26
votes
Why do people not like telemetry?
I often see people complaining about telemetry in things like Firefox and the like, but I've never understood why it was a big problem for your privacy. If it's anonymous and helps the developers do their job, what's wrong with it?
One factor is that the anonymity is usually just theoretical, and we just have to trust that they're actually anonymizing it. This doesn't always happen properly. It's not quite the same, but as a prominent recent example, look at Facebook accidentally storing hundreds of millions of plaintext passwords in logs for years. They were probably just trying to log data being sent to some of their servers, but accidentally ended up logging sensitive data, not sanitizing it properly, and leaving it in that state for years. That sort of thing can very easily happen with telemetry data as well.
Also, in general, a lot of data that's technically anonymized can be de-anonymized quite effectively, or reveals sensitive data anyway. Here's an article from a few years back about how researchers were able to identify people from anonymous data because their individual behavior is unique: With a Few Bits of Data, Researchers Identify ‘Anonymous’ People.
There are so many things that can go wrong that you have very little control of. And if something does go wrong that ends up impacting your privacy, it's not like you can take your data back at that point.
Firefox has been doing quite a bit of work to try to make users more resistant to fingerprinting, but it's difficult. This article seems to have a pretty decent list of some of the things they've been doing: https://www.ghacks.net/2018/03/01/a-history-of-fingerprinting-protection-in-firefox/
I haven't had a chance to read it yet, but this paper about fingerprinting came out a couple of weeks ago and looks really interesting: Browser Fingerprinting: A survey (the link to the actual PDF is in the sidebar)
Chromium just recently announced plans to further curb fingerprinting too.
That article in general has a better privacy stance than I expected from google. I hope it actually becomes reality.
The cynical side of me thinks that's mostly motivated by Google wanting to make it harder for other companies to track users as effectively as they can. Google is so pervasive now and has access to so many different sources of data about user behavior that it'll be almost impossible for any other company to get similar coverage. Blocking some of those tracking techniques makes it even more unlikely that other companies will be able to compete with them.
It's absolutely a net win for privacy overall, so I do think it's a good thing. I just doubt that the motivation is altruistic.
Incidentally, Firefox also has a bunch of extensions designed specifically to reduce fingerprinting even further, too. Just search for "fingerprinting" and "privacy" in their add-ons page. Some of them break a few sites every now and again, but overall they are not too bad IME.
"Telemetry" is a catch-all term for a wide, wide range of behaviours which I believe is the main reason people "do not like it". They see the worst in it, and never hear about the well-behaved telemetry. @Deimos raises excellent point on deanonymizing telemetry as well, but that is more rarely a concern; it depends on what kind of data can actually be unpacked in said telemetry. If you manage to figure out I use the "sort lines ascending" option a lot in vscode, good on you; but if you figure out my location history from "anonymous" Uber telemetry, that is a much bigger issue.
I think Microsoft is a huge culprit there. With Windows 10 they introduced many users to the word "telemetry", during a time where privacy was a growing issue for people. They did so in an absolutely horrendous way. Windows 10's telemetry is extreme, and is used as a tie-in to in-OS advertising. This shit is very damaging to ethical telemetry.
I think it's a very serious issue that people don't like telemetry. I'm a proponent of privacy, I back the EFF and the EU's pro-privacy/pro-consumer politics. I'm also an entrepreneur and a sysop/developer. I've seen both sides of the telemetry coin. And most people truly do not realize how important telemetry is to a healthy, working product.
When I see for example on HN people suggesting "you don't need GA, just look at server logs", I equate that to "you don't need to go to the doctor, just take photos of yourself and ask people on the internet what you have". Server logs are great and IMO vastly underused, but GA (and more privacy-conscious tools like GA; not singling out Google here) gives you client-side analytics and let you understand how your app/product/website is used. Even without special configuration, you get to understand what paths people take through your site ("How do users land on my Premium page?"). And it allows you to answer questions such as "Should I get rid of this feature?" and "Should I improve this specific page/feature?".
Telemetry in web browsers, which people endlessly whine about, is what has allowed Mozilla and Google to confidently take decisions that aggregately affect billions of people. Think about this: You have hard choices to make that will affect the lives of the majority of people on the planet. Do you follow hncommenter1865's advice and "do an opt-in poll", or do you study hard data?
It's so frustrating to see the blind stance some people take against telemetry of any kind. I really hate when people deal in such absolutes without trying to see the other side of things, it makes for awful debates. It's the same behaviour that's driven US politics to where they're at right now (seeing the worst in people, not trying to understand what the problems are, etc).
I call this "privacy extremism" and I've talked about it (and telemetry in video games) previously on tildes here:
https://tildes.net/~games/by0/moderators_of_r_games_have_closed_the_sub_for_the_day_and_posted_a_serious_message_about_harassment#comment-2yll
I'm one of those "privacy extremists". (It's a bullshit name, but let's go with it.) In fact, it was with me that you was in conversation with in the linked comment thread. Let me tell you how I got there.
I'm not technically-proficient. I can't admin a PC in a way that lets me control its behavior. I reinstall OS's biannually, and I can set on up without an issue. If I understand the code, I can hack an Electron app that doesn't permit it (say, by giving users the tools to do so). I can make devices work as long they aren't in any way broken. That's about it.
I have no fucking idea what kind of data is being sent, and where, from the apps I use. I don't know a way of learning this, and I wouldn't even know where to look. Is there a tool that lets the user read outcoming data on their computer? Probably. What is this kind of tool called? I have no idea – and if I could search for
monitor outgoing traffic, how do I read what the app returns to me? What is okay telemetry for my level of privacy needs? Where can I even learn about something like without paying thousands of dollars for a university course in cybersecurity?It's all very vague, obtuse, and intimidating, even for someone like me – let alone users of lower technical aptitude – and it's damn near everywhere. How else would you expect me to cope with it other than thinking "shut this whole fucking thing down and crawl under a rock"?
Extreme behavior is never born out of the person's natural inclinations alone. I'm neurotic, but I've learned to cope with it. If I'd had a decent skill in cybersecurity and the matters of telemetry, I'd probably feel a lot safer – and a lot less extreme – about it. The notion that any website could spy on you and extract sensitive data about you solely through the data your browser exposes is terrifying for someone who doesn't know what to do about it – let alone for people with personal space issues, of whom there are, sadly, plenty.
Or did you think that people that engage in this kind of behavior are just short-sighted morons with no imagination or empathy for businesses?
By default, I'd like for people I don't know to know as little about me, online or otherwise, because I've had my trust broken by people and companies that have engaged in shady, deceptive tactics too many times – which is to say, even once. I definitely don't want to give any information away to Big Data who could only use it to craft statistics they seek to exploit or ads they want to push on me.
Is it paranoid? Certainly. If there's a better way to handle this without dedicating most of my day to sieving through data, I'd like to hear it. (I'm not convinced there is one readily-available, given that large corporations will always have an upper hand over regular users unless the users are given tools to regulare the relationship between the two.)
I'd like to propose a refined position I'd arrived to: all in all, I'm not against telemetry. It's interesting – and insightful – to see use stats on certain things, including the games I play. In general, I'd be willing to share my use data with companies whose software I use.
That being said: I bear no trust with most of those companies, and I have no tools to verify their intentions in a way that would soothen my fears. Does this chat app collect the messages I send out? I wouldn't know. Does this game pry into my filesystem to determine whether I'm using cheats? I couldn't find out unless it's blatantly stated on the anti-cheat system's website or in their documentation. (Whether I'd know where to look for it is a different question.)
The best thing I see companies doing to alleviate the growing concerns of privacy is exposing the telemetry data by providing users with tools to accessing the packages the apps send out from their computer. Not all of it: leave out the data by anti-cheat systems, licensing checks, and other stuff that relies on secrecy for successful operation. It's evident that those can be cracked by people in the know-how already – but for the regular user, it shouldn't be a concern. Or, hell, maybe expose all of it, 'cause those can be intercepted already anyway, just so users know for a fact what they're sending out and that it's non-identifying.
Facebook et al., who, unlike desktop software, don't quite have the reach into the user system (nor do they need it), could generate telemetry logs for users to access on a special page. (I don't know how the user pages on Facebook work, but let's say "Settings" → "Security" → "View telemetry logs". Protect it with additional password enter if necessary.)
Ethical telemetry is about respect for the personal space of the users and consent as a necessity for the data exchange. The reason people don't hear about okay telemetry is that "XYZ Corp.'s user data collection works within ethical and legal constraints" is non-reportable. It shouldn't even be an issue. Yet, it is – and that's what people need to know.
What they also need to know is what telemetry is – not just the dictionary definition, but the meaning of the data sent and how it helps companies make their products better. Sharing telemetry insights with the users is but one step: another would be a far more comprehensive general IT education for everybody. I mean, shit, I was learning how to use MS Word and Excel on a university-level course. (It's probably a lot better in the US. I would hope so.) How is that gonna help me against things that keep half the Earth's population in fear? The viruses, the scams, the phishing, the malicious emails, the ransomware, the privacy breaches, the horribly-underengineered banking software... and here I am, learning how to insert a fucking table into a fucking proprietary-format document.
There's also a little bit of hipocrisy I detect in your comment. You claim that the US politics are they are today have been made this way by ill fate of... whomever you claim did it. I'd say it's been a result of a decades-long dumbing-down of the population, and simplifying the discourse to the point of idiocy, and erasing critical thinking in order to produce a population that's easier to manipulate – which is a point of much-better actionability.
But anyway. You say part of the reason the discourse is as bad as it is is that people on both sides of the isle don't reach out to the other side of the issue in order to better understand it. Yet here you are, dumbing my position down to "privacy extremism", without asking first why I feel this way. Is it frustrating for you to meet the same kind of views over, and over, and over again? I'm sure it is – but then, you are saying things are bad while following the same trend you admonish. Is that not a discussion in ill fate?
And – listen, I'll be the first to admit that mine wasn't that much well-fated, either. I admit I was chasing agency more than I was chasing the truth in the thread you linked to. Sure, there's essence to it that I'd stand by – as you can see – but it's still a fucking shame that I dove as deep as I did back then. I do get caught-up in these things from time to time. My bad.
You're right: there's an enlightening conversation to be had about this – the word, the meaning, the idea – and it does take someone willing to strive to be objective in pursuit of a better conclusion. You started this comment well, and then it plunged itself off the cliff with the last two paragraphs. Maybe this discussion needs an elevated tone.
I absolutely understand your position. I've been there in your shoes, I know exactly what you feel, and you have every right to feel this way. In fact, I think you're a bit too upset to understand that I agree with most of the points your bringing forth… I just disagree on how to get there.
For example, I actually don't think it should be necessary for people to understand what data companies gather in telemetry. But I do think companies should be held to certain standards in terms of that data. It's kinda like… you don't expect people going to a restaurant to have to know and understand every single health-related system the business has implemented, you just expect the restaurant to be healthcode-compliant and you trust that "the health code" protects you.
In my ideal well-regulated world,citizens should be able to trust their protections without having to know how they work. But they absolutely should be able to know and understand how they work if they so choose (a pillar of keeping things in check). @Wes raises an excellent point: The Privacy Policy is your weapon to understand how things work. Unfortunately, the internet still being very young, we're not in a terribly healthy state in terms of managing people's digital rights, access to information, care for PII, etc. But we'll get there, and the position of cutting companies off telemetry entirely is not sustainable. Even if you think it's a good idea, it's not even worth pursuing simply because it will never win due to market forces.
It's a fact that people have to be ready to accept head-on that healthy businesses need to understand their users and how their products are being used. It's also a fact that telemetry can be a very accurate and very, very scalable way to get excellent insights. Good use of telemetry and analytics often makes or breaks a business.
Let me highlight this paragraph because I think it summarizes an excellent position to have, and where compromises can be made:
So first, I think "telemetry" should never be used to describe "algorithmic personalization". That is the toxic trap which allows companies to abuse checkboxes such as "help us improve our product" that actually mean "improve our ads' CTRs". Not that I'm against ad personalization, but I extremely strongly believe these two should be treated very differently in terms of privacy.
Second, a long-standing issue is the definition of data ownership. I've faced that question in my own companies and there's no black-and-white answer to "Who owns behavioral data?". You're on a website I created. You use a feature that I hooked up to Google Analytics. Through GA, I learn some behavioral data about you, your session, and how you used the feature. Who owns that data? You? You are the one who did the action. Me? I created the website, the feature, the code that sends it to GA. Google? They host the data, did the analysis, etc. (That part is actually the least confusing because Google outright denies ownership of that data in their legalese)
Things get even weirder when other users are involved in the feature. And even less well-defined when we're no longer talking about specific users, but rather aggregates of user behaviour that have already been irreversibly anonymized. (=> Asking users to retain control means anonymization has to be reversible as users must be able to request their own data, which is probably not a good thing)
All in all, this is a very complicated debate and I implore you not to adopt a default stance until you know you understand all the nuances. I myself don't have a default stance on all this. Keep your arguments factual, eg. "I don't want a company I trust with my location data to be able to sell/give it to another company I don't trust without my authorization".
0. So, I had this big, emotional comment written up, but I figured you deserve a better reply. Don't consider my brevity curtness: it's merely strong editing.
I. Sure, companies should be held to a certain standard. There's a vague one regionally – the GDPR – but it doesn't establish nearly as solid a structure as I'd like to see in place everywhere. (Don't ask me what "a more solid structure" would look like: I don't know. It's an intuitive grasp at a problem I observe, the solution for which I haven't worked on yet.)
II. Generally speaking, I think users deserve deeper control over every aspect of information they put online. I recognize that it brings up a lot of issues – legality, data management, historical purposes, security etc. – and I'm not saying I have a solution. I would like to have a say how my data is used by people who wish to use it but don't have my explicit permission, which should be possible to give as seamlessly as possible – probably because the interaction would be clearly-defined and backed by law.
III. The pace of technological progress has been astounding, and it's no wonder the law and society haven't kept up nearly as well as all the previous generations. It's a shame that there's such a massive disparity between the speeds of adoption, but it's also completely understandable. I don't blame any societal structure for not having a strong grasp on all matters of technology, the Internet, and how they interact with privacy and personal space – I just wish they kept up.
IV. I strongly believe there's a handful of issues about the way the Internet is right now that could be helped by a good section of primary education, today and for years to come. There's already a generation grown that's grasped what the modern tech (i.e., gadgets, social networks, online forums, static websites, apps, games with gambling mechanics etc.) is about enough to be able to teach it, and there has already been at least a generation of people who'd been familiar with the modern tech since birth. Those people can and should be taught how to handle and cope with the effect the Internet has on society already.
I don't know if studies could be founded on projecting how it would affect the future – mostly because I'm not sure if that's even currently possible to devise such a projection – but if they can be, they absolutely should be, just so we don't end up with multiple generations of emotionally-scarred people who've been fed exaggerated, sensationalized images so much they can't but subconsciously slip into assuming those images is how the world works – especially not in official positions where they get to decide how others live.
V. I think, right now, a company would win over privacy-conscious users by revealing their telemetry and statistics to the public. I don't think big, long-established IT corporations could (think they can) afford to, but startups have much less to lose, so they can. If they make it human-readable, so is the better, and if they leave "advanced" access (i.e., being able to see the raw data) possible, that would be the best. I think games, apps, and any other kind of software could benefit from it – not just the number of downloads and active players/users, but how the data the users generate helps the company make better decisions.
You could say it's not viable for a business to share secrets that help them perform better. I'd say that sharing the process of decision-making around user data is not sharing secrets so much as sharing advice, helping the rest of the companies do better. Microsoft doesn't need that insight so much, but the next startup could, and maybe that's what would help them make a product that benefits others better.
VI. Basically, I have a first draft of the Privacy New Deal in my head that I'd love to see implemented, where even achieving 50% of the goals stated would be a damn good achievement for the whole IT industry. I'm not nearly as sharp as Alexandria Ocasio-Cortez, but I still think many of those options are viable, and some – necessary.
VII. If you have a critique for any of those points, I'd welcome it.
Nope I don't have any critique or anything to add; everything you just said I pretty strongly agree with.
Edit: Except for the roman-numeric zero. triggered
I'm with you there. I thought for some time that there must be a better way to indicate "the zeroth place" without using a numeral that doesn't belong with the rest of the system ('cause enumerating sections with Hindu-Arabic numerals starts lists, and it looks bad when there's more than one paragraph), but then conceded to the Arabic zero.
Apparently, there's "nulla" (Latin for "nothing"), and an English monk used N to indicate the number within the Roman numeral system, but that's apparently the only two cases for the value of zero there.
If you want to number your paragraphs without creating lists then you need to put a backslash before the dot:
1\. whatever. Backslashes tell the markdown parser to just use the character that follows it as actual content rather than as formatting, and the dot is the part that creates a list.The better solution is to create the list in the normal way and include multiple paragraphs in each list item by indenting the first line of each additional paragraph by four spaces. This tells the parser that the next paragraph is a continuation of the list item. Here's an example code:
And how it renders (block quote added for clarity):
https://commonmark.org/
Have you looked at those app's privacy policies? People seem to think they're "legalese nonsense", but they actually tell you exactly what data is collected and how it's used.
I'm surprised that this doesn't come up more often for privacy-centric people ("extremist" or otherwise).
Sure, but then comes up the problem of not being able to verify the things they wrote there. Have you never had issues where pre-processed food contained more things than is listed on the label? I have.
Having my hands on a couple of websites, I can tell you: those are the only ones I can reliably attest the privacy rating of to. One of them doesn't have user data collection at all – no Google Analytics, no other analytics, no cookies, no server-side user visit analysis. The other is the web front of a product and uses Google Analytics.
Out of those two, I can only reliably say "This one doesn't fingerprint you" about one.
Because it's my computer and I didn't send the information on purpose. I don't mind when a program builds a crash report and asks me if I want to send it to the developers. I do mind if my programs are sending out data on their own.
Are you okay with a toggle to give you control over it?
Absolutely, though it's pretty scummy to use dark patterns to make it difficult to disable. And then you have switches that don't actually do anything, like in windows. Great, I can choose between invasive surveillance and slightly less invasive surveillance (that routinely turns itself back on), and somehow microsoft expects me to "trust" them...
What do you think about Firefox telemetry? Do you leave that on? Are you happy with how they handle telemetry? (I'm assuming you use Firefox, if not, do you have any services where you're okay with the telemetry?)
I use both. Firefox on mobile because it's the only real option (no addons = broken browser). Chrome on desktop... mostly out of inertia tbh, I've been thinking about switching for ages but it's got a few really nice features and the annoyances are just minor enough not to push me away. Plus, I kinda feel like with google it's more of a deal with the devil than a straight up middle finger, and I'd be using a lot of google stuff anyways.
In general I turn off telemetry unless it's for an open-source app. I don't specifically seek out open source apps, but I do use a fair number of them since they tend to be better than the alternatives. Slide is the best reddit app I've ever used, Musicolet blows away every other music app I've tried, libreoffice is free and customizable, and so on. But if your app isn't open source then yeah, I'm going to assume telemetry = spying and just turn it off without wasting my time on research. I wish more apps would work like my OS, which gave me an unmissable giant popup window telling me it had telemetry on my first login, plus a one-click toggle to turn it off, and a way to quickly see what would be sent if I left it on.
So yeah. That's probably not the hard-line stance you were expecting. I think people who advocate for ditching google, amazon, etc are fighting a good fight, but that lifestyle isn't for me. I do draw an absolute hard line at the OS though. Apps can be replaced with minimal friction, but changing OSes is a big deal.
I would be, if I hadn't gotten worn down from years of programs somehow forgetting that I turned off the telemetry and now it is back on for some reason.
I'd do that if it was just me, but I am not interested in troubleshooting every time something gets inadvertantly blocked for my wife. It'd be too much of a pain in the ass. I just use very few apps instead, no Microsoft, no Google, no Amazon. I try and stay away from the big data gobblers. I do use Apple stuff but their telemetry is minimal (unless they're doing stuff that they aren't making public, but I've got to draw the paranoia line somewhere.)