News Report: Wacom Tablet Driver Quietly Sends Connected System Data to Google Analytics

I agree this (driver stability analysis) might be a perfectly valid use as the tablet can by used like a mouse, which means every app can be affected.

But now that I know, I'm going to uninstall it on my gaming PC. (Owning one myself)

Telemetry apps can be used to identify pain points for users. Just as long as it's clear in the software license that the telemetry data is being collected, it's purpose, what information is being collected, and how it's used (including resale to third parties). It would be nice if they had an opt-out however.
 

w_barath

Distinguished
Aug 22, 2011
27
8
18,535
0
A good opt-out is to set all google-analytics hostnames to map to 10.255.254.253 in your hosts file. If google wants to participate in supporting this stuff then they can kiss goodbye all other analytics data from your machine, and let that be a lesson to both of them.
 

jgraham11

Distinguished
Jan 15, 2010
48
14
18,535
0
This is exactly the problem with Linux and Windows! They allow drivers to be put into kernel space where they have higher rights and are harder to detect. Hardware vendors can create drivers that do this. Wacom is just the one who has been caught. Microkernel is the way to go! Apple is doing it, Blackberry did it and they were/are unhackable!
 

bigdragon

Distinguished
Oct 19, 2011
766
169
19,160
0
I have to wonder what useful crash information -- if any -- is provided by Wacom telemetry. I'm not so fond of the idea of Wacom monitoring every program I open on my PCs and for how long I use each one. Wacom doesn't need to vacuum up that much info. I'd much rather volunteer the info. Here, I'll do that right now:

Clip Studio Paint, Blender, Unreal Engine, Drawpile

I want Wacom to make sure my tablets and pens work great in those programs. Everything else is just noise. This article makes it look like Wacom is collecting noise.
 
This is exactly the problem with Linux and Windows! They allow drivers to be put into kernel space where they have higher rights and are harder to detect. Hardware vendors can create drivers that do this. Wacom is just the one who has been caught. Microkernel is the way to go! Apple is doing it, Blackberry did it and they were/are unhackable!
From the sound of the report, I get the impression that the writer encountered this on an Apple computer. I don't believe they specifically mentioned what OS they were using, but all the screenshots in the report appear to be taken on a Mac, and the writer mentions using "OSX’s Keychain" to allow him to route the encrypted data through a proxy...

 
"Our development and customer care teams could review across all aggregated users of a product, for instance, the most common function settings for pen buttons (e.g. 'right click' or 'undo') or the most frequently viewed tabs or selected links in the Wacom apps," Melissa Ashcraft, Wacom's director of marketing communications, wrote. "We have no access to personal data. We cannot relate to any specific users as the data are anonymized and aggregated. We do not know who users are as individuals and cannot see what users are creating or doing in third-party software applications."
I like how she focuses on "most common function settings for pen buttons" and "most frequently viewed tabs or selected links in the Wacom apps" while largely ignoring the main point of the report about how they are logging the names of all applications being run on the system and at what times those applications are in use.

It's likely that they only receive anonymized data from Google, which might also be aggregated for them, but Google is still getting that data prior to anonymization, and who knows what they do with it. And based on the Analytics page they linked to, it sounds like Google's idea of "anonymization" is simply removing the last octet from one's IP address, in other words, putting you into a pool of just 256 addresses, relatively few of which are likely to be running Wacom hardware. It wouldn't take much to combine that data with other data sets to de-anonymize it.

Considering the price of Wacom's hardware, spyware like this shouldn't be bundled in it, even if there's an option to opt out of it.
 

USAFRet

Titan
Moderator
Mar 16, 2013
144,625
8,667
175,340
22,560
"We have no access to personal data. We cannot relate to any specific users as the data are anonymized and aggregated. "

Going back more than a decade, and the leak of "anonymized" AOL search data. No username/passwords, strictly what people were searching for.
Given enough data points, and you can track it down to an actual human and physical house address.
 

w_barath

Distinguished
Aug 22, 2011
27
8
18,535
0
what in tarnation is 10.255.254.253 ??
It's a very probably unused IP address on the 10.0.0.0/24 LAN network. The odds of you having assigned a machine to service requests at that address on your LAN are well under 1 in 24 million. In other words, requests to that address will be consigned to oblivion.
 

ASK THE COMMUNITY