EQATEC Analytics folder?
I've noticed an "EQATEC Analytics" folder in my ~/Library/Application Support/ directory and I've noticed Capture One is creating this folder.
Why?
Googling "EQATEC Analytics" shows it's some kind of analytics system for apps. OK - to me, this means Capture One is tracking some information about my system.
Can someone at Phase One please give a description of what information is being tracked using this analytics system?
Did I opt-in to this analytics tracking at some point in my Capture One installation? Can I opt-out?
Thanks for your attention.
Why?
Googling "EQATEC Analytics" shows it's some kind of analytics system for apps. OK - to me, this means Capture One is tracking some information about my system.
Can someone at Phase One please give a description of what information is being tracked using this analytics system?
Did I opt-in to this analytics tracking at some point in my Capture One installation? Can I opt-out?
Thanks for your attention.
0
-
Hi Steven,
As this is a user to user forum, for I direct response from Phase One you are advised to contact them in a support case.0 -
Please refer to the license-agreement for the details. 2.1. Updates, data collection and improvements.
From time to time Phase One will release updates to the software. For optimal performance you are advised to download and install updates as they are released by Phase One. As part of the ongoing process of improving the software Capture One will be collecting general analytical statistical data of usage. Such data collection is fully anonymous. For further information please refer to our Privacy Policy at www.phaseone.com/privacy.0 -
...after all no surprise but it seems p1 is worse than adobe in this case not giving a choice. and with all this data in your hands you are not able to make c1 work as promissed ? the collected data is not send to phase one but outside europe to a server hosted in texas by telerik the company who owns this analytic software. 0 -
....then I will recommend you guys to enable the feature that will prevent having your information sent, take the C1 icon and drop it to the trash bin. So everybody is happy.
Am I afraid of the information that is collected?, not really. You have to live with that.
If P1 is worse than x or y company?, I don't think so, in Europe the protection to the privacy is more wider than in the US; therefore, I do not believe P1 will infringe the European rules.0 -
I try to remove the framework : EQATECAnalyticsMonitorMacOS.framework
in the ressource folder of the package of C1 and...
C1 refuses to open !!0 -
Hi dasle,
Once data resides on the US territory, US law applies. And, every company in the US has to follow the respective laws. I mean that is somehow natural and acceptable, isn't it?
Do I favor the European data protection laws over the US laws? Definitely. Do I want that data stored in Europe, from anyone in the world, even from US individuals or companies, falls under European law? Yep. Are US citizens actually protected equally as EU or Swiss citizens outside the US? No I don't think so, e.g. if I remember right there was a bilateral agreement between the US and your home country Switzerland established recently / in the past few years, regarding informing US authorities about Swiss account information of US citizens. Not sure about the EU / US agreements.
Probably the agreements between Eqatec and their clients (e.g. Phase One) covers the rights & duties Eqatec has regarding your data, particulalry regarding the commercial usage, but no agreement can work around the US law, paricularly the access of the US authorities/agencies to the data.
Bottom line, if someone cares about his data privacy he should not rely too much on apparently obvious assumptions.
Cheers
BeO0 -
[quote="BeO" wrote:
Bottom line, if someone cares about his data privacy he should not rely too much on apparently obvious assumptions.
Cheers
BeO
I would recommend not using the internet at all.
Certainly never use a mobile phone.
Grant0 -
Black & White approach? Yes, possible. Not my way.
Distigushing the greys? Works better for me. e.g. Write SMSs? yes. Use "What's app"? Certainly not.
Gaining some media competence gets more and more important, imho.
But I guess I was getting off-topic a little bit with my posts... 😕0 -
I think it is safest to assume that all applications made available on a commercial basis, even if seemingly "free", are connecting back to some form of analytical data capture and storage for usage patterns as well as technical performance purposes.
That's not to say that all packages are being monitored in that way - but it would be safest to assume they are if one is worried by such things.
When the much vaunted "Internet of Things" becomes commonplace - which is likely to be quite soon if at all - I doubt we will have the time or inclination (or access options?) to manage some aspects of what they do.
Assuming any data captured is indeed satisfactorily anonymised I can't see the problem really. Anything more personally identifying, like emails and "Chats", probably need more care.0 -
I'm a legal professional, specialising in UK and European Data Protection and privacy law. I work for one of the biggest holders and users of personal data in the UK, and probably the world - the UK Department for Work and Pensions.
These credentials allow me to say the following:
This thread is a complete and utter non-issue.
The data being collected are anonymous data: this is explicitly stated in the user agreement (and given how easy it would be to "sniff" the content of these packets, it's safe to assume that it is), meaning - and I can't emphasise this strongly enough - there is no privacy issue here.
There is no UK or European privacy law that has a single word to say about the sharing of anonymised (= non personal) data, so this characterisation of what is being shared as "(y)our data" is utterly unfounded and - in law - just plain wrong.0 -
Nobody said P1 or Telerik uses data unlawful; so, probably not needed but it is good that a professional assessment (yours) confirms this. If there were any doubts about it you'll probably see users run away massively.
Many if not most users do not care about sharing anonymous or even personalized data; but many do. So, in the own interest of Phase One, maintaining a trustful relationship, it would not hurt letting the user decide whether or not he wants to share any data with them or even third parties (e.g. Telerik).
It is indeed a pity that there is no law regulating the usage of anonymous data, you highlighted a weak point imo. IT professionals can tell you (if you don't already know by yourself) that one can connect data pieces from different sources from a person even without knowing "personal" data, create a profile and even identify the person, if there is only one weakness regarding anonymity in the pool of the gathered data. I know it is unlawful, but it can be done, and what can be done will be done once in a while, otherwise half of the legal professionals in the world would not be needed.
This having said, I share your opinion that there is no privacy issue here, but I promote the idea that it should be the users choice.0 -
In my opinion the bigger danger with Big Data linking is that wrong connections might be made based on poor data in records (and validly held personal information records for individuals can be very inaccurate in many ways) so that someone might be connected to a situation of which they have no knowledge.
However the same thing can happen without computers being involved to any great degree so really the main concern is that the recent huge increases in high speed real time data processing capabilities will encourage people to fish for connections, still get the same mal-connection error rate as before but do so in much larger numbers sucking more and more people into situation where they, metaphorically, have to "prove innocence" or lack of knowledge about something for which nobody has sight of where "the information" originated.
Such situations are nothing new and predate computers by several millennia. One might argue that having access to the information might provide for alternative analysis that breaks connection made and proves the case but whether "authorities" would support such openness remains to be seen. To do so would erode their power base.
The next few years could be quite interesting.
Grant0 -
Hey Grant, very good points too.
We humans can think and speak.
When we speak, we actually want to share infomation, thouhgts, emotions. But we are in full control who the recipients are, we can recognize the feedback and react accordingly, if we think we have been misunderstood (or not achieved our intention), we control how long this information is stored in its original form (its immediately gone); all is in the context of this very situation.
If the recipients later re-state what we have said, it's second hand information, could be altered or biased, and it is considered as such by anyone else.
Not so with digital information, it is considered 'the truth' as its just a digital copy and deemed unaltered and 'right', and we have no control of it, most often not even know it exists.
And when we think, we don't want to share, it is completely private (although they are already working to change that too... 😉 ), if we look into a book or magazine, or draw a picture, nobody knows what and when. If we instead look at a web site or modify an image, I am sure it is not as private, although it should be, what and when.
Another aspect is, what is legal today, might not be legal tomorrow (or simply not accepted by society). Or it is, or will be, illegal in another country, which one might want to visit in the future. But, information stored about you might be stored for good. Even my home countrys' administration ackknowlegdes this fact by issuing a new passport if you want to visit a country for which you should not have a stamp in your passport from certain other countries. This is basically 'deleting' or hiding old, unwanted information which could be unfavorable for you.
Regardless of laws, I consider any information about me, my thoughts or my habits, whether anonymized or not, as my own private belonging, and I consider information about others as their belonging, and in this respect, there are much more 'privacy issues' as I wish there were.
By writing my thoughts here, be assured I am sharing them deliberately 😉
Cheers,
BeO
Btw, if privacy is a concern for you, you might want to have a look at an alternative search engine e.g. startpage dot com0 -
this what i found about
http://www.telerik.com/company/privacy-policy0 -
Looking at the network connections going out, I found capture one was talking to 66f8089f12dc4c21a7539e5e181b5b72.monitor-eqatec.com. However, I didn't have the time to use a network sniffer to investigate the exact contents of the packets going out to this host.
We have seen countless cases in the past several years of software pretending to behave nice, but has been discovered to send back highly personal information, only to have their authors brush it under the carpet or make excuses that it was an oversight. Not wanting to risk this happening on a computer where I store very sensitive information, I simply chose to block this connection.
If and when capture one refuses to work without this sort of information gathering, I will stop using it and switch to something else.0 -
the european court of justice just ruled that personal data transfer from eu to the us is illegal. now companies have to show the proof that no personal data is collected and send to the us and it will not be enough just to say we are honest. 0 -
[quote="Horseoncowboy" wrote:
now companies have to show the proof that no personal data is collected
Where have you seen this?
I'm not aware of any new legally binding presumption of this sort; and in practical terms (given the petabytes of data - both personal and non-personal - flying around the internet and across modern electronic communications networks every day), it would be completely impossible to police, and the impact of trying would be catastrophic.
Here's a useful (and old - it's from 2012) infographic which gives some idea of just the internet's data acquisition:
https://web-assets.domo.com/blog/wp-con ... Minute.jpg
And remember that it doesn't reflect business and other data moving around on other comms networks.0 -
it is headline on a lot of german news sites like http://www.spiegel.de/netzwelt/netzpoli ... 56366.html . an austrian student had sued facebook an won ! so the savehabor agreement between the eu and the us ist doomed. this a great victory for data privacy ! 0 -
A few observations
Telerik has a decent privacy policy - but it only covers PhaseOne, not PhaseOne's users:This Privacy Policy does not apply to the privacy practices governing the relationship between our clients and their end users when our clients use our Products or SaaS Products to collect and process data. Rather, such usage is governed by our clients' privacy policies, over which we have no control.
PhaseOne's Privacy Policy ( ) states in part:Capture One collects usage information to help us improve our products. This information is completely anonymous, and do not include any personal information, such as name, email address or customer ID. Information is collected unobtrusively without the user being asked to supply information manually.
The collected information can be grouped in two kinds of information: demographic data and usage behavior. Demographic data is collected automatically and users are invited to participate or not when launching the application.
However, I observe that no such choice is given when I start the CaptureOnePro application. Nor can I find such information and options when I search through CaptureOne Preferences.
It seems to me that PhaseOne does not adhere to its own privacy policy, and in doing so misses two basic principles of the EU-US Safeharbour agreement: that a person must be notified that their data is being collected, and that a person people must be given the choice to opt out.0 -
[quote="NN635380100421444899UL" wrote:
Looking at the network connections going out, I found capture one was talking to 66f8089f12dc4c21a7539e5e181b5b72.monitor-eqatec.com.
...
I simply chose to block this connection.
If and when capture one refuses to work without this sort of information gathering, ...
NN635380100421444899UL,
can you please tell me how to block data being sent? And were you able to work with C1 then? (I mean I can work offline but that's not what I want).
Phase One,
- isn't there any other way to send you the user behaviour and system information i.e. directly to you in Denmark instead of to a data sucking company in the US?
- And as we, the users, your customers, send you this information with no choice, I suggest you report to us on a regular basis what exact conclusions you were able to draw and which feature or user experience you actually were able to improve for us. That would be fair, wouldn't it?0 -
isn't there any other way to send you the user behaviour and system information i.e. directly to you in Denmark instead of to a data sucking company in the US?
But why should they? What Phase One is doing right now is perfectly lawful.That would be fair, wouldn't it?
And what happens now is fair, too.
Fairness is explicitly tested for in UK and European privacy legislation (if you're interested, in the UK it's the First Principle of the UK DPA - you need to read the interpretative text and Schedule 2 of the Act alongside it), and the fact that this data sharing is explained in the user agreement, which you read and agree to sign up to, completely satisfies the fairness requirement - if we were talking about personal data.
But then we come back the underlying and critical point that I've already made, which is that anonymised data are not personal data as defined in the legislation, and are therefore completely out of scope of the applicable law.
So Phase One is already going beyond what the law requires to make this OK with its users.
And you agree to it anyway, when you buy and use Capture One. Your choice is clear enough - if you don't like it, you don't use Capture One.
To reiterate though, you have no rights whatsoever regarding data which are not personal to you. You therefore have no legitimate expectations regarding Phase One's use of it, and your opinion that you have (or that you should have) is legally irrelevant.
It's a point worth restating that I'm a professional in this space, and I'm utterly relaxed about Phase One's behaviour here.
Take the hint. Do you really think I'd let it lie if there was a problem?
As it stands, your objection is about is legally meaningful as objecting to your government taxing you. Not liking something doesn't mean it's wrong...0 -
It may be worth pointing out that in the digital world where data are "sent" and where they are stored (personal or anonymous) and where they pass through in the meantime are matters well outside our control.
Telerik, until quite recently, was an autonomous Danish company. So I guess, subject to where their servers were located and how their comms network routed, they would tick the "keep it local" boxes.
It then became part of a Bulgarian company but presumably not much changed in terms of its operations. Not long after that the whole lot was purchased by an American company - but that does not automatically mean that everything has changed in the way it operates and where the data go. Who knows?
Frankly I am amazed that anyone can get anything really useful out of the volume of information collected from every computer and comms related action we take. Whether the people doing the analysis (and tasked with reporting "something") realise that is a different matter. That they do not realise and yet make recommendations anyway may explain some of the strangest decision on strategy and actions that surface from time to time. (I'm talking generally and globally, not in any way Capture One specific.)
Just my opinion, of course, as someone with some background in data capture and analysis.
Grant0 -
it is not possible for an normal user to verify the claim that no personal data is transferred to server outside the ec and that the collected information is not sold and misused. we the user face an unbalanced disadvantage so we should at least have the opportunity to decide if we agree or not.
for those who don't want to get full transparent without any benefit use
https://www.obdev.at/products/littlesnitch/index.html
to stop this monstrous data collection, be aware that you will maybe get shocked how many sly connections are established in the background.....0 -
Judging by the numbers of people who are more than happy to tell the entire world all about their "life" using "social media" I doubt that most people give a damn what is going on on-line - or even off-line with information provided in more "traditional" ways.
Governments will be especially keen to see as much electronically collected information as possible.
To win votes the politicians will tell you they believe in privacy. But they are just politicians. The people who run countries are well aware that knowledge is power and offers control. Of course they do not wish for such rules to apply to them ...
I suspect that best option is to give so much information that "they" are overwhelmed. The machines may be able to report it but can the humans make use of it?
Grant0 -
Well Keith, I was almost expecting you to react as you did...
[quote="Keith Reeder" wrote:
isn't there any other way to send you the user behaviour and system information i.e. directly to you in Denmark instead of to a data sucking company in the US?
But why should they? What Phase One is doing right now is perfectly lawful.
Not everything what is lawful need necessarily to be done. I as a customer asked the legitiamte question to the supplier if they would consider to change the path through the web for collection this data. I cannot see what's wrong with that
Old thread with new facts.
As of 25 May 2018 new EU GDPR is valid.
I hope that the EQATEC Analytics folder will disappear from my Mac...
https://www.eugdpr.org0 -
+1 0 -
+1 0 -
[quote="VAD." wrote:
Old thread with new facts.
As of 25 May 2018 new EU GDPR is valid.
I hope that the EQATEC Analytics folder will disappear from my Mac...
https://www.eugdpr.org
But GDPR still applies to personal data only, which means data from which you can be identified, so if what is collected and sent is anonymised, then GDPR does not apply to it.
Ian0 -
[quote="ec.europa.eu" wrote:
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law.
First, data which allows to identify a person even if it is not personal data as such also falls under this regulation. For me, this includes Licencse code, IP address, MAC adress, device ID etc., which is gathered by P1 (see - "1. Collection of personal data")
P1 also shares data with other companies, see "3. Use of sub-processors" in this policy.
I want to use the software, support services and forum, that's it. I do not want to have my data shared with anybody else than P1 (if not really essential to run the software and get these services).
I actually do not want that P1 stores WHEN (date and time) I use the software, I ('d) consider this as a privacy breach.
"9 Withdrawal of consent""You may, at any time, withdraw your consent and we will, accordingly, cease processing of your personal data. For the avoidance of doubt, withdrawal of your consent will limit or exclude your access to our Software and Services. If you wish to withdraw your consent, please contact us at legal@phaseone.com."
The EU GDPR also enforces the principle of ‘data minimisation’ which means "personal data" should only be collected if it is really necessary.
In my opinion
PHASE ONE SHOULD EXPLAIN EXACTLY WHAT DATA IS GATHERED, AND WHICH DATA IS SHARED WITH WHICH COMPANY FOR WHAT EXACT PURPOSE AND PROVIDE AN EASY WAY TO OPT OUT STORING, PROCESSING AND USING PERSONAL DATA IF IT IS NOT ABSOLUTELY NECESSARY TO RUN THE SOFTWARE AND SUPPORT SERVICES.
If I'd opt out the gathering of my software usage pattern and this then means that the usage pattern of me is not used to improve the software then it is like so. Not sure I'd do so but we should have the choice.0
Post is closed for comments.
Comments
32 comments