?

Log in

No account? Create an account
thoughts - LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

thoughts [Jan. 30th, 2003|11:49 am]
LiveJournal Client Discussions

lj_clients

[jerronimo]
I asked about this a little while ago (probably last april, since that's the last time I worked on JLJ...)

Okay, so one of the things I added in to the latest version of JLJ was a call back to my webserver to check for new versions of the software. To make this easier on myself for parsing, I have the php script on my end output in a manner similar to the LJ's server... something like this:

 
Major 
2 
Minor 
5 
URL 
http://www.cis.rit.edu/~jerry/Software/perl/#jlj 
success 
OK 
Which gets parsed by my client like the lj's server responses as well.
I then check this against the internal version string, and if they're different, i print out a message stating to go to [URL] to get the latest version, blah, blah, blah.

The thing is though, that in my jlj script I also send with the request:

  • software name (jlj)
  • software version (2.5)
  • username (jerronimo) (or whatever)
for some personal stats, since the livejournal stats page, http://www.livejournal.com/stats.bml is kind of lacking as far as real client statistics.

For now, I just keep track of who/how many people are using which versions of the program.

I realize though, that a client writer can get more dangerous and also send the user's passwords, or even their posts to their own server, and are just trusting the client writer to be honest about this.

Am I doing something that any of you think is wrong? This is just for personal stats out of curiosity of the product. Do any of you do something similar with your clients?Discuss. ;)

linkReply

Comments:
[User Picture]From: codedragon
2003-01-30 09:10 am (UTC)
I don't think you're doing anything too wrong, since it's [as far as I can see] not malicious, but I'm not sure that your users would be too happy about their usernames being passed - though that's only my opinion.

I see what you're getting at, mind you, what's to stop a developer of any app that accesses the net at some point from transmitting usernames/passwords/keystroke logs etc.?
(Reply) (Thread)
[User Picture]From: jerronimo
2003-01-30 09:14 am (UTC)
Yah. I should probably put something in the readme stating that I pass the username over, and give the users an 'opt out' option or something.
(Reply) (Parent) (Thread)
[User Picture]From: dottey
2003-01-30 11:36 am (UTC)
I was going to suggest exactly that. I tend to get pissed whem my info is taken without my consent. But in most cases where my consent is asked, I will freely allow my info to be taken.
(Reply) (Parent) (Thread)
[User Picture]From: jerronimo
2003-01-30 11:44 am (UTC)
the code is already in there for 2.6 that does this.

Actually. I'm about to re-write it to be opt-in instead. That seems more polite.

Any info gathered before that release will be deleted.
(Reply) (Parent) (Thread)
[User Picture]From: surfal666
2003-01-30 09:40 am (UTC)

Is it in the documentation?

You log the username and it comes in via http, so you get the IP address by default. You can then break down any anonymity that the user may have in their journal posts. Think MS WinXP / OfficeXP activation.

If you've been recording this information without making that fact clear to your users, you should probably expect to have some pretty pissed off people to deal with.

(Reply) (Thread)
[User Picture]From: jerronimo
2003-01-30 09:46 am (UTC)

Re: Is it in the documentation?

Understood.

Although I could store things like IP number that the user posted from, time and date that they posted, privacy of the post, etc. I do not.

In fact, the only thing I actually store is the number of times that a particular user used a specific version of the program. I am not keeping track of any other information that could possibly be used against that person in any way.

The data is stored in a file in the format:
[software] | [version] | [username] | [count]

ex:
jlj | 2.5 | jerronimo | 34

Showing that I used version 2.5 thirty-four times.

The next version (due out tomorrow) adds in an "opt out" option which sends a dummy username over instead of the actual username.
(Reply) (Parent) (Thread)
[User Picture]From: xb95
2003-01-30 09:51 am (UTC)
LochJournal reports back but only asks for the current version. It doesn't transfer username or anything like that. The IP and date is logged, so I can do neat things like find out where most of my users are, et cetera. However, I don't get the username, so I can't corrolate that sort of thing. I would recommend that you not store or send the username, some people don't like that. But other than that, it's fine.
(Reply) (Thread)
[User Picture]From: benzado
2003-01-30 11:45 am (UTC)
I don't think it's wrong to collect data like that, but it is wrong not to warn users about it.

To be fair, I can't blame you. Collecting data like that is fun, even if you keep it totally private. :-)
(Reply) (Thread)