If you want to discuss this in more depth I'll be happy to elaborate
and give you ethical guidance, but presently that's probably just
adding to the noise.
YVW. I'll have a think about some other sources, especially plain
speaking non-academic takes on the ethics that help developers see the
issues. For now this one is a good general overview [0].
The big one with telemetry, is unintended side effects due to
correlation and deanonymisation - which is actually dead hard to
anticipate - very easy to get wrong like rolling your own cryptography
:)
The other, around consent and defaults, is that even if your telemetry
is perfectly anonymous, benign and beneficial to the end user, you may
trigger a security alert and over-zealous investigation and
reporting. This can have a massive impact on your reputation, as
happened to Audacity. It's really not worth taking the risk.