The default telemetry is:
- (still) not sent until we notify you that it's opt-out
- moved (this year) from Google Analytics to our InfluxDB instance (destroying all existing GA data)
- only kept for 365 days
- contains no PII
- no longer even attempts to identify individual users
- necessary to be opt-in in order for us to be able to effectively run the project
Imagine if you entered a party that had a big sign that says you consent to be groped by entering the venue.
"But we notified you!"
Consent does not work that way.
It keeps being pointed out that this is a nonprofit run by volunteers - this simply underscores your utter lack of a legitimate business use case for spying on your users.
The only reason people insist on opt-out (ie nonconsensual) telemetry is because they know they don't actually have consent and their ingest data would drop like a rock if they had to, you know, check with their users for consent before uploading their usage. It's the old "she never said stop!" dodge.
Rather than ad hominem, perhaps you could address the fundamental consent issue?
It doesn't matter how you store the data obtained without consent.
What you are doing is fundamentally unethical, and you only get away with it because most of your users are unaware that you are doing it.
I post about it because your users deserve to know what you are silently using their computer to do each time they install a package. You have fooled them (and yourself) with this distraction about a "notice".