[Jenk]

> My pet gripe is all of the seemingly local (open source) tools that phone home with opt-out metrics, not mentioned in the "getting started" and take some obscure flag to disable and it's just that little bit more complex to do when running the defacto (containerised) build.

Exhibit A: DotNet! https://learn.microsoft.com/en-us/dotnet/core/tools/telemetr...

[alias_neo]

Ouch, this is particularly egregious:

"...To opt out, set the DOTNET_CLI_TELEMETRY_OPTOUT environment variable before you install the .NET SDK"

[FearNotDaniel]

Just to be clear: that is to opt out of the single telemetry message sent by the installer itself on successful install, not to opt out of .NET telemetry in general. You can do that at any time post install by setting the env var, no need to remove and reinstall the entire SDK just to turn off telemetry.

[alias_neo]

I still consider this fairly egregious in that if you've already installed it (but not used it) before finding this out; a bunch of details has already been reported about your environment. Does opting it before install also keep you opted out of all telemetry or does that have to be done separately?

If a new starter did this on a company machine, boom, misconduct on their first day; though I hope the network/operations team have already put a block in place for that.

That is an extreme example, but it's kind of annoying you have to look this up, and make sure you didn't typo the flag for every piece of software you use/test.

[jaywalk]

That flag opts out of all telemetry.

[ilyt]

It not being opt-in is the problem

[yamtaddle]

If it's not opt-in, the software's spyware, pure and simple, and ought to be lumped in with other malware that should be rejected, shamed, and marginalized until/unless that behavior changes.

I'm sticking to our much-better norms for this shit from c. 2000, damnit! It really is crazy how fast and completely that changed.

[matheusmoreira]

No idea why you're being downvoted. The only difference between telemetry and spyware is there's a "legitimate company" with "legitimate interests" behind it.

[ilyt]

Well, it's not as simple. Telemetry can be something as benign as sending error report when app crashed (which generally is useful if it doesn't leak other data and leads to better app), or as intrusive as tracking every click.

The context is also important, beta test of a game's entire point is to get that data to improve the product.

[pseudonymcoward]

That's only for the telemetry that happens during the install process (if I've read the link correctly). Seems quite reasonable as long as we accept them sending telemetry during install. ("A single telemetry entry is also sent by the .NET SDK installer when a successful installation happens")

For telemetry during actual use, you can set that flag any time, and a message is shown on first use to inform you about it.

So seems relatively reasonable to me.

[simplotek]

> That's only for the telemetry that happens during the install process (if I've read the link correctly).

Wrong. That's for the dotnet cli tool to phone home each and every time you run a command.

https://learn.microsoft.com/en-us/dotnet/core/tools/telemetr...

Microsoft even provides a page which showcases summaries of some of the metrics they collect from you if you don't disable this feature. These metrics even include MAC addresses.

https://dotnet.microsoft.com/en-us/platform/telemetry

> Seems quite reasonable as long as we accept them sending telemetry during install.

There is nothing reasonable about this. You should not be required to have tribal knowledge on how to use arcane tricks prior to running an application just to avoid being spied upon. It's a dark pattern, and one that conveys a motivation to spy upon unsuspecting users whether they approve it or not.

[sleepyfran]

But they do mention that you can disable it at anytime, only that for the telemetry that is sent with the installer you have to set the flag beforehand (obviously):

> The .NET SDK telemetry feature is enabled by default. To opt out of the telemetry feature, set the DOTNET_CLI_TELEMETRY_OPTOUT environment variable to 1 or true.

> A single telemetry entry is also sent by the .NET SDK installer when a successful installation happens. To opt out, set the DOTNET_CLI_TELEMETRY_OPTOUT environment variable before you install the .NET SDK.

[jve]

> These metrics even include MAC addresses.

MAC address SHA256 hashes, to be precise.

[account42]

MAC addresses are only 48-bit and sparsely allocated (i.e. the first half indentifies the vendor). I wouldn't be surprised if the hashes for all normal hardware (i.e. with known vendors) can be easily brute forced.

[jve]

Well, dotnet DOES mention it in getting started (first run):

   Telemetry
   ---------
   The .NET tools collect usage data in order to help us improve your experience. The data is collected by Microsoft and shared with the community. You can opt-out of telemetry by setting the DOTNET_CLI_TELEMETRY_OPTOUT environment variable to '1' or 'true' using your favorite shell.

  Read more about .NET CLI Tools telemetry: https://aka.ms/dotnet-cli-telemetry

https://learn.microsoft.com/en-us/dotnet/core/tools/telemetr...

HN crowd associate telemetry with privacy or cancer and the T word gives shrugs... but it is not always the case.

> Protecting your privacy is important to us. If you suspect the telemetry is collecting sensitive data or the data is being insecurely or inappropriately handled, file an issue in the dotnet/sdk repository or send an email to dotnet@microsoft.com for investigation.

[Jenk]

It sends telemetry as part of the installation, too. It is implementing a deliberately dark pattern as well. It should be an option presented right at the installer screen, _and_ should be default to opt-out.

[adalacelove]

>_and_ should be default to opt-out.

Here I don't agree. It should be certainly be visible, so you can make an informed decision whether or not to use it. But it's a sad fact of human nature how little we are willing to contribute back even when people give us something for free, even if just a click away (not to mention paying a small amount, filling a bug report...)

[matheusmoreira]

The "HN crowd" is right. We don't want these corporations exfiltrating any information about us. We don't really care what it is or what they're going to use it for. We want them to have exactly zero bits of information about us. Their attempts to collect data without our consent demonstrates a complete lack of respect for us and our wishes.