top | item 37035647

(no title)

I'm not aware of any laws in the US or in Europe that generically prevent "phoning home".

There are laws that limit your ability to collect certain types of sensitive information without some quasi-meaningful user consent, but most telemetry goes around this by notionally not collecting PII.

The gotcha is that in practice, most companies don't put a whole lot of effort into making sure there's no incidental PII in the telemetry, and no other way to infer who you are. Browsers automatically collect crash reports that, for a good while, might have contained your cookies, URLs, and other goodies in the logs or memory dumps... cars collect "anonymized" telemetry that shows you driving from your single-family home to wherever you're headed... etc.

discuss

Nextgrid|2 years ago

> but most telemetry goes around this by notionally not collecting PII.

The problem is that an IP address is considered PII and is inherently sent in any HTTP request, so you could argue that any non-essential request to any third-party should be opt-in since it contains PII.

rrobukef|2 years ago

Unless you have a contract stating the non-collection of PII, the you can wash your hands. OTOH, it's just as easy to be willfully blind about that.