IMHO the spyware angle was overblown. they added telemetry to the dev builds. the real thing I took issue with was adding a CLA after the fact

So the stuff available on ubuntu/arch don't have spyware? I never heard about these changes, I did know some company bought it but didn't think much about it at the time as I don't use it a lot, but when I need it, it's quite handy

I haven't kept up with what happened since the original controversy, but at the time it was about telemetry in dev builds (i.e. building from the repo) only. In any case it doesn't have spyware unless you think firefox and various other programs are also spyware.

I'll never understand peoples' obsession with equating telemetry with spyware. As an application developer, I need to know that my application is working appropriately for my users. It's not sufficient to rely on manual bug reports. If someone doesn't like that, then that's perfectly fine in my opinion. Just don't use the product. To accuse an application developer of spying on users is a bit much imo.

Why should a user ignore when a developer has the means to spy? Telemetry is used as a false metric for a lot of bad decisions that make sense for the numbers but don't improve the product itself.

Even A/B testing could be considered an ethical hazard because it disrupts the user's understanding of the software for the sole purpose of decisions that, frankly, devs should have made before telemetry.

Users should be able to trust that their software won't be blabbing over the network about what you're doing. In an age where privacy is attacked from all angles, it's the least a developer could do.

I’m not advocating that users ignore the possibility of spying. All software has the potential to spy on you. But that does not mean you can publicly accuse a developer who wants to add telemetry of spying.

> Users should be able to trust that their software won't be blabbing over the network about what you're doing.

Says who? That’s just your opinion. My opinion is that if an exception happens in my software that makes it harder for me to use, the developer should be aware of the issue and fix it so that the software works correctly in the future. There isn’t anything wrong with your opinion, but there is something wrong of accusing the developer of some type of impropriety just because they want to use telemetry.

Says responsible developers. Good software doesn't need to phone home or report to the dev that they clicked widget X instead of Y.

Telemetry is what happens when lazy or complacent devs move forward in their software but decide to be 'data driven'.

What's wrong with accusing someone of having the ability to spy of maybe spying? The point with technology and humans is, if the ability is there, it's not 'if' it will be abused; it's when.

Software that doesn't phone home or have telemetry never has to worry about that moral hazard. User data doesn't belong to developers, and that includes behavioral data.

“Says responsible developers”. That’s called rationalizing friend.

This conversation can go nowhere because you believe you’re right and others are wrong. You really should accept that you have a specific preference and other people have other preferences. It’s not a question of right or wrong.

I disagree, I consider it a matter of ethics when I'm deciding whether or not to add telemetry to a piece of software. Passing it off as a preference is equating them, when the software with telemetry is less trustworthy and has a broader attack surface due to network connectivity. Maybe doing all that is worth treating your users like a science project, but it's not just a preference to me.

There is too much behind-the-scenes telemetry, analytics, and other intel-gathering happening on websites and in software. The gains are held solely by developers who either cannot figure out how to build their software, or whose management is so incompetent that there's no real connection to the users of the software, so making meaningful and helpful change to the software is less accessible.

I strongly hold that the practice creates less durable software that also primes a user to expect their software to study their behavior and change accordingly. That is supremely creepy, and users deserve better treatment than that. It's our job as developers to respect the resources our software is using on the user's machine, and for them to be 100% informed of anything they may be sharing over the wire.

Maybe that viewpoint isn't in line with VC-backed startups or enterprise, but I also don't expect them to act ethically wrt software, either... Analytics and telemetry created the data brokerage industry. Programmers are responsible for allowing that behemoth to invade and shape lives.

> As an application developer, I need to know that my application is working appropriately for my users.

You don't need telemetry for that. We have several decades of data showing that software can be developed, tested, deployed, used, and valued without ever forcibly collecting a single bit of data from users.

Why on earth should a user trust that their data isn't being used to spy on them just because it's being collecting under the guise of being for something else? Once the data is collected, the user has no control over what a company will do with it and the only sane assumption users can make these days is that if a company can make more money by doing something (like selling or abusing the personal data of their users) they will do that thing.

The practice of collecting telemetry is also highly suspicious because it's often done without the user's consent (opt out at best), and without showing the user exactly what data is collected and sent.

The fact is that companies have betrayed the public's trust so many times, and in such egregious ways, that it's unreasonable for developers to expect people to "just trust them" to do the right thing. If you don't want to be accused to spying, maybe just don't behave like spyware. Do testing, solicit voluntary feedback, and eat your own dog food.

Again, it’s just your preference. No one is forcing you to use such software. It’s not the moral issue you’re framing it as.

We also don’t have “decades of data”. Almost all large scale software systems leverage some form of telemetry/monitoring. Would you run a factory without quality control on the process? A more interesting question to me is which large software systems don’t use telemetry? Linux maybe?

The first computer program was written in the 1840s. FORTRAN was released in the 1950s. I promise that we had many many decades of amazing software that didn't phone home to spy on users. Most software had no telemetry at all until well after the internet became mainstream.

When many people connected to the internet via dial up, phoning home (even just to check for updates) could get your software branded as spyware. The idea that a software company would be collecting data on what dates/times you were online, what your IP address was, and when/how often you used the software you purchased was offensive. Adware (and nagware) were tradeoffs users knowingly made, but data collection was a sin.

As the internet got popular enough more and more programs started spying on users and there were efforts to come up with clear guidelines for what was/wasn't acceptable, for example: https://www.grc.com/oo/cbc.htm Today most programs collecting telemetry would fail by that standard.

Just because "everybody does it" today that doesn't make it right. Most computer users have no understanding of what the software they run is doing, very little idea of the risks/harms involved with giving up their personal data, and no idea that there was ever a time when things were any different.

It's still not any of your business when your users run their software. Which features they use more often or what tasks they use their software for are also none of your business. You might find that information useful to have, but that doesn't make it yours to take without asking.

This isn't just "my preference" either. When users are respected enough to be asked if they want to be tracked, the vast majority of them care and won't opt in (https://iapp.org/news/a/research-shows-25-opt-in-rates-for-a...).

You don't need telemetry. If you want it because it lets you be lazier, request permission before collecting anything and make sure users know exactly what is being collected before asking them to opt in. Just having or pointing users to a privacy policy is not enough. Don't collect anything more than you absolutely have to and delete the data quickly once you have it so that it can't be leaked/sold later. Anything less than that is disrespectful and deceptive.

In your opinion, where is the line between spyware and telemetry exactly?