Jump to content

Balena

From Consumer_Action_Taskforce
Revision as of 06:36, 2 April 2025 by Vandetta (talk | contribs) (Incidents (Privacy Policy), added points of concerns with their current policy and made note that there latest change was minor but has had a significant gap since it was last updated)
Balena
Basic information
Founded 2013
Type Private
Industry Software Development
Official website https://www.balena.io/

Balena (formerly known as Resin.io) provides a platform focused on DevOps management for servers, clients, and local cross platform device software. It also offers tools for updating, deploying and maintaining code bases (though that is mainly targeted at Linux).

Consumer-impact summary

Balena has been one of the more big companies that has open sourced most if not all products for users to tinker with. But more recently they have resorted to more sneaky tactics for profit. Such violations include:

  • Breach of user trust
  • Adding adware to it's services
  • Leveraging it's reach to the vulnerable tech illiterate

Incidents

Balena Etcher Collecting data on users drive and filename being flashed (2018)[1]

In as early as 2018 Balena has found itself in hot water over gathering specific user telemetry on their software Balena Etcher without consent.[2] Specific information includes IP address, usb device info and the filename being flashed being sold to their 3rd party AD network partners compromising users privacy and trust for profit. Many other privacy focused open sourced groups that have relied on etcher like Tails have completely removed recommendation of using Balena Etcher to install their operating system.[3] While there are many alternatives to Balena Etcher they tend to be a bit less user friendly and likely are not cross platform. Making them the de-facto choice among non tech literate users that are being taken advantage of.

Balena's Predatory Privacy Policy[4][5]

Recently Balena made a minor change to it's privacy policy.[5] The changes were not that big (mainly removing their physical address) however this is worthy of note because it is the first change to their policy in nearly 5 years! With that being said their terms still remain concerning for any previous and future users. Below are some concerning topics that their policy includes:

Fingerprinting users with help of third parties

"Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices."

"We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services."

Collecting information on your referrals or "friends/colleges"

"Share Content with Friends or Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services."

Sharing information collected about you to third parties and AD networks

"We may share any personal information we collect about you with our third- party service providers. The categories of service providers to whom we entrust personal information include: IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of the Services."

"Business Partners.

We may provide personal information to business partners with whom we jointly offer products or services. In such cases, our business partner's name will appear along with ours.

Affiliates.

We may share personal information with our affiliated companies."

Having to manually request data to be erased through legal channels instead of by default

"You can access and modify the personal information associated with your Account by logging in to your Balena account. If you want us to delete your personal information and your Account, please contact us at legal@balena.io with your request. We will take steps to delete your information as soon we can, but some information may remain in archived/backup copies for our records or as otherwise required by law."

Products

Balena Etcher (2016)

Formerly known as Etcher; Balena Etcher is a free open source tool that flashes image files. it has recently had some controversial stir around how it collects user data within it's app. Many users have started using other software to flash image files such as GNOME Disk, Rufus, DD (bash command), and the Disk Utility (Mainly for mac) that work without selling the consumer out.

See also

Link to relevant theme articles or companies with similar incidents.


Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

References

  1. Switched to Linux (2025-03-08). "WARNING - Etcher Sends PII To Third Parties - YouTube". Youtube.{{cite web}}: CS1 maint: url-status (link)
  2. sneak (2018-02-18). "etcher spies on the user without consent · Issue #2057 · balena-io/etcher". Github Issues. Retrieved 2025-03-31.{{cite web}}: CS1 maint: url-status (link)
  3. "Tails - Replacing balenaEtcher with Rufus as installer for Windows". Tails. 2025-02-19. Retrieved 2025-03-31.{{cite web}}: CS1 maint: url-status (link)
  4. "Old Privacy Statement - balena". Balena. 2020-04-01. Retrieved 2025-04-01.{{cite web}}: CS1 maint: url-status (link)
  5. 5.0 5.1 "Privacy Statement - balena". Balena. 2025-03-27. Retrieved 2025-04-01.{{cite web}}: CS1 maint: url-status (link)