A couple of months ago, a friend of mine showed me a mod called "Essentials"
This mod sets out to fix many shortcomings of the Java Edition of the game, specifically in the Cosmetic and Social departments.
It did this by implementing the following features:
On the surface, this seems alright, and the features are all very well integrated, albeit not following Minecraft's general UI Design.
There is a couple of statements the Privacy Policy makes, I have selected the ones of the "Data we collect" statement which I find problematic:
As you can see, that's quite a lot.
Let me break it down a little
Essentials can access the following Data:
Now, why most of this data would be strictly needed for Essentials to function is beyond me, as standalone Open-Source mods have already done these kinds of things without invading privacy like this.
The Privacy Policy of course doesn't only cover what gets collected, but also how it is used, but here, the wording is somewhat vague (as is usual with Privacy Policies).
It covers all the usual things
"Improving the product", "Maintain security", "Test new features"…
On their own, these things aren't anything I would usually bat an eye at. Though, with the amount of data they are collecting, it makes me question some things:
There's tons of questions unanswered as to how these things actually aid in the creation of the mod, the website, or their backend servers. And even with some technical background, I struggle to understand myself.
Note: I do not mean Minecraft's inbuilt chat, but rather Essential's Chatting feature
Essential has a chatting feature built-in. It is available from their main menu, and is tightly integrated with their Friend-System.
The messages are all-text, meaning images, videos and alike aren't sent, though, the messages are entirely un-secured.
Infact, Essentials has access to your chats.
That's right, within 1.1: "Personal Information", they state the following:
This essentially means that they CAN access your chats at any time, and thanks to their vague wording, they can do so for pretty much any reason.
I am not trying to say they should E2EE their chats, though, them stating that they have access to your chats is a concern to many privacy-friendly folks out there.
Whilst there isn't any concrete evidence that the Essentials team wants to harvest data, I still do not put enough trust into them, as their practices are quite unusual for a Minecraft Mod.
The Essential Privacy policy is available here, and has been accessed on the 1st of August 2022 when writing this post.