Fog Creek Software
Discussion Board




Ethics of automatic error collection

I'm planning on adding automatic error reporting to a consumer application I'm making.  Like many programs now (including FogBUGZ, as Joel wrote about), when we encounter a serious error, we'll dump a bunch of pertinent data to a file.  When the app is restarted, I'd like to send that data up to our web server, assuming the user is connected.

Now many apps that do this (including IE and Studio.NET) prompt the user before reporting this data.  I'm planning on NOT doing this.  I really don't think most users understand or care.  I'm not collecting any personally identifiable information, so I can't think of any reason why I'd need the user's permission.

How have others dealt with this?  Would anyone be upset to find out a program they've been using does this?

David
Wednesday, February 19, 2003

I should add that I don't plan on telling users that this is happening.  The app will silently connect (when the user launches it the next time), transmit the file and then delete the file

David
Wednesday, February 19, 2003

1) Customer has firewall in place
2) Sysadmin reports application trying to contact you
3) When confronted, you try to explain it's just system diagnostics
4) You are fired, not paid, sued, and blacklisted.

Instead, present the customer with a release to sign indicating that your application will gather and forward specific diagnostic data. Get the client to sign the release. Now you're covered.

Philo

Philip Janus
Wednesday, February 19, 2003

I think it's fine, but for your own good you should mention it _somewhere_ like in a help file, or FAQ.

For instance:

Q: Sometimes when I start the program it tries to connect to the internet for no apparent reason. Why?

A: When the program encounters a serious error, such as the kind encountered when the program "crashes", it is designed to try to collect as much useful information as possible as to what caused the program to fail, and it saves this information in a file before fully shutting itself down.

The next time it is restarted it will attempt to connect to the internet and send the information it collected about what caused it to fail to us, so that we can attempt to ensure that no such error will occur in the future.

The information transmitted contains no personal or sensitive information of any kind - only impersonal program debugging information.


You'll definately want to document such activity. People can be very paranoid, and for good reason. So long as your being honest about the activity of your program and document it accordingly, you are behaving both ethically and in everyones interest; you just have to worry about it seeming like you are trying to hide something.

Brian Hall
Wednesday, February 19, 2003

I like the idea of documenting it in the help or a FAQ.  It's not that I want to hide the information, I just don't want to ask users about it when it happens.  It really doesn't matter to them.  I think Joel wrote an article about this once - annoying popups that asked questions that users don't care about.

David
Wednesday, February 19, 2003

IE reports crash data. When it does this you see two dialogs:
1) "Do you want to report this to Microsoft?" <- good dialog
2) "Reporting done" <- bad dialog

I don't really care whether MS got the data or not, and that last "ok" is annoying. But I don't object to being asked if I want to send the data.

Here's an alternative - pop up a dialog and have the standard IE "Do not ask me again" checkbox.

Philo

Philip Janus
Wednesday, February 19, 2003

A simple "Do you want to report this error?" with a Yes and No option will suffice.

Full power, control and knowledge should be with the user.

Sometimes this doesn't suit us developers, but comes with the territory I'm affraid.

Realist
Wednesday, February 19, 2003

If you plan on doing it without prompting the user, make sure that the operation fails safely if it cannot connect.

I have Zone Alarm installed. There have been times when apps attempt to connect to the internet and it flags me. I usually click NO when prompted to allow outbound or inbound connections.  Some apps lock-up when I do.

So,
(1.) I don't trust the software vendor because I don't know what info they're sending.
(2.) I think the software's crappy.

Rightfully Distrustful
Thursday, February 20, 2003

Why don't you want to ask the user? Because you don't want to ask pointless questions?

Does your app already connect to the internet for other reasons?
Are you sure the crash data has no personal info? Maybe some data on the stack from the user, even a filename? Maybe even the IP address of the user is somehow private--though it's good from your anti-piracy point of view to have occasional connections to your server which you can track.

A while ago I got a CD in the mail which installed an app in the temp directory which tried to connect to the internet, then deleted itself when it succeeded. Boy did that piss me off. And all it did was say 'hello'. (Side note: it was installed from within a flash movie.)

mb
Thursday, February 20, 2003

David wrote:
--
I think Joel wrote an article about this once - annoying popups that asked questions that users don't care about.
--

Ah, but this is something that many users care passionately about. In this day and age I really don't think it's even an option. You have to give people the choice. Add a "don't ask me this again" checkbox if you think people will be seeing the dialog so often that it will annoy them.

Malcolm
Thursday, February 20, 2003

What product will it be? Just so that I can make sure I don't buy it you understand.


Thursday, February 20, 2003

Personally I do not like any data send from my computer anywhere else without me being informed about it. I might be a bit paranoid there, but it really makes me crazy when I connect to the internet (I am still using an analog dial up connection) and the programms running instantly start sending or receiving data.

I think you really should inform the user about your sending of error data. You might want to add a "Do not show this dialog again" checkbox to it, assuming that if the user agrees/disagrees with the sending once, she will probably stick to that choice in the future.

Have fun,

Jutta Jordans
Thursday, February 20, 2003

If you decide that you really need to do this, think about how most people feel comfortable with googlebars approach on privacy issues, and don't take the sleazy route by hiding what you are doing in some help file or legal mumbo jumbo.

I agree with the prior comment about wanting to know the name of the product so that he can avoid buying it :)

Eric Moore
Thursday, February 20, 2003

What about user's who have a pay-for-time pr pay-for-data-sent/received connection? Don't you think they might be a little peaved at you taking some of their money for something that benefits you, not them?

And what is your diagonistic data going to contain? Without sending back at least some of the data they were working on I can't see it being particularly useful. Don't you think they might reasonably object to you send yourself their data without permission?

Finally, I would instantly uninstall any application I found doing this, and bad mouth it across the internet as much as possible.

Mr Jack
Thursday, February 20, 2003

>How have others dealt with this? 
>Would anyone be upset to find out a program they've
>been using does this?

I havent done this in my programs. However I think I would do it in a "closed-reference-group"-fashion. Say I would charge $100 for a copy of the version that does not do error reporting, and if you wanted the $79 one, I would give you that, provided you agree to do error reporting of bugs back to me.

I think the $79-group would fill up rather quickly, and it would then be closed to new member entry when it has enough members, and refilled as needed. I would have some partner-deal in place for the $79 group.

One thing I would never ever do is to silently sending
information to myself. A perfect recepie to burn yourself.

Patrik
Thursday, February 20, 2003

I personally hate it when an app tries to pull a sneaky stunt like this, and it would be a reason to possibly not buy from your company again. 
Aks the user. IE does the right thing in this respect and I always allow it to do its thing.

Just me (Sir to you)
Thursday, February 20, 2003

The only need to automatically send it across the net, with or without the user's knowledge or permission is if you have very many copies of the software issued and a large population of error data is going to help you.

Otherwise collect the data normally and store it with the applications somewhere, the user can email it you or you can have the application send it later.

But in general the user should be aware of any communication of data, in some places its a legal requirement.

Simon Lucy
Thursday, February 20, 2003

In my application, I collect crash data by e-mail. Basically, when an unhandled exception happens, I execute a big "mailto:myself&body=the_stacktrace..." command, and include the full stack trace of the exception in the body part. Thus, the users get to see what information is actually sent, I get the user's e-mail address so that I can follow up on the problem when it is fixed, and there are no problems with firewalls or anything.

The only problem is that on Win98 it's not possible to process a mailto: URL longer than 255 characters, and that is too small for a complete stacktrace. But the majority of my users use Win2K or XP, so this is not a major problem for me.

Dmitry Jemerov
Thursday, February 20, 2003

Well, David, now you see what you get for asking...

I agree with many others here: I'm annoyed by any application borrowing my Internet connection without telling me why it needs it.  It's not a matter of bandwidth, but of trust; the very fact that a program would use my connection unannounced tells me I can't trust it.

One thing I wish IE had is a window containing its error log dump so I could page through it and make sure there's nothing personal in there.  Since it doesn't have this, I tend to be rather capricious about whether I allow it to send its error report.

Assuming your program meets a need I have, I'd consider buying it if (1) it asked permission to send an error dump, with an "Always say yes/no" option I could check AND an options area where I could change my answer to that later, (2) it always notified me when sending an error, even if I'd said "Always send" (using an auto-disappearing dialog box), and (3) it let me see _exactly_ what it's sending, not just a vague description like IE does.

Kyralessa
Thursday, February 20, 2003

I, like others, would strongly object to having any data sent without my permission. If you tried without asking me you would probably never get my business again. For me its just a matter of principle. But I also have no way of knowing what you are sending.

Likewise for some people anything can be confidential. Even the name of a document can give secrets away. Suppose your software was being used by a sexually transmitted diseases clinic, for example.

David Clayworth
Thursday, February 20, 2003

And, while your beaming information from my PC to yours, why dont you connect me to an international porn site as well, you know, dial an international number and connect me.

Realist
Thursday, February 20, 2003

I see what David is getting at... I think the *vast* majority of users have no clue why you would or wouldn't want to send the info, and wouldn't care one way or the other.  In that sense, I can see wanting to improve the UI by not even asking.

Unfortunately, this is a topic that some people obviously care a lot about (as seen in this thread), so secretly sending the data is probably not a good idea

Some of you guys went way overboard... The whole point of this post, after all, was to see if you found it ethical/desirable to send the error data secretly.  Here he is asking your opinion of what he should do, and you just go off the deep end and assume he is going to do it regardless.  If you think it is a bad idea, say so... don't talk about how you want the name of his software so you can avoid it, or why doesn't he connect to porn sites at the same time.  If I got responses like that from people I asked for advice I certainly would never bother getting suggestions from them again.  It's not like he was asking "Hey do you think it's ethical for my software to collect all your personal data and sell it, without alerting the user?"

Mike McNertney
Thursday, February 20, 2003

Mike, asking for the name of the site so the responder can avoid it is a perfectly valid way of registering the responder's opinion on the etchics of automatic error collection.  It indicates that the responder would avoid this software if it silently transmitted error reports.

Silent transmission of error reports can be seen as a violation of privacy, and that's very much germane to this thread.

Brent P. Newhall
Friday, February 21, 2003

You should also offer the user the option of printing out the error report and mailing it. This might be more work for you, but the end user may not even be connected to the Internet.

Max Hadley
Friday, February 21, 2003

OK, I think I got the info I was looking for.  Obviously, many people are very distrusting of the software they use.  I can't blame anyone, I'm probably the same way.  I also deny access to some apps when ZoneAlarm asks me to grant them access to the Internet.

I think in few more years, this kind of communication will be so commonplace that people will expect it, but we're not there yet.  Even now, I'm amazed at how many apps tell me that a newer version is available - obviously they went out and checked!

I'll pop up something like IE does, telling them that we want to send an error report.  They will be able to choose Yes or No and I'll add one of those "don't ask me about this again" checkboxes.  Seems like the most prudent thing at this point.

Thanks for the input, even the wildly overreactive input!

Dave

Dave
Friday, February 21, 2003

Thanks for asking, Dave. A lot of people wouldn't.

David Clayworth
Monday, February 24, 2003

*  Recent Topics

*  Fog Creek Home