[md8z]

"Ahh, yes, Ubuntu and KDE = Linux."

In this case, yes. Ubuntu and KDE are two major players in desktop Linux. There really is not anything stopping Linux vendors from using telemetry, and in fact I'd expect them to use more of it in the event their products get more popular.

"Debian's popcount, for instance, is opt-in - Windows' are mostly (if not all) opt-out."

This is a minor detail and I don't think it actually matters. If a company actually needs that data and is not getting it from that telemetry then they're getting it from somewhere else. For example Canonical builds products on Debian and doesn't use popcon, they use other data collection mechanisms, which are detailed in the privacy policy I posted.

"Ubuntu and KDE send their data to organizations that I trust"

This has nothing to do with the implementation. Plus, Microsoft's dedicated customers do trust Microsoft to similar degree, so this is not going to be convincing to them. You need a better selling point.

"Ubuntu and KDE's telemetry remain off when I turn it off - Windows' does not."

That sounds to me like a bug or glitch that someone should fix. Ubuntu or KDE could also manifest such bugs, I guess we're just lucky they haven't.

"I don't know what data Windows or Ubuntu collect"

It's possible to change that. You can just read the Ubuntu privacy policy that I posted. Windows also has a similar privacy policy, you should do a search for it if you're interested.

"trying to falsely equivocate Windows and Linux telemetry is FUD"

Actually I have not done this, I mentioned they're different, and I explicitly explained how you shouldn't be afraid, uncertain or doubting anything. In a lot of cases (including some you mentioned) telemetry is not actually bad, and Windows users may feel that it's not bad for them either. I can give you more details if you need them. Please just don't misuse the phrase "FUD" like this.

[hdjjhhvvhga]

It is clear that we have completely different perspectives. What is a "minor detail" for you is a decisive factor for me. I happily enable the Popularity Contest in Debian because they ask and because I trust them. I deliberately block all possible telemetry on Windows because they don't ask and because I don't trust them.

You know what is a crucial difference? I can take my Linux box and inspect all packets coming in and out and understand what they are for (it will take a long time on a modern system, but it's doable). And if I don't like something, I can block it and be sure (compromised systems aside) it will block everything I ask it to. With Windows... not only I can't be sure what all these packets are for, but I can't even be sure the built-in firewall and the related API will successfully block all packets communicating with Microsoft servers (same with Apple tbf). This is something that doesn't bother 99% of desktop users. But it does bother a certain kind of people who don't like being treated like that. We're different, that's all.

[md8z]

I wasn't talking about my perspective or your perspective though, this would be the perspective of the majority of Ubuntu users and Windows users. (Disclosure: I don't use either of them, I use Debian and I don't have popcon installed)

I'm not sure what you mean you can't sniff packets coming from a Windows machine, Wireshark should just work there as it does on Linux.

[hdjjhhvvhga]

I'm not talking about being able to sniff packets but being able to to (1) understand what they are used for, (2) block them all on the same machine reliably, that is, including all communication to/from MS servers. In other words, being able to control the system I own or not.

[md8z]

Well there are a number of ways to set up a firewall, I think you can install from a number of them, and it's also trivial to use a raspberry pi for that. Can you mention which packets you're having trouble understanding? I may not be able to answer, but someone skilled with Windows probably could.

[fouric]

> In this case, yes.

No, not in this case. It does not matter that Ubuntu and KDE are the two biggest desktop Linux vendors, because (1) their telemetry (and, more generally, spying) are in a different league from Windows', and (2) users are capable of choosing to use another distro - a luxury you don't get with Windows.

> This is a minor detail and I don't think it actually matters.

For almost everyone, except possibly you, this is a huge point. Opt-out and opt-in anything are completely different, both in a conceptual sense, and in an actual privacy sense. On a conceptual level, opt-out vs. opt-in defines the normal behavior or expectation for a thing - Microsoft wants you to believe that it's normal for lots of your (potentially-)private data to go to them. On a practical level, many users aren't aware of (or change) the settings, so opt-out vs. opt-in significantly changes the number of people who actually receive telemetry.

Here's a thought experiment to help you understand how important opt-in vs. opt-out is to most people - how many unhappy people are there that organ donation is opt-in - or opt-out? What if you made college opt-out - and got billed for the first semester even if you didn't attend unless you cancelled? What if social security payments were opt-in, or legal rights as an adult, or protection by civil or criminal law?

> This has nothing to do with the implementation.

Red herring - we're not concerned with just the implementation, we're concerned with Microsoft's behavior as a whole, and whether telemetry as a whole is different between Windows and Linux - the answer to which is a resounding "yes", because the exact same data going to Microsoft is far more likely to be exploited (not for the user's benefit) commercially than data going to the KDE foundation. So, sure, it's not related to the implementation - and that's irrelevant.

> That sounds to me like a bug or glitch that someone should fix. Ubuntu or KDE could also manifest such bugs, I guess we're just lucky they haven't.

This issue has been around for years and noticed by thousands of people on the internet, so if it's not intentional, then it's gross negligence, signifying a complete lack of concern for user privacy...that is not shared by Ubuntu or KDE. But, given Microsoft's past history of user abuse, compared with KDE's non-existence history (and Ubuntu's questionable status), it's rather more likely that it's intentional.

> It's possible to change that. You can just read the Ubuntu privacy policy that I posted. Windows also has a similar privacy policy, you should do a search for it if you're interested.

A snide and absolutely useless reply. My point, which you conveniently missed, was that I don't understand what Ubuntu or Microsoft collect because their privacy policies are obtuse, not because I haven't read them.

If you were actually concerned about seeing what data was collected, you would have read the Ubuntu policy and then seen that it does not make clear what data is collected. For instance, on that page, there's a sentence: "Canonical may collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, referring site, and the date and time of each visitor request." ...that doesn't enumerate the complete list of "non-personally-identifying information" collected...and all of that applies a hundred times more to Microsoft and Windows, with Canonical being exceptional in being this bad for Linux distros.

I also noticed that you didn't include a link to the Microsoft telemetry privacy policy. Perhaps that's because you weren't actually able to locate it yourself, just like I wasn't? For instance, let's search for "Windows Telemetry Policy" on DDG[1] - none of the first-page results are what we want. Meanwhile, "KDE telemetry policy" returns the document you linked and one on their telemetry philosophy on the first page. (I couldn't find anything on the Ubuntu telemetry)

Meanwhile, if you were to actually go and read the generic Microsoft privacy policy[3], you would see that it is so vague as to not allow you to understand what is actually being collected - like I said.

> Actually I have not done this, I mentioned they're different, and I explicitly explained how you shouldn't be afraid, uncertain or doubting anything.

Except you didn't - you made vague false equivalences meant to try to portray Linux telemetry as being similar to Microsoft telemetry (even though you couldn't actually provide the technical details to back it up), meant to instill fear, uncertainty, and doubt in Linux by trying to associate Microsoft's brand of "telemetry" with them. You also didn't explain away any worries about Microsoft's telemetry itself.

[1] https://duckduckgo.com/?q=windows+telemetry+policy [2] https://duckduckgo.com/?q=kde+telemetry+policy [3] https://privacy.microsoft.com/en-us/privacystatement

[md8z]

"their telemetry (and, more generally, spying) are in a different league from Windows', and (2) users are capable of choosing to use another distro"

I just find this to be not convincing, sorry. It doesn't matter that it's in a different league, they're always going to be different because the requirements are different. And it doesn't really matter that users can switch to a different distro either, what seems to be happening is that the more popular the distro gets with Windows users, the more telemetry it seems to gain. Saying "you can just switch" is more of the same reason why Linux is not popular to begin with. People don't want to keep switching to a new distro every 6 months to evade crapware because some vendor went rogue. So they just suck it up and deal with it all up front from Microsoft.

"For almost everyone, except possibly you, this is a huge point."

Please avoid making these assumptions, see my other comment. This is not about me because I don't use Ubuntu, this would be specifically about those Ubuntu users.

"Opt-out and opt-in anything are completely different, both in a conceptual sense, and in an actual privacy sense."

I get what you're saying but this is one of those things that just doesn't work when it's opt-in. Using one of your examples, social security is another thing that would not work if it was opt-in.

"we're concerned with Microsoft's behavior as a whole"

I don't see why this matters. Microsoft is a huge company, you can cherry pick examples of bad things and good things they do to try to prove a point, just like with the Linux community. In fact the whole point of open source seems to be that companies can commercially exploit the source code without paying. I get what you're saying about the KDE Foundation but that's just it: you've made a value judgement based on their privacy policy, other users can do the same thing about Microsoft and come to the same conclusions, and in fact millions (billions?) of them already do.

"This issue has been around for years and noticed by thousands of people on the internet"

So have many other bugs unfortunately. I just haven't seen any reason to suggest that this one is intentional versus any other bug, what you've made is a guess. If you have some hard data I'd love to see it.

"A snide and absolutely useless reply. My point, which you conveniently missed, was that I don't understand what Ubuntu or Microsoft collect because their privacy policies are obtuse, not because I haven't read them."

Please stop assuming bad faith, this is not helpful. If you're having trouble understanding it then let's go through it together and we can try to clarify. It should be easy enough for us if we put our heads together, those policies are written for laypeople.

"'Canonical may collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, referring site, and the date and time of each visitor request.' ...that doesn't enumerate the complete list of "non-personally-identifying information" collected.."

So that would be whatever your web browser transmits, not strictly under the control of Canonical. I suspect that's why they can't say more there.

"and all of that applies a hundred times more to Microsoft and Windows"

If you could mention some things you're confused about then we could work through it. Just let me know, thanks.

"I also noticed that you didn't include a link to the Microsoft telemetry privacy policy."

Well no I figured you could find it because it's pretty prominent when you install Microsoft software or use any of their services. Most companies won't have a "telemetry policy" and I have no idea where you go that term, it always ends up in the privacy policy. And you did post the right link to that privacy statement, that's what I would have posted.

"it is so vague as to not allow you to understand what is actually being collected"

Again please mention what is vague, I'm really not sure what you're referring to, it could be a number of things.

"you made vague false equivalences meant to try to portray Linux telemetry as being similar to Microsoft telemetry (even though you couldn't actually provide the technical details to back it up), meant to instill fear, uncertainty, and doubt in Linux by trying to associate Microsoft's brand of 'telemetry' with them"

I've done none of that and I explained why, my whole reason for posting here is to try to clarify the differences and clear up any fear or uncertainty. Please avoid taking this kind of combative attitude and assuming bad faith, we won't have a productive discussion. I don't really know how to put this any clearer. I am a Linux user trying to explain what is happening with Linux. I don't use any Microsoft products and I don't really care for them. If you're looking to accuse me of disparaging Linux to make it look bad then you're barking up the wrong tree, IMO what really makes Linux look bad is the constant infighting among its community members. I wish people would stop that.

[hdjjhhvvhga]

> I get what you're saying but this is one of those things that just doesn't work when it's opt-in.

So be it. We have had many operating systems without telemetry at all. If this is the will of users, they should respect it. Instead, you get two buttons: (1) give us everything, (2) give us the things we care about most. There is no third option "give us nothing" so people are downloading third party packages from various sources just to block that, possibly breaking parts of their system. And then MS changes things so it becomes an even worse mess. This is the very definition of being user-hostile - just because they can.

[md8z]

What is missing here is that no other method to collect feedback and product analytics has been proposed. It is impossible to make decisions at a company the size of Microsoft without that type of information. All the larger companies are doing it for this reason. Opt-out telemetry is the easiest and cheapest way to get it. Most Linux desktops don't have to deal with the problem because they aren't that big, and the operating systems that didn't have it at all were built for a different era. You're framing this as something being about the will of the users or being "user-hostile" vs not, but that's honestly not important here, this is a very real technical problem. Overwhelmingly it seems that Windows users (and some Linux users, definitely Android users if you count those as "Linux") are fine with the current state of things.

In some places it seems that people did care, for example the GDPR is a step in the right direction, but there seems to be about zero political will to do anything like that in the United States. And even that doesn't really change the state of telemetry in Windows that much.