I deeply respect you @synesthesiam. While It saddens me that you’ll surely have less and less time for Rhasspy, I understand the need to eat and pay the bills. What devestates me far more than losing Rhasspy though, is that your skills are being gained by somewhere as deceptive as Mycroft.
Yes they tout loudly that their code is open, but this is not a privacy respecting project, nor is the company behind it. I came to Rhasspy precisely to get away from the likes of Mycroft. There are reasons that their project is specifically structured to default to using their cloud services (sound familiar?). There are reasons they demand user logins (also familiar…?). Their project has been specifically structured in a way that makes self hosting, and I quote “not easy and is unlikely to provide an equivalent user experience [as sending your personal info to their computers].”
I mean, is Mycroft different than GAFAM? Maybe, but if so, it doesn’t seem to be for lack of trying to emulate them. Let’s take a quick look, not at their glossy marketing homepage, but at their privacy policy (which covers both their website and their services). Just a quick skim through, copy and pasting the privacy relevant bits comes up with:
When you use our Services including the Mycroft Voice Assistant, your voice and audio commands are transmitted to our Servers for processing.
Because they made it, you know “not easy” to self host, like say Rhasspy currently is.
We collect information about you directly from you and from third parties, as well as automatically through your use of our Site or Services
Just to clarify that it’s not just “opt in” stuff.
When you use our Services, your audio commands are transmitted to Mycroft for processing, as part of the Services. We may also collect other metadata about your audio commands, such as the time and location.
Note that it’s not limited to information needed to fulfill the request.
we collect information about your device, including platform type and location
Once again, specifically not limited to fulfilling the service.
If you comment or post content to the Services, we may gather data about the content you post.
Just in case you were wondering if they would also use the content.
We automatically collect information about you through your use of our Site and Services, log files, IP address, app identifier, advertising ID, location info, browser type, device type, domain name, the website that led you to our Services, the website to which you go after leaving our Services, the dates and times you access our Services, and the links you click and your other activities within the Services.
That’s a list that would make Google proud, especially the advertising ID. What could that be for?
To send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you.
Because privacy focused companies are all about promotions and special offers.
for other research and analytical purposes
(how much vaguer and more all encompassing can you get than “other research” and “analytical purposes”?!)
To protect our own rights and interests, such as to resolve any disputes
So you control the assistant in my home and can use it’s info against me in a legal dispute?
We may share your information, including personal information
Just to be clear…
We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf.
Once again, pretty much to anyone.
If we are acquired by or merged with another company, if any part of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
As with pretty much any company… which is one of the problems with company run projects.
We may share aggregate or de-identified information about users with third parties for marketing, advertising, research or similar purposes.
Just in case you thought they were only collecting to improve the project.
We and our third party service providers use cookies and other tracking mechanisms to track information about your use of our Site or Services. We may combine this information with other personal information we collect from you (and our third party service providers may do so on our behalf).
Oh? Like who?
We use automated devices and applications, such as Google Analytics
Ah, that’s who (at least one of the who’s…).
our Site does not recognize browser “do-not-track” requests
Real “privacy focused”, right?
If you’d like to update your profile information with us, you may do so through your account. […] we may maintain a copy as part of our business records.
So you can ask us to delete it, buuuut… “business records” y’know?
Our Services are not designed for children under 13; and children under 13 are not permitted to have an account with us. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems.
Why no users under 13? Much like Audacity moving to ban users under 13 when they added tracking and Google Analytics. In many areas it’s illegal to track personal data about children for commercial purposes. If you want an easy surveillance advertising based income, you gotta get rid of users under 13.
A couple of these by themselves could be understood, but what’s the overall pattern here? Is this the pattern of a privacy centric company, recording advertising ID’s, location, IP addresses, content and using it to give to third parties and marketing?
I’m sorry if this doesn’t come across as supportive as the other comments here. Most likely this post will lead to personal attacks against me by people who feel that they’re defending you, all while encouraging you towards being controlled by “© Mycroft AI, Inc.”’. Yes, the code may still be open, but make no mistake, this is open code to use against privacy. If I didn’t care about you I’d just be silent. I’m posting this precisely because to me this looks like a good, ethical, skilled person being bought by a company that has long fed off misleading FOSS and privacy advocates. This is a clear attempt at swallowing the more private competition, ie you and Rhasspy.
I wish you well, I really do, but this is a very sad day, indeed.
Hopefully a more honest company makes you a better offer soon. Hopefully I’m wildly wrong. Reading their privacy policy though, I doubt it, so I do hope you’ll be careful to keep an escape plan handy in case you need it later. I would have happily thrown hundreds of dollars at a crowdfunding campaign for Rhasspy, but Mycroft will never get a single cent from me.
Anyway, thank you for all the good that you did for Rhasspy and the community. It was good while it lasted.