Tom RitterMar 5

I've been seeing a lot of comments online about how browser telemetry is just a way to spy on users and we never actually use it, and it provides no value.

We can debate whether you think someone (Firefox or otherwise) overcollects telemetry, or doesn't collect it in a privacy-preserving enough way. And you should be able to turn it all off, for any reason.

But it's been instrumental for me, personally, to ship multiple security improvements to Firefox - and I'm just one of hundreds of developers. I wrote up some more here: https://ritter.vg/blog-telemetry.html

telemetry helps. you still get to turn it off - ritter.vg

Tom Ritter's personal homepage, where he rambles about tech-related topics.

Show threadCassandrichMar 5

@tomrittervg It doesn't matter how useful you think it is. It's still unethical and wrong.

I could go through your examples of "Concrete wins from Firefox Telemetry" one by one and detail how each should and could have happened just as smoothly without telemetry, using normal, ethical means like paid QA, voluntary reporting by power-user early-adopters, etc.

But I think this misses the point. You don't get to decide that having telemetry on-by-default (even with an way to opt-out) is acceptable just because you think you think it produced immensely beneficial results.

Show threadWilliam D. JonesMar 5

@dalias @tomrittervg (What about telemetry off, opt-in? I have exactly one piece of software I wrote where telemetry would be useful. But I'd never make it on by default.

That being said, I found out very quickly that said software basically "only works on my machine", so I'd need to add lots of tracing and ask ppl to run it. I shouldn't have released it :'D...

https://github.com/cr1901/swmon)

GitHub - cr1901/swmon: Small command-line tool and GUI to switch monitor inputs from command line

Small command-line tool and GUI to switch monitor inputs from command line - cr1901/swmon

GitHub
Show threadCassandrichMar 5
@cr1901 @tomrittervg Off-by-default, opt-in is maybe ethically okay, but I still don't like it, because nobody really understands enough to evaluate turning it on, the scope of information that might be included. As a programmer, I don't even want people's core dumps. I don't want the risk of seeing something I wasn't supposed to see, or even that contains something illegal.
Show threadWilliam D. Jones

@dalias @tomrittervg I guess when I go and work on this again, I'll send out a request for ppl to try it on their machines and send me the log output.

I don't want to collect more than I have to, but I'd at least need to know the monitors attached to your machine, and which cable.

... Isn't VESA/DDC supposed to avoid me having to know this shit?

Mar 5 at 11:01pmWeb