A Reddit user running the Mac application Little Snitch 4 discovered that Skylum’s Luminar photo editor is “calling home” to Facebook while the app is in use, allegedly for “analytics purposes.”
The discovery was made by u/numblock699, who posted about the find on r/photography and r/privacytoolsIO earlier today. He noticed the anomaly as soon as he installed and booted up Luminar 4 on a new machine—testing was done on both Mac and PC—so the setting seems to be on by default, though we can’t find a way to turn this sharing off in-program.
When asked about the issue over Twitter DM, Skylum—the makers of Luminar—replied that the data collection is “done for analytic purposes.”
“Kindly note that the information we obtain with the help of in-app analytics does not provide any means for personal identification, i.e. it’s not connected to a name, email address, or other personal information in any way,” wrote the customer service rep. “Please take a moment to review our user agreement, in particular, the sections ‘When you use our products’ and ‘Your Data that we collect’.”
u/numblock699 send PetaPixel the full reply from Skylum, which you can read below:
Hi xxxxx! That’s done for analytic purposes. Kindly note that the information we obtain with the help of in-app analytics does not provide any means for personal identification, i.e. it’s not connected to a name, email address, or other personal information in any way.
Please take a moment to review our user agreement, in particular, the sections “When you use our products” and “Your Data that we collect”:
I can assure you that the data is used only for the purpose specified above, therefore, you may feel free to allow it through your security settings.
There’s no way to know for sure what information is being passed back and forth, but u/numblock699 says that blocking the traffic between Luminar and Facebook ” doesn’t seem to cripple the software in any way.”
We’ve reached out to Skylum for comment/clarification on what kind of data is being shared, why it’s being shared, and if there is a way to opt-out in-program. We’ll update this post if and when we hear back.
UPDATE 2/8/20: Skylum has responded to our request for comment, confirming that the data being collected “can not be used to identify users” and stating that concerned users can contact support if they want that data deleted. You can read the full statement below:
We are using analytical tools and non personified data to make the product better for our customers. Understanding the concerns about personal data privacy, we can guarantee that all the data used in analytics can not be used to identify users.
As the comment provided by our support team correctly states, the information we obtain with the help of in-app analytics does not provide any means for personal identification, i.e. it’s not connected to a name, email address, or other personal information in any way.
Shall a customer wish to delete the collected data, he or she can ask the support team to do so by reaching out to us.
UPDATE 2/11/20: A Skylum spokesperson has reached out to clarify the last sentence in the above statement, since it seems to have caused some confusion:
This statement solely refers to the user’s data that the company may have collected from trial version downloads, website visits, product purchases, email subscriptions, and other interactions. There is an option for users to request these personal data to be erased from the company databases.
The mentioned statement wasn’t referring to the anonymous data collection through in-app analytics. Anonymous data and data collected from trial/website/product purchases etc – are not connected in any way and we cannot identify user actions with reference to any of the IDs.
Image credits: Image by Reddit user u/numblock699, and used with permission.