Outrageous? And "Send Error Report" wasn't? And other security software vendors sending file hashes isn't?

Please, explain why this in particular is so bad. It's tracking in a sense, but they are not going to use it to violate privacy.