Whether you personally (or as a company) agree with analytics or not, it’s exactly the kind of thing that should be added to a cross-platform library like JUCE. The main reason we use JUCE is to avoid having to write all the fiddly OS specific implementations ourselves and get on with writing app code.
Without having this in the library, everyone who was already using analytics simply had to write their own version of these wrappers. Surely now that this implementation is in JUCE and open-source it’s better as everyone can at least see how the information is gathered and transmitted?
Users would typically expect things like update notifications, content downloads, language downloads/updates etc. which all transmit information to the internet. There’s always the big red “internet off” button for those that don’t want any of this…
I struggle to find much patience for anything that sounds like paranoia or conspiracy theories.
Ah you pigeonholed me (Not sure if this the right word?). My concern is, that tools like this, getting people to get used to it, that personal information is collected and transmitted. No more or less.
I think it’s important to keep this in perspective of what information is generally collected doing everyday tasks.
Firstly, if you’ve purchased some software somewhere you’ve probably already given that company:
• Your email address
• Your credit card details
• Your address
• A password*
Personally I want as little of this information as possible, accepting 3rd party payments such as PayPal can help this (but then you have to trust PayPal et.al) but we need to at least take an email address, password (so we can provide licences and downloads) and location (for tax purposes).
In addition, almost every website uses cookies to store some information about you hence all those PITA (especially on mobile where they take up half the screen) warnings these days.
My point here is that for the web-based world to work, some information has to be transmitted.
Now, privacy is obviously a growing concern and OS/tool makers are increasingly making this a priority. For example, Safari recently added a way to disable cross-site cookies. And there have been firewalls/tools to stop certain processes accessing the internet for years. Great stuff.
I think the correct approach here is to give developers and users options and increase transparency. Half the reason there are all these conspiracy theories about is because people don’t know what is being transmitted. I’m sure if many saw what was actually in an analytics log they wouldn’t care. They’d probably just feel sorry for the data scientists…
* The amount of times I’ve been horrified when a company emails me my plain-text password is too many for comfort (one company actually did this during a support enquiry so I know a real person had seen it!). Hence why many people now use unique passwords for everything and disposable email addresses.
I wanted to add something very important, in a similar vein to Tom and Jim’s links to legal sites: if you see analytics as a viable route for your company, use your best judgement for what kind of information you want to gather.
In other words, the best rule of thumb to follow is Wheaton’s Law.
If you want to be very careful about the information you gather, get a lawyer that has in depth knowledge on the subject to check your data tables. International laws aren’t the simplest to figure out, and there are many to look at!
Some examples of these laws, including previously posted ones:
We fully appreciate the concerns about privacy as expressed in this thread. We certainly don’t want to encourage anyone to pry into users privacy, and if I understand correctly, the concern here is that, regardless of our intentions, we are making it easier for developers to acquire customer data, for good or evil. That is a fair point, and we want to ensure that our intention is clear.
As we are reminded by Joël, acquiring data from software comes with legal requirements. We will add a disclaimer to the analytics library to remind users that they must follow legal requirements before using the library in their programs, and that, in doubt, they must seek legal advice.
While we recognise the value of user analytics to improve the user experience, we fully condemn the illegal acquisition and use of personal data in software.
Perhaps as a CYA and to communicate the fact that there are important legal considerations to users, it would be a good idea to put some form of this statement (and/or @jrlanglois’s links) directly in the juce_analytics module docs? Similar to the “be careful with this because of patent legalities etc.” blurb in the MP3 encoder/decoder classes.
If I were in Roli’s shoes, I wouldn’t put those links I grouped together in the code: they are too few, and it would honestly depend on where your products will be used.
Since audio apps and audio plugins can probably be assumed as international, that’s a helluva long list to add (and maintain!)!
Agreed. There are too many legal requirements and they’re changing quite rapidly so it wouldn’t be that helpful to add links.
We’re writing a disclaimer to make our intention clear however, which we’ll add to the header of the analytics module. This is being reviewed by our legal team and will be added shortly.
Thanks again for the feedback, and please always feel free to voice concerns.
