Clicking through to the repo behind I see this in the README:
Data/Telemetry
This project collects usage data and sends
it to Microsoft to help improve our products
and services. See the privacy statement for
more details.
For more information on telemetry implementation
see the developer guide.
This has been probably my biggest peeve with C#/.NET so far. I actually like the language(s) and the ecosystem but why does everything from Microsoft need to contain telemetry? Like, Visual Studio okay, it's a fairly large application and architecting it might need some intel on how people use it (even though I believe you can do without but I'm not an expert). But the dotnet SDK? That's just a punch in the gut, especially to developers who oughta be more enlightened on tracking/privacy concerns than average users.
And I know you can opt out but I've done that and still seen dotnet make network requests on runs. Maybe it's essential for the functionality but I'm having a hard time trusting a company that puts telemetry in their SDK.
Which opens the question: Who else is doing this? I know JetBrains has some telemetry in their IDEs (although like I said IDEs are more justified I think and I haven't tested their opt-out). choosenim also recently asked me if I wanted to report anonymous usage data. What about npm? The Rust stuff? How much hidden telemetry is there inside developer tooling and what can we do against it?
It would be neat if there was some sort of database for this. Kinda like what Exodus Privacy[1] is doing for Android apps.
I'm not aware of any low-level devtools having any kind of telemetry. Rustup, cargo and rustc don't have any telemetry. Rustup used to have some ages ago, but it was removed.
Similarly, NodeJS/NPM, LLVM (clang, lldb), GNU (gcc, ld, gdb, glibc), Java (OpenJDK), etc... none of them have any telemetry as far as I know. If they do have some, google isn't being helpful at finding out about it.
Honestly, I'm really getting tired of this peeve that everyone seems to have. Every site is practically tracking everything. Emails are not private. Every damn mobile app is trying to access all it can. COVID-19 isn't doing any favors either.
And when someone creates an open source product with this clause in the README right up front along with the option to opt-out, people get peeved about it?
I can understand if the norm is to NOT collect data. But since the world doesn't seem to work that way, despite what some techies would want (since all this tracking has been created by techies anyway), I think it's time to grow up and face the real world for what it is - avoid where we can, adapt in our own ways where we cannot. And try and not get peeved.
I'm fairly certain that a lot (if not most) regular tracking can be avoided today. Sure, you can never know for certain what exactly you are leaking and what not and total anonymity is pretty much impossible. But I dare say, most tracking is probably low-effort and can be circumvented (especially if you are technically inclined). So your picture of the world may be your reality but certainly not everyone's.
But apart from that, even if the world was really on fire in terms of privacy, it would still not be an excuse to shrug everything off and "give up already". You wouldn't sign off your rights and shut up just because everyone else does, right?
I agree, harassing developers for including telemetry in their programs is absolutely disgusting and not the right way to push privacy. And usually the best response to terms you don't like is to just not agree to them and not use the app.
But in this case, I think it's a bit far-fetched: The dotnet SDK (for instance) is not overly complex (as in: the CLI; crash reports are a different topic), has a nice public GitHub repo and is only used by developers who, if they don't like something, probably know how to file an issue on said GitHub repo. So why does it need telemetry? I don't know what's going on in the dotnet team and maybe there's a good reason behind this choice but from my POV it just seems like it's unnecessarily shutting people who disagree with it out of .NET. And I think this is kind of an injustice to .NET as well (since - and I can not stress this enough - it is really good!)
Alright, </rant>. I'm not angry but "popular apps" (let's just call it that) have largely become a minefield for me, so I just avoid most of them. It's kinda sad that developer tooling is now also shifting in that direction.
The norm isn't to collect data when it comes to development tools. In fact, Microsoft is very unique here. As I said in another comment, they're the only SDK in widespread use that has telemetry that deeply ingrained.
And I know you can opt out but I've done that and still seen dotnet make network requests on runs. Maybe it's essential for the functionality but I'm having a hard time trusting a company that puts telemetry in their SDK.
Which opens the question: Who else is doing this? I know JetBrains has some telemetry in their IDEs (although like I said IDEs are more justified I think and I haven't tested their opt-out). choosenim also recently asked me if I wanted to report anonymous usage data. What about npm? The Rust stuff? How much hidden telemetry is there inside developer tooling and what can we do against it?
It would be neat if there was some sort of database for this. Kinda like what Exodus Privacy[1] is doing for Android apps.
[1] https://reports.exodus-privacy.eu.org/en/