[mschuster91]

> Do your due diligence on whatever you install. No tool should be exempt from that.

That's a ridiculous take. 99% of users don't understand what all that technobabble in a typical EULA means, they will just go for the option they are nudged to (which is why first the courts and now enforcement agencies are stepping up their game against that practice [1]).

The way that the GDPR expects stuff to be handled is by getting explicit user consent, the consent must be a reasonably free choice (i.e. deals like "give me your personal data and the app is free, otherwise pay" are banned), and there must not be any exchange of GDPR-protected data without that consent unless technically required to perform the service the user demands. Clearly, a telemetry opt-out is completely against the spirit of the GDPR and I seriously hope for Microsoft to get flattened by the courts for the bullshit they have been pulling for way too long now.

What I would actually expect of Microsoft is to follow the Apple way: have one single central place, ideally at setup and later in the System Preferences, where tracking, analytics and other optional crap can be disabled system-wide.

[1] https://www.hiddemann.de/allgemein/lg-rostock-bejaht-unterla...

[brushfoot]

> That's a ridiculous take

Then it befits a ridiculous state of affairs. It would be great to have the standards you suggest, and it's a shame that we don't. But that doesn't change the fact that we don't, and because we don't, we need to do due diligence on the tools we install.

[jodrellblank]

The GDPR applies to personal data. PowerShell telemetry isn't personal data, so it's not covered by the GDPR. What is reported is documented here:

https://docs.microsoft.com/en-us/powershell/module/microsoft...

and is "anonymized information about the host running PowerShell, and information about how PowerShell is used". It sucks that it has telemetry, but anonymised information about whether a computer ran 10 .exe or 10 cmdlets pales into insignificance against Windows and Edge and OneDrive slurping up names, addresses, files, moving logins to Microsoft accounts, sending browser history to Microsoft, checking downloads with Microsoft, keeping a history of all programs run in Windows for timeline and trying to send that to Microsoft to sync it between devices, moving OneNote to the cloud, having the start menu search be a Bing web search, defaulting to Cortana being a cloud based voice search, sending pen and ink data to Microsoft, and etc. etc.

[mschuster91]

Even the fact that a particular piece of software is used by a specific IP address is enough PII that it's covered under GDPR by most viewpoints. The fact that Microsoft is collecting even more data doesn't excuse telemetry in PowerShell at all.

I would simply wish for no telemetry to happen at all without user consent. If Microsoft wants information about how people use their software or how stable it is and not enough people opt in, they should fucking pay people money for market research and QA.

[jodrellblank]

> "Even the fact that a particular piece of software is used by a specific IP address is enough PII that it's covered under GDPR by most viewpoints."

I draw your attention to the link I posted, and the purple background call out box with the exclamation mark icon and the heading "Note" which says: "Application Insights uses the hosts IP address to determine the geographic location. The IP address is never included in the telemetry data or stored in the database."

> "I would simply wish for no telemetry to happen at all without user consent."

I would, too. So did someone on Github: https://github.com/PowerShell/PowerShell/issues/15722 "Change telemetry from opt-out to opt-in" where Microsoft said "we felt that by making telemetry opt-in it would bias and limit our telemetry in a way that would make less useful to our users."

[mschuster91]

> The IP address is never included in the telemetry data or stored in the database.

It nevertheless is transferred to the origin server (otherwise, how would TCP work), and that is enough for it to be considered under GDPR!

> we felt that by making telemetry opt-in it would bias and limit our telemetry in a way that would make less useful to our users

Well, that still doesn't override the GDPR. The GDPR is law, precisely in the spirit to prevent un-consented tracking!

[ElectricalUnion]

> What I would actually expect of Microsoft is to follow the Apple way: have one single central place, ideally at setup and later in the System Preferences, where tracking, analytics and other optional crap can be disabled system-wide.

This is still GDPR non-compliant, you should have a central place to _opt-in_ tracking, analytics and other optional crap if you so desire.

[mschuster91]

So what? You can opt-in to tracking in the macOS System Preferences, pane "security and data protection", tab "Privacy" at any time you wish should you not have done so during the macOS onboarding process.

In Debian, you can opt-in at setup time or any later time with a simple "dpkg-reconfigure popularity-contest" (even though that one isn't fully GDPR-compliant as you can't easily read what exactly is being done from the same screen).

[ElectricalUnion]

> So what? You can opt-in to tracking in the macOS System Preferences, pane "security and data protection", tab "Privacy" at any time you wish should you not have done so during the macOS onboarding process.

You cannot opt-in. You can go to `System Preferences > Security & Privacy > Analytics & Improvements` and opt-out, but the default is not opt-in.