This investigation was started because the original author was installing the drivers, and was presented with a legal agreement explaining that Wacom wanted to collect some data.
So they are being up front about it, right? I mean, maybe not in layperson-friendly language, but in compliance with regulations and under the guidance, presumably of their legal team.
In the box alongside the tablet, there was also probably a little booklet full of safety notices, warranty indemnifications, compliance statements, and arbitration assertions about the fitness for purpose of the hardware itself - also not written in layperson-friendly language. But the reaction on seeing that was... well, probably to toss it aside and go ahead and plug in the device, not to immediately assume that because the company presented a bunch of dense legalese, they might be trying to get away with something.
You said yourself: you don't trust Wacom not to sell the data to a data broker when presented with enough cash. But all sorts of Wacom business processes had to comply with regulations, be carried out diligently and ethically, and be generally trustworthy for Wacom to have produced an electronic device that you can safely plug into your computer. So I'm just trying to get you to consider:
What is it about their data processing that leads you to all of a sudden question their corporate ethics, diligence, compliance and trustworthiness?
> This is all just another example software devs' parochial belief that because software is eating the world, any problem in software is terrible, while ignoring the whole stack of hardware in meatspace that supports the software in the first place.
Actually, I'm interested in exploring more of your own view here. You seemed to take exception that he limited his findings to his apparent area of expertise and interest (software engineering, security/privacy). Is that still the case, or have your views evolved on this issue?
> What is it about their data processing that leads you to all of a sudden question their corporate ethics, diligence, compliance and trustworthiness?
Your questions for me are really best answered by the author:
1. Apparently, it defied a reasonable expectation that the purchase of such a minor peripheral of this type would lead to the manufacturer's attempt to obtain a regular stream of what applications he launched on his PC (and at what time, and from what partially masked IP address). He was a smart cookie. His tip-off was that it somehow needed a privacy policy. And he had the smarts to launch his own technical investigation.
2. When he finally saw what they were pulling from his PC, once again, he was shocked, because that seemed to conflict with his own understanding of what Wacom said they were doing. He hadn't just casually scrolled through the privacy notice. It looks like he read it quite carefully.
I suspect this might be what he took issue with:
> Information Automatically Collected – Google Analytics When You use the Tablet Driver, certain information as described below may be automatically collected for purposes such as improvement of the Tablet Driver, troubleshooting bugs, providing the functions of the Tablet Driver, managing the services and improving overall performance of the Tablet Driver. Such information includes aggregate usage data, technical session information and information about Your hardware device.
No, I'm not interested in pulling in more sections of text and going back-and-forth in a game of Internet Lawyer. Someone else here might be a more willing partner.
> So they are being up front about it, right?
That's the issue. Was Wacom clear and transparent? Or did Wacom manage to generate a body of text which obfuscates what they are actually doing while still maintaining legal compliance? Or did they overreach? As it turns out, the FTC has a special page to submit complaints regarding privacy policies. I imagine that corporate privacy policies are turning into a hot topic for the FTC right now. I guess there's enough interest here, so I'll go ahead and submit this issue to the FTC (Federal Trade Commission) and see if they want to help Wacom figure out the answer to your question.
Beyond that, you have some interesting questions about trust. Not my area of expertise, but I'll take a crack at it. Your boss might say that you're someone he trusts. He might give you authority over an application which processes millions or billions in yearly revenue. But he wouldn't trust you to take care of his kids for a week. Trust is not binary (yes/no), and it is not universal (trust in area X must equal overall trust or trust in area Y). That's as much as I've got. If you've got followup questions about trust, they might be better directed towards an online resource which focuses on that issue.
So they are being up front about it, right? I mean, maybe not in layperson-friendly language, but in compliance with regulations and under the guidance, presumably of their legal team.
In the box alongside the tablet, there was also probably a little booklet full of safety notices, warranty indemnifications, compliance statements, and arbitration assertions about the fitness for purpose of the hardware itself - also not written in layperson-friendly language. But the reaction on seeing that was... well, probably to toss it aside and go ahead and plug in the device, not to immediately assume that because the company presented a bunch of dense legalese, they might be trying to get away with something.
You said yourself: you don't trust Wacom not to sell the data to a data broker when presented with enough cash. But all sorts of Wacom business processes had to comply with regulations, be carried out diligently and ethically, and be generally trustworthy for Wacom to have produced an electronic device that you can safely plug into your computer. So I'm just trying to get you to consider:
What is it about their data processing that leads you to all of a sudden question their corporate ethics, diligence, compliance and trustworthiness?