Mastodawn

This report about #Wacom graphics tablets is disturbing for a couple of reasons.

1. They are surveilling users of their #tablet - a human-interface device analogous to a mouse or trackball - recording every application you open, or when you switch between windows of different applications. They are collecting this data via a trip through Google Analytics, aka Spyware Central. There is no possible way to justify collection of this particular data; it is none of their damn business how long you have your drawing program focused before switching to your browser and back again. The author notes their privacy policy really doesn't describe this collection of data correctly, so there really can't be informed consent in the first place.

2. Why on earth is it possible in #Apple #OSX / #MacOS for a USB human interface device driver to capture this information in the first place? Apple shares a big slice of the blame here - this should just simply not be possible for the driver to collect in the first place. Having such a driver allowed to place outgoing HTTP requests is also a big "WTF are they thinking?" moment.

https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/

#google #GoogleAnalytics #spyware #surveillance #spying #crapware #GraphicsTablet #DeviceDriver #USB #HID #HumanInterfaceDevice #driver #privacy

Wacom drawing tablets track the name of every application that you open | Robert Heaton

I have a Wacom drawing tablet. I use it to draw cover illustrations for my blog posts, such as this one.

Robert Heaton

Show thread

Privacy Project May 18, 2025

@cazabon There is absolutely no end to the lengths tech will go in order to spy on its users.

Show thread

nex May 18, 2025

@cazabon Ad 2.: If this did just USB HID things, it wouldn't need a special driver. This software isn't really a driver, it's a full-blown app that can in theory do anything you can do on a PC system. Knowing which app is currently in the foreground is necessary for such software: That lets you set up different configurations for different apps, e.g. what the extra buttons on the tablet should do, whether you want pen or mouse mode, etc.

Blaming the OS for allowing this doesn't make sense here.

Show thread

C.May 18, 2025

@nex

I said it was analagous to mouse or trackball, not that it was a pure HID device, but no matter.

> Knowing which app is currently in the foreground is necessary for such software:

No, it isn't. I'm a software engineer. If I had built an interface in the OS for this, I would have taken privacy into account - the tablet driver would only receive a hash value to identify the application, and it would have mixed some unique-to-the-machine-and-user data into it such that the value could not be correlated across machines or users. The driver would know the user switched to a different app, and would be able to say it was the same app they used at some previous point (so preferences could be saved) but would have no way to know what specific app it was.

I also would have built it so that it could not perform network requests. If the driver (or helper app, if you want to call it something else) has to talk raw USB to access the device's extra capabilities, then the OS knows enough about the program to block network access for that program if it chose.

Show thread

nex May 18, 2025

@cazabon Of course the OS could provide more features to facilitate better sandboxing etc. in the user's interest. E.g. you could make it so an app has to ask permission before it gets network access.

I can also see how it would be possible to let the user select ‘Photoshop’ without the tablet app seeing that ID, though that would prevent it from loading appropriate defaults.

Show thread

nex May 18, 2025

@cazabon However, none of that changes the facts that the software in question is a normal macOS app, and, just like on any typical PC OS, there's nothing stopping it from seeing which app is currently in the foreground.

Walling off every single tiny source of information like that would require a completely different kind of OS from the ground up, and entail various trade-offs that aren't necessarily user-friendly.

Show thread

nex May 18, 2025

@cazabon Anyway, it's difficult to stop a mono-/oligopolist from enshittifying their software at the API level.

I want to see users empowered to be aware of shady shit like spyware and able to easily choose superior alternatives. Apple (like literally everyone else) allowing app A to know that app B is running isn't even tangential to that.

Sorry about the long thread; just one more thing:

Show thread

nex May 18, 2025

@cazabon Apple are stricter about apps from their App Store (where e.g. more sandboxing is enforced) and it's alright that users have that option, but my point is that locking the entire system down so much that malware becomes impossible is an unsolved problem, and with draconian restrictions like “no one may access both USB and network”, arguably the machine wouldn't be a PC anymore.

Wacom's software is trash, but the APIs it's using aren't inherently wrong.