Incident: The Data Sharing Dialog Repeatedly Appearing
On March 2, 2021, our users were impacted by a Data Sharing dialog that would repeatedly appear on each new start of IntelliJ IDEA or other IntelliJ-based product. Because of a server error, the new data-sharing consent for processing data in Google Analytics was added to all of a user’s JetBrains IDEs. On March 3, a patch was applied to the server to mark this consent as deleted on the IDEs and to stop it from requesting further consent. All the shared data stayed anonymous and secured and the data were not processed with Google Analytics.
We are sorry about this unpleasant experience. In this post mortem, we’ll try to describe the mechanism we use to remotely update consents, how we fixed it, and why data sharing is essential for us.
How we update the data sharing consents
Data sharing consent was introduced in our IDEs at the end of 2017, when we decided to collect feature usage statistics to learn more about how our users use our products and, ultimately, to help us make the tools better for our users.
The idea was to create a flexible mechanism that would support different types of data sharing consent and make it possible to update them from the server. In other words, if a user starts working with one of our JetBrains IDEs and accepts the data sharing consent, but sometime later we decide to change the way we process data (which might, for example, have to do with third-party services), then we should notify the user that the data sharing consent has been changed. Moreover, if we decide to add another type of consent (for say, the way we process data), then users should be notified with an appropriate dialog again.
Technically, it works as follows. The IntelliJ IDEA application contains the data sharing consent of the latest version when it was built. After the IDE starts up, the user interacts with the data sharing consents from the application, and 5 minutes later (to avoid slowing down the startup) the IDE asynchronously requests updates for all the consents from the JetBrains server. The server responds with all the latest consents, and if any differences are detected, the IDE saves the consents locally into the file
<app-config>/JetBrains/Idea/consentOptions/cached. Consent updates are scheduled to happen every 24 hours. On the next startup, the IDE checks the accepted consents from the file
<app-config>/JetBrains/consentOptions/accepted and if some of the consents from the cached file was not processed before, it shows the Data Sharing dialog to the user.
There is no way for us to manipulate the user’s IDE from the server, as all the processing logic stays on the IDE side. Additionally accepted consents would only affect the processing of already submitted data on the server side.
What went wrong
On March 2, 2021, a mistake on the server-side meant that the consent updates the IDEs received from the server included a redundant consent from Google Analytics. For affected users, the redundant consent was stored in
<app-config>/JetBrains/Idea/consentOptions/cached. Unfortunately, the IDEs were unable to process more than one consent properly on startup. Therefore, the Google Analytics consent remained unprocessed and was not being saved in
<app-config>/JetBrains/consentOptions/accepted. This caused the Data Sharing dialog to appear repeatedly on each IDE startup.
How we fixed the problem
We fixed the problem by sending a response from the server that the Google Analytics consent has been deleted. Affected users can find the line stating that the Google Analytics consent has been marked as deleted in the file
<app-config>/JetBrains/Idea/consentOptions/cached. This made it possible to prevent any further processing of the Google Analytics consent. Affected users had only to wait for the update from the server (either 24 hours, or 5 minutes within an IDE restart).
Please note that the update from the server changed only the status of the cached consent updates in that one file, not the IDE’s behavior.
What we will do to prevent this in the future
The fix described above allowed us to stop showing the redundant Data Sharing dialog for the affected users, but it doesn’t solve the potential for problems with this in the future.
After collecting anonymous usage data for 3 years, we have neither updated the data-sharing consent nor added a new consent (not counting this incident). Since this flexible mechanism of remote consent updates does not appear to serve any purpose, we are going to deprecate it. The upcoming versions of all JetBrains IDEs will use only bundled consent.
Why data sharing is essential
At JetBrains, we make products that solve a huge number of developer tasks. Initially, we developed them to meet our own expectations as developers – a technique known as dogfooding. It helped us polish our products, but at the same time, it could sometimes lead to bias. That is why, in order to stay in touch with our users and their needs, we’ve been trying to open and use as many user feedback channels as possible.
Anonymous data sharing from within our products is one of these key feedback channels – and it has produced outstanding results so far. For example, the data we’ve received about the usage of
Alt+Enter has helped us realize that this powerful feature was not discoverable enough, so we made it more obvious. We’ve also been able to enhance our code completion, searching patterns, and many other aspects of the user experience, all thanks to the feature usage statistics we’ve received from those who opted in. We really appreciate your help.