Telemetry is wrong if it's happening without my informed consent. What data is being collected doesn't affect that. If you're collecting data about me, my machine, or my use of my machine without my informed consent, you are spying.
The purpose of spying is to gain advantage over e.g enemies. There is no good faith.
The purpose of telemetry is to collect some data about how my product is used in order to make it better.
Also telemetry is documented, so it is no secret, but it is just that users dont give a shit. Meanwhile spy tries to be undisclosed as long as possible.
And good faith and intent is not a sufficient guard.
Intent makes a difference, but it's not magic. It only makes a meaningful difference if it changes what data gets collected and stored. The data gets collected either way. Data breeches happen, and intent isn't stable (or even fully coherent in companies. You might trust them now, but you probably shouldn't trust them a few years down the line. Look at how different google of today acts than the google of 2000.
For the case in point, that data includes "The categories of websites you visit, but not the URL itself, Includes universal plug and play devices and devices that broadcast information to your computer on a local area network: for example, smart TV model and vendor information, and video streaming devices.", so far more than "data about how my product is used in order to make it better". That's some other purpose. We already have evident of bad intent. Bad faith is not at all uncommon with large companies. You do remember the sony rootkit[0], right?
And even with good intent it's easy to overcollect data, because of the fear of missing out on something useful. It really could be useful be useful to see if crashes correlate with other running software, various registry settings, etc, but collecting that absolutely should be considered way beyond the line. (That rootkit was packed with telemetry too, collecting e-mail addresses and listening habits)
Telemetry we _know about_ tends to be documented, however there's an unknown amount of sampling bias. Further, secrecy is not binary, things can be poorly disclosed. I'd argue they often are, with documents that are neither obviously visible nor transparent about what is collected. This is in no way surprising. Disclosure doesn't directly help any bottom line, it just guards against possible reputation and legal damage if it is discovered.
As you say, users mostly don't care. We live in an age of mass surveillance and have raised generations who think it normal.
> What if I collect data about the way you use my software?
That's collecting data about me, my machine, or my use of my machine. If you aren't getting people's informed consent before you do this, you're spying. If you have consent, then that's people sharing data with you and isn't spying.
> As a dev im using telemetry to provide better product for my users
Cool. I'm not saying you shouldn't. I'm just saying that you should ask first.
The purpose of spying is to gain advantage over e.g enemies. There is no good faith.
The purpose of telemetry is to collect some data about how my product is used in order to make it better.
Also telemetry is documented, so it is no secret, but it is just that users dont give a shit. Meanwhile spy tries to be undisclosed as long as possible.
We in the software industry have already burned that bridge. There's been so much abuse for so long that there can be no reasonable assumption of good faith. Trust now has to be proactively earned.
> Intention makes difference
I disagree. If some guy decided to follow you around and write down every place you go and when you go there, wouldn't you say he's spying on you? Even if he has no ill intent, you can clearly see him doing it, and he literally does nothing with the data he records?
"Spying" is when you're collecting personal data without consent. What that data specifically is and what purpose it's to be put to don't enter into it.
> Also telemetry is documented, so it is no secret
An activity doesn't have to be secret to be spying. And sometimes telemetry is documented, but certainly not always. And often, even when it is, that "documentation" is buried and is hard to find. But regardless, simply documenting a thing is not equivalent to getting consent for the thing.
Think of it this way... why is there so much resistance to getting consent to collect telemetry data? The most common answer I've seen to that question (from the pro-telemetry camp) is "because if we give people a choice, too many will decline to provide telemetry". Which means that they know that lots people don't want this data collected, but want it so badly that they don't care. How in the world is that not spying on people?
