• Editor
  • Privacy / NDA concerns with Export functions

Hi Esoteric team, hope you're doing well.

I have some privacy concerns regarding Spine files - I'm noticing in the export settings that some files are preserving filepaths from previous files exports if the current file hasn't used the export setting in question - example being:

When you export anything to your computer for a project in any version of Spine, let's say a JSON in Spine 4.0 (but it can be anything) and save your file. Next, you load up Spine 4.1 for a different project and have to export a Binary file. The 4.1 project, if you click on the JSON button, will show the information/filepath that was in the Spine 4.0 project. Likewise, the next time you load up that Spine 4.0 project and save anything, that 4.0 project will save the Binary filepath to your 4.1 project when you load it up next.

This is not good when dealing with anything that has a Non-Disclosure Agreement as well as just general privacy because it will show the filepath which any professional will order by company name, project name, character/prop/setting name which anyone can see when you upload the Spine file if you haven't specifically exported that filetype in the current file.

I've tested this on multiple files and have also seen this on files that I've had to download from others where I get to see their file path often showing personal information like a personal name that has never been shared, because it's saved into the filepath of the Spine file itself.

If there is any remedy to this, I'd very much appreciate knowing how to fix this.

Related Discussions
...

also I'm trying to edit my writeup because I typed up an incorrect circumstance but it says I don't have permission to edit (?) so please forgive the double-post, what I meant to say was:

Likewise, the next time you load up that Spine 4.0 project and save anything, that 4.0 project will save the Binary filepath of the 4.1 project.

Storing paths in the project is generally useful. You're right it may expose paths on your computer you didn't intend to share with others. We don't have a way of clearing those paths, except for exporting data and importing it into a new project.

We could add a setting that never stores paths in the project. This would prevent the problem, but would also probably be slightly irritating. It would still require users to be aware of the issue and configure the setting.

The easiest solution of course is to use paths that don't contain sensitive information.

    Nate
    Thanks for the response Nate.

    I agree with you on everything except the easiest solution. It's not really viable as animators and artists to name our folders 'S://CompanyA/ProjectA/Assignment32/SpinesGIFPNGJSON/CharacterD_PropX_v3' because we don't have an option to keep it private.

    and I've already seen potentially sensitive information from someone else that clearly wasn't intended so I'm asking if there's a solution here.

    I'm not a programmer so I don't know how big an ask this is but if fields for JSON/Binary/PNG/etc. go unused for that specific file, maybe it can just save as blank instead of retaining the path? I imagine not since you mentioned you don't have a way of clearing paths.

    I was hoping it was saved to a json like the way the 'recent.json' can simply be deleted to clear a backlog of files that don't get used anymore.

    we don't have an option to keep it private
    I'm asking if there's a solution here.

    The current options are:

    1. Save the project using paths that don't contain sensitive information, or
    2. Export to JSON data, import it back into a new project, save it to a path that doesn't contain sensitive information, then send the .spine project file to others.

    These work but are not convenient. A setting like I mentioned would be a lot more convenient.

    maybe it can just save as blank instead of retaining the path?

    Paths stored in the project file are:

    1. Recent files and folders that have been chosen for many different types of things (not just exports), and
    2. Export settings. These should only be stored when an export is performed.

    I was hoping it was saved to a json like the way the 'recent.json' can simply be deleted

    The project file format is binary (not a human readable format like JSON), so unfortunately the paths are not stored in a way that makes it easy to clear them.

    Actually, it turns out we do have a way to clean up projects, though it was never intended for users. If Spine is run with --clean-examples then we do a number of things designed to make the project ready to be distributed as one of our example projects. Using that command line parameter does the following:

    1. --clean-all is implied, meaning all command line data exports will have clean up performed.
    2. When a project is saved in the UI, clean up is performed first.
    3. Clean up is extended to do more:
      a. All tree nodes are collapsed.
      b. All slots are made visible.
      c. All dopesheet rows are expanded.
      d. An error occurs if the project has no visible animation (tends to confuses users, as they see nothing move in animate mode).
      e. An error occurs if any skins are pinned (tends to confuses users, as they see attachments they can't select).
      f. An error occurs if the images or audio paths do not exist or are absolute paths (they must be relative to the project, since the example project is intended to be distributed).
      g. The viewport position is centered on the skeleton and zoom is set.
      h. The recent files and folders paths are cleared.
      i. The input and output paths in the export settings are cleared. The rest of the settings are retained.

    If the above is acceptable to you, then running Spine with --clean-examples would be a good solution!

    Alright, I'll see what I can do with these. Thanks for your time!