This project collects usage data and sends it to Microsoft to help improve our products and services. Read Microsoft's privacy statement to learn more.
For more information on telemetry implementation see the developer guide.
It would be nice if we could all agree on a global environment variable to opt-out of all telemetry so we wouldn't have to keep track of the thousands of places to turn it off.
I assume that's a joke :) I agree that Do Not Track and anything that looks like that RFC are useless, but they assume bad actors and includes software that doesn't run on the users machine. What I'm talking about assumes good actors and code running only on the users machine. MS and others already have ways to disable the telemetry, usually, so they want to play nice. With open source software, it's easy enough to check the code is looking at the environment variable and doing the right thing with it. Closed software still shouldn't be trusted, nothing will fix that.
HA! And yet 'Do Not Track' was proposed in 2009 and actually put into practice. Guess they didn't get the joke either :)
What I'm proposing isn't either of those things though. It doesn't rely on just promises of other people. I can see the code I'm compiling and running on my machine and, as long as I don't let anyone else modify it arbitrarily, I can be sure it's doing what the code said. Yes, mistakes happen and sneaky code happens but, for a vendor that actually wants to play nice, too many mistakes or even a single attempt at sneaky code will ruin their reputation.
And, again, I know this won't fix closed source code or malware.
If it was opt-in, all the people who didn’t care either way wouldn’t bother to opt in, because—even if you have ideals suggesting it’d be better if they knew who used what features—satisfying that ideal isn’t worth the effort of finding and checking a box. (See also: the organ donor registry.)
Making something like this opt-in is equivalent to not having it at all. Not just because of how little pick-up there would be on the telemetry, but also because the type of people who would opt in are a skewed sample not representative of the larger user-base they wish to learn about. It’s like the bias introduced by doing an opinion poll by asking people to do a one-hour opinion poll over the phone: you filter out the average person who doesn’t have time to do a one-hour poll, and get responses only from people with too much time on their hands (= unemployed; teenagers pretending to be adults; old people who just want attention; etc.)
"Mass surveillance doesn't yield useful results unless you monitor everybody!"
You're missing the point here. I don't care about the quality of Microsoft's metrics. I care about the privacy of my data.
The results of your arbitrary one hour opinion poll don't mean anything to me. You wanted that data. It doesn't benefit me, as much as you want me to think it does. Infact, if I had the choice between not taking the poll and not having you call me in the first place guess which one I'm gonna pick.
> You're missing the point here. I don't care about the quality of Microsoft's metrics. I care about the privacy of my data.
And Microsoft only cares about the privacy of your data inasmuch as it has to, it DOES care about the quality of its metrics.
> The results of your arbitrary one hour opinion poll don't mean anything to me. You wanted that data. It doesn't benefit me, as much as you want me to think it does. Infact, if I had the choice between not taking the poll and not having you call me in the first place guess which one I'm gonna pick.
Sounds like you want to have your cake and eat it to. There's already global means to opt-out of telemetry data: don't use products that have it. Alternatively you can take the couple of minutes to turn it off yourself.
Seems you think you're entitled to this, which is fine, but that entitlement should be brought to the attention of your government.
My point was that the only useful options are “an opt-out telemetry system” and “no telemetry system.” An opt-in telemetry system is wasted effort from the point of view of gathering results with statistical power.
And no, the people who want opt-out would not generally opt in in an opt-in system. That'd be their preference, yes, but you’re underestimating people’s laziness in practice. There are things I’d grant telemetry access to, but I don’t know how and don’t have time in the day to learn how, especially since it grants very little advantage to me personally.
People keep acting like telemetry is my problem as the end-user. I don't care about your development practices. I don't care about your telemetry. All I care about is if the software works, and my privacy is protected. The problems with getting telemetry data are your problem. The burden should not be on us to have to turn off all this data-gathering to protect my data.
EDIT: The proverbial "you", not you in particular.
> I don't care about your telemetry. All I care about is if the software works
Newsflash: The latter requires the former, especially in large-userbase installations with tons of features.
I say this as a huge defender of privacy: Telemetry is not evil in and of itself and I wish people would give it a rest when it comes to yelling about opt-in telemetry, because it seriously harms the cause in cases where it matters, such as actual transmission of personal data.
Seriously, things like "Do you click the Edit menu a lot" is not useful data to anyone but the devs of the software, for development reasons.
> Newsflash: The latter requires the former, especially in large-userbase installations with tons of features.
The vast majority of computing history argues for exactly the opposite.
In fact, with it's new "all in on telemetry regardless of reputation damage" approach, MS's software often does not work. Clearly MS have taken a wrong approach, and seem completely unwilling to rethink it.
Sorry, but no. I've been using OSS for a few decades now, and often bugfixes are pretty quick. As long as you're ok reporting bugs, and doing some legwork. ;)
You are not everyone; you are in fact the extreme minority. You're exactly the kind of person who should not have a problem unticking an opt-out box.
As I said, please please focus on privacy issues that matter. Trying to be snide about inconsequential telemetry is a waste of time and of public awareness.
You want to complain about Windows 10's privacy practices instead, go ahead, because that is a good example of abusing telemetry and not respecting the user. But sometimes, "telemetry" is just "anonymous UUID + software version sent every 7 days" and people still complain about that. Then those same people will go and complain about the software vendor dropping support for an old version when "users are still using it". Again, newsflash, that's stuff you know because of that tiny bit of telemetry.
I'd highly encourage people complaining about telemetry to do actual devops for a few weeks or something and understand how blind you are without instrumentation.
One does not prevent the other. Companies do talk to their customers but data talks far better and reveals insights that customers themselves don't have.
There's wrong ways to use telemetry, but overall they are positive, especially in large apps where gaining insights on tiny percentages of your userbase is both important and impractical. That does mean Windows, Android, Chrome, Firefox, etc.
It's the same in game dev. You might see through telemetry that 80 percent of your churn is right after one specific quest. Without telemetry, this might not be something you notice, because churn rarely ever talks and when they do they're not accurate.
> ... data talks far better and reveals insights that customers themselves don't have.
I can see how that would be the case for games. They're special purpose one-offs, and aren't tools for getting a job done.
For business applications though, the concept of "data talking far better" than actually talking to customers seems very wrong headed to me.
It's very common for business application users to follow processes that are effectively workarounds for missing or broken functionality in their tool set.
When they're able to communicate with the vendor and describe what they're actually needing to do, the tools can be changed to achieve the desired result properly.
I've never heard of telemetry being able to address "how the tool should be working" rather than sending a stream of data showing what a user did. Maybe good for support issues, but pretty useless for product planning and addressing actual user needs.
Maybe if we got something in exchange for the actual value of our data (say, Microsoft paid us per machine, per user, per hour used) then it would be worth it to opt-in.
> Maybe if we got something in exchange for the actual value of our data (say, Microsoft paid us per machine, per user, per hour used) then it would be worth it to opt-in.
You get something, better software because developers can know what is being used and what it is not, what feature is bugged, etc etc.
Or you get something worse because you happened to be one of the few users of a niche feature that they decided the axe because they optimize for the telemetry data.
> Making something like this opt-in is equivalent to not having it at all.
Microsoft were doing opt-in telemetry in Office, Visual Studio and the .NET framework for a long time, so it must have provided value for them. The installer used to politely ask you to consider opting in to help improve the product.
JetBrains products still follow this approach of respecting the customer and asking politely.
Software that actively nags you at every opportunity to opt in isn’t really “opt-in” per se.
There’s a third kind of system for polling preferences, which I’ll call “opt-forced” for lack of a better make: it’s where you are required at some point to decide whether to opt in or opt out, and neither option is the default. (Picture two radio buttons, neither selected, and you can’t proceed until you click one.)
Nagging opt-in is a lot closer to opt-forced—you’re required to either press “OK” or “Cancel” to the opt-in dialog box. Except, since it just keeps asking whenever you “opt out”, you haven’t really opted out at all. Thus, this dark pattern is actually closer to the “opt-out” side of the fence, in terms of the number of people who end up in the program even though they’d actively prefer not to be (but this preference is weaker than their preference to stop being nagged.)
It's sending back arbitrary data to someone else without explicit authorization. This data can contain anything including information about the running environment, the contents of files on the computer, other running programs.
It doesn't matter that it's Microsoft instead of an Estonian teenager doing it. You own your computer. You explicitly decide what data comes from it. NO EXCEPTIONS.
> It's sending back arbitrary data to someone else without explicit authorization.
You are giving very explicit authorization by agreeing to the EULA.
> You own your computer. You explicitly decide what data comes from it. NO EXCEPTIONS.
That's still true. And by installing a product and agreeing to a EULA which includes a section on telemetry you are doing just that. Thus, your options are "don't install the software" or "opt-out".
Yes they are as long as it's clear you are agreeing to something, which is why pop-up EULA's have an I agree button and obligate you to scroll to the bottom.
GDPR does not make collecting aggregate data unlawful, so unless you can prove that the data collection is identifiable then GDPR doesn't apply.
It's impossible to 'anonymize' telemetry data. It's meaningless since it can be 'de-anonymized' usually within a few queries. Claiming that it's 'anonymized' is just a marketing word used by tech companies.
Nope. Specht v. Netscape Communications Corp. dealt exactly with this sort of click through 'telemetry'. Doesn't matter if it's in a shrinkwrap license.
Eh, not quite so clear-cut. There were some big caveats in that decision "clicking on a download button does not show assent to license terms if those terms were not conspicuous and if it was not explicit to the consumer that clicking meant agreeing to the license" [0]
It doesn't appear to say clickwraps are non-binding, only that it has to be "conspicuous" and basically that a user knew they were agreeing to something. Unfortunately that too is open to interpretation. As with most things of this nature, if someone wants to sue, they can sue, and it's a resource fight in the courts.
The privacy issue can happen in two ways that I can think of:
1. Unclear boundaries of data.
How many points of data are being collected and sent 'home'? CPU performance? OK. Device name, pc username, usage duration, times the program is opened and closed. System account email address, IP address, hostnames contacted (i.e. websites visited), WiFi-based location, webcam stream for inference of end-user mood, microphone for emotion analytics?
These are all examples of telemetry that could be argued are 'needed' for purely for product improvement.
2. Even if only a couple of data points are collected, it is very possible to identify the real name of the end user through analytics of the data. This inferred information is very valuable, and definitely is then a privacy issue.
I hope the vast majority of developers and company execs don't intend to 'do evil' with this information, but unfortunately we have seen examples of this from public companies, despite auditing etc.
I just moved into my rented house and discovered the CCTV outside my front door, in public view, but also on my property, is actually monitored by the landlord, not me.
I just entered a new mall and discovered that they monitors how many people come in and out (and at what time) in order to ensure they have enough cashier.
- you = me
- software = mall
- monitoring basic metrics in order to improve the service = counting people in/out
This is completely OK, and somehow everybody likes that they increase the number of cashier during busy time. Just like the mall, you do not own the software, you juste have the right to enter/use it.
Those aren’t exclusive attributes, either colloquially or legally. As a renter you have a variety of rights (including to “quiet enjoyment” of the property) that prevent, for example, the legal owner from entering the premises without advance notice and a legitimate reason. Similarly, while exterior cameras aren’t explicitly illegal, interior cameras are. Don’t allow simplistic maxims to occlude your tenant rights.
Ok. Totalitarian regime - there’s more than a few already - fake the telemetry domain name certificates and snoop on all your activities. Coupled to other humint they can easily trace a profile of all your whereabouts, habits, projects and relations both online and IRL. Then one day you disappear.
That's a hell of a leap. One day you're contributing to open source and the next day you're dead because of telemetry? Give me a fucking break.
Oh, I forgot, OSS contributors are vital state resources targeted by foreign governments and drug gangs alike, and both of them have access to how you use open source Winforms. I get it, now.
(Sarcasm complete. My points here are that you aren't a target of any totalitarian regime, and that totalitarian regimes don't need telemetry to make you disappear.)
Sorry, I forgot I was on the internet. I should have said "usage telemetry." I forgot that being on the internet means that people can't really follow unless everything is spelled out precisely. It doesn't matter that the whole conversation was about usage telemetry, it needs to be specified.
Are you switching the conversation topic from open source software telemetry to mobile phone tracking? That's a whole other thing, and doesn't contribute to the in-progress discussion on open source software telemetry, nor does it prove me (or anyone else) wrong.
Agreed, but that's asking way too much apparently. With a global opt-out, it should be easy enough to shame the software not honoring it and they get to keep taking advantage of the people that just don't care without pissing off the ones that do.
It's already fucked. This could be checked much easier than looking for new flags every release and figuring out those do what they should. If they fuck it up too much, we'll know they're either malicious or incompetent, both are very good reasons to stop using their code.
They are both malicious and incompetent for sure. Firstly because collecting data is more important than customer preference and secondly because when the customer did make a preference or state a preference they screwed up and told the customer to fuck off respectively.
Now after 16 years of using .Net and building a lot of massive products this is the status quo of how I have been treated all along and it hasn’t changed one little bit other than the marketing so it’s time to get off the ride.
At this point I firmly believe that the “open source” drive here is part of a new market domination strategy rather than something for altruistic good. Fair enough but I don’t have any love left to give now. If you ship some stuff on every platform it looks like you are an attractive option and once you’ve bought in you can’t get off the crack smoking schizophrenic rollercoaster. I want off.
If we make the developer, the developer's manager, and the entire org chart from there up to the CEO personally and criminally liable for any leaks and improper use of data, there would be zero need to opt out as they could not then externalize the costs of their shitty practices.
Criminalizing bugs would be insane, and would drive up the cost to create software, and probably also drive down the quality (due to pushing us into a smaller ecosystem of proprietary code). It would definitely kill open-source, because who would be stupid enough to release a source-tree that could send them to jail.
That said, statutory civil penalties (fines per occurrence) for the effects of the bug in production _would_ fix the problem. Who is going to keep giant data-lakes around when they are the business equivalent of toxic waste? The developers are still able to write code, but they are incentivized to not collect extraneous user data.
Only in the context of data gathering. There is plenty of buggy software that doesn't result in my social security number, credit report, passwords, and chat history spread across the internet.
It's no different than requiring, e.g., farmers to limit how and when they apply fertilizer and pesticides so as to limit runoff and down stream pollution.
No it is different, because this a conversation about telemetry which is exactly none of your social, credit report or passwords. Suggesting that developers should be criminally liable for your usage statics getting released is borderline insane.
I generally figure there are enough people like you that they don't need my data as well, so I opt out, if nothing else to spare my computer a bit of resources
This project collects usage data and sends it to Microsoft to help improve our products and services. Read Microsoft's privacy statement to learn more.
For more information on telemetry implementation see the developer guide.
https://privacy.microsoft.com/en-US/privacystatement
https://github.com/Microsoft/microsoft-ui-xaml/blob/master/d...
Looks really easy to disable, but probably something some folks need to be aware of. Love the license and effort Microsoft put into this.