Opt-out telemetry
Opt-out telemetry
Posted Jul 27, 2024 22:50 UTC (Sat) by pizza (subscriber, #46)In reply to: Opt-out telemetry by DanilaBerezin
Parent article: Lessons from the death and rebirth of Thunderbird
Exactly what violations of user consent are being alleged here?
> In the real world your statistics will never be accurate,
Nor does anyone ever expect them to be. The question, as always, is if they are "accurate enough".
> My solution was a proposed middle ground between a silent opt in telemetry users don't even know exists and evil opt out telemetry.
In other words, you didn't even read the proposal.
If you had read it, you would have seen that it requires the user to explicitly consent before any data leaves the local system.
If you don't trust Fedora (and/or the the various upstreams and individual developers) to be honest about what they're doing, under what basis are you accusing them of bad faith, especially when the software in question (along with the entire source-to-deployed-binaries pipeline) is fully open for inspection?
Posted Jul 28, 2024 0:51 UTC (Sun)
by DanilaBerezin (guest, #168271)
[Link] (12 responses)
Opt out telemetry means that data is sent from a users computer by default, whether they consent to it or not. Hopefully the violation of consent here is self explanatory.
> If you don't trust Fedora (and/or the the various upstreams and individual developers) to be honest about what they're doing
Who said anything about Fedora or it's proposals? Fedora's proposal is opt in, and I have absolutely zero issue with that. The speaker in the article is a product manager at mozilla, advocating that:
1. Thunderbird's opt out telemetry policy is justified.
Mozilla =/= the developers of their open source software and it's entirely reasonable to not trust them. Either way, my personal opinion on Mozilla and their trustworthiness is irrelevant. User's should have 100% control of their machines and opt-out telemetry is in direct violation of that principle.
Posted Jul 28, 2024 12:18 UTC (Sun)
by pizza (subscriber, #46)
[Link] (8 responses)
Nope, it is not "100% the right thing for them to do in this case."
Maybe it is 99%, maybe it's 20%. But it's not 100% because there are clear benefits to doing so. That you disagree about the relative importance of those benefits does not mean those benefits do not exist.
> Mozilla =/= the developers of their open source software and it's entirely reasonable to not trust them.
Uh, WTF? Who do you think adds/commits code into "their open source software" if not "developers"?
Meanwhile. I have yet to read any specific objections to what Thunderbird claims to collect or if any PII is part of it. Whether or not you "trust" anyone involved, the source code of Thunderbird is F/OSS in every sense, and can be inspected to confirm that it does what its developers claim it does.
> User's should have 100% control of their machines and opt-out telemetry is in direct violation of that principle.
You can "should" all you want, but the harsh reality is that "100% control" hasn't been true since the WIPO copyright treaties of 1996 (making DRM legally enforceable) were ratified and subsequently enacted by nearly every nation on this planet. But even before that treaty made it effectively illegal to break the flimsiest of digital locks, nearly every computing device on the planet already had some degree of proprietary software embedded into it that the "user" has no meaningful control over.
Meanwhile, when you use a computing device you do not own, or use that device to connect to any external service (ie "someone else's computer") by definition you do not have "100% control" of anything. I can promise you that far, far, far more data (and personally identifiable at that!) is leaked (if not outright collected by every intermediary) with every email you send or receive than Thunderbird's documented telemetry can possibly gather.
Posted Jul 28, 2024 14:07 UTC (Sun)
by DanilaBerezin (guest, #168271)
[Link] (7 responses)
It's 100% because it's unethical to do so. Not because there are no benefits.
> Uh, WTF? Who do you think adds/commits code into "their open source software" if not "developers"?
Read again: Mozilla =/= developers
> You can "should" all you want, but the harsh reality is that "100% control" hasn't been true since the WIPO copyright treaties of 1996 (making DRM legally enforceable) were ratified and subsequently enacted by nearly every nation on this planet. But even before that treaty made it effectively illegal to break the flimsiest of digital locks, nearly every computing device on the planet already had some degree of proprietary software embedded into it that the "user" has no meaningful control over.
Yes and all those things are unethical too. The fact that there are already a lot of evil things in the world doesn't mean we should just be okay with other evil things being introduced.
Posted Jul 28, 2024 15:22 UTC (Sun)
by Wol (subscriber, #4433)
[Link] (6 responses)
And who defines "ethical"? In this case, it's clearly you, which is in itself unethical. You are defining the scenario to your benefit.
> Yes and all those things are unethical too. The fact that there are already a lot of evil things in the world doesn't mean we should just be okay with other evil things being introduced.
And again, who is defining "evil" here? You are!
The fact is, "ethical" and "evil" are social constructs defined by the requirement for us to be able to live together with each other. I'm sure you would disagree with the fact I would define "Freedom of Speech" and "The right to seek happiness and wealth" as unethical, but it's an objective fact that both of these (as practiced by America today) are actively harmful to the majority!
And - in almost all cases - you fall foul of the "pick two, pick any two" dilemma. Is it unethical for other people to pick a different two to you?
You're effectively saying "I'm the most important guy in the world - nobody else deserves any say". That may be ethical and morally correct for you, but I bet everybody else in the world would beg to differ!
Cheers,
Posted Jul 28, 2024 17:43 UTC (Sun)
by DanilaBerezin (guest, #168271)
[Link] (3 responses)
Posted Jul 28, 2024 19:07 UTC (Sun)
by DanilaBerezin (guest, #168271)
[Link]
*like pushing opt-out telemetry
Posted Jul 28, 2024 22:26 UTC (Sun)
by Wol (subscriber, #4433)
[Link] (1 responses)
So you consider it evil and unethical to break into a hijacked computer, in order to stop it being used in ransomware attacks? Because without the consent of the owner you can do nothing?
Life is not black and white. The Synnovis ransomware attack has had a massive - and seriously damaging - impact on my family ...
Cheers,
Posted Jul 28, 2024 23:00 UTC (Sun)
by DanilaBerezin (guest, #168271)
[Link]
Posted Jul 30, 2024 6:51 UTC (Tue)
by LtWorf (subscriber, #124958)
[Link] (1 responses)
Uh?
Saying "I don't want this to be done to me" and saying "I want this thing to be forbidden for everyone" are not the same.
I don't think there's any request to completely remove telemetry from everyone's computers here.
There is a request to ask for consent before doing things that clearly many people don't want done to them. And of course you can't give consent if you're not informed.
Posted Jul 30, 2024 7:22 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
The GP says "this is 100% wrong". Given that ethics and morals are inherently a grey area, saying something is "100% wrong" IS forbidding it for everyone (which is, itself, wrong!!!)
Cheers,
Posted Jul 28, 2024 12:23 UTC (Sun)
by Wol (subscriber, #4433)
[Link] (2 responses)
It's also illegal in many jurisdictions. Doesn't matter whether it's PII or not. If I'm on a metered internet connection, and I don't know it's happening, it's "theft of electricity" or something like that. (Google Prince Philip and the Ceefax scandal or whatever it was back in - iirc - the 1980s.)
(Okay, the chances of it being prosecuted are probably the wrong side of zero, but never mind ... :-)
Cheers,
Posted Jul 28, 2024 12:34 UTC (Sun)
by pizza (subscriber, #46)
[Link] (1 responses)
Even in the EU, automatic opt-out data collection is not inherently illegal.
> If I'm on a metered internet connection, and I don't know it's happening, it's "theft of electricity" or something like that.
So... if you don't want your email client to send or receive data, then switch it off and don't use it?
Posted Jul 28, 2024 13:28 UTC (Sun)
by Wol (subscriber, #4433)
[Link]
I don't want it to send or receive data I DON'T KNOW ABOUT. Big difference.
By my definition, spam is also illegal. Doesn't stop the authorities doing nothing about it.
It's like trespass, in the UK at least. The law defines trespass - aka being on someone else's property - as illegal. But it doesn't care about it. It presumes that the property owner will grant retro-active permission.
But if the trespasser knew - or should have known - that permission would not be granted, it is THAT that is the serious offence. That is why there are notices "Trespassers will be prosecuted" - it places people on notice that retroactive permission will NOT be granted. So what would have been treated as an "innocent incursion" becomes a criminal offence.
So using my internet connection, to send telemetry data that you have reason to suspect I would be unhappy about if I knew, is in principle exactly the same as Criminal Trespass (which is classed as "the same sort of thing as burglary").
Cheers,
Opt-out telemetry
2. That distros should stop circumventing that policy by packaging the software with telemetry disabled by default, which mind you is 100% the right thing for them to do in this case.
Opt-out telemetry
Opt-out telemetry
Opt-out telemetry
Wol
Opt-out telemetry
Opt-out telemetry
Opt-out telemetry
Wol
Opt-out telemetry
Opt-out telemetry
Opt-out telemetry
Wol
Opt-out telemetry
Wol
Opt-out telemetry
Opt-out telemetry
Wol