T-E-L-E-M-E-T-R-Y! What does that spell? EVIL!!! Hey guys, it’s that guy who can’t talk about the news on time! Corporations are all collecting data about you, most of the time covertly! Time to grab those tinfoil hats because it’s time to raise our pitchforks and get ready to rumble! But hang on, before you go light your torches, I want to take a step back and view real world telemetry for what it is. We’re going to be diving into privacy policies, source code, and how telemetry can affect your privacy and if it can be done ethically.
Case 1: Windows 10
Windows telemetry can’t be turned off and you only get 2 options: Full and Basic. No matter which version of Windows you use, the GUI won’t give you a way to deal with this. You can use Group Policy Editor of course, but in order for you to get access to the real Group Policy Editor, you need Windows 11 Pro or higher and pay through the nose to get.
Telemetry collected in both cases appears to be useful, but it’s ruined by the ethical quandary. Users are never given the proper means to consent except that big Terms of Service box when they bought their Mac or PC and clicked “I Agree.” Arguably, Windows’s telemetry is worse because Windows’s team continues to smear their name by ripping out existing features and the overreliance on siphoning user information. All of this compounded by the fact that Microsoft sells off your information to advertisers in their Bing network and has been doing so since the Sinofsky era of Windows.
But wait! Even if you use Windows Pro, you still can’t turn off the telemetry! The only way to avoid it is to:
- get a Windows Education/Enterprise license
- In order to get the license, you need to contact a Microsoft sales rep and give Microsoft business-relevant/mostly accurate information.
- Then you need to pay for volume licensing or a subscription fee for its activation, which also might involve hosting a Azure AD server.
- Then you can turn off the telemetry.
- Screw Microsoft and just use anything else except ChromeOS.
Case 2: Opting Out & VS Code
But let’s say a program that lets you turn off the telemetry, what do you do? You could of course trust them, but we need operate with “distrust, but verify.” Let’s take one of my favorite examples: VS Code. If I haven’t already, I hope I’ve drilled into your skull that Microsoft is one of the most evil and privacy invasive companies on the planet, so because Microsoft is evil, that must mean VS Code is evil!
Indeed, at a glance when you review the documentation for VS Code, VS Code is subject to Microsoft’s privacy policy, the same legalese privacy policy that allows Microsoft to market off your information. But there’s a few important differences between VS Code and Windows: VS Code includes a toggle for users to turn off telemetry collection. Unlike Windows, this toggle fully disables VS Code’s telemetry.
There’s no way you could know that…
Now, the keen-eyed keyboard warriors are going to pounce on this and say “Aha! But there’s no way you can actually know that!” But there is, dear commenter, and it’s the GitHub page, you know, where they publish most of the source code, including the code for the telemetry bits! “But the backend for VS Code’s extensions are proprietary!” If you don’t want VS Code to track your extensions, simple, don’t use VS Code. You can go crawl over to VS Codium, but it isn’t going to change Microsoft gets to monitor the VS Code Marketplace and all the silly AI extensions you install.
The other reason VS Code wouldn’t help is also obvious: you don’t trust the telemetry being turned off when you uncheck the box? Consider that VS Code is the IDE of choice for developers, some of whom have to be savvy enough to read the source code, and would type an angry message on Twitter and Mastodon that VS Code was spying on everyone even if the box was unchecked? Come on, use your noggin. Who knew that if you used an online service, you have to trust they won’t do anything bad?
Case 3: The Preceding Reputation
Let’s talk about the most spicy one: Ubuntu. Ubuntu has garnered a long history of being called spyware by the famous Richard Stallman (sucking his toe) and the Electronic Frontier Foundation because of the Amazon search integration into their operating system. However, Ubuntu suffers from not what they are actually doing, but they dragged their reputation was dragged through the mud for years. Ubuntu removed the Amazon searching, but continued to include an Amazon icon that would redirect people with a referral link, just like if you were to visit the description of my video and click on a link. The problem is because the Amazon incident with search queries, people held that against them.
This reputation also may have further damaged another part of Ubuntu, the introduction of operating system telemetry in Ubuntu 18.04. Now we get into the realm of what telemetry is harmful and what’s benign. Canonical’s developers have always been open about what information about what will be collected. In practice, Canonical collecting this telemetry is purely to improve Ubuntu and some fairly common settings that can’t really be used to identify people as it’s largely impersonal.
When poor Will Cooke announced this on the mailing list, people piled in complain online and how Ubuntu was continuing down a dark path, even though the data is pretty harmless. Why? Because Ubuntu 18.04 continued to package the Amazon icon and the baggage of the Amazon incident. Even though it’s pretty clear how to disable it by unchecking a box. Once again, because Ubuntu is open-source, we can verify unchecking the box does as it claims.
Playing Devil’s Advocate
But let’s wrap this up. I spoke in an entire video defending telemetry and trying to understand it, but what about the normal person? What about someone who wants to protect their privacy? If you want to help the developer and you feel that you are helping them by providing telemetry, then by all means provide them that data; it’s your prerogative.
On the other hand, you are an extremist when it comes to privacy. We’ve seen studies about how easily information can be deanonymized and it helps that the information is impersonal, but I want all the help I can get and that includes turning it all off.
And by the way, if you need to resort to using Little Snitch or Portmaster to clam up telemetry if you’re given no opt-out, maybe you should consider using something else.