http://ayende.comAyende @ RahienCopyright (C) Ayende Rahien 2004 - 2021 (c) 202660Nobody noticed that the big missing IT country is Japan? I would say that the Japanese market seems to be very specific, because japanese developers are no good in English. The question is: is it financially worth investing in a localized Japanese version of the site (like DevExpress does) http://ayende.com/4593/profiler-usage-analysis#comment35http://ayende.com/4593/profiler-usage-analysis#comment35Tue, 24 Aug 2010 15:17:49 GMT@Steve Py, "Does it include any content from that Word Document or VS project that just crashed?" By coincidence, Android apps now automatically upload crash stats and a stack trace to their server when your app crashes on someone's phone. My app is a speed dialer and in one stack trace I saw the information of the contact it was trying to dial. In this case, it was merely somebody's name but let your imagination roam and you can imagine any kind of information ending up on Google's server and being visible to the developer (and, I'm guessing, Google's support staff). I don't think Google have thought through the implications of this automatic crash policy. For example, a malign developer could write an app that deliberately crashed at some point and scooped up information to include in the exception. Without even asking the user for Internet permissions, they would get their data uploaded to the Android developer's console. They would only have to do it once per user and then turn the feature off. http://ayende.com/4593/profiler-usage-analysis#comment34http://ayende.com/4593/profiler-usage-analysis#comment34Sat, 21 Aug 2010 09:59:02 GMTCome on people. You learned of this because Ayende told you. You didn't discover it via your strict network monitoring which you would do if this were REALLY important. Maybe some of you just like to complain - you think?. Chill out. geez. http://ayende.com/4593/profiler-usage-analysis#comment33http://ayende.com/4593/profiler-usage-analysis#comment33Thu, 19 Aug 2010 17:36:46 GMTOffensive comment by a guy named "Bob" removed. http://ayende.com/4593/profiler-usage-analysis#comment32http://ayende.com/4593/profiler-usage-analysis#comment32Thu, 19 Aug 2010 16:33:19 GMT@Steve Py, Um.. no. See the next post for exactly what I am tracking, and how I am tracking it. http://ayende.com/4593/profiler-usage-analysis#comment31http://ayende.com/4593/profiler-usage-analysis#comment31Thu, 19 Aug 2010 16:13:03 GMTJoao, I don't have the breakdown of demo vs. paid, that data isn't being tracked. http://ayende.com/4593/profiler-usage-analysis#comment30http://ayende.com/4593/profiler-usage-analysis#comment30Thu, 19 Aug 2010 16:08:31 GMTNHProf doesn't send anything anywhere. It just opens back door and sits quietly until Ayende seize control of your computer and gets all information that he needs for his reports. http://ayende.com/4593/profiler-usage-analysis#comment29http://ayende.com/4593/profiler-usage-analysis#comment29Thu, 19 Aug 2010 14:12:08 GMTVery very disappointed at this. Under no circumstances should applications send data back without the explicit consent of the user. http://ayende.com/4593/profiler-usage-analysis#comment28http://ayende.com/4593/profiler-usage-analysis#comment28Thu, 19 Aug 2010 13:54:45 GMTWhat the fuck? This is seriously messed up. What kind of information is this sending? http://ayende.com/4593/profiler-usage-analysis#comment27http://ayende.com/4593/profiler-usage-analysis#comment27Thu, 19 Aug 2010 13:44:14 GMTIt's easier to ask forgiveness than it is to get permission. http://ayende.com/4593/profiler-usage-analysis#comment26http://ayende.com/4593/profiler-usage-analysis#comment26Thu, 19 Aug 2010 12:33:40 GMT@Anon there is a difference between providing sensitive data through internet applications vs apps that are installed locally on your system. You typically expect that local apps do not spy on you without your approval. Whatever you do with web apps can be stored by the web app or pretty much everyone who's interested in it. But that is simply something you should know and accept in advance. A local application spying on you without your consent, well... that's just not done, plain and simple. http://ayende.com/4593/profiler-usage-analysis#comment25http://ayende.com/4593/profiler-usage-analysis#comment25Wed, 18 Aug 2010 22:21:05 GMT@Anon The issue is that is trusting a third-party on faith. The line between "usage" and "information" is blurry, and the legal distinction changes country to country. For instance, *if* NHProf captures example SQL statements (I.e. to assess what kinds of queries Prof was issuing warnings on) and transmits those, that reveals schema information and I'm sure a lot of commercial businesses would have an issue with that. Yeah, that's a big "if" and I doubt Oren would not have captured that, but the problem is that the user has no easy way of verifying that, and regardless they should (and may legally be entitled to) be a) informed up front that this information is collected, and b) be given the option to opt out. People's knee-jerk reaction to sending error reports is more often than not perfectly justified. It's good that MS offers to display that information, but if the information isn't purely plain text (I.e. does not contain any HEX etc.) I wouldn't advise people to send it in, and even then I would e-mail it in, not use any automatic service because that way I control exactly what gets transmitted. Does that package of information identify whether or not any of your software is unlicensed? Sure, companies like Microsoft are not that interested in individual license offenders, *Today*. Does it include any content from that Word Document or VS project that just crashed? http://ayende.com/4593/profiler-usage-analysis#comment24http://ayende.com/4593/profiler-usage-analysis#comment24Wed, 18 Aug 2010 22:16:08 GMTAs a fellow ISV I can understand what motivates Ayende to do this. For a moment, consider that web applications can collect as much usage data as they want to - user have zero visibility into that process. Note that 'usage' data is very different to 'information' data. Knowing what parts of an application is used the most, usage scenarios etc are extremely useful to the vendor. I agree that the user should be aware that data is about to be sent, and should also have the ability to see what is about to be sent, but....they shouldn't be able to stop it, apart from blocking the firewall or killing the process. Why.....well most users will *always* choose not to send based on a stupid knee-jerk reaction. How about helping the vendor improve their product? I've seen similar behaviour in error reporting: allowing the user to choose not to send reports results in > 95% of errors never getting reported. This has an impact on product quality. Forcing users to send the report....zero users have complained because they understand what is happening. Maybe the same approach should be used for usage data collection: pop up a message showing the user what is included in the report and telling the user to click 'ok' to send the report...no cancel button. I'm sure users would be happy with that - their fears about what data is included are addressed, and if they have any intelligence they'll see the benefit in providing this data to the vendor. http://ayende.com/4593/profiler-usage-analysis#comment23http://ayende.com/4593/profiler-usage-analysis#comment23Wed, 18 Aug 2010 21:59:17 GMTHow far can you push commercialization ? http://ayende.com/4593/profiler-usage-analysis#comment22http://ayende.com/4593/profiler-usage-analysis#comment22Wed, 18 Aug 2010 21:30:37 GMTFYI - for those who dont get it - get with the program! Ayende is a wimp and is never going to respond to any of these comments. He only responds when it is in his best interest. I cant tell you how many times this has been the case across a broad spectrum of topics. http://ayende.com/4593/profiler-usage-analysis#comment21http://ayende.com/4593/profiler-usage-analysis#comment21Wed, 18 Aug 2010 21:04:49 GMTif it's not even mentioned in the EULA, then that is just plain wrong... i mean, mentioning it in the EULA, and not explicitly notifying the user of it is bad enough already. But if this data is being collected without any notification whatsoever, than that is just plain wrong and it _needs_ to be changed. Again, i realize how valuable and interesting this data is. But you simply do not collect data from a user with software that was installed _on the user's computer_ without any acknowledgment of this happening. If this is not fixed, i would like my testimonial for NHProf to be retracted from the nhprof.com website. I know that doesn't make any difference for your sales, but i don't want my name linked to this kind of behavior in any way. http://ayende.com/4593/profiler-usage-analysis#comment20http://ayende.com/4593/profiler-usage-analysis#comment20Wed, 18 Aug 2010 19:32:37 GMT@viscious - I meant if you can install a firewall on your own machine.. beside the corp's firewall. http://ayende.com/4593/profiler-usage-analysis#comment19http://ayende.com/4593/profiler-usage-analysis#comment19Wed, 18 Aug 2010 18:48:10 GMTOk, I just read the licence agreement again. Can you explaoin us WHERE is the information about spying on us being shown? I'm pretty sure that it wasn't included or attached when I was installing the profiler. http://ayende.com/4593/profiler-usage-analysis#comment18http://ayende.com/4593/profiler-usage-analysis#comment18Wed, 18 Aug 2010 17:33:10 GMTAyende, can you explain why do you do that without explicitely informing about that ? I think it's really not ok. We pay you for your software, but not for these statistics. Tell us if this is being done only for trial users or for paid also !? Also - I think you should make it an explicit option in configuration so the user can agree or not for this non-cool practice. You just lost a bit of respect in my and mine colleagues eyes. Remember that it takes a time and a lot of work to gain some and it's extremely easy to loose it! http://ayende.com/4593/profiler-usage-analysis#comment17http://ayende.com/4593/profiler-usage-analysis#comment17Wed, 18 Aug 2010 17:25:21 GMTWow! I'm surprised! This is not ok! http://ayende.com/4593/profiler-usage-analysis#comment16http://ayende.com/4593/profiler-usage-analysis#comment16Wed, 18 Aug 2010 05:51:47 GMTHow about a little common courtesy before sniffing my backside? http://ayende.com/4593/profiler-usage-analysis#comment15http://ayende.com/4593/profiler-usage-analysis#comment15Wed, 18 Aug 2010 01:08:58 GMT@viscious: Even MS doesn't always ask permission before calling home. I remember when I was running a fairly intrusive/selective firewall I noticed after a Windows Update my MS Mouse Driver all of the sudden wanted to establish a link to call home. (I did quite a bit of online gaming at the time and it was interesting to see what kind of "chatter" would be coming from community gaming servers. Most of it was 3rd party ladder/stats tracking packages, some of it wasn't :) Still, I agree. Automatically collecting information about usage is somewhat evil, and in some countries may be illegal. The issue is that while you may defend that the information is harmless (and anonymous) the user cannot verify that and choose to opt out of sending such information. If you haven't already Oren, check with a lawyer. http://ayende.com/4593/profiler-usage-analysis#comment14http://ayende.com/4593/profiler-usage-analysis#comment14Wed, 18 Aug 2010 00:32:27 GMTI was also surprised you are collecting this info. Even the "evil" MS asks permission before they collect this kind of data. I think it would be sensible to explicitly state what you are collecting and why and give the user to turn it off the first time they run your app. @abdu, lots of people in a corp. type environment where you can't change firewall policies. http://ayende.com/4593/profiler-usage-analysis#comment13http://ayende.com/4593/profiler-usage-analysis#comment13Tue, 17 Aug 2010 21:40:21 GMTAre these all usages? Or just those with paid licenses? I would like to see the breakdown of what demo vs paid customers are doing. http://ayende.com/4593/profiler-usage-analysis#comment12http://ayende.com/4593/profiler-usage-analysis#comment12Tue, 17 Aug 2010 16:39:59 GMTUse a good firewall which asks for your permission whenever an app requests a connection to the outside. I use the free Comodo. This way you know when an app is calling out (and wonder why). http://ayende.com/4593/profiler-usage-analysis#comment11http://ayende.com/4593/profiler-usage-analysis#comment11Tue, 17 Aug 2010 16:25:00 GMTI agree with Jak and Davy. I'm glad I saw this before purchasing, will hold off until there is some clarification. Are you doing this with RavenDB as well? http://ayende.com/4593/profiler-usage-analysis#comment10http://ayende.com/4593/profiler-usage-analysis#comment10Tue, 17 Aug 2010 14:26:22 GMTWhat James said. How do we know you are not capturing connection strings or query results? http://ayende.com/4593/profiler-usage-analysis#comment9http://ayende.com/4593/profiler-usage-analysis#comment9Tue, 17 Aug 2010 14:06:06 GMTWhat's the most common database password? http://ayende.com/4593/profiler-usage-analysis#comment8http://ayende.com/4593/profiler-usage-analysis#comment8Tue, 17 Aug 2010 13:41:08 GMTCompletely agree with Davy. I'm not comfortable with this data being collected http://ayende.com/4593/profiler-usage-analysis#comment7http://ayende.com/4593/profiler-usage-analysis#comment7Tue, 17 Aug 2010 10:56:27 GMT@Davy Brion: I was surprised as well. Not that I mind, but I didn't notice this anywhere either. Good practice would be to explicitly state this on first startup I guess. Either way, interesting stuff! It's spot on for the way I use the profiler. Mostly for looking at the SQL being executed, to easily spot weird queries and select N + 1. I'd say a report would be useful in larger (corporate?) environments with automated builds that are checked by another department/team. Easy to spot weird behaviour. Do you have any indication on what kind of developers use the profiler? I've got a feeling it's more single developers than companies. http://ayende.com/4593/profiler-usage-analysis#comment6http://ayende.com/4593/profiler-usage-analysis#comment6Tue, 17 Aug 2010 10:56:13 GMT