Anonymous statistics (#5113)

* Added shell and dashboard anonymous statistics

* Check for environment var NETDATA_REGISTRY_UNIQUE_ID

* Fix indentation

* Removed health-cmdapi-test

* docs/anonymous-statistics.md

23 files changed, 414 insertions, 32 deletions

diff --git a/.gitignore b/.gitignore
index 7c730b7305..a4f0bffd25 100644
--- a/.gitignore
+++ b/.gitignore
@@ -94,6 +94,8 @@ system/netdata.plist
 system/netdata-freebsd
 system/edit-config
 
+daemon/anonymous-statistics.sh
+
 health/notifications/alarm-notify.sh
 collectors/cgroups.plugin/cgroup-name.sh
 collectors/tc.plugin/tc-qos-helper.sh
diff --git a/collectors/apps.plugin/apps_plugin.c b/collectors/apps.plugin/apps_plugin.c
index a789efc665..8f27169891 100644
--- a/collectors/apps.plugin/apps_plugin.c
+++ b/collectors/apps.plugin/apps_plugin.c
@@ -15,6 +15,9 @@ void netdata_cleanup_and_exit(int ret) {
     exit(ret);
 }
 
+void send_statistics( const char *action, const char *action_result, const char *action_data) {
+    return;
+}
 // callbacks required by popen()
 void signals_block(void) {};
 void signals_unblock(void) {};
diff --git a/collectors/cgroups.plugin/cgroup-network.c b/collectors/cgroups.plugin/cgroup-network.c
index 0cf2a2633b..13f84ff411 100644
--- a/collectors/cgroups.plugin/cgroup-network.c
+++ b/collectors/cgroups.plugin/cgroup-network.c
@@ -24,6 +24,10 @@ void netdata_cleanup_and_exit(int ret) {
     exit(ret);
 }
 
+void send_statistics( const char *action, const char *action_result, const char *action_data) {
+    return;
+}
+
 // callbacks required by popen()
 void signals_block(void) {};
 void signals_unblock(void) {};
diff --git a/collectors/freeipmi.plugin/freeipmi_plugin.c b/collectors/freeipmi.plugin/freeipmi_plugin.c
index 8226c0a0f4..cb16c710ba 100644
--- a/collectors/freeipmi.plugin/freeipmi_plugin.c
+++ b/collectors/freeipmi.plugin/freeipmi_plugin.c
@@ -35,6 +35,10 @@ void netdata_cleanup_and_exit(int ret) {
     exit(ret);
 }
 
+void send_statistics( const char *action, const char *action_result, const char *action_data) {
+    return;
+}
+
 // callbacks required by popen()
 void signals_block(void) {};
 void signals_unblock(void) {};
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index bffc864dd4..9611f223f7 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -2,8 +2,19 @@
 
 AUTOMAKE_OPTIONS = subdir-objects
 MAINTAINERCLEANFILES= $(srcdir)/Makefile.in
+CLEANFILES = \
+	anonymous-statistics.sh \
+	$(NULL)
+
+include $(top_srcdir)/build/subst.inc
+SUFFIXES = .in
 
 dist_noinst_DATA = \
 	README.md \
 	config/README.md \
+	anonymous-statistics.sh.in \
+	$(NULL)
+
+dist_plugins_SCRIPTS = \
+	anonymous-statistics.sh \
 	$(NULL)
diff --git a/daemon/anonymous-statistics.sh.in b/daemon/anonymous-statistics.sh.in
new file mode 100755
index 0000000000..81f2b00627
--- /dev/null
+++ b/daemon/anonymous-statistics.sh.in
@@ -0,0 +1,194 @@
+#!/usr/bin/env sh
+
+# Valid actions:
+
+# - FATAL       - netdata exited due to a fatal condition
+#      ACTION_RESULT  -- program name and thread tag
+#      ACTION_DATA    -- fmt, args passed to fatal
+# - START       - netdata started
+#      ACTION_DATA     -- nan
+# - EXIT     - installation action
+#      ACTION_DATA    -- ret value of
+
+ACTION="${1}"
+ACTION_RESULT="${2}"
+ACTION_DATA="${3}"
+ACTION_DATA=$(echo "${ACTION_DATA}" | tr '"' "'")
+
+# -------------------------------------------------------------------------------------------------
+# check opt-out
+
+if [ -f "@configdir_POST@/.opt-out-from-anonymous-statistics" ]; then
+	exit 0
+fi
+
+# -------------------------------------------------------------------------------------------------
+# detect the operating system
+
+OS_DETECTION="unknown"
+NAME="unknown"
+VERSION="unknown"
+VERSION_ID="unknown"
+ID="unknown"
+ID_LIKE="unknown"
+
+if [ -f "/etc/os-release" ]; then
+	OS_DETECTION="/etc/os-release"
+	eval "$(grep -E "^(NAME|ID|ID_LIKE|VERSION|VERSION_ID)=" </etc/os-release)"
+fi
+
+if [ "${NAME}" = "unknown" ] || [ "${VERSION}" = "unknown" ] || [ "${ID}" = "unknown" ]; then
+	if [ -f "/etc/lsb-release" ]; then
+		if [ "${OS_DETECTION}" = "unknown" ]; then OS_DETECTION="/etc/lsb-release"; else OS_DETECTION="Mixed"; fi
+		DISTRIB_ID="unknown"
+		DISTRIB_RELEASE="unknown"
+		DISTRIB_CODENAME="unknown"
+		eval "$(grep -E "^(DISTRIB_ID|DISTRIB_RELEASE|DISTRIB_CODENAME)=" </etc/lsb-release)"
+		if [ "${NAME}" = "unknown" ]; then NAME="${DISTRIB_ID}"; fi
+		if [ "${VERSION}" = "unknown" ]; then VERSION="${DISTRIB_RELEASE}"; fi
+		if [ "${ID}" = "unknown" ]; then ID="${DISTRIB_CODENAME}"; fi
+	elif [ -n "$(command -v lsb_release 2>/dev/null)" ]; then
+		if [ "${OS_DETECTION}" = "unknown" ]; then OS_DETECTION="lsb_release"; else OS_DETECTION="Mixed"; fi
+		if [ "${NAME}" = "unknown" ]; then NAME="$(lsb_release -is 2>/dev/null)"; fi
+		if [ "${VERSION}" = "unknown" ]; then VERSION="$(lsb_release -rs 2>/dev/null)"; fi
+		if [ "${ID}" = "unknown" ]; then ID="$(lsb_release -cs 2>/dev/null)"; fi
+	fi
+fi
+
+# -------------------------------------------------------------------------------------------------
+# detect the kernel
+
+KERNEL_NAME="$(uname -s)"
+KERNEL_VERSION="$(uname -r)"
+ARCHITECTURE="$(uname -m)"
+
+# -------------------------------------------------------------------------------------------------
+# detect the virtualization
+
+VIRTUALIZATION="unknown"
+VIRT_DETECTION="none"
+
+if [ -n "$(command -v systemd-detect-virt 2>/dev/null)" ]; then
+	VIRTUALIZATION="$(systemd-detect-virt)"
+	VIRT_DETECTION="systemd-detect-virt"
+else
+	if grep -q "^flags.*hypervisor" /proc/cpuinfo 2>/dev/null; then
+		VIRTUALIZATION="hypervisor"
+		VIRT_DETECTION="/proc/cpuinfo"
+	fi
+fi
+
+# -------------------------------------------------------------------------------------------------
+# detect containers
+
+CONTAINER="none"
+CONT_DETECTION="none"
+
+IFS='(, ' read -r process _ </proc/1/sched
+if [ "${process}" = "netdata" ]; then
+	CONTAINER="container"
+	CONT_DETECTION="process"
+fi
+
+# ubuntu and debian supply /bin/running-in-container
+# https://www.apt-browse.org/browse/ubuntu/trusty/main/i386/upstart/1.12.1-0ubuntu4/file/bin/running-in-container
+if /bin/running-in-container >/dev/null 2>&1; then
+	CONTAINER="container"
+	CONT_DETECTION="/bin/running-in-container"
+fi
+
+# lxc sets environment variable 'container'
+#shellcheck disable=SC2154
+if [ -n "${container}" ]; then
+	CONTAINER="lxc"
+	CONT_DETECTION="containerenv"
+fi
+
+# docker creates /.dockerenv
+# http://stackoverflow.com/a/25518345
+if [ -f "/.dockerenv" ]; then
+	CONTAINER="docker"
+	CONT_DETECTION="dockerenv"
+fi
+
+# -------------------------------------------------------------------------------------------------
+# check netdata version
+
+if [ -z "${NETDATA_VERSION}" ]; then
+	NETDATA_VERSION="uknown"
+	netdata -V >/dev/null 2>&1 && NETDATA_VERSION="$(netdata -V 2>&1 | cut -d ' ' -f 2)"
+fi
+
+# -------------------------------------------------------------------------------------------------
+# check netdata unique id
+if [ -z "${NETDATA_REGISTRY_UNIQUE_ID}" ] ; then
+	if [ -f "@registrydir_POST@/netdata.public.unique.id" ]; then
+		NETDATA_REGISTRY_UNIQUE_ID="$(cat "@registrydir_POST@/netdata.public.unique.id")"
+	else
+		NETDATA_REGISTRY_UNIQUE_ID="unknown"
+	fi
+fi
+
+
+# -------------------------------------------------------------------------------------------------
+# send the anonymous statistics to GA
+# https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters
+if [ -n "$(command -v curl 2>/dev/null)" ]; then
+	curl -X POST -Ss --max-time 2 \
+		--data "v=1" \
+		--data "tid=UA-64295674-3" \
+		--data "aip=1" \
+		--data "ds=shell" \
+		--data-urlencode "cid=${NETDATA_REGISTRY_UNIQUE_ID}" \
+		--data-urlencode "cs=${NETDATA_REGISTRY_UNIQUE_ID}" \
+		--data "t=event" \
+		--data "ni=1" \
+		--data "an=anonymous-statistics" \
+		--data-urlencode "av=${NETDATA_VERSION}" \
+		--data-urlencode "ec=${ACTION}" \
+		--data-urlencode "ea=${ACTION_RESULT}" \
+		--data-urlencode "el=${ACTION_DATA}" \
+		--data-urlencode "cd1=${NAME}" \
+		--data-urlencode "cd2=${ID}" \
+		--data-urlencode "cd3=${ID_LIKE}" \
+		--data-urlencode "cd4=${VERSION}" \
+		--data-urlencode "cd5=${VERSION_ID}" \
+		--data-urlencode "cd6=${OS_DETECTION}" \
+		--data-urlencode "cd7=${KERNEL_NAME}" \
+		--data-urlencode "cd8=${KERNEL_VERSION}" \
+		--data-urlencode "cd9=${ARCHITECTURE}" \
+		--data-urlencode "cd10=${VIRTUALIZATION}" \
+		--data-urlencode "cd11=${VIRT_DETECTION}" \
+		--data-urlencode "cd12=${CONTAINER}" \
+		--data-urlencode "cd13=${CONT_DETECTION}" \
+		"https://www.google-analytics.com/collect" >/dev/null 2>&1
+else
+	wget -q -O - --timeout=1 "https://www.google-analytics.com/collect?\
+&v=1\
+&tid=UA-64295674-3\
+&aip=1\
+&ds=shell\
+&cid=${NETDATA_REGISTRY_UNIQUE_ID}\
+&cs=${NETDATA_REGISTRY_UNIQUE_ID}\
+&t=event\
+&ni=1\
+&an=anonymous-statistics\
+&av=${NETDATA_VERSION}\
+&ec=${ACTION}\
+&ea=${ACTION_RESULT}\
+&el=${ACTION_DATA}\
+&cd1=${NAME}\
+&cd2=${ID}\
+&cd3=${ID_LIKE}\
+&cd4=${VERSION}\
+&cd5=${VERSION_ID}\
+&cd6=${OS_DETECTION}\
+&cd7=${KERNEL_NAME}\
+&cd8=${KERNEL_VERSION}\
+&cd9=${ARCHITECTURE}\
+&cd10=${VIRTUALIZATION}\
+&cd11=${VIRT_DETECTION}\
+&cd12=${CONTAINER}\
+&cd13=${CONT_DETECTION}\
+" > /dev/null 2>&1
+fi
diff --git a/daemon/common.h b/daemon/common.h
index d912a30e70..d1172ad8d1 100644
--- a/daemon/common.h
+++ b/daemon/common.h
@@ -78,5 +78,6 @@ extern char *netdata_configured_varlib_dir;
 extern char *netdata_configured_home_dir;
 extern char *netdata_configured_host_prefix;
 extern char *netdata_configured_timezone;
+extern int netdata_anonymous_statistics_enabled;
 
 #endif /* NETDATA_COMMON_H */
diff --git a/daemon/daemon.h b/daemon/daemon.h
index 412691107d..b65d2daa17 100644
--- a/daemon/daemon.h
+++ b/daemon/daemon.h
@@ -8,6 +8,7 @@ extern int become_user(const char *username, int pid_fd);
 extern int become_daemon(int dont_fork, const char *user);
 
 extern void netdata_cleanup_and_exit(int i);
+extern void send_statistics(const char *action, const char *action_result, const char *action_data);
 
 extern char pidfile[];
 
diff --git a/daemon/main.c b/daemon/main.c
index 1ec5f6ed5a..9e9bc55c2f 100644
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -2,6 +2,8 @@
 
 #include "common.h"
 
+int netdata_anonymous_statistics_enabled;
+
 struct config netdata_config = {
         .sections = NULL,
         .mutex = NETDATA_MUTEX_INITIALIZER,
@@ -22,6 +24,8 @@ void netdata_cleanup_and_exit(int ret) {
     error_log_limit_unlimited();
     info("EXIT: netdata prepares to exit with code %d...", ret);
 
+	send_statistics("EXIT", ret?"ERROR":"OK","-");
+
     // cleanup/save the database and exit
     info("EXIT: cleaning up the database...");
     rrdhost_cleanup_all();
@@ -458,6 +462,7 @@ static void get_netdata_configured_variables() {
         netdata_configured_plugins_dir_base = strdupz(config_get(CONFIG_SECTION_GLOBAL, "plugins directory",  plugins_dirs));
         quoted_strings_splitter(netdata_configured_plugins_dir_base, plugin_directories, PLUGINSD_MAX_DIRECTORIES, config_isspace);
         netdata_configured_plugins_dir = plugin_directories[0];
+
     }
 
     // ------------------------------------------------------------------------
@@ -581,6 +586,7 @@ void set_global_environment() {
         setenv("NETDATA_UPDATE_EVERY", b, 1);
     }
 
+    setenv("NETDATA_VERSION"          , program_version, 1);
     setenv("NETDATA_HOSTNAME"         , netdata_configured_hostname, 1);
     setenv("NETDATA_CONFIG_DIR"       , verify_required_directory(netdata_configured_user_config_dir),  1);
     setenv("NETDATA_USER_CONFIG_DIR"  , verify_required_directory(netdata_configured_user_config_dir),  1);
@@ -643,6 +649,47 @@ static int load_netdata_conf(char *filename, char overwrite_used) {
     return ret;
 }
 
+
+void send_statistics( const char *action, const char *action_result, const char *action_data) {
+    static char *as_script;
+    if (netdata_anonymous_statistics_enabled == -1) {
+        char *optout_file = mallocz(sizeof(char) * (strlen(netdata_configured_user_config_dir) +strlen(".opt-out-from-anonymous-statistics") + 2));
+        sprintf(optout_file, "%s/%s", netdata_configured_user_config_dir, ".opt-out-from-anonymous-statistics");
+        if (likely(access(optout_file, R_OK) != 0)) {
+            as_script = mallocz(sizeof(char) * (strlen(netdata_configured_plugins_dir) + strlen("anonymous-statistics.sh") + 2));
+            sprintf(as_script, "%s/%s", netdata_configured_plugins_dir, "anonymous-statistics.sh");
+			if (unlikely(access(as_script, R_OK) != 0)) {
+				netdata_anonymous_statistics_enabled=0;
+				info("Anonymous statistics script %s not found.",as_script);
+				freez(as_script);
+			} else {
+				netdata_anonymous_statistics_enabled=1;
+			}
+		} else {
+            netdata_anonymous_statistics_enabled = 0;
+            as_script = NULL;
+        }
+        freez(optout_file);
+    }
+	if(!netdata_anonymous_statistics_enabled) return;
+    if (!action) return;
+    if (!action_result) action_result="";
+    if (!action_data) action_data="";
+    char *command_to_run=mallocz(sizeof(char) * (strlen(action) + strlen(action_result) + strlen(action_data) + strlen(as_script) + 10));
+    pid_t command_pid;
+
+    sprintf(command_to_run,"%s '%s' '%s' '%s'", as_script, action, action_result, action_data);
+    info("%s", command_to_run);
+
+    FILE *fp = mypopen(command_to_run, &command_pid);
+    if(fp) {
+        char buffer[100 + 1];
+        while (fgets(buffer, 100, fp) != NULL);
+        mypclose(fp, command_pid);
+    }
+    freez(command_to_run);
+}
+
 int main(int argc, char **argv) {
     int i;
     int config_loaded = 0;
@@ -915,6 +962,9 @@ int main(int argc, char **argv) {
         get_netdata_configured_variables();
         set_global_environment();
 
+        netdata_anonymous_statistics_enabled=-1;
+        send_statistics("START","-", "-");
+
         // work while we are cd into config_dir
         // to allow the plugins refer to their config
         // files using relative filenames
diff --git a/daemon/main.h b/daemon/main.h
index cb0bde6a9e..687155981c 100644
--- a/daemon/main.h
+++ b/daemon/main.h
@@ -43,5 +43,6 @@ struct netdata_static_thread {
 extern void cancel_main_threads(void);
 extern int killpid(pid_t pid, int signal);
 extern void netdata_cleanup_and_exit(int ret) NORETURN;
+extern void send_statistics(const char *action, const char *action_result, const char *action_data);
 
 #endif /* NETDATA_MAIN_H */
diff --git a/docs/anonymous-statistics.md b/docs/anonymous-statistics.md
new file mode 100644
index 0000000000..1e426e2c58
--- /dev/null
+++ b/docs/anonymous-statistics.md
@@ -0,0 +1,62 @@
+# Anonymous Statistics
+
+From Netdata v1.12 and above, anonymous usage information is collected by default and send to Google Analytics. 
+The statistics calculated from this information will be used for:
+
+1. **Quality assurance**, to help us understand if netdata behaves as expected and help us identify repeating issues for certain distributions or environment.
+
+2. **Usage statistics**, to help us focus on the parts of netdata that are used the most, or help us identify the extend our development decisions influence the community.
+
+Information is sent to Netdata via two different channels:
+- Google Tag Manager is used when an agent's dashboard is accessed.
+- The script `anonymous-statistics.sh` is executed by the Netdata daemon, when Netdata starts, stops cleanly, or fails.
+
+Both methods are controlled via the same [opt-out mechanism](#opt-out)
+
+## Google tag manager
+
+Google tag manager (GTM) is the recommended way of collecting statistics for new implementations using GA. Unlike the older API, the logic of when to send information to GA and what information to send is controlled centrally.
+
+We have configured GTM to trigger the tag only when the variable `anonymous_statistics` is true. The value of this variable is controlled via the [opt-out mechanism](#opt-out).
+
+To ensure anonymity of the stored information, we have configured GTM's GA variable "Fields to set" as follows: 
+
+|Field Name|Value
+|---|---
+|page|netdata-dashboard
+|hostname|dashboard.my-netdata.io
+|anonymizeIp|true
+|title|netdata dashboard
+|campaignSource|{{machine_guid}}
+|campaignMedium|web
+|referrer|http://dashboard.my-netdata.io
+|Page URL|http://dashboard.my-netdata.io/netdata-dashboard
+|Page Hostname|http://dashboard.my-netdata.io
+|Page Path|/netdata-dashboard
+|location|http://dashboard.my-netdata.io
+
+In addition, the netdata-generated unique machine guid is sent to GA via a custom dimension.
+You can verify the effect of these settings by examining the GA `collect` request parameters.
+
+The only thing that's impossible for us to prevent from being **sent** is the URL in the "Referrer" Header of the browser request to GA. However, the settings above ensure that all **stored** URLs and host names are anonymized.
+
+## Anonymous Statistics Script
+
+Every time the daemon is started or stopped and every time a fatal condition is encountered, netdata uses the anonymous statistics script to collect system information and send it to GA via an http call. The information collected for all events is:
+ - Netdata version
+ - OS name, version, id, id_like
+ - Kernel name, version, architecture
+ - Virtualization technology 
+ - Containerization technology 
+
+Furthermore, the FATAL event sends the Netdata process & thread name, along with the source code function, source code filename and source code line number of the fatal error.
+ 
+To see exactly what and how is collected, you can review the script template `daemon/anonymous-statistics.sh.in`. The template is converted to a bash script called `anonymous-statistics.sh`, installed under the Netdata `plugins directory`, which is usually `/usr/libexec/netdata/plugins.d`. 
+
+## Opt-Out
+
+To opt-out from sending anonymous statistics, you can create a file called `.opt-out-from-anonymous-statistics` under the user configuration directory (usually `/etc/netdata`). The effect of creating the file is the following:
+- The daemon will never execute the anonymous statistics script
+- The anonymous statistics script will exit immediately if called via any other way (e.g. shell)
+- The Google Tag Manager Javascript snippet will remain in the page, but the linked tag will not be fired. The effect is that no data will ever be sent to GA. 
+
diff --git a/docs/generator/buildyaml.sh b/docs/generator/buildyaml.sh
index 3a96643ac8..1e70f8ec54 100755
--- a/docs/generator/buildyaml.sh
+++ b/docs/generator/buildyaml.sh
@@ -116,6 +116,7 @@ navpart 1 . README "About"
 
 echo -ne "    - 'docs/Demo-Sites.md'
     - 'docs/netdata-security.md'
+    - 'docs/anonymous-statistics.md'
     - 'docs/Donations-netdata-has-received.md'
     - 'docs/a-github-star-is-important.md'
     - REDISTRIBUTED.md
@@ -229,7 +230,7 @@ echo -ne "- Hacking netdata:
     - 'docs/Netdata-Security-and-Disclosure-Information.md'
     - CONTRIBUTORS.md
 "
-navpart 2 makeself "" "" 4
+navpart 2 packaging/makeself "" "" 4
 navpart 2 libnetdata "" "libnetdata" 4
 navpart 2 contrib
 navpart 2 tests "" "" 2
diff --git a/docs/netdata-security.md b/docs/netdata-security.md
index 09631dc724..642881067e 100644
--- a/docs/netdata-security.md
+++ b/docs/netdata-security.md
@@ -149,7 +149,9 @@ Of course, there are many more methods you could use to protect Netdata:
 
 - install all your Netdata in **headless data collector** mode, forwarding all metrics in real-time to a master Netdata server, which will be protected with authentication using an nginx server running locally at the master Netdata server. This requires more resources (you will need a bigger master Netdata server), but does not require any firewall changes, since all the slave Netdata servers will not be listening for incoming connections.
 
-## Registry or how to not send any information to a third party server
+## Anonymous Statistics
+
+### Registry or how to not send any information to a third party server
 
 The default configuration uses a public registry under registry.my-netdata.io (more information about the registry here: [mynetdata-menu-item](../registry/) ). Please be aware that if you use that public registry, you submit the following information to a third party server: 
 - The url where you open the web-ui in the browser (via http request referer)
@@ -157,6 +159,16 @@ The default configuration uses a public registry under registry.my-netdata.io (m
 
 If sending this information to the central Netdata registry violates your security policies, you can configure Netdat to [run your own registry](../registry/#run-your-own-registry).
 
+### Opt out of anonymous statistics
+
+Starting with v1.12 Netdata also collects [anonymous statistics](anonymous-statistics.md) on certain events for: 
+
+1. **Quality assurance**, to help us understand if netdata behaves as expected and help us identify repeating issues for certain distributions or environments.
+
+2. **Usage statistics**, to help us focus on the parts of Netdata that are used the most, or help us identify the extent our development decisions influence the community.
+
+To opt-out from sending anonymous statistics, you can create a file called `.opt-out-from-anonymous-statistics` under the user configuration directory (usually `/etc/netdata`). 
+
 ## Netdata directories
 
 path|owner|permissions| netdata |comments|
diff --git a/docs/privacy-policy.md b/docs/privacy-policy.md
index d8f1973fc8..af50b88510 100644
--- a/docs/privacy-policy.md
+++ b/docs/privacy-policy.md
@@ -1,12 +1,12 @@
-# Privacy policy
+# Privacy Policy
 
 ## 1. Preamble
 
-This Privacy Policy explains the collection, use, processing, transferring and disclosure of personal information by Netdata, Inc (“ND” or “Netdata”), a Delaware corporation.
+This Privacy Policy explains the collection, use, processing, transferring and disclosure of personal information by Netdata, Inc (“ND” or “Netdata”), a Delaware Corporation.
 
-This Privacy Policy is incorporated into and made part of Netdata Master Terms of Use (“Master Terms”) located [here](terms-of-use.md).
+This Privacy Policy is incorporated into and made part of the Netdata Master Terms of Use (“Master Terms”) located [here](terms-of-use.md).
 
-Unless otherwise noted on a particular website or service hosted by Netdata, this Privacy Policy applies to your use of all websites that Netdata operates. These include https://netdata.io and https://netdata.cloud, together with all other subdomains thereof, (collectively, the “Websites”). This Privacy Policy also applies to all products, information, and services provided through the Websites, including without limitation the license chooser, legal tools, the ND Login Services (defined below), and the ND Global Network community website (together with the Websites, the “Services”).
+Unless otherwise noted on a particular website or service hosted by Netdata, this Privacy Policy applies to your use of all websites that Netdata operates. These include https://my-netdata.io and https://netdata.cloud, together with all other subdomains thereof, (collectively, the “Websites”). This Privacy Policy also applies to all products, information, and services provided through the Websites, including without limitation the ND agent, the ND registry, the ND hub and the ND cloud website (together with the Websites, the “Services”).
 
 In addition, supplemental Privacy Policy terms (“Supplemental Privacy Policy Terms”) may apply to a particular Service. All such Supplemental Privacy Policy Terms will be accessible for you to read either within, or through your use of, that particular Service.
 
@@ -26,28 +26,52 @@ As used in this policy, “personal information” means information that would
 
 ND collects and uses personal information in the following ways:
 
-Website and Fundraising Analytics: When you visit our Websites and use our Services, ND collects some information about your activities through tools such as Google Analytics. The type of information that we collect focuses on general information such as country or city where you are located, pages visited, time spent on pages, heat-map of visitors’ activity on the site, information about the browser you are using, etc. ND collects and uses this information pursuant to our legitimate interest in enhancing the security and utility of our Services. The information we gather and process is used in the aggregate to spot trends without deliberately identifying individuals, except in cases where you engage in a transaction with Netdata by donating money, or purchasing services. In those cases, ND retains certain information about your visit to the Services pursuant to its legitimate interest in understanding its community of supporters for fundraising purposes, and this information is stored in connection with other personal information you provide to ND.
+Website and Analytics: When you visit our Websites and use our Services, ND collects some information about your activities through tools such as Google Analytics. The type of information that we collect focuses on general information such as country or city where you are located, pages visited, time spent on pages, heat-map of visitors’ activity on the site, information about the browser you are using, etc. ND collects and uses this information pursuant to our legitimate interest in enhancing the security and utility of our Services. The information we gather and process is used in the aggregate to spot trends without deliberately identifying individuals.
 
-Note that you can learn about Google’s practices in connection with its analytics services and how to opt out of it by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. If you would like to opt out of ND’s fundraising analytics, please contact legal@netdata.cloud with your request.
+Note that you can learn about Google’s practices in connection with its analytics services and how to opt out of it by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. 
 
 Information from Cookies: We and our service providers (for example, Google Analytics as described above) may collect information using cookies or similar technologies for the purposes described above and below. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other Internet access device.  Cookies may enable us to personalize your experience on the Services, maintain a persistent session, passively collect demographic information about your computer, and monitor advertisements and other activities. The Websites may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage).
 
-Log-In Services: When you register to obtain a user account on any of the Services (any such person, a “Registered User”), including but not limited to the NDID service, you will be asked to provide personal information to create your account and establish a password and profile. ND collects and uses this personal information pursuant to its legitimate interest in establishing and maintaining your account providing you with the features we provide Registered Users. We may use your email address to contact you regarding changes to this policy or other applicable policies. The name or nickname you provide in connection with your account may be used to attribute you in connection with any content you submit to any Service. In addition, whenever you use a ND Login Service to log into a Website or use the Services, our servers keep a plain text log of the Websites you visit and when you visit them.
+
+ND Registry: The global registry, together with certain browser features, allow netdata to provide unified cross-server dashboards, via the `my-netdata` menu. The menu lists the netdata servers you have visited. For example, when you jump from server to server using the `my-netdata` menu, several session settings (like the currently viewed charts, the current zoom and pan operations on the charts, etc.) are propagated to the new server, so that the new dashboard will come with exactly the same view. The global registry keeps track of 3 entities:
+
+1. **machines**: i.e. the netdata installations (a random GUID generated by each netdata the first time it starts; we call this **machine_guid**). For each netdata installation (each `machine_guid`) the registry keeps track of the different URLs it is accessed.
+
+2. **persons**: i.e. the web browsers accessing the netdata installations (a random GUID generated by the registry the first time it sees a new web browser; we call this **person_guid**). For each person, the registry keeps track of the netdata installations it has accessed and their URLs.
+
+3. **URLs** of netdata installations (as seen by the web browsers). For each URL, the registry keeps the URL and nothing more. Each URL is linked to *persons* and *machines*. The only way to find a URL is to know its **machine_guid** or have a **person_guid** it is linked to it.
+
+If sending this information is against your policies, you can [run your own registry](../registry/#run-your-own-registry). 
+Note that ND versions with the 'Sign in' feature of the ND Cloud do not use the global registry. 
+
+ND Cloud: When you sign up to obtain a user account via the 'Sign in' link on the ND agent user interface, ND is granted access to personal information in the user profile of the authentication provider you choose (e.g. GitHub or Google). ND collects and uses this personal information pursuant to its legitimate interest in establishing and maintaining your account providing you with the features we provide Registered Users. We may use your email address to contact you regarding changes to this policy or other applicable policies. The login name or email address of your profile may be used to attribute you in connection with any content you submit to any Service. 
+
+Anonymous Usage Statistics: From Netdata v1.12 and above, anonymous usage information is collected by default on certain events of the ND daemon and send to Google Analytics. Every time the daemon is started or stopped and every time a fatal condition is encountered, netdata collects system information and sends it to GA via an http call. The information collected for all events is:
+ - Netdata version
+ - OS name, version, id, id_like
+ - Kernel name, version, architecture
+ - Virtualization technology 
+ - Containerization technology 
+Furthermore, the FATAL event sends the Netdata process & thread info, along with the file, function and line of the fatal error.
+
+The statistics calculated from this information are used for:
+
+1. **Quality assurance**, to help us understand if netdata behaves as expected and help us identify repeating issues for certain distributions or environment.
+
+2. **Usage statistics**, to help us focus on the parts of netdata that are used the most, or help us identify the extend our development decisions influence the community.
+
+To opt-out from sending anonymous statistics, you can create reate a file called `.opt-out-from-anonymous-statistics` under the user configuration directory (usually `/etc/netdata`).
 
 Emails and Newsletters: When you sign up to receive updates from Netdata or otherwise subscribe to one of our mailing lists, you will be asked to provide some personal information. ND collects and uses this personal information pursuant to its legitimate interest in providing news and updates to, and collaborating with, its supporte