Volumio Data Policy and Online Communication

This thread is here to provide comprehensive informations about Volumio's data policy and what online connections are established for Volumio to work.

We believe that transparency is key to trust, hence this list. For any question regarding those matters, mods please move new posts here, so we keep a centralized information Knowledge Base.

This post will be dynamically updated.

Preamble

If you are surprised at how many calls over internet Volumio has to do, consider that nowadays any piece of equipment, to work in a nice fashion, requires a constant flow of information taken from outside. Especially when you want to integrate several third party services and vendors.

Should you need to prevent any of the endpoints to be reached, you have several ways of blocking them. But this is strongly advised against, as it will probably break some core functionality and make it very difficult to debug the specific issue you have.

Volumio has an internal tool to check if the vital and ancillary endpoints required for its operation are reachable or not. To check, connect via SSH and type:

volumio endpointstest

Also, if you have troubles reaching one of more endpoints, make sure you reach out to our status page. Here you’ll find a comprehensive list of all the endpoints that we operate, their current status, and their uptime and APDEX.

https://status.volumio.com/

Data security policy

We designed our systems, authentication, cloud infrastructures and endpoints to maximize security and lower personal data leak impact in case of compromission.

Our architectural guidelines are:
  • Use third-party providers which can guarantee state of the art security. This is why we decided to use Firebase Authentication instead of our own user management system.
  • No-read default policies for databases. This way we minimize possible errors due to unsafe-misconfigurations.
  • Separate data storage from personal identification storage. This way, in case of compromission, user data cannot be linked to the real identity and vice-versa.
  • Use auth tokens instead of username and passwords where possible. This way we minimize compromission due to password spoofing.
  • Use https on all endpoints which require authentication information, to defeat man in the middle attacks.
  • We try to be sensible. We try not to overengineer and reduce the number of tools and technologies used.
What data we collect and how we use it

Due to the nature of the services and the features that we offer, we store (in a very secure manner) some of your data, specifically:

  • Name, surname, email and geographical location (if you create a MyVolumio account)
  • Favourites, Playlists, Radio Favourites, Personal Radios and the last played song on each device (if you create a MyVolumio account)
  • Date and time of your first subscription (if you create a MyVolumio account)
  • Data pertaining to your devices: anonimized Unique Identifier, Hardware type, Friendly name, System version and date of first addition
What is your data used for:
  • Matching the nearest server to your location to enhance your experience with the lowest possible latency
  • Synchronize in real time Favourites, Playlists, Radio Favourites, Personal Radios
  • Verify that you have an active subscription
  • Offering a clear overview of how many devices are linked to your account and if they are currently available and what they are currently playing

By cancelling your account, your data will be permanently deleted instantly
We will not sell, share or grant access to your data to anyone.
You will be able to download a file containing all your aforementioned data (except those that might result in a security issue), just send a request via our contact form.

Full terms and privacy policy is available at:
https://volumio.com/en/terms-of-service/

Free MyVolumio Account Required for Plugins Download

Actually, Volumio is what it has always been: an open-source project, backed by a company, which needs funding to operate and improve.

In the beginning, our source of income was just the OEM (providing Volumio technology to manufacturers), but this ended up in us developing only what was prioritized by such companies.

With MyVolumio we achieved the ability to develop features asked by the community, since the revenues helped do the required investments.

The plugin store as we have designed it will allow any developer to publish their plugins either free (as it is now) or paid. The infrastructure is already there (with this new iteration) and once Volumio3 is up and running we will do the remaining part (UI and payment provider).

The idea behind it is that this way, if someone wishes to sell their plugins, they can do so, and hopefully get something back from it. Or, attract other services providers to publish “top-notch” stuff into Volumio.

I’ve already stated elsewhere (in a couple of discussions) that we (as Volumio) are not against “competitor plugins” and that they will be accepted if they respect the same guidelines as all other plugins have to respect (first of which: do not conflict with the good working of Volumio core).

And that’s not just wishful thinking: we already do that. There is a third-party CD plugin (paid one) that is currently accepted into Volumio2. So, if we would have wanted to “boycott competitors” we would already have done it.

The example of CD Plugin is actually something that made us see the potential of this system. We offer a simple way for people who want to sell plugins to do it (without setting up clunky authentication and so on) and we provide a seamless experience to those who want to use them.

Publishing a plugin, free or paid, will be a prerogative of the developer.

Last, but not least, I personally think that competition (if fair) eventually lead to making things better. And this is our ultimate goal with Volumio = make it the best music player out there.
This requires skill, passion, motivation but also financial resources, hence the “commercial part”.

Last, consider that it requires us double the effort to do anything, as we are an open source project, trying to grow without betraying FOSS principles (which is freedom of choice). It would be much much more simpler to just do something proprietary, but we truly believe in the FOSS principles and in open ecosystem, so we won’t change this.

List of endpoints and connections made by Volumio and their purpose

Google APIs

https://www.googleapis.com
https://securetoken.googleapis.com

Those are APIs called by our user management tool, which is based on Firebase. The information sent is just your auth token and its validation or refresh.

https://myvolumio.firebaseio.com
https://functions.volumio.cloud

Those are calls to our serverless functions, mainly used by MyVolumio to update your list of devices, enable\disable MyVolumio plugins. Those calls are necessary to use MyVolumio functions and the MyVolumio plugins.

https://oauth-performer.dfs.volumio.org

This is the OAUTH handler, which allows you to log-in to Spotify, TIDAL, Qobuz in Volumio. The data received is just an auth token provided by the music service.

https://browsing-performer.dfs.volumio.org

This is our music services browsing aggregator. This is used to browse TIDAL and QOBUZ and get the stream URL of the tracks you request.

http://cddb.volumio.org

This is our CDDB mirror. We use it to fetch Audio CD Metadata and Ripping informations.

http://pushupdates.volumio.org

This is used to request updates to our server. Data sent is anonymous and contains: version, hwuuid (anonymous), device, name and architecture.

http://plugins.volumio.org

This is the endpoint used to fetch the list of plugins and download them. We send your auth token, device and architecture.

https://database.volumio.cloud

This provides REST Api access to MyVolumio Realtime database. It contains MyVolumio plugins names and some cloud related settings.

https://radio-directory.firebaseapp.com

This is our WebRadio selection API, used to fetch “Volumio Selection” of webradios.

https://meta.volumiio.org

This is Volumio’s metadata aggregator. We use it to retrieve album art, artist info, album stories and credits. We send your device name, hwuuid (anonymous).

mqtt.volumio.org

This is our mqtt broker and its used to notify MyVolumio if your device is online or not, to notify it in your MyVolumio Dashboard. We send the device hwuuid (anonymous).

oauth.volumio.org

This is our OAUTH Server, used to authorise external services to access your MyVolumio account in a safe way. This is currently only used for the Alexa skill.

mix.volumio.org

This is our statistics informations collector, which receives usage statistics on which music service is used and for how long (in minutes). Also it collects events such as signup, logins, logout, account upgrades/downgrades.

If there are additional questions or concerns, please post in this thread and this post will be updated.

6 Likes

I noticed the new tick box on the website to download images, and scrolled through the updated ToS. Terms of Service · Volumio

What interested me was new line in the the " Data Collection and usage" section compared to the first post.

  • Name, surname, email and geographical location
  • Favourites, Playlists, Radio Favourites, Personal Radios and the last played song on each device
  • Date and time of your first subscription
  • Data pertaining to your devices: anonymized Unique Identifier, hardware type, friendly name, system version and date of first addition.
  • Source used and for how much time

Would appreciate some clarification about the listening stats collected.

  1. How can one opt out?
  2. Can you elaborate what level of detail is collected?
  3. The section is under myVolumio,
    2a) Is it always active?
    2b) is this collected only for premium account? Or also on the free tier?

No response in 21 days? Alright, that clarifies enough, time to to move on to more privacy respecting platforms…

Cheers!

I won’t answer all your questions because I can’t …
But you can disable it in system

No, the screenshot you show is explicitly for Google and Facebook tracking…

You can check for yourself, there is a call to
https://mix.volumio.org which is an instance of Mixpanel.

This is another 3rd party analytics tool.

It was introduced silently here - no way to disable it, and loads quite some tracking.

@volumio can you clarify please?

Thanks for signalling this McMuffin. You were right, there was no way to disable this. Made just now a fix which allows to disable by opting-out from Privacy Settings.

Re your questions:

  • How can one opt out?
    By opting out in System Settings → Privacy Settings. Ticking to off will stop event reporting.
  • Can you elaborate what level of detail is collected?
    Which music service is playing for how many minutes. This is mainly to understand what are the most used music services (mpd, tidal, qobuz etc). No playback history and no further info on what is playing is collected. On top of that we collect other events such as: signup, logins, logout, account upgrades/downgrades.
  • The section is under myVolumio,
    2a) Is it always active?
    If you have the UI open and did not opt-out, yes.
    2b) is this collected only for premium account? Or also on the free tier?
    For all Volumio Users.

Side notes:

  • I’ve updated this post to include this endpoint and explain what it does.
  • This component has various functions, and the first function it was intended to serve is to provide info to the Ui if the user is online or not, and this is precisely what the commit message says.
1 Like

Strange that your team didn’t consider an opt-out all this time. :thinking:

It shows very careless developer attitude or more shady practices at play. :face_with_raised_eyebrow:

I think it’s the first one… :smirk:
Importantly, your current fix still does not work.
There are calls to both https://mix.volumio.org/ and https://api-js.mixpanel.com, still when opted out.

Your doing multiple things wrong with this analytics code. Mixpanel’s people is still a signalling event. :v:

Please take data privacy seriously.

The reason that the people function is not disabled is very simple:
the rationale is that we have to know, on a non-device-related basis if you wish not to be tracked, to respect your choice. The same way that we have an entry in your myvolumio associated data which states if you opted-in for the mailing list or not.

This also explains why there are still calls to both services, even if opted-out (no events are tracked).