@scottjenson Let’s say that we come up with a set of “events” for which we know they don’t need anything that can be used to identify a user or their system. Let’s say I procure that software from a Repo of my choice who’s policy it is to only distribute software leveraging said events for telemetry and we solve the IP address issue with sth like OHTTP we would be able to extend the trust people put into their Repo/distribution provider onto the collection of the metrics.

The repo would compile or configure their public OHTTP gateway as target into the applications they distribute and the source IP leakage is addressed. For non-repo based distribution the trust relationship is already different and maybe the software using the “events” takes a user configurable gateway from the system.

In the end it all comes down to: What’s there to make me believe product x uses telemetry in a privacy preserving way? Just the word of the creator, a party I already trust to deliver me safe software… or do I have the means to prevent (potentially) non-privacy preserving telemetry completely.

@scottjenson with the parameters that were given I was trying to find examples of tools I had used before and somehow all of them fit to what I wrote. Especially the sign-up/account process led to it. If I’d ignore that and look at just telemetry for local installable FOSS I can say from experience that the definition of “no personal data is transmitted” was often just incorrect and proven wrong by looking at the data.

Taking a step back and looking at what I would be able to add to my software and consider “simpel” (to implement) and transparent is presenting the data before explicitly letting the user decide to submit. That is ofc not a very easy approach for the end-user who would need to be able to make sense out of the data so they can judge if it’s appropriate for them.

I think it’s incredibly hard for local software to transmit any data out of the system while being transparent and trustworthy without being explicit. Even reaching out to external systems when it’s not necessary for a user action is something I’d consider a violation of trust.

@scottjenson If it runs on my machine and requires me to set-up an account with an external party doesn’t the whole construct is more a service than a tool? And then we have contract/business relationship in play as well with an arbitrarily vague privacy policy. And when we’re there it feels not far off to having trust issues with telemetry in general.

I’m struggling to find examples of FOSS tools with account setups that are not service connected. So my thoughts might go a totally wrong direction