Fog Creek Software
Discussion Board

collecting Info over Internet on Users

We have a desktop software product sold under a site lease to large corporations. They can put it on as many machines as they want. On an ongoing basis, we'd like to know how many people use the software at any given site, without sending out surveys and the like.

What's the deal, from a legal and moral perspective, on collecting a little info when a user fires up the app, and sending it off over the internet to our site (to the extent they are connected to the web)?

In general, I don't like the idea, but it seems immpossible to otherwise know how many users we have.  Also, once you start collecting a little bit of info, the temptation to collect more info about our software, like error logs, most used features, etc, seems irresistable.

For future customers, we are thinking of just putting a clause in the contract that says the software will contact our servers from time to time and will transmit certain information -- not sure if this will fly with corporate lawyers though....

Tuesday, January 27, 2004

Opt-In "send anonymous usage statistics."

This kind of thing is easier if your program is expected to connect to the internet, so when it triggers their firewall, they're not surprised.
Tuesday, January 27, 2004

Legal - talk to a lawyer.
Moral - talk to your minister

Business is neither one of these and I would guess most customers would say no, as it would appear to be spyware, regardless of what you promise in the EULA.

The option that may sell is the ability to check for updates.  If you say it is on, and really offer updates, then people may choose to leave it on.  (Be sure to give an option for turning it off)

Tuesday, January 27, 2004

Here's an interesting thought.

The company that I work for frequently does custom work for government contractors. Yesterday, I was conducting a training session for some of these clients, and they were talking about problems that they've had installing software on their machines.

See, in the gov't world, there are some machines that are "cleared" to hold sensitive information. These machines are not connected to the internet at all. Not even through a firewall. So, these guys who I was talking with were complaining because they could not install MS Internet Explorer 6 (which is required for some of our web components) because there is no have a stand-alone installer for it. To install IE6, they would need to download Microsoft's net-installer (which they can't do).

It occurs to me that anyone whose software connects to the internet to transmit usage information will have a really tough time getting the gov't interested in installing that software in their secure environments.

Benji Smith
Tuesday, January 27, 2004

This has been discussed before here several times.

Speaking for myself only, I don't like it when software phones home to mamma at all. I really don't like it if it happens without me knowing it's going to happen and if I don't know what info gets passed.

If I face choosing between two software packages that both get the job done, but one phones home and the other does not, I'll probably take my business to the one that doesn't send any data out. Or if it does, that it at least gives me full disclosure about what it collects, what it sends, and gives me full control over permitting/configuring that capability.

I have no idea whether I'm typical or not in this.

Tuesday, January 27, 2004

My guess is that that's the sentiment of a lot of people, but not what most people practice.
Tuesday, January 27, 2004

1) No communicating without user knowledge.

2) Such communication, once understood by the user, must be able to be turned on and off by their discretion not yours.

3) The nature of this communication should be well described in a privacy statement that the user MUST be forced to see (MUST be in the documentation as well as the on-screen EULA). A modal pop-up is even better.

4) Incorporating this with things like an "update service" (as mentioned earlier) is a great way to smooth customer anxiety and increase participation.

5) Even if you try to do this secretly, they could just block all of this traffic at the firewall. If you tried to skirt around this, then you could probably be put out of business pretty quickly by only a few blogs.

Tuesday, January 27, 2004


I have not used it myself but the free Internet Explorer Administration Kit IEAK 6 ( be able to do what you want:

"Distribution media options
With several distribution media options to choose from, you can specify how you want to distribute Microsoft Internet Explorer. Your choices include Web download, CD-ROM, single-disk branding, and LAN deployment. Single-disk branding enables configuration of Internet Explorer settings without installing code on your client computers. Single-disk branding is available only for computers running Internet Explorer 4.01 SP1 or later."

Just me (Sir to you)
Wednesday, January 28, 2004

*  Recent Topics

*  Fog Creek Home