Relab plugins send data to unknown amazon server. Here's how you opt out.

[ROTMetro]

This is pretty standards for modern software. Especially price conscious niches like VSTs where support interactions eat into a sales low margin, and you need to support hugely varying environments/setups/use cases.

You can have cheap plugins that work across the crazy span of products that VSTs do but require some automation/phoning home of usecases/issues/etc, or expensive products that work on only the platforms the developer targets.

Are you cool with less platforms supported? Higher cost? Maybe a per incident support fee structure? These a very legitimate reasons why they do this.

Now they probably added a new framework (you don't waste DSP devs on basic housekeeping like this) and were a little too aggressive on what it phones home about. But we all benefit when their support costs go down (they can sell cheaper/bring products to market that are a little less 'viable' when adding in high support overhead) and compatibility goes up.

[sin night]

There could be valid “technical reasons” for implementing data collection, but the user should be clearly informed about it and be able to decide. That’s the issue here.

I saw that video before the thread (by the way I think it was the first or second time I looked at that channel, I usually skip his video when YouTube suggest them) and that “eula” button on the plugin gui looked like something “strange” to me, it’s not something I frequently see across different plugins. The different eula text (compared to the installation) and the awkward placement of the opt in/out check box is a problem in my opinion.

Also, the EULA is usually accepted while installing or at the very first run of a software (because you’re asked to read and if you go on theb you accept it, it’s like signing a document), so I wonder about the legal effectiveness of a different eula text shown only if the user choose to press a certain button on the gui. I’m not a lawyer, but I’m not very confident about that button.

[sjm]

I get why companies want to collect technical data. I've worked for a company that did the same thing. It helps make decisions on where to spend limited resources, for example. We had an extension for Visual Studio, and knowing that nobody was using it with Visual Studio 2009 in 2018 meant that we dropped support for VS 2009, rather than testing the product with it. That saved time and effort that we could use to otherwise improve the software.

What I don't like is being forced into the data collection. I'm much more likely to immediately opt out of anything that is opt-out. Especially when there is no effort on the part of the company to explain why they are collecting the data, what they are collecting and how that benefits me. On the other hand, a company that is opt-in, and presents a valid case for what the benefits are, is much more likely to gain my trust. A small sign of respect goes an awfully long way. It's also a legal requirement in the EU.

Personally I like:

• Data collection to be opt-in
• The choice to opt in to be independent of the process of accepting the EULA. Make it a separate option in the installation process or in the software itself, don't bury it in a document you know most people don't read.
• A friendly, non-legalese explanation of why you want to collect data; what data you are collecting; and above all, how it benefits me, the consumer.
• Data collection that is generic and anonymous. You don't need my IP. You don't need to link the technical data to my account. You are perfectly capable of generating an anonymous unique identifier to make sure you aren't double counting the same machine. You don't need personally identifiable information to analyse the user base. It's fine if you want to know what OS I am using, or what CPU and graphics card I have, for example

Do that, and I'm quite likely to opt in. Make opting out a convoluted process, with information buried somewhere in the EULA, while collecting PII and I'll opt out every time.

[xmstkvr]

There could be valid “technical reasons” for implementing data collection, but the user should be clearly informed about it and be able to decide. That’s the issue here.

I saw that video before the thread (by the way I think it was the first or second time I looked at that channel, I usually skip his video when YouTube suggest them) and that “eula” button on the plugin gui looked like something “strange” to me, it’s not something I frequently see across different plugins. The different eula text (compared to the installation) and the awkward placement of the opt in/out check box is a problem in my opinion.

Oh lord, now from the "user didn't read EULA so company is evil" we came to the "strange" looking button conspiracy.

It is getting better and better day by day.

"3I Atlas cover-up" alien invasion peeps that are exposing the truth right now would be jealous.

[sin night]

There could be valid “technical reasons” for implementing data collection, but the user should be clearly informed about it and be able to decide. That’s the issue here.

I saw that video before the thread (by the way I think it was the first or second time I looked at that channel, I usually skip his video when YouTube suggest them) and that “eula” button on the plugin gui looked like something “strange” to me, it’s not something I frequently see across different plugins. The different eula text (compared to the installation) and the awkward placement of the opt in/out check box is a problem in my opinion.

Oh lord, now from the "user didn't read EULA so company is evil" we came to the "strange" looking button conspiracy.

It is getting better and better day by day.

"3I Atlas cover-up" alien invasion peeps that are exposing the truth right now would be jealous.

Maybe it’s because I work for a software consultancy firm in a highly regulated market where these legal things are taken seriously? And when I say “seriously” I really mean it, down to things like the placement of a radio button stating “the client has meets the requirements to sell him the contract” (and the software is used by the agents of the company, not the end clients!).

More than 20 years ago on printed computer magazine there were often discussions about the legalities of eula in relation to certain products.

Legal subjects are really important when dealing with technology…

[CrystalWizard]

CrystalWizard

There could be valid “technical reasons” for implementing data collection, but the user should be clearly informed about it and be able to decide. That’s the issue here.

I saw that video before the thread (by the way I think it was the first or second time I looked at that channel, I usually skip his video when YouTube suggest them) and that “eula” button on the plugin gui looked like something “strange” to me, it’s not something I frequently see across different plugins. The different eula text (compared to the installation) and the awkward placement of the opt in/out check box is a problem in my opinion.

Oh lord, now from the "user didn't read EULA so company is evil" we came to the "strange" looking button conspiracy.

It is getting better and better day by day.




"3I Atlas cover-up" alien invasion peeps that are exposing the truth right now would be jealous.

Aww that's such a clever little shill, isn't it clever, such a clever lil' shill. Them boots taste great, huh?

[vitocorleone123]

The company responded on gearspace.

Also a good post about what plugin makers COULD collect posted by Liquidsonics on vi-control.

Too busy to find links for you - sorry.

[zvenx]

https://gearspace.com/board/showpost.ph ... count=1942


https://vi-control.net/community/thread ... st-5785542

rsp

[vitocorleone123]

https://gearspace.com/board/showpost.ph ... count=1942


https://vi-control.net/community/thread ... st-5785542

rsp

[Trancit]

Honestely I find it astounishing how easy many take issues like this...

"Many do it, so it´s ok!" ... or " it´s your own fault because you didn´t read the EULA"

No, it isn´t!
They don´t have the right to abuse paying customers to get an easier life... no matter for what reason!
They can kindly ask on the installation is somebody is dumb enough to allow it, but that´s all...

Just because it has become common practice to do on your machine whatever they want, it doesn´t has to be accepted.
For me, the game is immediately over when I notice something like this happening with a product I purchased.
You fool me one time... shame on you... you fool me second time... shame on me!
No further use of the plugin(s), no more money from me. Shitstorm whereever I can...There are always enough decent alternatives...

If you never say "Stop", you give away every little control you always had about what´s happening on your property.
It´s really time to stop this "silent doing without asking for permission" and hiding any hint of this in some text they know 90% of the people will never look at anyway... this is just shabby behaviour...

Dealing has something to do with trust... if you do not trust a seller you will not (and should not) buy from him.
And people who do not ask for permission but just activating such options silently by default cannot be trusted, period!

Many acting like there wouldn´t be any help... but there is...
I.e. Bitwig, Minimal Audio, Waves... they all had to row back as they tried some stunts but earned nothing but shitstorm, rightly so.
Go woke, go broke... this shouldn´t be just for this one topic ...

I ask myself, why can you (the "that´s ok" sayers) just collectly whine when it´s about certain topics round about your money but nothing else. This is equally serious!

[sin night]

Good thing they made they provided info about what they collect (there wasn’t much room for doubts anyway, given the strong relation between knob movements and sent data…); I’m still unsure if an eula shown by optionally pressing a button on a user interface can be legally binding if the user is not forced to read through it and explicitly accept it by performing a certain action.

Someone could argue that continued use of the software may imply acceptance but I’m not sure about it, if the text under that button is indeed different than the one shown while installing the software (that’s what’s being reported, I didn’t check myself if they are actually different). In looks like a grey zone to me that may end up voiding certain eula conditions. We all make mistakes while working (it’s human nature!), but that’s something I would address rather sooner than later by aligning the eula versions in order to avoid any confusion, because the eula shown while installing (or at the very first run) is usually the legally binding one as far as I know.


Anyway, I’ll look if such opt out checkbox appears when I’ll install any software update, I’ll opt out (as I always do by default in any situation) and call it a day…

[Trancit]

Good thing they made they provided info about what they collect ...

Can you check if this is all they collect?
I am not able to do...
Paper doesn´t blush... they can write a lot...

[sjm]

There's a reply in another forum in the 'Relab 176' thread where the official Relab account summarizes exactly what data they collect and why, if anyone is interested.

[...]
"ip_address": null,
[...]

https://gearspace.com/board/showpost.ph ... count=1942

However, I do want to clarify an important point that our legal counsel also confirmed today.
[...]
In other words, because the tracking feature only gathers anonymous, non-identifiable usage data, the GDPR’s obligations do not apply in this context.

The IP address is explicitly defined as PII according to GDPR. It's not clear to me if the example of the data posted includes an IP address of "null" because none is collected, but if the IP is collected, they need a better lawyer.

[...]
While most of these are straightforward, online identifiers are a bit trickier. Fortunately, the GDPR provides several examples in Recital 30 that include:

• Internet protocol (IP) addresses;
• cookie identifiers; and
• other identifiers such as radio frequency identification (RFID) tags.

[sin night]

Good thing they made they provided info about what they collect ...

Can you check if this is all they collect?
I am not able to do...
Paper doesn´t blush... they can write a lot...

Of course I can’t check, not in this case or any other case (maybe if it’s in a human-readable format, etc… it’s a can of worms, it’s highly unlikely to be able to do a complete verification…). But the software behavior says a lot of what it’s probably being recorded (do I like it? hell, no, no and no!).

I think the right thing to do is to clearly state upfront there’s some data being collected and what it is, for what purposes and so on. And let the user easily opt in/out. And the statement should be included with the software, not written somewhere else.


It’s a matter of trust, one can never know for sure which data is collected, how it’s stored and elaborated… unless there are regular audits (but let’s be real…)


Just to be clear, I don’t want any data collection on my computer, even if it’s GDPR-compliant. I know first hand how useful data and log are for development / bug fixing, but as a user I’d rather stick to the old fashioned bug report when there’s an actual issue (and I’ll provide all the informations needed in that case).

[Kai Enaki]

There's a reply in another forum in the 'Relab 176' thread where the official Relab account summarizes exactly what data they collect and why, if anyone is interested.

[...]
"ip_address": null,
[...]

https://gearspace.com/board/showpost.ph ... count=1942

However, I do want to clarify an important point that our legal counsel also confirmed today.
[...]
In other words, because the tracking feature only gathers anonymous, non-identifiable usage data, the GDPR’s obligations do not apply in this context.

The IP address is explicitly defined as PII according to GDPR. It's not clear to me if the example of the data posted includes an IP address of "null" because none is collected, but if the IP is collected, they need a better lawyer.

[...]
While most of these are straightforward, online identifiers are a bit trickier. Fortunately, the GDPR provides several examples in Recital 30 that include:

• Internet protocol (IP) addresses;
• cookie identifiers; and
• other identifiers such as radio frequency identification (RFID) tags.

The plugin and the server it communicates with need access to a users IP for the data transfer to function. It doesn't matter if said data ends up in an aggregated or de-identified pool of data after the fact. Even without a IP there would have to be a call ID for the app and server to be able to communicate. Simply put, there's always a traceable ID involved.

Now, they claim to not need user consent based on how they interpret the law. If that's true, why did they add an opt-out button, albeit hidden, to begin with? Things are simply not adding up.