Privacy-respecting defaults should be there so that you don't have to spend your whole day reading prompts and ToS looking for that one sentence that fucks you over.
Genuine curiosity question: Are all analytics a violation of privacy? If brew simply sent a message that said "brew was used" with no PII, would that matter? At what point is it an issue?
Honestly, my reaction to that would be "why the fuck is it doing that", possibly followed by a firewall rule or a comment in the source code and rebuild. I'm annoyed when an application connects to the Internet for reasons unrelated to the task it's performing for me.
That said, even a ping to the mothership is an identifying information - at minimum, it already contains your IP address. Whatever additional data may be added to that ping will likely also reveal details about the machine you're using.
Personally, I'm not a privacy nut; I mostly don't care - I leave plenty of information about myself around. But the thing is, I'm doing it voluntarily and as a primary function of some service. I don't like when applications exfiltrate data for reasons not related to their purpose.
