what applications I use, ASK ME. If, and only if, I'm inclined to tell you, I will.

            • by tepples ( 727027 )

              How well does this work for people who don't even know what all applications are installed on their computers?

              • In this case you might want to inform people about your application being on their computer. If they know or should know and don't report in, chances are that they don't use your application.

                • If they know or should know and don't report in, chances are that they don't use your application.

                  I'm thinking of two scenarios: an application that came installed when the user bought a computer, or an application that the user installed long ago and then forgot about. Even though the user does not actively use these applications, they may still have lingering background processes that interfere with the tablet's ability to adapt the workspace scaling or other application-specific features.

                  And even if a user is technical enough to enumerate all foreground and background processes, I doubt that a user c

                  • In this case, ask me to run a program you provide for the express purpose of collecting my running processes to help me troubleshoot a problem.

                    Which gets us back to the ASK ME part. No matter how you spin it, there is simply no reason to collect data behind my back.

                    • by tepples ( 727027 )

                      If the Wacom driver installer is anything like a typical Microsoft installer since the introduction of the Customer Experience Improvement Program, it probably did ask the user during the installation wizard. Perhaps the problem is that users forget not only what they have installed but also what they have agreed to.

      • Aha! So:
        (1) Use a VPN when you install the drivers for your WACOM tablet.
        (2) Set your location to an EU country.
        (3) Profit.

    • If they haven't pulled the plug on the whole thing, as they seem to have done with the author I think there's one important thing to keep in mind for you or anyone else trying to use gdpr; _unless it can be established that personal data is collected everything else becomes moot_.

      I'd suggest that you contact wacom and ask for your data in accordance with the right to access gdpr article 15: https://en.wikipedia.org/wiki/... [wikipedia.org] I'm anticipating that they'll say that there is no personable identifiable data, bu

  • by stealth_finger ( 1809752 ) on Thursday February 06, 2020 @10:36AM (#59697714)
    I dunno if it's why but my wacom tablet can regonise the active program and dimension itself appropriately. For example I have a three screen setup and for the most part my tablet goes across all three screens, just like a mouse but when I have photoshop active the tablet area becomes only screen 1 so I have more room to be precise with my inputs.
    • Re:Possibly (Score:4, Informative)

      by Tx ( 96709 ) on Thursday February 06, 2020 @11:32AM (#59697910) Journal

      That might explain why the wacom drivers on your machine need to know which application is active, but it doesn't explain why they need to send that information anywhere else.

      • That might explain why the wacom drivers on your machine need to know which application is active, but it doesn't explain why they need to send that information anywhere else.

        Exactly!

        That's explained by the Kickback from Google to Wacom.

        • But they're not "giving" the data to Google. They're using Google Analytics, the web service. Google is a cloud provider, Wacom is their customer. It's still Wacom's data, Wacom is just using Google services. This would be the same as saying that if you pay for AWS you're "giving" your data to Amazon.

          • Point being: no data is going to Google, and they're not paying Wacom for it. Wacom is paying Google to use the Google Analytics platform to collect data for Wacom's use.

  • by rho ( 6063 ) on Thursday February 06, 2020 @10:39AM (#59697730) Journal

    Wacom wants to know what applications people are using so they can concentrate on the important applications for their users. I don't have a huge problem with this. I have a Wacom tablet as well, and I want Wacom to know that Photoshop isn't the only image editing program out there (I use Affinity Photo), so they can ensure their product works well with it.

    But sending this to Google is annoying.

    • Assuming users register their devices, would a questionnaire not answer the same question far less invasively?

      • by aitikin ( 909209 )

        Assuming users register their devices, would a questionnaire not answer the same question far less invasively?

        Maybe for week 1, month 1, or even year 1, but do you only ever use the same applications on your computer? I imagine that creative types that use a Wacom tablet are trying out programs more often than replacing the tablet and, I imagine, this information wouldn't get regularly updated. This would make it difficult for them to support newer or more obscure applications that weren't part of the survey or weren't expected to be used when the users completed the survey the day they registered.

        Please don't as

        • Presumably sales are ongoing so there's always new registrations. If that sample isn't large enough, or they're not selling the product anymore, it's highly unlikely they'd be going out of their way to fix an incompatibility anyway. They could also have a normal bug report system and feedback option. But that wouldn't yield data they could monetize.
          • by aitikin ( 909209 )

            Presumably sales are ongoing so there's always new registrations. If that sample isn't large enough, or they're not selling the product anymore, it's highly unlikely they'd be going out of their way to fix an incompatibility anyway.

            Somehow I doubt that end users always know what programs they're going to end up using the tablet for, regardless of how well informed they are on the application front of their industry. I've often found myself using software with a piece of hardware that I never thought I'd use together and I'd imagine people who can draw decently (a subset of the populace I am not part of) would be in a similar situation.

            They could also have a normal bug report system and feedback option. But that wouldn't yield data they could monetize.

            You trust normal end users to file useful bugs and feedback?

    • Why does Wacom want to know if I'm using Torbrowser? Than they should just look for a list of other graphics apps.
      • Because white lists don't work and would marginalise small starting companies. I prefer them to know you're using TorBrowser (and ignoring you like they are) than to have my device only tested with {insert mega popular commercial program here}

        • So you're willing to sacrifice the privacy of everyone for Wacom's and your own convenience? They shouldn't need to know what other graphics applications are? They're in the graphics application business. Besides, if I were the writer of any graphics application; I would be darn sure that my application worked with Wacom tablets. This shouldn't be the consumers problem, much less having to forsake privacy for it.
    • But sending this to Google is annoying.

      Spy on me fine, but don't use a middle-man. As if any IT service on this planet in 2020s is middle-man free.

      Of course, down the road, when Equifax purchases Wacom, you've got no defense there either. Because all these contracts have a hemorrhagic fever clause.

    • If they said 'Hey dearest valued customer! It would be nice if you'd share which programs you use with your Wacom tablet, so we can prioritize development and enhancement of our drivers for the applications you use every day; do you consent for us to collect this information y/n'

      That would be informational, courteous to your customers, show that you're interested in supporting your customers, and that you're not just being a data vacuum for no resason. Most people would probably click ok anyway.

  • Well, the paranoid part of me says that if the XML response of Rick could be a configuration setting. "Rick" results in just the application information being sent to analytics, but maybe "Bob" results in more nefarious info being collected. It's an unknown, and unacceptable for a company to be collecting data like this. It's done all the time, but that doesn't make it right!

  • Not on Linux (Score:5, Informative)

    by VeryFluffyBunny ( 5037285 ) on Thursday February 06, 2020 @11:07AM (#59697820)
    I use a Wacom on Ubuntu. It's just plug-n-play, no need to install firmware or drivers, so no worries about installing spyware either.
    • by antdude ( 79039 )

      Even for the (new/lat)est models?

      • I have the current Intuos Pro large (PTH-851)

        Works on Debian and Ubuntu out of the box. Needs minimum kernal version 3.13 and minumum input-wacom version 2.6.30
  • by bensch128 ( 563853 ) <bensch128@@@yahoo...com> on Thursday February 06, 2020 @11:12AM (#59697838)

    I guess that this article builds a strong case for more securely monitoring and filtering outgoing net traffic. I could easily imagine blocking any out going connections to Google analytics would simply block this exfiltration. Time to look at ipchains again...

  • by rldp ( 6381096 ) on Thursday February 06, 2020 @11:14AM (#59697848)

    The tablets don't track anything, and drivers for them are built into Windows and Linux. I plug my tablet in, load up Fire Alpaca and go hog wild.

    Shitty bundled software is shitty bundled software and shitty bundled software does what shitty bundled software does.

    • Yes, they track stuff, and they've been doing it for years. The question is how much data they send back home.

      I have an Intuos 1, one of the oldest tablets in the series that I've been using under XP for ages. When I updated to Win7, I also updated to the newest driver, and immediately I noticed a HUGE amount of input lag that wasn't there before. After I investigated a bit using Process Monitor, I found the new driver streams all of your inputs (both movements and selections) to a log file. Constantly.

  • Do you think anyone cares how you feel when your favorite magician mugs you? Here's what counts: You accepted the privacy intrusion and did not return the product. In your words: "I’m not about to incinerate my Wacom tablet and buy a different one. These things are expensive, and privacy is hard to put a price on." That's called being part of the problem, not the solution.
  • How to Opt-Out (Score:5, Informative)

    by nehumanuscrede ( 624750 ) on Thursday February 06, 2020 @05:04PM (#59699346)

    The driver allows you to customize the various buttons and / or remotes, pen settings, touch settings, and other paramaeers associated with the Cintiqs.
    ( WHY they need to send this data anywhere is a mystery as the tablets run just fine without it )

    If you're running Windows 10, here's how you opt out:

    Start -> Wacom Tablet -> Wacom Desktop Center -> More ( right side of window ) -> Privacy Settings

    From here it's a simple matter to turn off the " Participate in the Wacom Experience Program ".
    ( Make sure to recheck this setting if you ever update the driver to ensure it stays off )

    If you're truly paranoid about it, block it at the firewall.

  • that's why i like that linux has all the drivers build into the kernel, which are open source, with exception if you're using nvidia for example.
    sure, some hardware might not work, but what do you care about most?

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Working...