privacy and silent internet use

Hello

I'm not sure what kind of legal and ethical requirements there are for notifying customers that the activation is about to send data over the internet, who has access to it and what that data contains. Is it necessary to have a privacy statement? I figure that if our customer buys our software and gives us their name and email address, then it's fair game to share that and their product activation status with wyDay's service without telling them or promising any privacy.

Legally, the requirements about what you collect and how you notify your customers differs from country to country. See a lawyer about that.

The data we collect (the computer "fingerprint") is anonymous, and useless outside the context of activating your software. In other words, everything that LimeLM / TurboActivate creates and uses is both anonymous and useful only to LimeLM -- the data cannot be used to track back to any particular user. Any other data you put into LimeLM (customer's email, name, etc.) it's entirely up to you to comply with the appropriate data / privacy laws of your City / State / Country.

Is it necessary to have a privacy statement?

It depends on the laws of the country you're in and the countries you'll be selling to. See a lawyer.

As a rule of thumb, yes, always tell your users what you collect and how it's used. Savvy users will avoid software that doesn't explicitly tell them this.

Legally, the requirements about what you collect and how you notify your customers differs from country to country. See a lawyer about that.

Any ideas of online references? This is surely so common it doesn't need a lawyer to get the jist of it. All your customers must be dealing with the exact same issue but in different countries. I might just make up something that contains the facts.

> the data cannot be used to track back to any particular user.

We certainly can't tell customers that. Sure the hardware fingerprint on its own may be anonymous but it's not on its own. We can easily see when and from what IP each customer (who we know) activated their software. Also, we (or you) can surely distinguish between computers they use because each one has its own fingerprint. I imagine you can even associate my customers with someone else's customers using the fingerprint. Is that possible?

I imagine you can even associate my customers with someone else's customers using the fingerprint. Is that possible?

Not if you or they are running self-hosted LimeLM. If they're both running on our hosted LimeLM, then yes.

Think of the computer fingerprints like human fingerprints. The human fingerprint by itself, in a "vacuum" so to speak, is useless. It doesn't tell your gender. It doesn't tell your height. It doesn't tell anything about you other than:

  1. You're a human.
  2. You had at least 1 finger when you left the print. You may or may not still have that finger.

So a fingerprint by itself is useless.

So a fingerprint by itself is useless.

By itself yes, but I think it's a stretch to say it's anonymous since it's associated with a known person and its usage is tracked.

As I said earlier (in other words) the fingerprint is only associated with a known person (in LimeLM's eyes) if you let it be. In other words, if you set and email and a "Customer Name" license field, then the fingerprint of the computer goes from being anonymous to being associated with an email and/or customer name.

So I think the crux of the misunderstanding is that I'm talking about data privacy from LimeLM's perspective, not from your perspective. If you only use product keys and activations, without passing any other data in, then from LimeLM's perspective the fingerprint is anonymous.

OK

Reply
Discard post