Unity caught spying on developers using the editor - Sensationalist Headlines

https://twitter.com/SmashRiot/status/1022518849848180736 hello NAME^^ i am EIREXE so pleased to e-meet you owo xDDDDD

This type of analytics isn't uncommon but this email is creepy as fuck.

I mean, I always expected these guys to collect extensive usage data. But this is a bit on the nose.

Wouldn't this be against some EU directives? Still a dick move on Unity's side for not showing the option to disable it in the first place (IIRC) though, still it does say a lot on how they make their profit on something thats 'free' apart from lucrative corporate licenses

cue the people defending this as a useful feature

The fact they confront you about it is absurd. But the idea they are collecting data like this isn't. It's pretty valuable to know where your users are spending their time in your program. For example, if you have one of the context menus open for a period of time that is much longer than the rest, that gives the Unity team an idea that they should restructure that part of the UI. But I have no idea who greenlighted the idea that support should initiate contact with a customer over something like this.

I can almost guarantee you this analytics option is left checked on by default. If you want input on how to improve your software, hire a focus group with people who actually use the thing. Don't force spyware onto unsuspecting people.

Knowing what licensed account is using the software isn't spying. Do you think Steam is spying on you because it knows you played DOTA for 13 hours in the past week? Is it the fact that a number of hours with the software open idle triggers an automated support email that bothers you? Not everything in data collection is a goddamn crisis.

analytics are also used to optimize the program performance, there's legitimate anonimized use and then there's targeted use like this

Steam knowing your playtime should be optional. Nobody on this planet absolutely needs to know how much time you've spent in a game. If you so desire, you should absolutely have the option to opt out of any kind of spying.

You can add spying on users to that as well, unity analytics is on by default unless the developer changes it, which means most unity games violate the GDPR.

Having analytics be opt-in wouldn't be very useful. The majority of people don't give a shit about anonymous analytics but at the same those people aren't going to go out of there way to turn it on because it has no immediately obvious positive effect on their experience. Having it be opt-in also could also introduce bias in the resulting data, but the bigger issue is that you need lots of data to be able to draw any meaningful conclusions, and opt-in could never provide that.

that's called the TOS if you're going to be a pain in the ass who doesn't want any data used at all, anonymous or not, you can just not use the software you don't have a right to have the developer include an option for every sort of data collection

You should probably actually do some research before you assume shit lol.

I got this exact same email. I haven't launched the editor in a week (AKA it's not tied to the idle time). It is an entirely standard business practice to reach out to users of your product for support based on usage. I also got an apology email for the REPLACE_THIS header bit. A tweet is not news. Unity was not 'caught' doing anything. Stop spinning up bullshit.

And that's a bad thing... how?

You've clearly not done your own research, Unity themselves do comply with the GDPR requirements but the game developer also has to comply with the GDPR which many don't. The main two things the developer has to ensure is consent and providing access to collected data, Unity released a plugin a while back to do this but it's down to developers to implement it, so I'm quite correct in saying many games are violating the GDPR, Unity should be enforcing this but they are not.

For real almost every company has some form of this. Customer retention is super important and it's considered pretty insane to not even attempt to drive engagement. Most of the time people are either opt-ed out of these or never quite considered critical enough customers to send these to though. It's a waste of time sending these (even if automated) to every single person who isn't currently engaged if their previous activity history doesn't indicate that they'll re-engage with you. It's really not that creepy and isn't spying.

It's pretty funny that you think Unity Technologies is somehow responsible for enforcing every single game dev's legal compliance. Is Unity also to blame when a developer uses stolen assets in the unity engine? Unity provides a tool, it is up to the dev's to follow the law.

While you are correct they should at least have the analytics default to off, I've noticed quite a few developers don't even realise it is there.

Unity should not be enforcing this because it's entirely up to a developer whether they want their games to be compliant with local laws or not lul. How the hell would Unity even enforce that? They can't.

A lot of programs give you the option to turn analytics off when you install so you're fully aware of it to begin with. I think that's a good compromise

Imagine the poor guy that spied on Garry from time to time... "Those guns look pretty good. Oh! Building! I like that kind of stuff. Hey does that guy have a... oh... why is he zooming in on... oh my god he's spending more time on this than anything else..."

I have noticed unity lagging with slow internet connection, even when analytics are off, completely smooth with fast or no internet.

Add this to your hosts file to block it: 0.0.0.0 config.uca.cloud.unity3d.com 0.0.0.0 cdp.cloud.unity3d.com

it is probably against EU directives yes

That is such a fucking bizarre email. My first thought would be that they left the computer on.

Consent isn't required in all circumstances, under article 6(1)(f) legitimate interest can be claimed which overrides the need for consent, this is the most ambiguous part of the GDPR, however if they are collecting personally identifiable data (including pseudoanonymous data) which it seems they are, then the GDPR requires that they give you access to it along with the other rights provided by the GDPR which I'm not so sure they are doing.

And the evidence that has convinced you to not be so sure they're doing it is...?

Plus they lie about it being anonymous: https://files.facepunch.com/forum/upload/58146/15610e8b-a319-45a7-83fb-4b8e0e82b725/image.png