[mindslight]

> We all have telemetry is our cars, yet nobody is making any fuss about it

This is like saying nobody cared about mass surveillance before Snowden. The problem is apparent, but the realization isn't evenly distributed.

The only difference between this Lua server and other Software Augmented with Additional Surveillance (SaaS) is your trust. You apparently trust them to not sell the data trove to a surveillance company (or to a VC who eventually will), but I see no reason to. Heck, I've been answering no to popcon for over a decade now, even though Debian is outstandingly trustworthy.

Even Backblaze, a company whose core product is securely storing your data, just recently suffered from an in house attack - apparently their security team didn't foresee the need to protect against javascript injection by their own marketing stooges. When data is there for the taking, most people cannot restrain themselves - the problem is endemic. The only solution is to assure the privacy of data, through means such as Free software, E2E encryption, and not collecting it in the first place.