Realm Cloud Portal getting nosey

As early adopters I was surprised to find I am no longer able to login to clould.realm.io unless I give much more information than I am comfortable with
image

I balked at providing the information so am locked out from checking our cloud status. What’s the rationale for intruding on my privacy in this way?

@Nosl Thanks for raising this issue. These additional fields were recently added and I’ve started an internal discussion to follow up.

What’s the rationale for intruding on my privacy in this way?

Realm Cloud is a commercial service and some additional details like your location and phone number may be useful for verifying identity and ensuring we comply with relevant local requirements.

Regards,
Stennie

hmmm maybe location as I understand the US can be quite arbitrary in where US companies can distribute software. I suppose there is some risk of Realm being used to bring down national infrastructure :slight_smile:

In that regard, what constraints are imposed in using Realm depending on how we answer the Country question? We’re a multi-national, so pick a country.

What value is the phone number in establishing identity? Are you going to validate it by ringing the number we give you?

I assume from your answer the other fields will be dropped. For the time being, as you have blocked access to existing users who have privacy concerns, will you drop the additional fields while you work out why they are there?

Providing services requires a contractual agreement between parties in some jurisdiction. Currently the Realm Terms and Conditions are US based, which includes compliance with embargoed/sanctioned countries. MongoDB is also a multi-national company but our headquarters are based in the US.

If we only have an email contact details and you lose access to the associated email account, phone number or secondary details may be useful as a second factor for verification. Currently only the email is validated during the signup process.

For full details on usage of personal data, please see the MongoDB Privacy Policy.

I started an internal discussion on context for adding these fields and whether some can be made optional. I don’t work directly on the Realm Cloud team but there were business requirements for adding these. I would be interested to know which fields you find particularly objectionable for a cloud services provider.

I appreciate your patience and apologise for the inconvenience.

Regards,
Stennie

I find objectionable the collection of any data that is not required for the provision of the service. Until now Realm has been able to provide this service without this intrusion.

I can post to the Realm GitHub repo without being required to disclose such information. I’m surprised to learn that legal constraints apply to MongoDB Realm that do not also apply to GitHub.

We don’t find these generic fields intrusive at all. No big deal for us.

The most important thing is that data is not shared.

In our course of doing business we need to collect some basic customer information as just the normal part of doing business, but having the option to opt out is understandable.

Jay

I guess this is a cultural thing @jay. We take our lead from GDPR and don’t collect any customer information that is not required in order to provide the service.

We used to do things differently and would collect as much information as we could for marketing. But we live in a different world now where bits of personal data scattered across the internet can be stitched together in ways previously impossible.

No business that gathers user data can guarantee that data is not shared in some way. You can only do your best, but if your best fails, as it often does, you can be liable.

So we no longer hold anything other than an email address that is used to login. We use other providers for authentication. We use other providers for payment processing. Our users are virtually anonymous to us and our business continues to grow.

Clearly authentication and payment providers need to know more about us. They also need to know more about our customers. But we do not need to know more about our customers and we prefer service providers who do not ask for any information they do not require beyond the provision of the service.