Rhino 5.1 is checking IP address and sending analytics to Google?

Why is Rhino 5.1 checking and decrypting my IP address and trying to connect to Google Analytics? I never seen this before.

Let me begin with apologies.

First, I apologize for not telling you that we were adding GoogleAnalytics event logging to Rhino 5 for Mac. (Rhino 5 for Windows logs GoogleAnalytics events as of SR12). We have been logging GoogleAnalytics events for about two RhinoWIP (for Mac) releases now in order to see what sort of testing coverage we are getting in the field (more on that below).

Second, I apologize for not adding a toggle in the interface to allow you to disable this. The Privacy Policy says you should be able to disable this sort of thing. I feel particularly bad about this one and I will be committing code very soon that allows you to turn this off.

Ok, on to the technics.

As many of you likely know, GoogleAnalytics events are constructed by formatting a URL and sending a http request to Google. We are logging:

  • Rhino for Mac started
  • Which version of Rhino for Mac started (the build number - as in 5Bnnnw)
  • Some identifier about your computer so that GoogleAnalytics can distinguish that events are unique. We were attempting to use the same client UUID that we use elsewhere…but…

The code I added should not be trying to check your IP address. This may be the unintended consequences of calling Cocoa APIs that are doing something under-the-hood. I am going to investigate this more and get back to you (see below). If calls we are making are trying to collect the IP, then this code will be deleted. We don’t need this information.

As I mentioned above, the intent of using GoogleAnalytics events is to figure out how much testing coverage we are getting on particular versions.

I’d just like to apologize again for not letting you know we were turning this on and not (yet) allowing you to turn this off. I intend to correct the later bug as fast as I can.

Just for the record, I don’t recall having been notified about this when I installed SR12, nor do I see a place to disable specifically that functionality under “Updates and statistics” - you can either turn it all off - and lose automatic updates - or leave it on. I’m not bothered by this, I’m simply relating the fact that I don’t think Windows Rhino users have it any differently in this case.

It is however explicitly covered in Section 8 of the privacy policy

–Mitch

If my Rhino workstation is not connected to the Internet, will this affect Rhino’s performance?

This does not effect Rhino’s performance at all…connected to the internet or not.

I’ve investigated this part of the issue more. I have removed any code that could have potentially checked your IP address…but I’ve double-checked the contents of the http URL for GoogleAnalytics and it could not have added this information to the logging event. Regardless, it was good to quadruple-check.

I can only speculate what might have reported (erroneously) that your IP was being decrypted (LittleSnitch?). If an attempt was being made, it was not being logged.

Thanks again for your diligence on this. I’m still working on the opt-out code.

So here’s the connections I’m seeing from Rhino (evaluation license) at start up:

pool.ntp.org // presumably to check license expiration
server-54-192-48-6.jfk5.r.cloudfront.net (aka files.mcneel.com) // ???
checkip.dyndns.com // to get ip address - no other mac program I have does this, so I don’t think its “cocoa”.
118.32.199.65.philadelphia.google-ggc.verizon.com ( aka play.l.google.com ) // analytics?

I am a happy user of Little Snitch ( for Mac ) and typically I deny all these connections. It’s really scary how talkative programs have become… Little Snitch will show that. ( to be fair, Rhino is on the quiet end of that scale. )

A bigger concern for me, as I am close to that buy or not decision: Will the program require an internet license server check before it starts up? In the past I’ve been burned by $$$ software that suddenly won’t run because the company went belly up or I don’t have an Internet connection or they want to force me to buy some new version (ahem ADOBE ahem. ) I believe a company has every right to fight piracy and go after counterfeiters, but only after the paying customers are treated for what they are: honest paying customers.

( I have no connection or interest with the makers of Little Snitch)

Ken

pool.ntp.org // presumably to check license expiration

Correct. Evaluation Licenses are basically Commercial Licenses that expire. When the license is Commercial, no check for expiration is performed. NTP is the Network Time Protocol… I think you can imagine why we might check this.

server-54-192-48-6.jfk5.r.cloudfront.net (aka files.mcneel.com) // ???

That is our server, but this does not relate to Google Analytics.

checkip.dyndns.com // to get ip address - no other mac program I have does this, so I don’t think its “cocoa”.

This will be fixed soon. No call to this will be made. Just to be clear: even if the bug in question called this code, it did not pass this data into the GoogleAnalytics request that was posted to…

118.32.199.65.philadelphia.google-ggc.verizon.com ( aka play.l.google.com ) // analytics?

Correct. The server that handles the GoogleAnalytics event may change depending on location.

Now, to your related concern (which I totally understand)…

Will the program require an internet license server check before it starts up?

No. Not at the moment and - to my knowledge - we have no plans to do such a thing.

( I have no connection or interest with the makers of Little Snitch)

LittleSnitch a great piece of software. I’m glad it’s keeping developers - including us - honest.

Unless you’re behind a proxy server, Google Analytics will get your IP address as soon as you connect to their server. It doesn’t have to be “decrypted” or uploaded.

Every web /email/FTP/whatever server you connect to logs your IP address every time. If you’re seriously concerned about it, you might want to look into a secure proxy server.

I looked into this as I also noticed that Rhino was talking to check-ip.dyndns.org and also a Google IP address on startup. A trace shows that it does send the IP address to Google in a parameter named “uip”, so the statement above that says that it is not included appears to be incorrect.

I have added a rule to block these connections, but I can’t say I’m happy about my use of the software being spied upon, especially as it is on by default and there doesn’t seem to be a way to opt out.

I understand your concern and apologize.

As noted above, this was an unintended bug and will be removed in the next RhinoWIP. We do not need to lookup your IP.

Here is the raw http URL being posted (with the actual clientID and GoogleAnalytics tracking ID X’d out):

http://www.google-analytics.com/collect?el=debug&t=event&uid=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&ec=Rhino5Mac_WIP&v=1&ul=en-us&ea=start&ev=1&tid=UA-XXXXXX-1&cid=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

uid and cid are the same. We are using a hashed serial number (not your IP address). These are there for Google Analytics to distinguish one event from another.

Please continue blocking Rhinoceros (5.1). We will release a RhinoWIP in the near future with all the IP address lookup deleted. This RhinoWIP will continue to post GoogleAnalytics start events, but it will also allow you to disable them from Preferences should you chose to do so.

Thanks for your concern and for planning to resolve it.

It’s interesting though, that my trace shows the following:

http://www.google-analytics.com/collect?el=5B161&t=event&uid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx&uip=NNN.NNN.NNN.NNN&ec=Rhino5Mac_Commercial&v=1&ul=en-us&ea=start&ev=1&tid=UA-xxxxx-x&cid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The UIP field contained the IP address retrieved from dydns.org.

I rolled back my revision history to check. It is possible that this uip was posted. My post above contains the current http call that will be in the source going forward.

Thanks for your patience and diligence on this. It was not intended and I regret that this may damage trust we’ve worked hard to gain.

I don’t really have a problem with you gathering anonymous usage statistics, especially if it helps you to produce a better product, but I’d like to be given the choice to opt out. Being upfront about what you are collecting and why you are collecting it is important in these days of privacy concerns.

I could not agree more.

@epiphany, @Helvetosaur, @decibelguitars, @kbk, @rjpontefract

The ability to disable anonymous usage statistics from Rhinoceros > Preferences > General is now in the latest RhinoWIP (5C41w). This RhinoWIP should not do any IP address lookup either; again, our apologies for this mistake. Please give this RhinoWIP a try (there are other bug fixes as well - and perhaps new bugs!) and make sure things are working as expected with regard to analytics and privacy.

Thanks again for your patience,
-Dan

Here’s an intersting project coming out (and beta-testing btw), it’s called FigLeaf. They’re creating a dashboard that will allow users to choose which information sites may see. Also they write a lot of good articles about security and privacy on their blog, on this page for example.