Hi all,
Do you know how can I see the privacy policy for each skill( if any), and what type of data each skill collects, and whether there is permission taken from users on that? Either on the website or on Ubuntu through a virtual box would work.
Thanks
The idea behind an open source assistant is precisely not to collect anything from anyone. Some skills do need some information from you, like location, credentials, and others. If the skill interacts with a third party service, you’ll need to see that 3rd party privacy policy (e.g: spotify skill will need spotify credentials just to connect to spotify, but will be Spotify who will track what are you listening, not mycroft)
This information can be configured at home.mycroft.ai for the convenience to configure it with a GUI, but then you’ll be storing that on Mycroft Inc servers. If you don’t trust Mycroft Inc to store your data, you can configure locally all those in each mycroft instance through the mycroft.conf file.
That being said. If you still want to see what a skill is doing with your data, you can see the code by yourself, is not a black box like commercial assistants, so there is nothing to hide.
@malevolent explained it very well
I just want to add that if you install a skill from the marketplace it has been reviewed by humans and is safe to install. So even if you dont look at source code you can be assured someone did
When installing skills from random github repos use your judgment, if you can look at the code do, if not check if its a known comunity member etc… There have been 0 known cases of spying or malware skills so far
Thank you @JarbasAl and @malevolent. You both explained very well. To clarify, I am a student doing a project on the Privacy of the skills in Mycroft. I am trying to answer some questions that are going to be of interest to the users, developers, and owners of Mycroft. I am sure this is going to reassure the users about the high privacy of Mycroft.
If you think there are further relevant sources on privacy of Mycroft, please do not hesitate to share.
Thank you so much
This is not related to skills, but mycroft in general: I guess you already had a read to the documentation; there explains how Mycroft has opt-in privacy, meaning Mycroft doesn’t store your voice by default, you must manually opt-in for that, so you can contribute with your voice to improve community voice recognition, as those datasets are donated to Mozilla DeepSpeech, who also has a strong privacy policy, and deletes all datasets from time to time.
You can run Mycroft entirely offline, by installing and hosting the selene backend by yourself or the personal backend, and use Mozilla DeepSpeech as your STT, so no information needs to leave your own network, yet you’ll need to have some horse power to run all those engines.