Thanks for doing this. Looking over some of the actual call sites and there commentary was interesting.

For all the folks who say it's all totally innocuous (or even beneficial). Even if it is, I can tell you, I have no interest in my computer doing this while I'm using it.

I've always wondered what the performance impact is. Windows 10 feels so slow compared to Windows 7 and earlier that I'm constantly wondering how much of my life is being allocated to telemetry.

The impact is absolutely noticeable, just difficult to attribute.

Every time I rebuild my laptop it has these “mysterious” slowdown periods that force me to dig through the metrics to see what is the culprit.

About 80% of the time it’s telemetry.

The worst one is actually the Intel driver installer which has telemetry that is so far beyond obnoxious that it’s an embarrassment to every so-called “engineer” involved.

Shame.

Shame.

Not sure but it's a reasonable question. I'm willing to give MS the benefit of the doubt and guess that they have generally implemented it in as light a way as possible, but that said sometimes it probably causes dire performance problems to outright breakage. For me it's largely academic at this point, but it's another reason to be happy I moved my main workstation off Windows.

You're willing to give MS the benefit of the doubt? I remember the bad old days and they no longer have this luxury from me.

Understood and when I was being forced to deal with it more often, I was not feeling so magnanimous either.

Say what you will about Microsoft but they put a substantially more amount of comments in their code, as compared to say, GNOME Terminal.

What you are stating is incorrect.

Each of the calls you link to sets a boolean here: https://github.com/microsoft/terminal/blob/57c3953aca49f68ac...

It does not transmit what you copy, search for or when you clicked/resized/closed the window. It simply stores a true/false value saying "feature X was used". In some cases, like with find/replace, it also stores the average length of things you searched for. That is a common way for developers to get an idea if performance characteristics due to the longest common substring problem[1]

You are trying to spread misinformation here to make Microsoft look like a bad guy. There is nothing sinister going on here, it is just ordinary metric collection.

But don't take my word for it. Take for example the "we can see it log every time you resize a console window" statement. In the link it calls SetWindowSizeChanged()[2] which again calls SetUserInteractive()[3] and it just sets a boolean to true.

So there is no "log every time it resize a console window". It simply sets a variable to true, which presumably the Windows Terminal dev team use to see how many users use the console with interactive sessions.

[1] https://en.wikipedia.org/wiki/Longest_common_substring_probl...

[2] https://github.com/microsoft/terminal/blob/57c3953aca49f68ac...

[3] https://github.com/microsoft/terminal/blob/57c3953aca49f68ac...

Every group implements their own telemetry. Every group goes through the same “learning process” of making it asynchronous and correctly dealing with proxies, firewalls, etc…

Inevitably mistakes are made that either slow down computers or outright freeze apps that can’t connect to some telemetry endpoint.

Security teams around the world feel like they’re holding back the tide with a broom because EVERY piece of software is contributing to a veritable firehouse of information sprayed all over the Internet from every endpoint on the network.

This is not okay.

It’s not Microsoft’s computer.

It’s not their network.

It’s not their data.

How is this not clear?

How can you be so apologetic?

Just FUD?

You are running an operating system made by Microsoft, they could monitor how often you click your mouse just like every website on the planet at this point but dont. Boolean telemetry on feature use is somehow the end of the world? Get out.

Look at it this way: PowerShell sends telemetry. The Terminal in which it runs sends Telemetry. The "dotnet core" framework PowerShell uses in turn also sends telemetry. The PowerShell modules you load (from Microsoft!) send telemetry.

In effect, ONE application has at least four independent sets of telemetry.

This is the console, the kind that you would use on servers. High-security servers in DMZs. Servers hosting police records, health records, or even military secrets.

FUD my arse. It's a torrent of information that seeks every crack it can find to "get out", purposefully designed to circumvent mitigations by security teams.

Two examples: Microsoft regularly changes which environment variables disable telemetry. Just about every major release means that I have to check if it is now "DOTNET_TELEMETRY=Off" or "NET_TELEMETRY_CORE=0" or whatever. This isn't an accident. Nobody's "finger slipped". The old telemetry started to tail off and someone "fixed it" in Microsoft to get 100% coverage, against the will of their privacy concious customers.

Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.

You can't tell me that this is "nothing to worry about" when it feels an awful lot like the enemy is inside the gates and is actively hostile to any measures taken to stop them progressing further into the network.

Telemetry is essential thing to understand how service is used. It leads to better service for all users.

In the case you mention, it should be IMO up to you to prevent this, probably via firewall.

Having standard telemetry environment variable might be for the best. There is a risk in this case to disable telemetry systematically though, even if you want to just block it in one app, which is also not something I as vendor of many tools would want.

This is probably not easy to fix for everybody to be happy. And its probably not that important for security - there are FAR easier way to deduce something about someone then to 1) hack microsoft telemetry servers or transit 2) look into the patterns of use of specific programs. Besides, telemetry data is anonymous. So I guess even in the case you get the data, what could you do with it ? I can send you billion of telemetry data of government services I make, you can only deduce that people start working at 7AM and get lots of passwords wrong before first coffee.

Why is any of this an issue if they are collecting actual metrics on their own software?

I have plenty of environments that run whitelist only, you can always go that route and not think about any vendor, any software not getting out.

And stuff like this is just inflammatory:

>Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.

Do you think we'd just block *.microsoft.com over their telemetry ___domain, microsft.com? Half the planet is in O365.

And on the flip side you know we'd all block telemetry.microsoft.com just because, it wouldn't matter what they collect and not think twice, then turn around sell it to people as "we are adding security".

Then don't use their app. They're entitled to do what they want with that under the law. If you don't like their choices then don't use it. I for one am appreciative they can get information that helps them plan the future of the program, but I also understand why some people don't like it. Those people shouldn't use it.

I’m frankly shocked for the level of triviality of this code: and endless series of if/else while I’ve been stressing about reactive, typeclasses and whatnot for the past 5 years. And I frankly prefer the latter

Oh the irony. The people who write this code and the people who spread modern coding best practices are two separate sets of people. They sometimes overlap but rarely.

Isnt that why Windows is called Windows because its a window on their user's life?

Nice, living in glass-house with no curtains! Who do you want to be seen by today?