If it was opt-in, all the people who didn’t care either way wouldn’t bother to opt in, because—even if you have ideals suggesting it’d be better if they knew who used what features—satisfying that ideal isn’t worth the effort of finding and checking a box. (See also: the organ donor registry.)
Making something like this opt-in is equivalent to not having it at all. Not just because of how little pick-up there would be on the telemetry, but also because the type of people who would opt in are a skewed sample not representative of the larger user-base they wish to learn about. It’s like the bias introduced by doing an opinion poll by asking people to do a one-hour opinion poll over the phone: you filter out the average person who doesn’t have time to do a one-hour poll, and get responses only from people with too much time on their hands (= unemployed; teenagers pretending to be adults; old people who just want attention; etc.)
"Mass surveillance doesn't yield useful results unless you monitor everybody!"
You're missing the point here. I don't care about the quality of Microsoft's metrics. I care about the privacy of my data.
The results of your arbitrary one hour opinion poll don't mean anything to me. You wanted that data. It doesn't benefit me, as much as you want me to think it does. Infact, if I had the choice between not taking the poll and not having you call me in the first place guess which one I'm gonna pick.
> You're missing the point here. I don't care about the quality of Microsoft's metrics. I care about the privacy of my data.
And Microsoft only cares about the privacy of your data inasmuch as it has to, it DOES care about the quality of its metrics.
> The results of your arbitrary one hour opinion poll don't mean anything to me. You wanted that data. It doesn't benefit me, as much as you want me to think it does. Infact, if I had the choice between not taking the poll and not having you call me in the first place guess which one I'm gonna pick.
Sounds like you want to have your cake and eat it to. There's already global means to opt-out of telemetry data: don't use products that have it. Alternatively you can take the couple of minutes to turn it off yourself.
Seems you think you're entitled to this, which is fine, but that entitlement should be brought to the attention of your government.
My point was that the only useful options are “an opt-out telemetry system” and “no telemetry system.” An opt-in telemetry system is wasted effort from the point of view of gathering results with statistical power.
And no, the people who want opt-out would not generally opt in in an opt-in system. That'd be their preference, yes, but you’re underestimating people’s laziness in practice. There are things I’d grant telemetry access to, but I don’t know how and don’t have time in the day to learn how, especially since it grants very little advantage to me personally.
People keep acting like telemetry is my problem as the end-user. I don't care about your development practices. I don't care about your telemetry. All I care about is if the software works, and my privacy is protected. The problems with getting telemetry data are your problem. The burden should not be on us to have to turn off all this data-gathering to protect my data.
EDIT: The proverbial "you", not you in particular.
> I don't care about your telemetry. All I care about is if the software works
Newsflash: The latter requires the former, especially in large-userbase installations with tons of features.
I say this as a huge defender of privacy: Telemetry is not evil in and of itself and I wish people would give it a rest when it comes to yelling about opt-in telemetry, because it seriously harms the cause in cases where it matters, such as actual transmission of personal data.
Seriously, things like "Do you click the Edit menu a lot" is not useful data to anyone but the devs of the software, for development reasons.
> Newsflash: The latter requires the former, especially in large-userbase installations with tons of features.
The vast majority of computing history argues for exactly the opposite.
In fact, with it's new "all in on telemetry regardless of reputation damage" approach, MS's software often does not work. Clearly MS have taken a wrong approach, and seem completely unwilling to rethink it.
Sorry, but no. I've been using OSS for a few decades now, and often bugfixes are pretty quick. As long as you're ok reporting bugs, and doing some legwork. ;)
You are not everyone; you are in fact the extreme minority. You're exactly the kind of person who should not have a problem unticking an opt-out box.
As I said, please please focus on privacy issues that matter. Trying to be snide about inconsequential telemetry is a waste of time and of public awareness.
You want to complain about Windows 10's privacy practices instead, go ahead, because that is a good example of abusing telemetry and not respecting the user. But sometimes, "telemetry" is just "anonymous UUID + software version sent every 7 days" and people still complain about that. Then those same people will go and complain about the software vendor dropping support for an old version when "users are still using it". Again, newsflash, that's stuff you know because of that tiny bit of telemetry.
I'd highly encourage people complaining about telemetry to do actual devops for a few weeks or something and understand how blind you are without instrumentation.
One does not prevent the other. Companies do talk to their customers but data talks far better and reveals insights that customers themselves don't have.
There's wrong ways to use telemetry, but overall they are positive, especially in large apps where gaining insights on tiny percentages of your userbase is both important and impractical. That does mean Windows, Android, Chrome, Firefox, etc.
It's the same in game dev. You might see through telemetry that 80 percent of your churn is right after one specific quest. Without telemetry, this might not be something you notice, because churn rarely ever talks and when they do they're not accurate.
> ... data talks far better and reveals insights that customers themselves don't have.
I can see how that would be the case for games. They're special purpose one-offs, and aren't tools for getting a job done.
For business applications though, the concept of "data talking far better" than actually talking to customers seems very wrong headed to me.
It's very common for business application users to follow processes that are effectively workarounds for missing or broken functionality in their tool set.
When they're able to communicate with the vendor and describe what they're actually needing to do, the tools can be changed to achieve the desired result properly.
I've never heard of telemetry being able to address "how the tool should be working" rather than sending a stream of data showing what a user did. Maybe good for support issues, but pretty useless for product planning and addressing actual user needs.
Maybe if we got something in exchange for the actual value of our data (say, Microsoft paid us per machine, per user, per hour used) then it would be worth it to opt-in.
> Maybe if we got something in exchange for the actual value of our data (say, Microsoft paid us per machine, per user, per hour used) then it would be worth it to opt-in.
You get something, better software because developers can know what is being used and what it is not, what feature is bugged, etc etc.
Or you get something worse because you happened to be one of the few users of a niche feature that they decided the axe because they optimize for the telemetry data.
> Making something like this opt-in is equivalent to not having it at all.
Microsoft were doing opt-in telemetry in Office, Visual Studio and the .NET framework for a long time, so it must have provided value for them. The installer used to politely ask you to consider opting in to help improve the product.
JetBrains products still follow this approach of respecting the customer and asking politely.
Software that actively nags you at every opportunity to opt in isn’t really “opt-in” per se.
There’s a third kind of system for polling preferences, which I’ll call “opt-forced” for lack of a better make: it’s where you are required at some point to decide whether to opt in or opt out, and neither option is the default. (Picture two radio buttons, neither selected, and you can’t proceed until you click one.)
Nagging opt-in is a lot closer to opt-forced—you’re required to either press “OK” or “Cancel” to the opt-in dialog box. Except, since it just keeps asking whenever you “opt out”, you haven’t really opted out at all. Thus, this dark pattern is actually closer to the “opt-out” side of the fence, in terms of the number of people who end up in the program even though they’d actively prefer not to be (but this preference is weaker than their preference to stop being nagged.)
It's sending back arbitrary data to someone else without explicit authorization. This data can contain anything including information about the running environment, the contents of files on the computer, other running programs.
It doesn't matter that it's Microsoft instead of an Estonian teenager doing it. You own your computer. You explicitly decide what data comes from it. NO EXCEPTIONS.
> It's sending back arbitrary data to someone else without explicit authorization.
You are giving very explicit authorization by agreeing to the EULA.
> You own your computer. You explicitly decide what data comes from it. NO EXCEPTIONS.
That's still true. And by installing a product and agreeing to a EULA which includes a section on telemetry you are doing just that. Thus, your options are "don't install the software" or "opt-out".
Yes they are as long as it's clear you are agreeing to something, which is why pop-up EULA's have an I agree button and obligate you to scroll to the bottom.
GDPR does not make collecting aggregate data unlawful, so unless you can prove that the data collection is identifiable then GDPR doesn't apply.
It's impossible to 'anonymize' telemetry data. It's meaningless since it can be 'de-anonymized' usually within a few queries. Claiming that it's 'anonymized' is just a marketing word used by tech companies.
Nope. Specht v. Netscape Communications Corp. dealt exactly with this sort of click through 'telemetry'. Doesn't matter if it's in a shrinkwrap license.
Eh, not quite so clear-cut. There were some big caveats in that decision "clicking on a download button does not show assent to license terms if those terms were not conspicuous and if it was not explicit to the consumer that clicking meant agreeing to the license" [0]
It doesn't appear to say clickwraps are non-binding, only that it has to be "conspicuous" and basically that a user knew they were agreeing to something. Unfortunately that too is open to interpretation. As with most things of this nature, if someone wants to sue, they can sue, and it's a resource fight in the courts.
The privacy issue can happen in two ways that I can think of:
1. Unclear boundaries of data.
How many points of data are being collected and sent 'home'? CPU performance? OK. Device name, pc username, usage duration, times the program is opened and closed. System account email address, IP address, hostnames contacted (i.e. websites visited), WiFi-based location, webcam stream for inference of end-user mood, microphone for emotion analytics?
These are all examples of telemetry that could be argued are 'needed' for purely for product improvement.
2. Even if only a couple of data points are collected, it is very possible to identify the real name of the end user through analytics of the data. This inferred information is very valuable, and definitely is then a privacy issue.
I hope the vast majority of developers and company execs don't intend to 'do evil' with this information, but unfortunately we have seen examples of this from public companies, despite auditing etc.
I just moved into my rented house and discovered the CCTV outside my front door, in public view, but also on my property, is actually monitored by the landlord, not me.
I just entered a new mall and discovered that they monitors how many people come in and out (and at what time) in order to ensure they have enough cashier.
- you = me
- software = mall
- monitoring basic metrics in order to improve the service = counting people in/out
This is completely OK, and somehow everybody likes that they increase the number of cashier during busy time. Just like the mall, you do not own the software, you juste have the right to enter/use it.
Those aren’t exclusive attributes, either colloquially or legally. As a renter you have a variety of rights (including to “quiet enjoyment” of the property) that prevent, for example, the legal owner from entering the premises without advance notice and a legitimate reason. Similarly, while exterior cameras aren’t explicitly illegal, interior cameras are. Don’t allow simplistic maxims to occlude your tenant rights.
Ok. Totalitarian regime - there’s more than a few already - fake the telemetry domain name certificates and snoop on all your activities. Coupled to other humint they can easily trace a profile of all your whereabouts, habits, projects and relations both online and IRL. Then one day you disappear.
That's a hell of a leap. One day you're contributing to open source and the next day you're dead because of telemetry? Give me a fucking break.
Oh, I forgot, OSS contributors are vital state resources targeted by foreign governments and drug gangs alike, and both of them have access to how you use open source Winforms. I get it, now.
(Sarcasm complete. My points here are that you aren't a target of any totalitarian regime, and that totalitarian regimes don't need telemetry to make you disappear.)
Sorry, I forgot I was on the internet. I should have said "usage telemetry." I forgot that being on the internet means that people can't really follow unless everything is spelled out precisely. It doesn't matter that the whole conversation was about usage telemetry, it needs to be specified.
Are you switching the conversation topic from open source software telemetry to mobile phone tracking? That's a whole other thing, and doesn't contribute to the in-progress discussion on open source software telemetry, nor does it prove me (or anyone else) wrong.
Agreed, but that's asking way too much apparently. With a global opt-out, it should be easy enough to shame the software not honoring it and they get to keep taking advantage of the people that just don't care without pissing off the ones that do.
