← Back to context

Comment by edraferi

8 years ago

> it uploaded all of the source code on my computer to their service.

That sounds crazy, so I reviewed their privacy policy[0]. It looks like Kite now requires users to whitelist the directories it indexes and automatically purges files you remove from the local index.

The Privacy Policy says that:

> When you use our services, we may collect [...] Any source code files on your computer's hard drive that you have explicitly allowed our services to access. To learn how to control access to your source code files, please visit our FAQ.

The FAQ[1] says

> Kite only uploads files that:

>> 1. Have a .py file extension,

> 2. Are children of a whitelisted directory,

> 3. And are not ignored by a .kiteignore file.

That doesn't seem like "any source code file on your computer" to me - unless it whitelists root by default, which would be a hella dark pattern.

Also, removing a file from the local index should remove it from the server as well [2]

[0] https://kite.com/privacy [1] http://help.kite.com/category/30-security-privacy [2] http://help.kite.com/article/10-how-do-i-delete-files-from-k...

7 comments

edraferi

Reply
bfirsh  8 years ago

It sounds like they changed something after I signed up. I am not super paranoid, but I am pretty savvy about privacy and keeping my data safe. There is no way in hell I would have agreed to upload all of my data to their service.

I was actually questioning myself when I realised what had happened -- I thought, "perhaps I just messed up". But after I saw this story about their other dark patterns, I'm convinced they just deceived me.

detaro  8 years ago

If you look at the screenshot posted by one of their founders it lists the user directory as the default whitelist: https://user-images.githubusercontent.com/87728/28395021-e04... and isn't clear on uploading everything from there

  • pdeuchler  8 years ago

    Hard to read that wording and not infer it was specifically phrased like that to prevent saying "we upload literally every file, recursively, in the below directory".

    Easy to see very intelligent and circumspect people interpreting "where enabled" to mean "when I ask for autocomplete" and "your code" to mean "that specific snippet" because who the hell would actually think it's cool to just carte blanche upload other people's workspaces?

codegladiator  8 years ago

> Also, removing a file from the local index should remove it from the server as well [2]

Maybe you are thinking only for your self. What about the majority of the users of minimap/(other hacked plugins) who doesnt know this is going on, and they are not aware that some files need to be deleted from someone elses server.

ps. i know "hacked" is not the proper term here ,but you get the idea.

  • edraferi  8 years ago

    I totally agree that putting proprietary integrations into open source packages is shady. However, I don't think that the Minimap "kite promotion" [0] went so far as too actually upload code to Kite's cloud platform. It looks like it just added tool tips that referenced Kite's documentation. That's distracting and unwanted, but not as egregious as uploading your code without permission.

    [0] https://github.com/atom-minimap/minimap/commit/16c11d82b889c...

tedmiston  8 years ago

Not sure when you're seeing the privacy policy change was made but as an early user of the Kite desktop tool, directory whitelisting has been in place for a year or more.