I write small to medium sized applications, many of which I release onto the Internet. Hopefully, all will be well, but if by some unthinkably hideous disaster, an exception occurs, can I quietly submit that report?
I could make every effort to remove the account name, and I would probably only collect the exception text.
Surely what a user doesn’t know has just been sent can’t hurt them, or me and my programs.
So far, users have to manually report bugs to me, but I would like to get away from this if I can, and I just want to know whether you think I can get away with this, and what you guys do.
Thanks a lot in advance!
If you send data from the user’s machine without the user’s permission, you run the risk of users bringing legal action against you. You may also get flagged as a virus or malicious app.
I am not a lawyer, but my understanding is that US and EU privacy and data protection laws require disclosure of and user acceptance of your application’s handling of personal information, which can include userids, machine IP addresses, and even stack traces that show modules loaded or function parameter values.
Even if you are confident that the data you’re sending is fully anonymous to the letter of the law(s), if your app is found to be sending “mysterious” data without user permission, it will likely be flagged as a potential virus, zombie, or other malicious label.
Recall that the Prodigy network client app in the early 90’s was slammed by user hysteria over claims that the client app “scans your hard disk to harvest personal info”. The reality was that the client app merely opened a swap file on disk and did not zero out the disk sectors, so old data from deleted files would occasionally “appear” to be residing in the client app swap file. This is an example of where the truth (Prodigy was doing nothing wrong) was irrelevant, perception created the hysteria and did the damage.