Our use of sentry and data collection

You can see exactly what information we send, but I'll break it down....

a year ago

Latest Post Mitigating BiblioCraft RCE by Paul Taylor

I've been informed that members of the community are spreading misinformation. Instead of passing this along to our legal team, I thought we should address this publicly.

Libel with potential loss of earnings

Buggy? Perhaps. When comparing a mod that is a couple of months old (with almost no bug reports on GitHub, all ones which have been reported have been fixed) but spyware it is not.

They're likely referencing this from our do-it-all library; https://github.com/CreeperHost/PolyLib/blob/main/common/src/main/java/net/creeperhost/polylib/sentry/SentryRegistry.java

Even just reading this, you can see exactly what information we send, but I'll break it down.

This is a helper to make it faster for us to register Sentry into our own mods. I'm reasonably sure we don't call it in backups 2, as we have no project on Sentry for it and no results on the repo, but to put people at ease, I'll provide a screenshot of exactly what this gives us, and why each part of this is important.

This screenshot is from another mod, where the function is called.

Screenshot of CreeperHost sentry dashboard for the mod 'resourceful creepers'

As you can see here, we do collect some information, none of which links back to the user in any way, and unfortunately, we caught someone elses exception here, if we know the developer, we tend to pass these on, as they're anonymous.

There is no session data, nothing, just what we'd normally have to hope someone would provide in a GitHub issue and any mod (unless we missed some, feel free to let us know) which has this enabled, will allow you to disable it in the config.

We are legally bound to follow GDPR and numerous other data protection laws, unlike individual mod developers, we also have considerably more to lose. You are better protected with anything we release than with anyone else.

The fallout of this could be having revert back to waiting for an end user to report issues and scrap our plans to try and help mod authors adopt using products like Sentry via simple 1-click installs for our partners.

If you want to learn more about Sentry, it is also open source, self-hostable, and available at: GitHub - getsentry/sentry: Sentry is cross-platform application monitoring, with a focus on error reporting.

Paul Taylor

Published a year ago

Comments?

Leave us your opinion.