One which might be cause for concern is LogInvalidInputPasted() specifically because pastedExpression is included in the Telemetry Event.
I also have questions on LogConversionResult(). Why is that recording NetworkAccessBehavior or the raw conversion values? Wouldn't knowing the FromUnit/ToUnit be enough to know how much something is being used?
I presume that LogConversionResult() logs the result of a currency conversion that has already accessed Micrisoft's API. So why does Microsoft need to know the results of my calculations? The function in question isn't GetCurrencyRate().
Why have all the single-use constant strings instead of using the corresponding literals in-place? It’s additional lines of code and doesn't help readability/maintainability (there's already one unused const - EVENT_NAME_HIDE_IF_SHOWN). Additionally, the code mixes string literals with constants:
But then it doesn't use constants where it might make sense, when a string is used more than once. e.g. the literal string "WindowId" is used a dozen times.
Separately, I question whether anyone looking at the telemetry on the backend. In my experience, developers add this stuff because they think it will be useful, then it never or rarely gets looked at. A telemetry event here, a telemetry event there, pretty soon you're talking real bandwidth.
Well it must include your IP address too, and they know the time and date is was received. And then it gets bundled with the rest of the data they collected.
I don't even want them knowing when I'm using my computer.
Because it is a simple calculator. Now think about what they might be collecting from the rest of the system.
All the concerning privacy issues with Facebook or any other company should be seen rigorously by its users. Telemetry at OS Level is one of the worst offending practices IMO.
If we're expected to trust the party spying on us to reveal exactly the extent to which they spy on us via their proprietary, closed-source spying data viewer tool, then we deserve exactly whatever the fuck it is we end up getting.
If they cheated on the documentation matching the binary to try and sneak in more telemetry, the backlash would be phenomenal.
I don't know if Twitter could handle that kind of load =]
It's always good to trust but verify, although here the the safeguard is pretty strong.
It doesn't always have to be explicitly intentional as you described, but the simple fact is that they are incentivized to gather this data and they will not, in fact, suffer major repercussions commensurate with the amount of data that is collected/gathered. Look at all of the penalties that have been levied at all the other data breaches and how negatively affected those business were. [1]
‘’’In a brightly lit but still somehow nefarious meeting room two devs discuss their latest findings:
Dev1: “These users searching for ‘transfer bank savings’ also have a 15% chance of pasting these long invalid numbers into the calculator. Look at all of them.”
Dev2: “Odd those look like bank accounts numbers...”
Dev3: “I think we may have an early retirement opportunity...” ‘’’
You raise valid issue, but that issue has nothing to do with the telemetry itself, but with the brokeness of US banking system. Essentially everywhere else the bank account number is simply an public address that you can use to send money there and nothing else.
One which might be cause for concern is LogInvalidInputPasted() specifically because pastedExpression is included in the Telemetry Event.
I also have questions on LogConversionResult(). Why is that recording NetworkAccessBehavior or the raw conversion values? Wouldn't knowing the FromUnit/ToUnit be enough to know how much something is being used?