We may track the IP addresses associated with their use of the Applications using JUCE

GPL means that of the user asks for the source code, you must provide it. Doesn’t say anything about distributing the source alongside the app AFAIK.

IIRC that’s why you get a message on some website saying that they are tracking you. They don’t do enough, I think, as they should still allow you to say that you don’t agree (and take you elsewhere).
At least, this is what I understand from France’s privacy law.

+1 that’s definitely needed.
Problem is, that those who need the personal license to start small, cannot afford, and the other users ar not affected. So I would kick the ball back to ROLI, if you could please make sure, that by providing the personal licensing model you don’t put your users in legal conflicts.

Maybe just provide an approved disclaimer for the users to put in their EULA and be safe?
Maybe even include in that statement, what statistics are collected.
(approved = checked by a lawyer)
Because if it turns out, that if a user gets in trouble because of using the personal license model, it would end up in court anyway, so solve problems before they spread.

I imagine something like

This software is made using ROLIs JUCE sdk. Therefore ROLI will collect anonymized statistics, where and on which platform this software was started. It will not contain any further information of actions or data that you enter into that program.


That can be seen in the relevant code, which is:

const auto deviceDescription = SystemStats::getDeviceDescription();
const auto deviceString = SystemStats::getDeviceIdentifiers().joinIntoString (":");
const auto deviceIdentifier = String::toHexString (deviceString.hashCode64());
const auto osName = SystemStats::getOperatingSystemName();

StringPairArray data;

data.set ("v",   "1");
data.set ("tid", "UA-19759318-3");
data.set ("cid", deviceIdentifier);
data.set ("t",   "event");
data.set ("ec",  "info");
data.set ("ea",  "appStarted");

data.set ("cd1", SystemStats::getJUCEVersion());
data.set ("cd2", osName);
data.set ("cd3", deviceDescription);
data.set ("cd4", deviceIdentifier);

String appType, appName, appVersion, appManufacturer;

#if defined(JucePlugin_Name)
appType         = "Plugin";
appName         = JucePlugin_Name;
appVersion      = JucePlugin_VersionString;
appManufacturer = JucePlugin_Manufacturer;
if (JUCEApplicationBase::isStandaloneApp())
    appType = "Application";

    if (auto* app = JUCEApplicationBase::getInstance())
        appName    = app->getApplicationName();
        appVersion = app->getApplicationVersion();
    appType = "Library";

data.set ("cd5", appType);
data.set ("cd6", appName);
data.set ("cd7", appVersion);
data.set ("cd8", appManufacturer);

data.set ("an", appName);
data.set ("av", appVersion);

auto agentCPUVendor = SystemStats::getCpuVendor();

if (agentCPUVendor.isEmpty())
    agentCPUVendor = "CPU";

auto agentOSName = osName.replaceCharacter ('.', '_')
                         .replace ("iOS", "iPhone OS");
agentOSName << " like Mac OS X";

String userAgent;
userAgent << "Mozilla/5.0 ("
          << deviceDescription << ";"
          << agentCPUVendor << " " << agentOSName << ";"
          << SystemStats::getDisplayLanguage() << ")";

ReportingThreadContainer::getInstance()->sendReport ("https://www.google-analytics.com/collect", userAgent, data);

Which is in: https://github.com/WeAreROLI/JUCE/blob/4f41f28b47d01b939559123d145b4e5860528bb7/modules/juce_gui_basics/misc/juce_JUCESplashScreen.cpp

Even if its usual practice these days, which is sad enough, it feels so wrong to add more or less hidden tracking code to a framework. In the least worst case, this information is used to place customised adverts. A second point i see, because plugin-code runs in user-space, it may adds a potential vulnerability to all these applications.

1 Like

I think to call this clearly-written open-source code “more or less hidden” is a bit disingenuous. If we’d wanted to hide it, this wouldn’t have been a particularly good way to do that!

Hi Jules, with “more or less” hidden i mean, there is procedure in it, you may not expect to exist, because it does not contribute to any functionality, which you expect from a framework.

Also its “more or less” hidden from the end-user, even when there is a EULA