I recently enabled some web history monitoring on my network and included my Snapmaker. I was a bit surprised to see it actually communicated outside of my network (but not entirely surprised) although I do not remember mention of this in the guide or anywhere. So this begs the questions:
Who does the Snapmaker contact?
Why is it contacting them?
What information is it sharing/sending/receiving?
Can I disable this communication?
Rules are getting more strict about data sharing, so I wanted to know. I have attached a screenshot of what my monitor caught. I have no real intention of setting up Wireshark to check in detail, but I would like to know in general.
Iâm wondering if the google stuff is from the android based touchscreen.
I have not connected my snapmaker2 to a wifi network because I was suspicious of this kind of thing happening / it could have next to no security and could end up with some crazy malware.
I am eagerly awaiting the open sourcing of the firmware.
Google is used by many devices as a way to know âis the Internet upâ because if Google is down⊠most of the Internet is down also (or your network is). That being said, I do not know that is the case here. That is why I want to know about these. I only had 2 devices (the Snapmaker being one of them) that had âoddâ sites, but I already got support from the other one with a reasonable explanation AND how to disable it (they were checking two major sites for âInternet upâ beyond their own).
I connected it to WiFi so I could try to read the status of it and use it with my home automation. A successful yet total waste of time at this point.
We set up basic Google Analysis usage on Touchscreen. It logs the page you are in and your IP address, which help us to know like: 1) How many users are using Snapmaker recently? Are they matched with the number of machines that we shipped? 2) Which pages are more frequently being used? Are people more attached to 3D printing than the than two?
All data are anonymous, as the TS doesnât require any login authentication.
Ok, fairly reasonable but might want to have that disclosed somewhere AND a way to disable it if someone wants to.
As for anonymous⊠that is the fun part of it because it probably has which Snapmaker. If you know which Snapmaker was shipped to who, there is a reasonable expectation that you know whoâs Snapmaker it is and therefore their usage.
That being said, that information being collected is in no way personal and as I thought fairly reasonable. It would also be quite interesting if you gave people the option to submit feedback via the touchscreen, bug reports, and requested support. All functions that internet connection could make much easier.
For batch production, to know which SM was shipped to who is too complicated to manage.
Since you bring this up, we are glad to add the options in our future updates.
Probably not the best test to see if there is a connection, especially if you expect to sell any devices inside China. Considering Snapmaker have a server, I would expect them to ping / contact their own server.
While I feel this is likely done in good faith, itâs still unnerving and could potentially be violating the GDPR. During the initial setup, the Snapmaker2 should have a simple screen that is totally separate to the Terms of Service / Privacy Policy screen asking for permission to send any data to anyone. The ability to opt out at any time should also be included in the touch screen settings.
I do not see how it could violate GDPR if they are only receiving that information disclosed above.There is no personal information included within it. Not sure how anyone could make the case that how often they use the Snapmaker is personal. Unless it also reports what FILES are being used⊠So it could be personal information if someone prints⊠Letâs see about an example⊠I guess if someone printed âReallyBigAdultToy.gcodeâ (no idea if that is a real thing, even so I would not recommend searching on it in Google, you never know) that could lead to some embarrassment.
But, that can also be tied to the following statement. If they have no idea who each Snapmaker belongs to (thus the data is truly anonymized and stays that way) even better,
All that being said, it would make strong sense to have a simple EULA screen that discloses the information with a checkbox at the bottom allowing you to disable sending data back. For existing users an added feature within the settings section to control it.
Our team has learned about this suggestion : ). With that being said, I just want to add that we have no intention of storing your personal information or any of that sort. We respect your privacy and will improve on that with future patches.
@JKC20@Edwin@parachvte, I have quite a good experience with GDPR as part of my daily job and unfortunately what is here explained that Snapmaker is doing can be infringing the GDPR.
GDPR regulates the right of individuals to manage their personal data and has become really strict.
GDPR states that personal data is any piece of information that isolated or combined with others can lead to the identification of individuals: IP address is personal data and also given you have names/addresses the locations might be.
GDPR is not a big deal if you just clearly follow the right processes and document them. Itâs also one of the most restrictive privacy laws so usually if you are able to handle GPDR all the others will also be in good shape. A small guideline of what is required:
Users have to explicitly opt-in: you have to present a disclaimer explaining what is the information collected and its usage and the user has to explicitly accept it. It has to always be able to opt-out, thatâs why options in the settings will be a really good idea.
Right to be forgotten: the users can at any time request all their data removed from your systems and you should be able to prove that. A simple way to overcome and make GDPR compliance system is to store the individual data less than 30 days (and have proof of it, as process documentation) but you can keep aggregated data ( so no individuals can be referred ). Make sure that the granularity of aggregated data is high enough ( if you do by the village and there is only one Snapmaker customer, we are in trouble again ). The trick here is that, as GDPR gives you 30 days to execute what the users ask, then you always are compliant.
Generic rule of thumb:
As soon data is received, mask and remove the personal data ( IP Address, full location ) and store in a secured file ( usually with encryption - AES256 - and with restricted and monitored access ) and use an anonymous ID to relate to it. Donât keep it more than 30 days stored. This just in case you still need that information, if not just strip it out and just use anonymized data ( you have to document the process of anonymization, though, in any case).
Hope that helps. Glad to answer any questions if more clarifications are needed.
Net has only the âTerms of serviceâ and âPrivacy policyâ for the Snapmaker Forum, not the short one that is shown at the moment of switching the device on first time. Please find attached the printout of that section I captured from the touch screen after putting the machine together and switching the power on.