Users Revolt After CyanogenMod Attempts To Remove Opt-Out Option

April 4, 2013 - Written By Chance Miller

One thing many people on the internet are concerned of is privacy. As we sign up for more and more social networks, get more and more devices, and do more and more things with those devices, it becomes hard to remember and keep track of what websites, companies, and manufactures know about us and our devices. This is an especially big problem for people who root their devices and install custom ROMs on them. While 99 percent of developers are not out to get the users and steal their information, people will always worry about that small chance of their device being vulnerable to hackers. Steve Kondik and CyanogenMod faced this issue early today when they tried to remove one key option in their ROM.

Anyone who has set up a CyanogenMod ROM knows the general process and that during every install, you asked if you would like to send data about your device to CyanogenMod servers. For as long as I can remember, there has always been an option to opt-out of this if you are a privacy-freak. On Thursday, however, CyanogenMod developers announced that they would be removing this option from their ROM, and needless to say, that did not go over well with users.

When the backlash began, Koushik Dutta, a CM developer, posted more specific information about the change on his Google+ account. “As we start growing as an organization, this sort of data becomes invaluable for CyanogenMod,” he wrote. “Understanding our user base, their devices, CM version, and other data helps us build a better product.” He said that the CyanogenMod ROMs would be collecting the following data:

  • Anonymized/Hashed IMEI or Wi-Fi MAC address
  • Device name
  • CM Version
  • Country
  • Carrier

“This type of anonymous data is already collected by most Google Play apps and even Google themselves,” Dutta explained.

Even though that data might seem harmful to most of us, a good number of people fought the decision and became worried about their privacy. When the backlash got worse, Steve Kondik, the founder of CyanogenMod and former Samsung developer, felt the need to respond and explain his stance on the issue.

It’s a unilateral change because I run the project and need these stats in order to plan. Without stats, I am just making up random stuff with no facts to back it up. You can debate this all you want with me, but I have put the last three years of my life into this project and have only its best interests in mind. While CM is a community project, it is not a democracy.

The thing is that we have NO IDEA how many people are actually turning the stats off, and that is what is bothering me. The number could be in the millions, or it could be insignificant. If it’s in the millions, that is a HUGE deal for us.

While Kondik though this might calm people down some, it did not. In fact, if anything, it simply angered people even further, and things got ugly fast. Suddenly, Kondik must have felt the need to stop it from becoming even worse, and announced that he had restored the ability to opt-out of sending your data to CyanogenMod servers.

I restored the opt-out feature to stats gathering in CM this morning.

It’s incredibly frustrating that a handful of incredibly vocal users are ready to “fork” over the issue. News flash: there are already a hundred forks of CM. We like it, and we enable it! And there’s no sinister plot to crack the hashed data and sell your deepest darkest secrets to Verizon and the NSA.

In the end though, we should respect everyone’s wishes here. The change was well-intentioned we just want to have better answers to certain questions. There are many applications out there who are doing incredibly dubious things like uploading all of your contacts without your consent, so certain suspicions are understandable. I do not want CM to ever be perceived as a group who doesn’t respect the privacy of its users.

In my opinion, people who did freak out about this change, should probably just get off the internet and live in a cave. You never know who is collecting what about you. Something you view as harmless, could actually be sending all that same information back to a server somewhere in the cloud.

What do you think about this issue? Should CyanogenMod have even attempted the change in the first place? Let us know down in the comments!