[hsod]

Yes, the reaction is appropriate. You seem to agree that this is malicious action, so your position is kind of hazy.

> People have been whipped up into a frenzy for data that a webapp wouldn't blink twice at collecting. But when it's installed locally it's somehow different than if we load a webapp in a browser?

Well, yes. But it's even worse than that. This code was submarined into an unrelated open source tool and sent the data to a company with which the user had no relationship whatsoever. That's a little different from Google keeping track of how often I log into GMail, isn't it?

Even the README you linked to (probably not seen by many users) seems intentionally misleading, as it is careful not to state to whom the metrics are sent, leaving the reader with the impression that they are being sent to the project maintainer and not to Kite, Inc.

[sillysaurus3]

Even the README you linked to (probably not seen by many users) seems intentionally misleading, as it is careful not to state to whom the metrics are sent, leaving the reader with the impression that they are being sent to the project maintainer and not to Kite, Inc.

This is an important point, and it's one I overlooked. I've never used SideBarEnhancement. I assumed users knew it was related to Kite. If `urlopen('http://52.52.168.91/status', json_body)` is the only indication where the data is sent, then that's unacceptably vague.

I suppose it's best for Sublime to force plugins to be opt-in for data collection, but as someone who wishes devtools were better, it's unfortunate a few groups with terrible PR skills are ruining it for everyone. It didn't need to turn out this way. They just needed to be open about what they were doing. They weren't even collecting anything to warrant being sneaky.

[hsod]

> I've never used SideBarEnhancement. I assumed users knew it was related to Kite.

Considering how many posts you've made in this thread defending Kite, this seems like a major gap in your understanding. A simple ctrl-F of both the Github README and the PackageControl page show no mention of Kite.

[sillysaurus3]

True, though all the code was doing was collecting a list of installed packages and a list of file extensions you've edited. Judging by the reactions here, you'd think they were uploading your entire ~/ directory.

I'm curious how Kite got the telemetry into that extension if it's unaffiliated. https://github.com/titoBouzout seems like a fairly standard github account, though it's strange he had no commits for six months until this incident.

[eropple]

They paid him, I do believe (saw this asserted by folks who'd know and saw no contesting it).

[hsod]

> True, though all the code was doing was collecting a list of installed packages and a list of file extensions you've edited. Judging by the reactions here, you'd think they were uploading your entire ~/ directory.

OK, so you acknowledge that this was an unacceptable privacy breach, you're just a little less upset about it than some other people here. Damning with faint praise, I guess.

> I'm curious how Kite got the telemetry into that extension if it's unaffiliated.

They probably paid him.

[sillysaurus3]

It's not a privacy breach to collect the file extensions you've edited bucketed by time. (Collecting the list of installed packages is debatable.) The unacceptable breach of trust was that they tried to hide the fact that they were doing it. It was incredibly stupid to hide it, since few people would've cared if they were just honest. Now they're in the same category as paid spyware marketers.

I'd rather look like a fool and get to the truth than stay silent and let a story go half told. At least people are clear about what precisely was being collected.

[eropple]

FWIW I think that's cool and gracious of you. People don't mea culpa often.