Ayende @ Rahien

Refunds available at head office

NH Prof & usage data

There seems to be some suspicion about the usage data from NH Prof that I published recently.

I would like to apologize for responding late to the comments, I know that there are some people who believe that I have installed a 3G chip directly to my head, but I actually was busy in the real world and didn’t look at my email until recently. The blog runs on auto pilot just so I’ll be able to do that, but sometimes it does give the wrong impression.

So, what does NH Prof “phone home” about?

Well, the data is actually divided into two distinct pieces. Most of the data (numbers, usages, geographic location, etc) actually comes from looking at the server logs for the update check.

Another piece of data that the profiler reports is feature usage. There are about 20 – 30 individual features that are being tracked for usage. What does it means, tracking a feature?

Well, here are three examples that shows what gets reported:

image

image

image

There is no way to correlate this data to an individual user, nor is there a way to track the behavior of a single user.

I use this data mainly in order to see what features are being used most often (therefore deserving the most attention, optimizations, etc).

Those are mentioned in the product documentation.

To summarize:

  • I am not stealing your connection strings.
  • I don’t gather any personally identifying data (and I am at somewhat at a loss to understand what I would do with it even if I did).
  • There is never any data about what you are profiling being sent anywhere.

I hope this clear things out.

Comments

Davy Brion
08/19/2010 03:49 PM by
Davy Brion

you forgot the most important part:

will we be able to disable this?

Ayende Rahien
08/19/2010 03:52 PM by
Ayende Rahien

Davy,

Sure, block uberprof.com to stop the feature usage. And in the next build, you'll have a checkbox to config this.

I am not going to provide a way to avoid the latest version check, because I want people to run on the latest version, I am getting too many bug reports about people running old versions

Not amused
08/19/2010 03:54 PM by
Not amused

You still should have declared that in advance. You wouldn't tolerate that from Microsoft or any other company either.

Richard Wilde
08/19/2010 04:15 PM by
Richard Wilde

Thanks for clearing this up. I for one trust your integrity 100%. However a disable option would be cool.

tobi
08/19/2010 04:43 PM by
tobi

"Not amused": chances are you are tolerating this right now. Windows has some telemetry built in. for example watson sends crashes to microsoft.

People always forget that such features bring only benefit to them, but no harm and no cost. When asked "do you want to send feature usage data of sql server" I always reply yes in order to have the product be customized to my personal needs. It is in my own interest.

tobi
08/19/2010 04:45 PM by
tobi

Ayende, I believe that those few who complain about your product calling home are just very outspoken about their opinion. In fact there are very few of those.

fschwiet
08/19/2010 04:49 PM by
fschwiet

People got so excited, maybe you could charge extra to use the checkbox.

Kyle Szklenski
08/19/2010 05:19 PM by
Kyle Szklenski

Ugh. This looks like a case of people not reading the documentation and then complaining about it after the fact. That's like people deciding to take up smoking and then, when they get cancer, saying, "I didn't know it was bad for me!" Of course, it's not nearly so serious, but you get my point. :)

John Farrell
08/19/2010 05:50 PM by
John Farrell

@Kyle Szklenski, thats a poor argument. You read every EULA and all the documentation for every product you buy? Then do you check for updates whenever a change happens? Give me a break, comparing this to smoking is such a ridiculous leap in logic.

João P. Bragança
08/19/2010 07:15 PM by
João P. Bragança

Franky I think most people wouldn't care. I often find that someone who is so concerned about their 'privacy' often have no problem screaming into their cell phones in public.

Ayende, the fear is you could always sell that data to a marketing company. I don't think any serious person really believed you were collecting connection strings or anything like that.

Blake
08/19/2010 07:56 PM by
Blake

For me, a nicely worded anonymous data collection opt-out screen during installation (or in the initial config wizard) is a big brand image booster. Like MS has started doing in its betas.

It shows me the company cares enough to collect metrics and they're honest enough to ask me if that's OK even though they know how valuable those stats would be. Most even say something about how anonymous the stats really are and how much they will help improve future versions of the product.

James L
08/19/2010 08:06 PM by
James L

As far as I'm concerned, this clears up any suggestion of inappropriate data collection. Never should have doubted you ;)

David
08/19/2010 08:47 PM by
David

It's good to see your clarification on this.

You commented in the original post that Reports get relatively little attention. I don't use them very often - by their nature they're not something that I'd need to - but I have found them incredibly useful.

Alex Simkin
08/19/2010 09:47 PM by
Alex Simkin

Trick me once, shame on you. Trick me twice, shame on me. Trick me three times and I get what I deserve!

Steve Py
08/19/2010 10:12 PM by
Steve Py

@Ayende:

"I am at somewhat at a loss to understand what I would do with it even if I did."

A: Sell it. :) There's always some low-life organization looking to collect e-mail addresses, location data, and information about poeple to sell off down the pyramid.

It is good that you are adding the option to disable the feature tracking. As for version checking, hell I was "reminding" Adobe & Apple products to stop nagging me about product updates... Until I replaced them.

I don't want to sound like someone throwing gasoline on a fire, I certainly wouldn't suspect you of gathering anything worrysome; but the road to hell is paved in good intentions, one stone at a time. You should be up-front about any information your applications are collecting, and include a privacy disclaimer. The law on this varies from country to country so I would still advise consulting a lawyer about it.

Google started (took over) capturing images for streetview, and with just that there was hoo-haw over privacy; Then they got in some small heap of trouble over capturing packets from wireless networks along the way.

I suspect their famous whiteboard message "Do no evil" has been crossed out and replaced with "Do a little bit of evil."

I guess this is proof you are becoming successful, people have started to question your ethics. The more successful you are, the less you are trusted. ;)

Danny Boy
08/19/2010 10:30 PM by
Danny Boy

Ayende,

Repeat after me: "I apologize. I never should have did that without asking the user permission".

Try it, It wouldn't kill you.

The enable "send to ayende" feature (disabled should be the default) should also have the "ask me every time" option, where i can see exactly what is being sent to you, BEFORE i allow sending it.

Also, you need to state specifically that you are not collecting any personal data, and that you wouldn't share the data that is being collected with any 3rd party (even by mistake, for example, by installing some other 3rd party component that collects data without asking) .

I find it troubling that you regard this so lightly. It seems to me that you don't understand that above all else, this jeopardizes your reputation (not to mention it subjects you to law suits).

firefly
08/20/2010 02:45 AM by
firefly

Oren,

I think you forgot to realize most people that comments here are from your supporters. As you probably have seen in the past I am one of your fierce supporter.

That's why I urge you to consider your options carefully. Perhaps, this matter is more serious than you seem to think (base on your response).

Even if it's just anonymous data your users deserve an apology. This is not personal to you or anyone else for that matter. I hold every company to the same standard and I personally don't think it's okay for a program to phone home without the user permission. It's not the (anonymous) data that you collect but the implication of how you did it bother me greatly.

Resharper does a very similar thing. However they asked me for that option at installation time. It's also an option that I can switch on and off any time. It should also be included in the EULA and not buried in some obscure place in the documentation. We have seen enough of your ranting against other larger corporation (for the most part I think most of us agree with you). Now this is one of these time we hold you to a higher standard and we expect better response from you.

Now the good thing is that we find this out from you. This could have been a lot worse if somebody else find this out on their own. Case in point, this is a serious matter that need more attention it your part. It's at a very manageable stage at this point. How fast you response to this dictate the outcome.

To summarize,

Your users deserve a sincere apology. You need to be a lot more up front about it via the installation process. And your users need to be able to turn this on and off anytime.

Best,

Hoang

PandaWood
08/20/2010 03:26 AM by
PandaWood

@Danny Boy

Can you define the problem because I don't really understand?

What, very specifically, are you concerned about - particularly in light of the information in this post?

Gareth
08/20/2010 07:33 AM by
Gareth

@PandaWood

The issue seems to be not what was collected, but how it was collected. If you want to send information about a person it's only polite to notify and ask for permission first.

Rob Kent
08/20/2010 07:48 AM by
Rob Kent

I agree with the above comments. You need something like the functionality in Eclipse which has a global option to toggle data collection plus a warning screen when it is about to send the data. I think you can even see a summary of what it is about to send.

While it is very tempting for a company or developer to think 'I have all this information, why don't I send it to my server' (particularly in mobile phone development) - it is actually a breach of trust and may leave your users feeling violated when they find out. Much better to be upfront about it and ask their permission.

I like the way Android apps show you all the permissions an app has before you install it on your phone, although that can backfire on you. I have a speed-dial application in which I use the built in web browser simply to display a local help file, but the browser requires Internet permissions. I get users asking me why a speed-dial app needs the Internet, so I have to put info upfront as to why, otherwise they distrust the app. That's because other, less well-intentioned companies have set a bad precedent.

We all know (hope?) you're not like that, so why get labelled with that tag?

Danny Boy
08/20/2010 12:21 PM by
Danny Boy

@PandaWood

You really don't understand whats wrong here, or are you playing the devil's advocate?

Either way, here goes:

  1. I paid for a software, and the software collected data on me, without asking me for permission, or even notifiying me.

  2. As much as i belive ayende, that nothing that can hurt me is being sent, how can i be sure? I mean, he is publishing a version with every commit, what happens if he makes a bug? what happes if he string.Formats a connection string by mistake? Don't it deserve to know that he is doing that?

  3. Far worse. Ayende doesnt think that collecting data on my own enviroment is wrong. He didnt apologize once. How can i know that it is not the tip of the iceberg?

Until Ayende applogizes, solve the problem, and thinks of some way to compensate his clients. hope the community will not silence.

Andy Babiec
08/20/2010 02:52 PM by
Andy Babiec

I think it's very sneaky that usage data is "documented" in an article called... "What firewall permissions does the profiler need?"

There should be a page specifically for "Usage Data Collection and Privacy" explaining everything mentioned in this post.

I would prefer an option similar to what Microsoft does in SQL Server and Visual Studio (and other products) where the the checkbox to collect usage data defaults to false.

Jonatan
08/20/2010 03:12 PM by
Jonatan

People!

Talk about exaggerating.

I'm a user of NHProf and as many others I am usually very suspicious about apps sending information about me but come on. Ayende is mostly a developer, and a really good one at that, and not a full blown software company. He has made an amazing piece of software and started charging money for it. Developing software is one thing, doing everything else around it (support, information, PR, legal etc) is another. I'm not surprised that he missed to think that some are very touchy about sending data. It's not that he is sneaky, but rather thinks like a programmer. Data is good.

Another Danny
08/20/2010 03:16 PM by
Another Danny

+1 to comments by Danny Boy, firefly, and all the others who say this is pretty egregious.

Amazing that there is an apology for not replying sooner but not for breaching loyal user's trust.

Even if you trust Oren not to share this information, do you trust someone who may hack his computer/network/software?

Another Danny
08/20/2010 03:19 PM by
Another Danny

Jonatan,

You make it sound like he accidentally left this in the code, like it's a bug or something. He made a conscious decision to collect this data.

Jonatan
08/21/2010 07:41 AM by
Jonatan

Another Danny,

No, I am saying that he thought about it from his perspective and then he wanted to collect data to make a better product, He did not sit down and think "How will the different groups of user think about this". A bit like how Google does it. They mostly base their work on user data.

As a developer I am afraid to release software by myself becouse of the different legal aspects, being bombed with support, the work of setting up documentation etc.

Rob Kent
08/21/2010 09:50 AM by
Rob Kent

I don't think anybody is accusing Oren or having any bad intent or collecting any inappropriate data, and it is nothing to get wildly excited about - we would all like data on how our apps are being used. It is just that these days it is wise (and might be a legal requirement in some places) to notify the user that you are doing that.

Personally, I don't think the documentation is clear about the fact that it is gathering stats and sending them back home. It should be explicit to the user and an option they can toggle, especially if they have paid for the application.

If they are getting a free app, then it may be a quid pro quo, but they should still be informed.

qdgtruie
08/22/2010 07:52 AM by
qdgtruie

HI,

This has data collecting issue has been was discussed but I would like to highlight one small details : collecting data from user action is "angainst the law" in almost all european countries including Germany, Italy, France, (UK I may have to check as they a re bit more permissive), BE, NL, AT, CH ... (I Can provide countries and legal countraints for europe if requested)

According the law in those countries the user has to make a interraction to accept the data collection and in some countries the double optin policy force the user to accept twice.

The point is not whether or not the user is impacted. the point is Oren (this company actually) could be sued for that data collection feature.

Regards,

Comments have been closed on this topic.