[odyslam]

That's a bit unfair. In the docs we are being very upfront that you can opt-out of anonymous telemetry: https://learn.netdata.cloud/docs/get

we use the data we gather in order to make smarter product decisions. We want to invest resources where it matters, so we need to know how our users use the product.

We are also very detailed on what we gather: https://learn.netdata.cloud/docs/agent/netdata-security

Lastly, we just changed our analytics engine, from google-analytics to a self-hosted posthog, which is an open-source product analytics platform

[edoceo]

how about on install you prompt to opt-IN to this "feature"?

posthog or not, your target market is more sensitive to this telemetry crap than GP.

[odyslam]

I hear you, we know that our audience is sensitive to their privacy. We are all are.

Here are a couple of thoughts that have guided us. Thank you for engaging in this conversation and for caring enough.

1) This data is crucial for us. We need as much as we can get and it's highly specialized to Netdata. (e.g a sudden increase in crashes will prompt our team to see recent changes) 2) The more friction we add (opt-in), the less people will do it (because people choose the easier route, always) and thus we will have less data to work with. 3) People who care enough, as you said, about their privacy, can *very* easily disable the anonymous statistics, by both adding a flag to the install script or doing a small config change afterwards. I feel that we are communicating in many different places that we take anonymous data, so most of our users should be informed. 4) It's a fairly standard industry tactic and I don't believe that other solutions are not doing. Of course this is not an excuse for anything, just noting that we are not an outlier.

Thanks again for engaging. Feedback is great for us, it makes us both happy (because someone cares enough) and better.

[sneak]

I tried this argument already:

https://github.com/netdata/netdata/issues/7366

[sneak]

The telemetry isn't anonymous: it includes the client IP; the method you use to transmit the data cannot work anonymously.

Additionally, what's actually unfair is that you proceed with this spying without the consent of the user. Being upfront about it is not obtaining consent: it's just informing the user you're about to violate their (lack of) consent.

You must obtain consent from the user first, before transmitting their information. Otherwise, your software is spyware. (Disclosing that you're going to spy on the user doesn't make you not-spyware.)

> we use the data we gather in order to make smarter product decisions.

Yes, you transmit the private data of the user for the express purpose of enriching yourself.

Opt-out is unethical: you must obtain opt-in consent first. The data you are transmitting does not belong to you.

[andrewm4894]

Disclaimer - i work for Netdata Cloud.

We actually mask the ip address (https://github.com/netdata/dashboard/blob/master/src/domains...) so it's not even sent - we just send "127.0.0.1" as the IP into our self hosted PostHog. Likewise with any URL, referrer type event properties that could leak a hostname to us - we don't want that data at all so explicitly mask it before even capturing it in our telemetry system.

Previously, when using a fairly standard Google Analytics implementation, we could not really have this level of control all that easily.

So the hope is that with PostHog we can do better here while still enabling some really useful product telemetry to help us understand how to make the product better over time and try catch bugs and issues quicker too.

Oh and we have removed Google Tag Manager (GTM) from the agent dashboard too so that that's no longer around as a possibility for loading other third party tags too.

You can read more here: https://github.com/netdata/netdata/blob/master/docs/anonymou...

p.s. PostHog is really cool - check it out: https://posthog.com/docs#philosophy, https://github.com/PostHog/posthog

[sneak]

Your claim is false; the IP address cannot be "masked" the way you describe. The spy telemetry transmits the IP as the L3 source on each and every packet.

[andrewm4894]

I literally shared a link to the part of the code that shows we don't capture and record the ip address in our telemetry. You are being quite disingenuous calling things "spyware".

I do appreciate the opt-in vs opt-out argument and I think on balance if opt-out helps us make this free product better over time and help our users then, so long as there is a clear route for people to opt-out, it's worth it and crucially important.

But this is indeed more like an opinion that individuals might differ on in terms of the pros and cons.

I personally love sending telemetry especially to help make the products I love better :) feels like im giving something back. But that is just my own opinion.

[yunohn]

Dude, seriously?

You choose to willfully install Netdata. You have to read the docs where the opt-out telemetry is clearly explained, before you can self-host it too. If you care, you can disable it.

I honestly don’t understand HN. Multiple commenters deriding a free open-source project for having basic telemetry to understand feature usage.

[sneak]

I feel like you are willfully misunderstanding: netdata transmitting the data without consent is unethical: it's not their data to send.

I did not choose to willfully install Netdata - I don't use it because it is unethical spyware.

Telling someone "if you stay where you are, I am going to do $THING_REQUIRING_CONSENT to you in 20 minutes" is not obtaining consent if the person doesn't, say, leave the building. Being in the hospital is not a blanket consent to anything the doctor wants to do, for example.

To transmit a user's private data (their usage) to the app vendor is unethical unless the user has specifically indicated that they want that to happen. If they haven't (and simply installing the software is not that), transmitting it anyway is, at best insanely rude, and at worst actively malicious (like, for example, how Netlify's CLI used to transmit "I opt out of telemetry" events, before I got them to stop).

Calling nonconsensual spyware "basic telemetry" is a euphemism.

[yunohn]

>> Being in the hospital is not a blanket consent to anything the doctor wants to do

No, in this case, you willfully signed up for a surgery and decided to skip reading the T&C.

>> user has specifically indicated that they want that to happen

You did this by installing the software without opting-out.

You sound entitled and spoiled. And by incessantly accusing netdata of being spyware, it feels like you are not willing to have a constructive discussion.

[ex_amazon_sde]

As odyslam wrote, opt-out is unethical.