[Oddskar]

It's honestly weird to see "Telemetry" labeled as "Spyware" by a technical people that, quite frankly, should know better.

Spyware is NOT the same as gathering Telemetry data.

You can also just turn off Telemetry in VSCode in the settings.

I think a vast majority of people on HN gather data on customer usage of the products that they build. Because it ultimately makes us able to tailor the products better for our customers. It's just ignorant to put this in the same category as applications that slurp up as much data as they can for e.g. ad-profiles or to sell that data off to the highest bidder.

[TeMPOraL]

> It's honestly weird to see "Telemetry" labeled as "Spyware" by a technical people that, quite frankly, should know better.

It's precisely because it's technical people who know better that you see "telemetry" labeled as "spyware", which it is, and it's how we called it back in the 1990s/2000s.

The only reason people these days call spyware "telemetry", is because it got normalized by large companies, and is now defended by devs who figure it's better to ship spyware to people than to give a damn and talk with users.

[indymike]

> Spyware is NOT the same as gathering Telemetry data.

Telemetry and spyware differ only in the way collected data is used.

[Oddskar]

I would say the intent very much dictates the what and how of Telemetry as well. There's a huge difference between gathering data on feature usage of VSC vs e.g. slurping up the code from its users.

A lot of software lets you opt-out from Telemetry gathering when you install it. I would not think Spyware would do this.

And I feel like saying it's "only in the way collected data is used" really makes a small thing out of something that is very important. There's a very big difference in doing something maliciously and doing it to genuinely try to make your software better!

[michaelmrose]

Actually there are of course different levels of bad like in any other area of human endeavor. Many criminals who would happily break your car window to steal your laptop wouldn't kill you to sell your Kidneys.

Lots of spyware that wants to remain on one side of a less dramatic divide simply provides "options" for example in the installer that are opt in and vaguely defined that no sane individual fully understanding his options would opt for.

Such software isn't usually cryptolocking your family pictures instead its frequently grossly violating your privacy and selling your time and attention to third parties who in turn may opt to use this bought and paid for back door into your computer to waste your time or cryptolock your family pictures.

Here's a clue. If you have to make a feature opt out because nobody on earth would opt in given time and expertise sufficient to understand your offer then you are victimizing your user. I cannot think of a case where any data collection being anything other than opt in would be acceptable.

[cromka]

> Telemetry and spyware differ only in the way collected data is used.

No, they first and foremost differ in the kind of data is collected. Spying is not spying if you anonymously collect information about how frequently a feature/future/option is used only.

[ptx]

What if you repeatedly fail to anonymize the information and also collect user-entered data like command line arguments?

https://github.com/dotnet/sdk/issues/6145

[cromka]

Well, you make my point. What you linked to is definitely not telemetry.

[ptx]

So is your point that what Microsoft is doing is in fact spyware and not technically "telemetry", since what I linked to is what they are actually doing? In that case, to avoid confusion, we should stop referring to it as telemetry.

[cromka]

Yes, agreed. In that example, that was spyware, but calling "telemetry" spyware by default is wrong.

[marcosdumay]

> What you linked to is definitely not telemetry.

So, the OP was correct in calling it just spyware?

Why do people jump into defending corporations that repeatedly abuse their customers when they do unknowable hidden actions?

[cromka]

We're not defending any company here, don't twist my words. I am saying "telemetry" is not spyware, if it actually serves its purpose. Companies abusing "telemetry" to extract more information than they should is a different story.

[sangnoir]

I disagree - they are correct because once collected, the data is fed into a blackbox, and a user has no way of knowing if the data collected is - by your definition - spyware or telemetry. The beat way to treat this Schrodinger's telemetry, is to assume it's spyware.

[CamperBob2]

Would it be OK if the NSA required it? No? Well, it's not OK for your OS vendor to require it, either.

And the illusion that it will always be possible to disable telemetry is just that, an illusion.

[kuschkufan]

What did you expect? Microsoft labeling their data collection actions as "spyware" themselves? "Spyware" is a term used by people who oppose data collection, they didn't ask for. "Telemetry" is an euphemism by the ones that build this data collection into their apps.

[Oddskar]

I expect professionals to be able to distinguish between the two instead of being suckered into some sort of hive-mind thinking of "all data gathering bad hurr durr".

I'm absolutely all for privacy and limiting unnecessary gathering of data. But there's nuances to this discussion and labeling everything that has any amount of telemetry as "Spyware" does not do anyone any good.

[anonymousab]

> some sort of hive-mind thinking of "all data gathering bad hurr durr"

Maybe it's not "hurr durr" and people have a legitimate reason to hold that opinion. To those people, any distinction between spyware and "good" telemetry is merely academic and effectively irrelevant.

[craftinator]

https://github.com/dotnet/sdk/issues/6145

My favorite part is when someone figures out "telemetry" includes the MAC address, and the dev team just goes completely silent.

[hulitu]

The MAC address is very important for developers. It tells them which GUI elements are accesed, what error messages are common and what features of the program are accessed.

[robbedpeter]

For some reason developers think they're magically exempt from judgement of their data harvesting. I don't want you monitoring my activity on my goddamn devices, however much you yammer on about having good intentions. The act itself is hostile, and that's why developers are so goddamn sneaky about it. You're invading privacy and creating metadata records that are trivially deanonymized.

There's an honest, non sneaky way of gathering usage information: pay for rigorous testing and price the cost into the product. Telemetry is lazy, invasive, and user hostile by default. Every bit of information acquired from users should be given with informed consent or not collected at all.

[Oddskar]

From what I've seen the invasive data harvesting often does not come from developers themselves, but is rather requested by product and BI wanting to get more insights into the customers.

It's hard to really stand up to that kind of situation.

[raxxorrax]

True, and how else should any developer know what food the user had yesterday?

[Oddskar]

You forgot a pretty relevant part:

Hashed MAC address: a cryptographically (SHA256) anonymous and unique ID for a machine.

Although I disagree that they should have this to begin with, it being anonymized is still a pretty important detail.

[craftinator]

The important part of them having the MAC address is that it IS a unique ID. If it wasn't a unique ID, then it wouldn't matter if they had it, because their purpose in taking it is to identify you. So whether it's hashed or not is completely irrelevant.

The fact that they are taking uniquely identifiable information from you, and the fact that their company is as deep in the Ad game as Google, is more than damning enough.

[hulitu]

Collecting data to "improve" programs and then not doing any improvement really look like spyware.

[raxxorrax]

It isn't professional to find fitting euphemisms. Either the user has control over the data collection or he doesn't.

"hurr durr" strawmen on the other hand...

[pid-1]

From my POV (user), how do I know if my data is being aggregated correctly and not being sold?

As a developer, how do you know the data you're collecting now won't be used maliciously in the future by your org?

[ziml77]

My issue with telemetry is it increases the chances of data leakage. I don't care if Microsoft gets data on what commands I'm selecting from the menus. What I do care about is that they record any free-form entries. Let's say they want to know everything I type in the command palette so they can figure out if they should add aliases for certain actions. That doesn't sound too bad until you consider the case where you tried to paste in what you were looking for, but forgot that you had something very personal in the clipboard. Once that happens, you just have to hope that the first person to see it is a good enough person to wipe all traces of that info out.

[raxxorrax]

If it is unwanted, it is spyware in any case. Have an option to disable it and you would have a case. Otherwise you do spy on the behavior of people.

We don't collect customer data, we ask for feedback directly.

[e0a74c]

> You can also just turn off Telemetry in VSCode in the settings.

Such a feature should be disabled by default.

[dvhh]

By the same standard, Apple telemetry should also be labelled as "spyware" yet nobody would bat an eyelid at Apple mentioning data of their telemetry reports.