[Tool] Grim Dawn Item Assistant

And yes those are his UUIDs.

Incorrect.

Those are specific UUIDs generated only when running in debug mode.
You don’t see it in the reversed code as it pertains to an #if-else clause.

EDIT: Seems these are in facts UUIDs used by me and a couple of testers for some unreleased functionality.

The following information get gathered to be concluded to a unique end user id. Computer Name + Windows UUID hashed and halfed. Operation System, Operation System Version, Tool Version Information.

The hashed Computer+User is a fallback only if the UUID cannot be obtained.
And lets be clear that neither the username nor the computer name are being sent, merely used to create a string of digits which cannot possible be reversed to obtain the username nor computer name.

In addition since these informations can be logged by a .php website file : IP Adress

I, as well as anyone running a website, using php or any other technology, could easily log this information if so desired.
Its quite possible this information is being logged in the web server access log, regardless of technology used.

He logs every programm start and how long its running

I log up to one usage per day, to obtain an average number of active users, and have absolutely no idea where you summarized that I know how long the program is running, for whatever reason would I care?

The auto update function is switchable between : stable and beta versions but not able to be turned off.

Sure it is, everyone who’ve actually used this tool knows they can simply reject the update.

This means he even knows what users use what kind of version of his tool.

Of course, what use are crash reports if I don’t know what version they are running?

he only admitted to saving informations upon people calling him out about it.

In EVERY SINGLE CRASH REPORT posted on this thread, there has been the line:
INFO [IAGrim.Utilities.ExceptionReporter]: Sent anonymous usage statistics to developer.
And I’ve previously posted the URL, in case anyone were curious.

I would like to see changes in the future and would go as far to say if youre still using GDSM (my tool) switch to this one since this is far superior in comparision when these issues have been resolved.

And alas, we got to the heart of the issue

How many posts do you have about people losing all of their items?

[b]
Instead of posting a 3 page wall of text, why not simply summarize with:

• IA lets me see how many active users there are (link to the statistics website has been posted before)
• IA lets me see which issues people have, in which version, to better resolve them.
• IA offers to update when a new version is out.

Oh the horrors, the horrors.[/b]

You would care because that is illegal if you do not disclose the fact that anonymous usage statistics are taken and/or offer users a means to opt out of the logging if they so chose.

This is a ‘your word versus mine’ situation in which, ultimately, what you’re suggesting you do with the information has an equal likelihood of being true as it does being false. I wouldn’t ask you to disclose the inner workings of your servers (as that is its own can of worms from a security point of view) but ethically speaking you really need to provide an opt-out mechanism for users for this sort of thing.

Edit: For the record I usually opt-in for these sorts of things myself because I understand the utility they can provide for devs and cater to them as best I can. But either way, you need to give that choice to clients without forcing it upon them.

A0LO1r3.png1029×534

Nope.

If you do not wish to provide anonymous stats and bug reports for the betterment of IA, you can simply choose not to utilize it.

That is the meager price to pay.

Is that what you think or is that what your lawyer thinks?

Edit: This still comes down to distribution and disclaiming thereof. Imagine, for a moment, that you make all the disclaimers in the world IN THIS THREAD alone, or even on your actual website for downloading the tool. Then imagine someone hosts a mirror of the download elsewhere without providing those disclaimers. If you collect information from people in that circumstance and they were never warned about AUS, the responsibility and legality still falls upon you as the developer of the tool.

In any event, you seem really defensive about this…

My question was, why in the world would I care how long the program runs?

Think?

I am specifying the price, it is not an opinion.

That depends on how malicious you are.

Totally agreed.

From my personal point of view, if I’d use a tool that has no obvious sign or other information that informs me about any other data being raised than what the tool needs to be run in the way it is thought for and later on find out someone has taken data from me which I did not know about and neither have the possibility to disallow it without having to stop using the tool, I would feel kind of cheated and never use anything from that person again.

Also a tool will be attractive for a more wide spread amount of persons if they can choose whether they want this or not since this way one can serve both these who like to support one as developer and these who want to keep their data for themselves.

It simply brings advantages for both user and developer to include a bit more information and the simple question whether one wants to support the dev this way or not as this might get one as developer more symphaty and more persons who are willing to provide data to improve the tool, as more security for the users.

So in this sense, also I’m requesting you to simply put this little bit of information inside the first post to make it visible and include a small check whether people want to support you with data or not.

What possible malicious purpose could anyone have for knowing this?

There are deanonymization and persistence threats that could stem from knowing how long a program remains open and at what times of the day particular users begin executions of such applications (which you can easily track, regardless of whether or not you actually are).

I’m not going to go into specifics therein because frankly you really couldn’t provoke me to right now. I’ve got better things to do, like modding this game. Look, the legality of not providing an opt-in/out-out service for anonymous data collection is questionable at best and the ethics hence are not favorable. And all in all you’re behaving like an asshole about it for no reason. Fix your shit, play the same rules that the rest of us do, and be on your merry way. Truth be told I was just looking into using this tool but you bet your ass I’m not doing so now.

There are several things wrong with this.

First off, it is not very clear what data is being gathered, how anonymous it is, what it is being used for and who has access to it. Without that, no one can make an informed decision.

As to the price to pay, you might very well find yourself on the wrong end of the law here, only one way to find out though.

From my perspective you should provide detailed information of this in the tool (not on a site only) and allow the users to opt out of sending that information - better yet to opt in (the only way I would ever add a feature like that to mine).

It avoids all this hassle and does not really affect you, other than not knowing how many users you actually do have (care to share that number ? ). On the upside it avoids any risk of someone actually deciding to sue you over this (not likely, but why risk it ?).

Personally, I do not use tools that gather data and do not allow me to opt out (not that I would use this tool regardless, I have my own ) and do not allow automatic updates unless it is widely used software like Notepad++ or Paint.net. Better safe than sorry (so far so good).

So it is not just the person losing out, you also lose out on users (assuming you care about that) and certainly on some goodwill right now, see other posts.

Seeing as he posted the code, its very clear whats being gathered, and everyone has access to it, the link is right there

http://ribbs.dreamcrash.org/iagd/logs.php

But thats OK! If the users arnt willing to provide anonymous crash reports, they can use yours =)

not sure 99% of the people understand any of that, nor do they know that this is all there is

http://ribbs.dreamcrash.org/iagd/logs.php

thanks

But thats OK! If the users arnt willing to provide anonymous crash reports, they can use yours =)

as I said, assuming you care for that

I have no problem in allowing crash reports, etc, to be sent to developers, but I can also see that some people would prefer to have the opt out on this tool. Would it really be that difficult to include it in the settings in the same way as it’s done in GD’s settlings page?

For those on experimental updates:
Todays update adds support for custom games.

Let me know if there are any issues with it =)

I change it to experimental Features, force the update to be done, it opens the second window, does not crash.

Open up a mod on custom game, when I go to stash, the bottom right where it says the “Stash : Closed/Open” , it flickers quickly between the two.

It does not recognize the item that I put in Tab 4, tried multiple times.

Maybe I am doing something wrong on my end.

You are truly adorable!!!

Syn

Did it update? The “Force update” button actually updates the internal database, not IA itself

You can manually update from http://grimdawn.dreamcrash.org/ia/beta.exe if IA is not offering you the update.

Well do once I can.

And there I was wondering if anyone else saw the irony

Anyway, I agree that it should be an option selectable upon first time running the program. It’s standard practice and even GD pops up asking if you’d like to send in anonymous data on first time installation.

Sent from my SCH-I605 using Tapatalk