"Anonymous usage logs"

  • I've been curious about this for a while now. Whats included in "Anonymous usage logs"?I know it's data of some kind to help improve software product in some way, but what kind of information is actually included in the logs? What folder in the software does it reside in? When are the logs actually sent?

  • The only log files I could find (on Mac) were in:

    Mine were dated 2017-06-27, 2017-07-02, and 2017-07-19. That last one was created today when I opened the Assets app. CSP only generated a log file the first time I opened it, subsequent relaunches didn't create a log file. I was also watching the apps in my Activity Monitor, and CSP only sent/received packets that first time (presumably the license/update check). So the creation of the log file appears to be contingent on the app connecting to a server.

    I would assume its during that connection the Anonymous User Logs are sent (if you didn't select/check the "Don't send Anonymous User Logs" under the Maintenance Menu in the Assets app).

    Whether the log files I found are the Anonymous User Logs or not, though, I have no idea. But I did search it for anything individually identifying and didn't find anything, so it looks pretty anonymous to me.

    Also not sure where these might be on a Windows machine. I didn't have anything that said "CLIP_STUDIO" on it in my Windows C:\Logs folder.

  • @OffWorld Where could I find these settings in Windows?

  • @drawer
    If you mean where can you turn off sending logs, it's in the same place on both Mac and Windows - in the Clip Studio Assets app under the Gear drop-down menu --> Maintenance --> Do not send anonymous usage log.

    As for the actual log file? Absolutely no clue where it is on Windows, couldn't find it. I'm also not entirely certain the log file I found on Mac is the anonymous usage log either, but it seemed pretty anonymized.

    The actual app sending the logs appears to be "AggregateMdul" which is in:

    (Mac) /Applications/CLIPStudio 1.5 EN/Common/AggretageMdul.app
    (Win) /Programs/CELSYS/CLIPStudio 1.5 EN/Common/AggregateMdul/AggregateMdul.exe

    It appears to run and send/receive 5 or 6 packets the first time you launch a CLIP STUDIO app that day, or the first time after you've rebooted your computer. The name "Aggregate" suggests it bundles multiple files. Which files or what is in those packets, though, I have no idea.

    Selecting "Do not send anonymous usage log" DOES PREVENT AggregateMdul from running, but if you're really concerned about it simply block it in your firewall too.

    I realized the connection between the anonymous user logs and AggregateMdul when a Google search led me to a support thread on the Japanese Celsys website where a user kept getting errors that app had stopped working and were ultimately instructed to select "Do not send anonymous user logs" to get rid of the error (because it prevents that "helper" app from running).

    NOTES: You can't run any of the little "helper" apps directly, they have to be launched by one of the CLIP STUDIO apps or they just close (crash?) immediately. The other two helpers are CertMdul and InitMdul ("Certificate Module" and "Initialization Module" I'm guessing). CertMdul, also in the "Common" folder, appears to only be included with the Japanese apps. InitMdul is inside the Contents/MacOS/ of the .app on Mac and inside the app's /init folder on Windows. I think InitMdul is involved in license verification, and CertMdul is an SSL certificate verifier for purchases from the Japanese assets site, but I'm not certain.

  • @OffWorld I noticed whenever I launch clip studio while online, my "Resource Monitor" shows there is still network activity between my computer and a cloudfront.net. It shows bytes at around 157/sec (Sending)and 420/sec(receiving) the numbers begin to drop well before a minute is up though.I found that whenever I start clip studio (even when anonymous usage data is checked)their is still activity whenever i'm online and launch the app.The file that starts up is "initAnnc.exe" I have no idea what this one does.Seems suspicious though.

  • @OffWorld Thanks!

  • @stressballman - keep in mind the Clip Studio Assets and Clip Studio Paint apps also use network connections. The Assets app, even if you're not logged in, loads the assets website: https://assets.clip-studio.com/en-us/ and the Paint app automatically does a sync operation at start-up (and will re-download materials from the Assets site if necessary). If you checked the box to remember your login credentials it will automatically send them as well. It also checks to see if there are new materials available from their "cloud" and adds them to your Materials palette (they'd be the ones with little cloud icons in the upper corner, meaning you haven't downloaded them).

    On Windows they're all separate .EXE files, but on Mac the InitAnnc, InitExcl, and InitInfo "helper apps" are contained within the InitMdul app "Frameworks," so they're all just part of the initialization operations when you start the apps. I think one of them does the license verification, but I'm not sure which one.

    I don't think there's anything suspicious about them at all. The Celsys apps always "phone home" for, at the very least, license verification and update checks.

  • @OffWorld

    There needs to be a way to shut that off.
    (In the very least, to granularly disable most of it.)

  • @mechanaut - well you can select the "do not send logs" and it doesn't run the app the sends logs. You can uncheck the box in the Assets app so it doesn't remember your login and won't automatically log you in when you run it. You could try blocking the main apps and "helper apps" with your firewall. I know both the Assets app and Paint will still work if you block incoming connections. I'm not sure about outgoing ones, though, or how often they do (or need to do) license/activation verification, but Paint will run when I'm not even connected to a network.

    cloudfront.net would be Amazon's CloudFront edge servers, part of their Amazon Web Services (AWS), which Celsys appears to be using to host their assets files.

    Oh, and just to be clear, "received" packets aren't the same as an "incoming connection." For example, the Assets app, even with incoming connections blocked by my firewall, will still show received packets - because it's a browser and is still receiving web page data from the servers.

  • I questioned "Technical support" and "Clip Studio ask" on this matter as well.According to "Clip Studio Ask"a portion of the files in "Appdata/roaming/CELSYS/promenade/dbcache" are sent with "Usage log data" but those files are your "Saved works" when you save "work" in .clip/.lip form, just in another format.When you open these files most of it is encrypted sadly,nobody seems to know what is gathered from these files.And technical support refuses to divulge what type of information is being collected within these files. If only there was a way to decrypt these files...I guess we'll never know unless they decide to tell us...Checking "do not send anonymous usage data" should help clear all the worry.Actually, I think it's still possible during a version update that "Usage data" is still collected anyway, because during version update "do not send anonymous usage data" is temporarily disabled . I remember having to turn it back on at one point after an update. I believe it's possible that anything you wanted to be with held, would be sent during that time anyway.

  • If I had to guess (and that's all it could be)... I'd say it could be Tool & UI usage statistics, and perhaps connected hardware, and abridged crash reports.

    **But you never know. A few years ago, people found out that a keyboard driver on certain HP desktops was phoning home with statistical report of certain function key presses.

    HP investigated; they found that the programmer of the driver had wanted to know this stuff... and implemented into their official HP software.