Ehcache Java library’s UpdateChecker == spyware

I just took a peek at recent Grails development, and noticed they added code to disable a “phone home” feature in Ehcache. Strange, I thought, why would this be necessary?

Apparently Ehcache includes an automatic update check that is also effectively a phone home. Terracotta software conveniently collects some extra information (such as your IP address) when Ehcache phones home. The information they collect is benign. But, seriously? A library phoning home, by default?

Who decided it would be a good idea to add this feature to a popular Java library? It’s a transparent attempt at gathering usage statistics.  As a participant in a professional FLOSS project, I can fully identify with the need for knowing who is using your software. But automatically, secretly phoning home is not the way to do it!

Terracotta, will you turn this feature off by default in the next Ehcache release?

I see this issue has come up in forums:

Other tidbits: