-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please include ability to opt out of telemetry and clear documentation on how to opt out #179
Comments
Howdy, thanks for updating a note - I'm sorry though - I asked for how to opt out of telemetry entirely. Surely there is a way. If not, you will want to add it. Please reopen this issue. |
Hi, As I mentioned in the pull request for the readme update, diagnostic data collection (telemetry) is not enabled for private builds of this project and is enabled only on the release builds (https://github.com/microsoft/winget-cli/releases) and the app installed via Microsoft store. This data collection is covered by windows 10 privacy, You can find the windows 10 privacy statement and details of controlling the diagnostic and feedback settings here -https://support.microsoft.com/en-us/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy |
It's not possible to let MS give you the option to opt-out of telemetry in their releases and that's why VS Codium comes out. This is not good. |
Um no, you need to allow opting out of telemetry. That's not being a good citizen. |
Even if it's a global registry key that people need to explicitly set to opt-out of telemetry, the option needs to be there. |
that's a shame. I hope MS will reconsider. |
I guess this is the new "open source": release the code in the open, but package it behind closed doors and release a binary with tracking added. |
@mapill-msft you haven't actually responded to the question being asked. 2 things should happen here:
As long as what telemetry is logged is clear, I most probably won't mind (like with VS Code for example, where I'm happy to share what they collect if it helps) - but it must be clear, and it must be possible to opt-out at a minimum. |
@akatechis, this is not the "new open source". That's how open source is. Freedom for large corporations and the same prison for users |
Why do you feel your users aren't entitled to privacy? |
You say "the release build is covered by Windows 10 privacy", but Windows 10 does not permit Home or Pro users to opt-out of telemetry. Only Enterprise and Education licenses are permitted to do this.
|
This is definitively not GDPR conformant. |
Windows 10 telemetry overall is probably not GDPR compliant. It's being investigated now by Dutch and Irish data protection agencies. The MS dev noted winget is treated as part of Windows 10, which makes sense to me. |
Probably not CCPA compliant as well. |
It's not as if compliance with regulations has stopped microsoft before, but they can stop it now by cutting away the default boilerplate "same telemetry options as w10" statement in their open-source projects, and instead providing isolated telemetry/privacy outlines, to make their later work reversing the bulk of it across their entire gallery much easier. Better start now than being required to finish tomorrow. |
@mapill-msft it's obvious there's much interest for this subject, can this issue be opened? If not, please assign/suggest/create a new issue where this topic can be discussed and voted on. |
(pinging @JohnMcPMS as well for this same question) |
You can't submarine consent to telemetry using an app or an update when the terms of the GDPR are applied. Here's why: Using a Microsoft account to login to Windows 10 means that the product (and Microsoft) has access to personally identifiable information about the user. Anonymous information collection is something that this particular case cannot claim to be due to the fact that the login account is an identity. An identity Microsoft already has a copy of. The same identity which is used to identify the user when they login via their Microsoft account. This means that the data is explicitly not anonymous. If the user has agreed to the EULA for Windows 10 (and therefore agreed to telemetry at that particular point in time) the agreement concerns the software at that particular point in time and only Windows 10. It does not cover an application installed at a later date. Nor does it cover a software app store or an app installed from said store. This is particularly applicable to software which is not required to run the operating system. The EULA covers only the core of the operating system (which was installed onto the machine at the time the EULA was agree to.) And only that. This means that an update or an app cannot be installed into a personally identifiable user's account that enables data collection without them first explicitly agreeing to it. Doing so is a dark pattern referred to as 'submarine-ing consent.' Aside from this, telemetry in Windows 10 must also be opt out by default in compliance with the GDPR due to the fact that a logged in Microsoft account holds personally identifiable information. The EULA is a contract between the individual and Microsoft. It is only enforceable against the individual if Microsoft knows their identity. Be careful too. A person agreeing to a long and obfuscated EULA is no agreement between the two parties to waiver the default opt out. The GDPR also covers this too.
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm
https://privacy.microsoft.com/en-gb/privacystatement Is illegal under GDPR because:
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm personally identifiable information collection must not be opt in by default. |
I think you mean personally ID information must not be optED-in by default. In American English, "opt-in" implies it's opted-out by default, which is of course a good thing. Otherwise, completely agreed, Windows 10 telemetry does not meet the GDPR. I'm sure MS is negotiating with the EU about it as we speak. |
What's stopping folks from spinning off a fork without telemetry? |
Nothing, that's what VS Codium did with VS Code. It shouldn't need to come to that though - just be clear and allow an opt-out! |
My stance (and why I feel so strongly about this): I believe that no one has a right to your data. It's not just a respect thing, it goes deeper than that. You may also realize that I am the creator of Chocolatey - the Chocolatey client side tools have never (and will never) collect telemetry or any data, because we respect our consumer's right to privacy. It's not our information to collect, and what people do with the tools is their business alone. In being fully transparent, if you happen to use the community repository (https://chocolatey.org/packages) to install packages with choco, the repository (server side) does need to collect IP addresses and some request information. This is done for download statistics for packages and identifying abuses of the service. This is noted in https://chocolatey.org/privacy#what-information-do-we-collect (see automatic collection). When folks are using Chocolatey internally or within an organization where they never touch the community repository, there is zero collection of telemetry. Zero call home. Zero. Again, it's not our right to collect it, and having the data to understand how you use the tool to make it better is not a good enough reason. There are other ways to get that information - like I don't know, maybe asking folks how they use the product and how it can be better. That's what we've been doing for over nine years and it's been working pretty well so far. My hope is that the team working on WinGet takes the same stance here. |
@ferventcoder My respects to you, you are representing the essence of oss here and I will, as long as I can, keep using choco as long as possible. Even though Microsoft tries and tries to be the cool kid, claiming they love linux and they respect users privacy and blah blah blah... old habbits never die. Same corporate behemoth as always, just with little better PR. |
More of the same from MS. "On the wrong side of open source" still has a long ways to go. |
Per https://support.microsoft.com/en-us/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy, the basic setting is focused around making sure updates install correctly and has a limited, pre-defined list of events it sends (https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields). Given winget is just a package installer, I don't see it being classified as required data. So yes, if winget is indeed tied to system setting as has been stated, having your telemetry set to 'Basic' should already be an opt-out. The reaction in this thread seems a little over the top given the nature of the tool itself. Microsoft already knows what applications you have installed via basic telemetry and can see download stats on the windows store. Realistically there's not a lot of additional insights to be gained here outside of error reporting and basic usage stats (both of which the OS is effectively already providing based on the telemetry setting). |
Hmmm... let's check the progress board for MS and FOSS. Couldn't smother it in the crib so it needs 3E approach. |
Someone doesn't seem to understand GDPR at all. |
The post you're quoting explicitly addressed anonymity. Perhaps you should read the whole post before responding to it? |
Thank you for the reply, could you thus maybe open this issue till the underlying issue is resolved? Just to signal that this is being worked on seriously, I think most of us here feel like the closed status of this issue is signifying a "swept under the rug" attitude towards this issue, so lifting it would help a lot. |
It's a little more nuanced than that. It can be argued (and is being in cases like those against Microsoft) that assigning a static identifier is not anonymous, merely *pseudo-anonymous. The page you actually linked to explains some of this, so the snark in your comment was completely unwarranted. |
Well aware of the pseudo anonymous vs true anonymous telemetry. My snark was towards people screaming GDPR left and right without understanding it, hence why linked an explanation about anon usage. |
@denelon |
For refreshment and mediation, i'll restate a 2 big demands which i've seen in this thread so far: 1: Complete opt-out out of telemetry. I think talking around these topics, looking to the future, and taking initiative to make sure the community's demands are met, would be a good way to move ahead. Edit: Whoops, I just saw it says it right there in the (new) title, but I think a reiteration to get the conversation back on track would be helpful anyways, so i'll leave this comment. |
For the record, this is how Homebrew (the sort-of de facto package manager for macOS) handles telemetry and opting out: https://github.com/Homebrew/brew/blob/master/docs/Analytics.md I agree that Microsoft should give users the clear option to opt out of any and all telemetry, lest they hurt their goodwill with a sizeable portion of the audience. |
We have reopened the issue to discuss additional options for opt-out. The current client does respect machine wide privacy settings and that users can opt-out on their device. In short, to opt-out: Start -> Settings -> Privacy -> Diagnostics & feedback. |
@Kolokd If you do not want to use microsoft's products, then simply don't, i'm here to try to find out if i can make upcoming microsoft products better, trying to bring that down is counterproductive and a self-fulfilling prophecy, break the cycle. |
And I thought I disliked Microsoft |
Sorry but GDPR states that every user has the right to opt-out? |
All, I'm looking through the rest of the Issues. I haven't caught fully up yet. I'd like to propose a new Issue for an explicit "Opt-Out of Telemetry" feature build directly into the client if that hasn't already been created. |
Opt-Out of Telemetry #279 |
From the PR, winget sends no telemetry when Diagnostics & Feedback is set to Basic. If so that is sufficient for me personally. Thanks for the clarification. |
Well, you can always just download the source code (MIT License), comment out anything you don't liike, and compile it yourself! That's the real power of FOSS. Right? :) |
0b4771e2 Merge branch 'domire8-fix/yaml-cpp-adapter' afc92d54 Change isString to IsString 5d7a6c5c Fix isString() method in yaml_cpp_adapter 9de00d75 Bump minimum cmake version to 3.5.1 d52d2dd0 Use string instead string_view 373576a3 Process each invalid example separately in picojson_format_test 0b7efb37 Make subschema constraint validation clearer 0530af07 Improve PicoJSON format test example cd9258c2 Add picojson example 138c3785 Tweak behaviour of format constraint validation 92b9514b Revert "fail with the first unmet constraint to avoid running into type mismatches" aee67d58 fail with the first unmet constraint to avoid running into type mismatches f716227d check the type constraint first because others might rely on it f1902801 Merge pull request microsoft#179 from DavidKorczynski/cifuzz-int 3c63c49d Add CIFuzz Github Action 4d857316 Revert "Bump nlohmann-json submodule" 8065a5ac Bump nlohmann-json submodule 5dcec3ef Merge pull request microsoft#177 from taichi-dev/master 94ca772c [Build] Make it work on Linux (#1) 780bf067 Rework adapter to build on VS 2022 with latest JSON for modern C++ f7399c1a Merge pull request microsoft#175 from cbrumgard/master 9e5b479b Fixed validation_visitor to work with adaptors that only support the forward_iterator_tag for array value iterators. 2acde8ec Merge pull request microsoft#172 from silvergasp/ci e339c2c2 Adds Github Actions configuration for CI 65ba76e4 Merge pull request microsoft#169 from AustinHaigh-Hach/fix-typos f1ff3518 fix typos in preprocessor macros 78ac8a73 Correct token replacement issue c4355eaa Simplify implementation of YamlCppObject::find() 375eaae0 Tidy up doc-comments db8daacc Add std::nothrow when using operator new e895d035 Attempt to fix oss-fuzz build d9c9d2eb Revert nlohmann-json module to 3.1.2 8d04b757 Fix whitespace in .gitmodules 2642dd4e Bump rapidjson submodule to 06d58b9 74bd2a99 Switch to using submodule for JSON-Schema-Test-Suite 2fe3c829 Switch to using submodule for googletest b63a08f3 Switch to using submodule for json11 444bc02d Switch to using submodule for jsoncpp ac122d9e Switch to using submodule for yaml-cpp fb995ceb Switch to using submodule for nlohmann-json 582fd0fc Switch to using submodule for rapidjson 008c7ca4 Update readme 2cef1a65 Switch to submodule for picojson c0ce4cde Correct typo in license d397ac60 Include <limits> header in custom_allocator.hpp 94d3bfd3 Fix format regex escape sequences 25dcdb1c Merge pull request microsoft#160 from jrave/time-format-fields dee2fa64 Support for time related format fields 5f49d77b Basic structure for format constraint a6a4fbb5 Remove redundant call to baseline 0de61e0c Tidy up readme 1ff36254 Add script to bundle library into a single header 21322b2d Move Adapter and BasicAdapter classes to internal 23724b97 Merge pull request microsoft#159 from jackorobot/fix_poco_get_integer 72afeb1f Fixed PocoJsonValue::getInteger being limited to 32-bit integers 4d603df4 Update Authors file 0e3f48c8 Remove vendored copy of urdl 9e7dbd84 Remove outdated Xcode project files 2f6760f6 Merge pull request microsoft#154 from psigen/yaml-cpp-support f4bbf4e0 Remove non-critical yaml-cpp files from PR. b685584e Add optimization for find implementation. c688aa3b Add a unit test for object member access. 76c9f40c Added simple loading utility. 66424a11 Added a column limit to the file. f03461bb Fixed issue with YAML::Node reference usage. 7f23f369 Fix unit tests to match property tree. 698936ae Added missing dep for YAML-cpp. 328db2f6 Initial pass at yaml-cpp support. 34f75118 Add note about GCC versions to readme 5ca87a61 Remove very obsolete valgrind suppressions file 27d30658 Update vendored jsoncpp to version 1.9.5 c2822576 Update CMakeLists to use add_compile_definitions f9701392 Remove unnecessary indentation from code snippets in readme 7d4ea908 Add boost::json example and delete problematic constructors d34f78b4 Improve error messaging when parsing schemas and documents dd32f66d Build tests for fuzzing 8b5f253c Tweak readme formatting a2e39586 Remove Travis CI config 3940b361 Mention web-based demo in readme f5f979b0 Mention boost compiler warnings in README 80afdef5 Merge pull request microsoft#150 from jonpetri/jonpetri/cmake-improvements 4622b958 Set valijson_BUILD_TESTS OFF by default in cmake 50010fd9 Make VALIJSON_USE_EXCEPTIONS interface definition c5dac2bc Install cmake export file c7d5f2cb Remove valijson_INSTALL_HEADERS from cmake build bfb5860c Fix fuzzer build 7b865438 Merge pull request microsoft#147 from keith-bennett-airmap/keith/shellcheck 1f25558c make shellcheck clean 3c185cb8 Merge pull request microsoft#145 from mporsch/smart-pointer-memory-management 828fc876 use implicit conversion of unique_ptr<T, DeleterA> to unique_ptr<const T, DeleterB> cf841e10 use unique_ptr for memory management in constraints and subschema 4a99dd79 Add missing include 75ada05c Use strong types in external_schema example, and update README 26f3a847 Less const-ness 3eaf1bb9 Add note about VALIJSON_USE_EXCEPTIONS to the README 4990e352 Update inspector to enable and handle exceptions af071f01 Update inspector build to work with Qt6 7b6d22f1 Update CMakeLists.txt to check for boost/json.hpp before building tests 5da89730 Merge pull request microsoft#139 from YangJiao1996/master 0f0cc2bc Always apply callback function when validating schema 9a2ebbde Merge pull request microsoft#137 from veselypeta/readme-cmake e5530feb update README add with cmake git-subtree-dir: src/Valijson/valijson git-subtree-split: 0b4771e273a065d437814baf426bcfcafec0f434
Description of the new feature/enhancement
The readme mentions you collect telemetry, but it doesn't include information on how to opt out. Opting out is critical, and understanding how should be provided.
I might have missed where this is shown, but I'm not sure I see it.
The text was updated successfully, but these errors were encountered: