On Thu, Feb 27, 2020 at 4:02 AM Nate Graham <[email protected]> wrote: > > On 2/26/20 2:32 AM, Ben Cooksley wrote: > > As we're changing how we use the data (to now include a distribution > > component) we would need to invalidate all existing consents given by > > users (for which no mechanism exists for us to do so, as we never > > expected to need to change the policy) and I think we would have to > > discard all the data we have already collected as well. > > > > Unfortunately, as the system includes no mechanism for the server to > > communicate which revision of the privacy policy the user agreed to, > > we would also have to come up with a way of blocking all old clients > > from communicating with the system altogether (as we have no way of > > telling if it is an old consent the software is relying on or a new > > one) so you'd only start getting data in the system once users had > > gone through a full update cycle. > > That seems like an oversight we should correct regardless of whether or > not we release any data. It is not likely that the terms will *never* > change.
Even if it is an option we never end up needing to use, having the option to both require the user to re-consent, along with having a remote kill-switch for Telemetry in certain applications/versions (so if we end up shipping something that submits information which is too identifying we can shut it off without requiring distributions to assist us) > > Nate Cheers, Ben
