| > As I understand it, they are collecting data about the operation of the cars. You're missing the part where it's not inherently linked to your PII without your consent (for example during a troubleshooting session). > Since you are claiming I have opinions that I do not have, I clearly have done a terrible job explaining what my opinion is. /eyeroll. I said I was playing. Okay. I understand what you're saying. Removing all other noise, you just don't want data collected and Tesla hasn't done anything to earn your trust. My response is simply that I think this is a blanket assessment that comes from an uninformed position about how Tesla's product actually works vs other car manufacturers vs tech companies in general, and that you're unfairly lumping Tesla in with #abusivebigtech. There's a lot of security research and evidence that supports the conclusion that Tesla does give a shit about both the security of their platform and the privacy of their users. In the absence of evidence suggesting Tesla abuses user trust, I do not presume guilt because that's a pretty harmful MO. Since your argument is essentially "but they're big tech", I can't help drawing the conclusion that your position on this topic boils down to that of a HN curmudgeon. --- Anyway... car manufacturers aside, I'm also really struggling to understand what your proposed solution is where service providers don't have any data about users. (Let's not even get into in-product functionality like needing to uniquely key a user's account or send them communications.) Serious question: have you ever built a product? Not having any data whatsoever is great (I've tried it, trust me I used to think very much like you do)... for about 30 seconds until one of your users has a problem. They write in and oh shit now you've got their email. Let's sweep that under the rug for a second, you read their request for support and what do you do? You have absolutely no way to help them so your response is limited to "we don't collect software telemetry in any way sorry frustrated user, you're SOL". That's generally understood to be a wholly unacceptable response from a company the user is paying for a working product, so what privacy conscious companies with good product experiences do is [ask the user if they can] collect anonymous diagnostic and usage information. This gets you a little further, but you still can't do anything to help that user who wrote in because you can't find their telemetry since it's all totally anonymous. So you realize the lesser of two evils is to collect anonymized telemetry. This data doesn't contain the user's PII, but if the user consents, they can share the necessary identifier with the company when they submit the support request, and voila you can investigate and solve the user's issue, leaving the user happy. The point is that you can't just unilaterally obliterate all data collection and remote connections and end up in a perfect world. You have to have a conversation with users about what data is collected and whether it's okay for it to be collected. I think this idea that the "good" state for software products is zero data and anything more than that is abusive is in fact harmful. It's harmful to product user experiences and it's harmful to protocols and standards when they weirdly hyper focus on specifying things in ways where access to unique identifiers is either nonexistent or controlled (rather than just designing for user permission). It gives incredible power to central authorities when you tell everyone they can't know anything about anyone, unless they're a blessed platform. Anyway I'm rambling at this point, but I'm really just curious how your vision for software actually works in practice. I don't see it without some radical shift where everyone refers to each other by the mnemonic version of their public keys or something incredibly foreign. |
No, I'm not missing that. It's just not a significant point to me, in large part because I think that the definition of "PII" is too narrow. For instance, I consider the identity of the specific car I drive as being PII.
> you just don't want data collected and Tesla hasn't done anything to earn your trust.
Yes, exactly. And that's not a special stance about Tesla. It's my stance with most companies.
> I think this is a blanket assessment that comes from an uninformed position about how Tesla's product actually works
I'm sure that's true. But, honestly, I have no motivation to spend the time and energy to inform myself about how Tesla handles this stuff. To do so in any meaningful way is a moderate research project that I'd have to have some real reason to engage in. I don't think it's unreasonable to follow a larger heuristic until there's some reason to pay attention to a particular product or company.
> I can't help drawing the conclusion that your position on this topic boils down to that of a HN curmudgeon.
Draw whatever conclusion you wish. I haven't arrived at my attitude arbitrarily or through some sort of "big tech bad" mentality. It's due to years of actual experience.
> Serious question: have you ever built a product?
Not that it matters, but yes, many. Several rather successful ones. The odds are reasonable that you're even using one or two of them.
> You have absolutely no way to help them so your response is limited to "we don't collect software telemetry in any way sorry frustrated user, you're SOL".
This just isn't true at all. I've never had to say anything like that. Blanket telemetry is not necessary to help customers with malfunctions -- if it were, then all the software that I (and everyone else) sold and supported before telemetry was even possible would have been impossible to support.
That said, I have occasionally gathered telemetry as part of the support process. But it's on a case-by-case basis with the full cooperation of the customer, not a blanket thing the I subject all customers to.
And, to be clear, I'm not opposed to telemetry in general. I'm opposed to forcing it on people, or engaging in it without their informed consent.
> I think this idea that the "good" state for software products is zero data and anything more than that is abusive is in fact harmful.
My position is certainly not that all data collection is abusive. My position is that our industry has been widely abusive in terms of data collection.