We have a habit of diluting words to the point where they are meaningless, and I think it does more to hurt important causes than support them. By labeling all forms of telemetry as "spying", we just make it so people are less likely to take actual claims of spying seriously.
That is what it once meant. "Spyware" was the term used for any process that called home regarding any information about you, your computer or your usage in the background. Calling home for anything other than "Check for updates" menu items or other actions where calling home was the explicit action the user wanted would get your name tarnished in the media and added to the signature list of software built for the sole purpose of finding and forcefully removing software like that.
Practically any Android app these days would be considered "spyware" if we were still applying the "spyware" definition of the early 2000s. And we would be better off if we had never stopped.
I don’t see why the makers of an app aren’t entitled to seeing how the app is used for the people who opt to use it. If I’m using windows terminal, I want them to know how often I use the hot keys, how often I split a terminal vertically then horizontally (alt-shift-d), etc. lest it be removed, since I know they don’t have infinite resources to dedicate to this single project to maintain every feature forever and ever.
I don’t see why the makers of an app aren’t entitled to seeing how the app is used for the people who opt to use it.
They are entitled to ABSOLUTELY NOTHING beyond, if it is commercial software, my payment.
I want them to know
What the fuck happened to just TELLING THEM!? Oh, that's right, they didn't want to listen because they'd rather take complete control of your machine, forcing you into what they want, and monetising every last aspect of "your" life, all the while hiding behind the excuse of "the data says" to do what they want.
The amount of pro-spyware comments here is, quite frankly, excruciatingly abhorrent. So many comments here smell strongly of corporate propaganda, since they also always repeat the same tired talking points --- and it makes me wonder how much shillage MS does. Or how many others think that because MS is big and "successful", they should emulate the increasingly abusive behaviour that it (and to be fair, the rest of Big Tech) engages in.
People don't say anything. They use the software, and then when features are deprecated they come screaming for you to continue supporting it. It's a waste of resources if they have to create an 'RFC' for every time they want to deprecate a feature due to development workload, when they could just have it report usage of features within the app. It's literally just how many people use specific features in the code they're writing; they're not watching what you type, they're not uploading a log of window titles like early blizzard anticheat software[0]. If you don't want them to be able to make informed decisions about the software they write you shouldn't use it, just create your own and send out a yearly/quarterly survey asking people to tell you what features they use, and see just how many people respond (hint: 30% of users is an unlikely best case scenario for external surveys[1]); hopefully that sample is good enough to drive decision on what features you stop supporting and what features to focus on.
> It's literally just how many people use specific features in the code they're writing; they're not watching what you type, they're not uploading a log of window titles like early blizzard anticheat software[0].
The problem is that, if it's not that now, it will, or at least might, be that eventually. It's a lot easier to make sure that an app isn't phoning home at all, than that it's phoning home with only approved information.
For example, it's a huge problem with browser extensions that, even if they start off well designed to respect a user's privacy and to gather information only in ways that are essential to their function, and that even if the original developer remains true to that mission, still if the extension becomes popular the developer will be prey to a lot of pressure from bad actors who want to buy the rights to the extension precisely so that they can expand the data-gathering into the realm that you implicitly acknowledge is unacceptable.
> I don’t see why the makers of an app aren’t entitled to seeing how the app is used for the people who opt to use it. If I’m using windows terminal, I want them to know how often I use the hot keys, how often I split a terminal vertically then horizontally (alt-shift-d), etc. lest it be removed, since I know they don’t have infinite resources to dedicate to this single project to maintain every feature forever and ever.
The makers of an app are entitled to no more information about me and my use of it than I allow them to have. I think that it's reasonable to argue whether my allowance of sharing should be opt-in or opt-out, but I don't think that there is much scope for argument about whether I should be able to block the sharing of information if I choose explicitly to do so.
(One could argue that, as long as everything is disclosed up front, then the makers of an app have the right to demand whatever they want, and I have the right to accept their demands or else not to use their software. This is surely true in one sense; but, in another sense, it's exactly what the notion of "contract of adhesion" is meant to describe, and in many other contexts it's recognised as not a good thing.)
To the argument that the makers of app can use telemetry information to make their app better, I would say that that is doubtless true; but I would argue that is also true that I, and not they, have the right to decide where the boundary lies between my desire for privacy and their desire to improve their app. For example, perhaps—even likely—browser makers could make their browsers better if they knew exactly what sites I visited, but, if I found my browser reporting my history information back to Mozilla, then I would not say "ah well, as long as it makes for a better browser."
I did some reading through the code to understand what was going on here. After a brief read, it appears that most of this telemetry code is only enabled when ETW (Event Tracing for Windows) is enabled.
I have not read all the code, but from a brief overview this tracing behavior and telemetry wouldn't be automatically activated anywhere except on Azure.
I fully admit I could be wrong, and I didn't explain myself adequately re: ETM. ETM has been enabled since Vista, but you can get a full list of all ETS logs very easily (via `logman query -ets`). The question is what's consuming it, and as far as I can tell the basic telemetry settings won't send anything remotely beyond some incredibly basic information.
The biggest takeaway to me here (besides the explanation of the telemetry levels) is that the processes in question are cmd, powershell, bash, etc, and not what you are running in them. Even if you have enhanced telemetry enabled it wouldn't bubble up what you're running underneath the console process as a process name.
Why not? I want the features I use to be maintained. I am dead tired of advanced features being removed from applications I use.
With web applications every single round trip to the server is logged, inherently, and there are far more than one round trip to the server than there are page loads, I assure you. So it's ok there? "oh that's just logging, not telemetry." That's what telemetry is!
Google and Facebook track you (collect telemetry on you) across the entire web whether or not you use Google or Facebook AT ALL, and they each collect more information than Microsoft ever could. Google and Facebook do far worse things than Microsoft has ever done, but because they didn't ship a browser with their OS in the 1990s, they get a pass on everything, apparently.
I don't get it. the lies we tell ourselves are worse than anything anyone else could ever do to us, but we tell them to ourselves anyway because it is acceptable to crap on Microsoft, for imaginary reasons, and it isn't acceptable to crap on the companies doing the real bad stuff.
humanity is doomed. we are literally a garbage species.
- it's more work when you're trying to stop
data exfiltration / espionnage
- privacy -- I've no idea what the telemetry
says about me today, and I certainly don't
know what they'll make it look for tomorrow
- privacy -- even if the telemetry is fine,
maybe information about my usage patterns
might be more valuable to me than it might
seem at first glance
- performance -- every app, every library, all
sending out telemetry? Please, no.
- because I get to not want this
no one cares what you do. telemetry is only viewed in aggregate. it doesn't make sense, nor is it a good use of time, to scrutinize the telemetry of a single user for any reason.
you keep on living in your town where the people don't have fingerprints or names, and the shoes leave no tracks. I'll be over here getting things done, because doing good work is far more important than avoiding being seen.
it's not more work when trying to stop exfiltration or espionage because telemetry doesn't get sent to random places. Microsoft publish the hostnames that receive telemetry. block them and you block telemetry from being sent. it still gets collected locally though.
the performance argument is solid and I will see if I can measure that before I agree with you.
from what I've read, at least among the common telemetry systems I know of (Azure Application Insights, OpenTelemetry, and Microsoft's system built into the OS), telemetry is gathered for a bit then sent in a batch, which would indicate that performance is at least a consideration.
yes. Diagnostics Data Viewer[0]. you can use that tool to see what data is collected and even delete it all from Microsoft's servers.
it's all plain JSON, too.
but people still bitch endlessly about "spying" and foam at the mouth (literally) while they yell about it, acting like they know everything about the situation.
xterm, or urxvt, or bash, or nginx, never removed any advanced features, and they managed to do it without telemetry, and did it over the past few decades. amazing, how is it possible
Just glancing through them it looks like it wouldn't produce much meaningful data, begs the question - why have it in the first place? Since everyone involved must have known the reactions to it.
In my experience it's often not the case that "everyone involved" knows these things. Quite the contrary actually. Many times I'd been the guy to tap someone on the shoulder (remotely of course) to say hey that's really not something we can do.
That is not how telemetry works. It is not spying or a privacy issue. Categorizing it as such only dilute the meaning of both terms so the real issues won't be taken serious.
If you feel like a bunch of developers getting info about how many times the world clicks on a button hurts you personally, then don't install it. Calling it a privacy issue it taking it too far.
Arh yes, the good old "everything means nothing" argument. I'm sorry to say, but words have meaning [1][2], and most of them are formally defined.
And yes, I think that an HTTP POST to Microsoft's Windows Terminal team saying "UserUsedTerminalInInterative = true" is not a privacy issue, nor is it spying.
Can you explain to me how this information hurt users of Windows Terminal? If it indeed is spying, it should be possible to demonstrate how it is used for hostile purposes or why such an innocuous piece of information must be kept a secret.
Until then, I think it is fair for the Windows Terminal team to collect such basic telemetry for their software
Company A May decide telemetry exposes too much internal information to a potential competitor.
Company B May decide that telemetry does not release anything they want kept secret.
Those are subjective opinions. If I want the data to be kept secret and somebody takes it without my explicit approval, that is a privacy violation. If I don’t care, it’s not. Same thing with spying. If I deem it a secret, it is now spying to take it from me.
It appears to send back the names of programs, so MS is learning when their users do shady activities (torrenting, youtube-dl) or use competitors' products (aws) or even the names of internal tools.
All that shows is a lack of imagination on your part.
It’s very easy to de-anonymize telemetry data, track users across IP addresses, collate with other application’s telemetry data, determine which users are in the same places at the same time, and generally extract a huge amount of data about people, who they spend time with, where they spend time, and what they do there.
Telemetry is unequivocally spyware.
It feeds a firehose of data to the internet, and both data brokers and state actors do absolutely everything they can to gobble it up.
I think some people will have a hard time with this concept, but the idea of data being “private” or “secret”, by default, is disappearing. And it won’t be coming back if the world continues to digitize.
If you want those attributes for your data, you’ll have to take measures. That means reading user agreements, verifying open source, using encryption intentionally.
Vacuuming up data is not spying. Especially if you essentially agree to it when you accept the Windows terms of service (ethical issues of this aside).
> Especially if you essentially agree to it when you accept the Windows terms of service (ethical issues of this aside)
“But the plans were on display…”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
