Either it’s a humble data survey from a mod trying to figure out how to improve something later, or it’s a scam/virus of some sort that needs to do this for some reason. Either way I’ve never heard of it and can’t provide any further information.
Taking it at face value, no good reason a mod would need data like this IMO. Maybe for debugging niche graphics issues if the mod uses native graphics?
The real issue is that “Bright SDK” does not seem to be an analytics library like this suggests but rather a way to monetize software: https://bright-sdk.com/. This will set off alarms for many people because of the similarity to crypto miners but it seems to be a general online data miner and claims to be ethical. Seems interesting but I would recommend against it, first the fact that the mod author doesn’t mention that they are making money off of this (or even which mod it is), secondly that the Bright SDK website is focused around monetization rather than what the software actually does which is hidden in some FAQ. If anything you should be making the money for running it on your computer, not the mod author. Asking for donations would be less sketchy and probably make more money than this.
Edit: Final note, the company behind Bright SDK, Bright Data, was previously called Luminati Networks and was behind the free Hola VPN which sold users’ bandwidth as Tor exit nodes.
BrightSDK has been approaching mod devs in the last few months to begin to monetise modding.
The idea is that you implement BrightSDK into your mod to use your PC’s resources to scrape the internet and send the scraped data to Bright. They then give the developer a cut of the profits, in exchange for getting their users to agree to running it on their PC.
They claim minimal invasiveness/performance cost, and significant financial turnaround, so I would expect this to start popping up everywhere, especially if the community is accepting of it.
Make of it what you will.
It appears the mod only sends information if you do say yes. But no matter what it creates a file at ~/user/.brightsdk/data/brd.uuid.txt to store a UUID.
When you do accept it sends data to api2. amplitude. com/2/httpapi including the following data:
Device Properties (Static Information):
- OS Name: The name of the operating system (e.g., “Windows”, “MacOS”, “Linux”).
- OS Version: The version of the operating system (e.g., “10.0” for Windows 10). System Architecture: The architecture of the system (e.g., “amd64” or “x86”).
- Country: Locale-based country code of the user (e.g., “US”).
- Vendor: Hardware vendor of the user’s machine, retrieved via system commands (wmic on Windows, /sys/class/dmi/id/sys_vendor on Linux, and “Apple” for Mac).
- Platform: The detected platform based on the operating system (e.g., “Windows”, “Unix/Linux”, “MacOS”).
- Network Type: The name of the active network interface (e.g., “Wi-Fi”, “Ethernet”).
System Metrics (Dynamic Information):
- Total RAM (MB): Total system memory in megabytes.
- Free RAM (MB): Free (available) system memory in megabytes.
- Free RAM Percentage: The percentage of available memory out of total memory.
- Free CPU Percentage: Percentage of available (unused) CPU capacity, calculated from system load and available processors.
- System Load: Average system load over a period, obtained from OperatingSystemMXBean.
- Available Processors: Number of available CPU cores.
It sends this information every minute, or every 1 minute, then 5, then 15, then finally every 30.
I personally do not like this, and the bright sdk site and amplitude api are blocked on my firewall.
Funnily enough the mod author also has his API key in plaintext in the files of the game in the SdkProcedure. java file.
dont allow it. its a scam that a mod author fell for, and its nothing short of malware imo. your machine gets added to a botnet whose purpose is unknown but definitely not good
the brightsdk people have approached a few modders i know about it, and they dug into it some and found this stuff out. its almost definitely not safe to install and the mod should probably be reported
the mod that does this is probably “Create: Protection Pixel”, I downloaded it and gave the same prompt.
apparently its create:protection pixel and if you hit yes (before i just pressed esc) the chat just tells you thanks and gives you the link to the page (but not in a clickable form)
also there is what u/truggyguhh mentioned
From what I’ve dug up after getting curious and looking into this, seems like it’s a botnet/malware type of situation. According to a blog article written by someone named “Cory Kujawski” anyway. I’ll drop the link here.
https://www.cyberhumint.com/brightdata-exposed-how-criminals-are-using-the-network-and-what-you-can-do-to-protect-yourself/
That being said, one of the users from the Neoforge discord did end up making a mod on Modrinth specifically designed to remove stuff like this!
https://modrinth.com/mod/hands-off-my-data
I would argue that even if the modder has no bad intentions, I would not trust… whatever that is, and I would not appreciate if a modder included it in a mod I use. Privacy is important.
its a custom made one, this appeared after i updated my mod list with prism
Is this in version that was on modrinth? it was not updated on curseforge, i wanted see what happened but it looks like in 1.1.2 which is available on curseforge that was not fully implemented, can’t find latest version anywhere 
do you have a way to see more of the info you provided?
in the creator’s discord someone already asked why brightsdk but no one has responded yet
I was using the latest or back one release version on curseforge to find this this stuff.
the NeoForge Discord talked about it after seeing your post. if you’re in it/decide to join it, it starts here:
when i updated the mods, not prism launcher, my bad
it only works if you’re in the Discord server. if you are in it and its still not working, you can find it by using the search function in the squirrels channel and filtering for links
no problem. i dont like seeing people get screwed over by stuff like this, so im happy to be of help