1. 17

  2. 33

    Can we please stop normalizing spyware? I’m going to repost my comment from last time this bullshit was on this lobste.rs:

    This site is claiming to offer a “standard for opting out of telemetry”, but that is something we we already have: Unless I actively opt into telemetry, I have opted out. If I run your software and it reports on my behavior to you without my explicit consent, your software is spyware.

    1. 4

      A shame I can’t upvote this more than once. This madness needs to stop.

      1. 2

        I disagree. Telemetry, which is a feature which does not collect personally-identifiable information (or attempt to fingerprint) by definition, is not spyware.

        Moreover, I disagree that “actively opt[ing] into telemetry” is needed for software to report (again, by definition) non-PII usage information about itself, for the benefit of the software developers, and by extension the rest of the community. This biases the data and makes it much less useful, and because telemetry is non-PII by definition, there’s no harm to the user.

        Now, that’s on a philosophical level. On a practical level, telemetry from trustworthy actors (Mozilla, and open-source projects more generally) is usually trustworthy, while “telemetry” from non-trustworthy sources (e.g. Microsoft, Google) is often not merely telemetry and collects fingerprinting and/or PII information (which, again, is not “telemetry” to begin with) - and so, the only safe action to take is just to turn off every switch that you have.

        This “console do not track” proposal doesn’t work for either the good or bad actors. It fails for the good actors because, while I don’t want ads (which a good actor wouldn’t include in the first place), I do want telemetry and crash reporting, and most people want automatic updates. It fails for the bad actors because they won’t respect this switch anyway.

      2. 15

        Hell, there are major applications that can’t even do XDG Base Directories, cough cargo & rustup comes to mind immediately cough and we expect a consensus on something that clearly doesn’t align with the goals of some of these projects?

        I respect the hustle. I tried coming up with all sorts of potential solutions to the whole dotfile mess too, but then realized it was a mostly losing war. Best of luck if this guy can really get DO_NOT_TRACK going, but I’d argue by the time I’m opting out in such a fashion, shouldn’t I be OPTING IN in the first place?

        1. 15

          That guy was picking a whole lot of fights in those PRs.

          Also turns out he got banned from lobsters for trying to pick more dights:

          8 months ago by pushcx: Repeatedly trying to use Lobsters to whip up an online outrage mob against organizations they don’t care for.

          1. 1

            Talk about persistent…like tracking.

          2. 6

            Seems like a good idea. Call it a lack of imagination, but I don’t why any of the tech companies listed would bother implementing it.

            1. 6

              I don’t see why any tech company would want to implement this. The entire point of opt-out telemetry is to get the widest possible catch of information. Microsoft has already indicated they won’t expand to adopt this. Unfortunetly the fragmented opt out procedure is a feature, not a bug (to everyone but the privacy conscious).

            2. 4

              I feel what’s more valuable than the new environment variable proposal is learning all the ways to turn off telemetry in all the tools the author mentioned.

              1. 7

                If all of those variables are known, why not make a shim that will toggle them all based on the new environment variables?

                1. 2

                  This is a great idea. Like the community-sourced /etc/hosts directories, adblock lists, and the like, it has an actual chance of remaining “in play” as long as there are folks who care about the topic.

                2. 2

                  I believe figuring out if what you’re using is going to include telemetry and how to turn it off your self is the most sustainable way to move forward.

                  I’ve gotten “used to” Microsoft’s .NET Telemetry so I know to add the flag before I even download it. When you first install .NET Core it will spit out how to opt out, but i’m assuming this is after they’ve already phoned home to say someone has installed.

                3. 3

                  I get that the end result is the same, but I really don’t get how people have the same animosity to crash reports as to, like, usage and location tracking. I understand there are similar risks, but surely from a purpose basis there’s something to be said about “making it easier to have systems crash less”, right?

                  Of course I feel like OSes have mostly solved this with the crash report submit dialogs (don’t really know how that stuff works, though… maybe Sentry needs to build a mechanism that hooks into that so that it’s more explicit).

                  1. 1

                    Looks like no libs are using it.

                    1. 1

                      I didn’t know about any of the things in the opening paragraph, and they’re all going in my profile when I get home. Is there a more exhaustive list somewhere?

                      Stories with similar links:

                      1. Console Do Not Track authored by sneak 1 year ago | 71 points | 74 comments