Agree. Not a single byte must be sent without user's permission.
Sadly even open-source software like Linux distributions do not follow this principle, they have things like NTP or update checks. If someone took a Linux laptop to the battlefield they would probably be dead in the first day.
Bender · 5h ago
My unpopular opinion is that telemetry can be fine in literally anything provided that:
- The person must double-opt-in, meaning there is no doubt it is enabled by anyone using the application. If a developer enables telemetry and a manager uses the application they must instantly know telemetry is enabled and where to look for what is being gathered so they can answer any audit questions by internal or external auditors.
- The telemetry must store its data in plain text and even give the person the option to review it prior to submission, perhaps even the ability to add their own personal notes, context, etc... I should be able to show an auditor ALL of the data that has ever been sent to the telemetry end point with dates, times, exact payload.
Then why would anyone bother to enable it? That is the question I always get and the answer is incentives. Give people incentives such as priority reviews of bug submissions, priority to patch pull and merge requests and so on. Maybe even some small amount of priority to feature requests.
If telemetry is enabled and I did not double opt in then the application must blocked on all repositories until it is remediated regardless of what financial impact that may have. That must be in the wording of all legal documentation related to the code. Don't be sneaky. Be transparent, up front and brave.
kgwxd · 5h ago
> even give the person the option to review it prior to submission
That's just reporting, it's only called telemetry when it's automated. Telemetry to the outside world should be considered spyware in all cases.
Bender · 2h ago
Telemetry to the outside world should be considered spyware in all cases.
Not if I double-opt-in and can read everything it has sent or will send. It can still be automated even if I can review it prior to being sent. Telemetry is indeed a terse form of reporting. If I did not double-opt-in then yes it is spyware and will set off alarms on the firewall.
Sadly even open-source software like Linux distributions do not follow this principle, they have things like NTP or update checks. If someone took a Linux laptop to the battlefield they would probably be dead in the first day.
- The person must double-opt-in, meaning there is no doubt it is enabled by anyone using the application. If a developer enables telemetry and a manager uses the application they must instantly know telemetry is enabled and where to look for what is being gathered so they can answer any audit questions by internal or external auditors.
- The telemetry must store its data in plain text and even give the person the option to review it prior to submission, perhaps even the ability to add their own personal notes, context, etc... I should be able to show an auditor ALL of the data that has ever been sent to the telemetry end point with dates, times, exact payload.
Then why would anyone bother to enable it? That is the question I always get and the answer is incentives. Give people incentives such as priority reviews of bug submissions, priority to patch pull and merge requests and so on. Maybe even some small amount of priority to feature requests.
If telemetry is enabled and I did not double opt in then the application must blocked on all repositories until it is remediated regardless of what financial impact that may have. That must be in the wording of all legal documentation related to the code. Don't be sneaky. Be transparent, up front and brave.
That's just reporting, it's only called telemetry when it's automated. Telemetry to the outside world should be considered spyware in all cases.
Not if I double-opt-in and can read everything it has sent or will send. It can still be automated even if I can review it prior to being sent. Telemetry is indeed a terse form of reporting. If I did not double-opt-in then yes it is spyware and will set off alarms on the firewall.