Ask HN: Should open-source projects allow disabling telemetry?

Telemetry should always be opt-in. Especially for FOSS.

We shouldn't have to pay with our privacy.

Be aware that the EU is working to make opt in mandatory too. But you won't be their target of course, it'll be the truly evil companies like Microsoft, Meta and Google.

> Give people the “more privacy” button and most are going to press it. Is there a happy medium?

This should really tell you enough. If you already know users don't want to share the info if you would ask them, you're doing the wrong thing by withholding the option.

The big techs spend so much money developing dark patterns exactly for this reason.

"We feel like it’s a fair ask" - exactly - it's a fair ask, so the user should decide. Nobody can force you to change your mind, but if you don't, prepare for forks with the option disabled.

Also, the issue is not really about that - it's about the submitted data not being anonymised. That's the bare minimum you should be doing regardless of the information being opt-in/out.

You are in the wrong PR wise probably. Generally I think providing a way to opt out has become the path many projects take.

Anyway, their main beef appears that you are not properly anonymizing the telemetry.

I've [argued](https://benconrad.net/posts/230717_fundingOpenSource/) that oss developers need to have real world use information in order to ship good software. Contra some here, I think oss developers that don't understand how users use their software can't maintain or improve it.

I would straight-up uninstall your project and take any measures possible to remove myself from your platform (if any) if I discover an underhanded change like this.

A medium? Ask people. FOSS is different. There is a level of expected transparency and trust along with it that you can’t get back when broken. Changes like this are a very easy way to break that trust. Trust is everything here.

I expect to be tracked by commercial tools for the most part, but I still try to control how.

How would you feel if a trusted tool changed something you deem important without telling you? Generally a response is feeling betrayed.

The fact that someone skilled enough took time out of their lives to make this PR means that it matters enough to seriously reconsider.

I think they should always allow it, just simply because... if you don't you might lose users, they might fork it and make a privacy-first version, then we get more fragmentation.

FOSS has so much fragmentation trouble already.

You should allow disabling it. The wording "allows collecting anonymised usage and debugging data" in the documentation doesn't make it clear enough that the data is send to the company servers.

You are very definitely "in the wrong".

If you want to discuss this in more depth I'll be happy to elaborate and give you ethical guidance, but presently that's probably just adding to the noise.

You should allow for the user to disable it preferably during install. Just try to allay their fears by communicating that it is anonymized and how it's important to help improve the software by providing this feedback.

Another option that I've seen is to inform the user that there is telemetry, but make the option to disable it some kind of configuration by editing a JSON file. This way you still allow for the option to disable telemetry, but add a small amount of friction to do so.

I recommend giving your users the option to allow telemetry or not (as others have said, preferably by opting in). Explain prominently within your software very clearly what telemetry you are collecting and for what purpose.

Since this software in question is open source, if you don't allow the disabling of telemetry I guarantee a fork will appear in the near future where it has been disabled altogether.

Ask yourself if this is a hill you wish for your project to die on?

The go project team did a deep dive into this last year. There was a pretty interesting blog post[1] and discussion[2].

1: https://research.swtch.com/telemetry-intro

2: https://github.com/golang/go/discussions/58409

It should be opt out by default and well communicated.

What does "wrong" mean in this context?

It's your project you can manage it however you want. I'd recommend communicating this clearly at least but otherwise listen to your users(in aggregate) and make your decision.

> Should open-source projects allow disabling telemetry?

All software should, regardless of it being open-source or not. It should also be opt-in.

Not even anonymizing the data is also a MASSIVE red flag

> Are we in the wrong here?

Unquestionably.

What I do with your software is quite frankly none of your business. You do not have the right to know what I do with my hardware. Your metrics are not my concern.

FOSS is a very personal thing. Try framing it as a conversation between you and your users:

"Hey, we work hard on this and would really appreciate it if you share telemetry so we can focus our efforts better"

Vs

"This application now collects telemetry. You cannot turn it off. You want privacy? Too bad."

The difference is asking your users to share data and demanding they give up their privacy on your whim.

> Give people the “more privacy” button and most are going to press it.

You should have a good long think about what this means and why removing privacy options is making your users upset.

When I implement telemetry in a FOSS project, I go well out of my way to do it in the most respectful way I can. This usually takes the form of a detailed list of what is and is not being collected, along with why I need it. During first run, there is either a very prominent notification or a full on blocking step where the user must choose whether to enable telemetry. This includes text explaining why I want telemetry and a link to the documents.

My philosophy is that users are not idiots and they are not children that need coddling. I make my request, give them the information, and let them make their choice. That's it, end of transaction. The user made a choice and the matter is totally out of my control.

Anything less is not respecting your users.

If you allow opting out throw away the telemetry. At your scale your results will be garbage with opt out. Don't even bother.

Why would you require any telemetry? Just let users use your Foss app as they see fit...