Silent opt-out telemetry is harmful #462
Comments
|
I vote for disabling telemetry be default; yes, you can print a message on first start, but enabling unless the user explicitly changes config files is the wrong way to go. Yes, that may make the function useless - IMO it shouldn't be there at all! |
|
I'd like to reiterate a few points from #463 here:
For everything else, I defer to the OP :) Edit: To be even more clear, this will be a GDPR violation until it is made opt-in by default, as far as I understand the law. |
|
thanks for the great software but a bit mad at this being enabled by default. Care to explain the advantages of telemetry ? compared to bug reports let's say. |
I will mention it in README. Currently it has been mentioned in changelog and setting |
I inspected some other software at the time. The telemetry function of VSCode is turned on by default. I just confirmed that he only mentioned this in the "I have read and agreed" of the giant during installation, and there has been no runtime prompt since then. . |
This is an easy way to support immediate application of telemetry option changes without restarting the language service. I'm lazy, and I don't want to write so much code to support perfect timer management or pop up to notify users that they need to restart to take effect. |
I agree that's disingenious and par for the course for MS, but they do tell the user up front what they're doing, and that's still strictly better than just silently enabling things: If I read the TOS (I know, BIG if), and then decide I don't want to use the software because it phones home, I can do that. That's also why I suggested to put a notice right at the end of the installation routine :) |
But it also needlessly eats resources. Please just take the telemetry out again, and provide a simple way to provide data - like the |
The EULA does make a difference, legally -- and I would caution copying commercial projects with a big legal department that can handle any lawsuits arising from this. I need to repeat what @runiq mentioned: The way telemetry is implemented now is illegal in Europe (it violates the GDPR). While you of course can't be sued about it, it does make it illegal for me to use it in the context of my work.
No, it was because a firewall flagged suspicious activity. |
I can change it to a pop-up window to inform you of this during runtime, but I insist on enabling the telemetry function by default. |
|
I understand; that's why I didn't insist on removing telemetry or turning it off by default. It's the "silent" part I (and the GDPR) have problems with. And let me say that it's an excellent server and your support is really amazing! (Otherwise I wouldn't have bothered with opening an issue and just stopped using it.) |
The installation process is implemented by the client, and I cannot insert instructions. What I can do is to tell you this through a pop-up notification every time you start the service, until you choose not to remind. |
That is exactly what I am proposing: If the |
Although I am not willing to admit it, Lua is really not a mainstream programming language. At least in China, 80% of Lua users are game planners rather than programmers. They use lua to write data configurations, simple scripts, and damage calculation formulas. This means that they will not give any feedback when they encounter problems: "Github, what is that? How is it in plain English? Why do I have to register for an account to report problems?". |
You are right, meaningless cpu consumption is really not supposed to be. But please take a look at the issues, there are dozens of urgent issues that are more serious than this one. If you want, you can submit a PR to help me solve this problem, thank you. |
I am sorry that I only learned about GDPR for the first time today. Please help me to confirm whether the following practices are appropriate:
Telemetry related content includes:
|
|
I am not a lawyer, so this cannot be reliable advice. But by my understanding:
The telemetry-related content looks good to me, but I want to point out that the collected data (in particular, the error messages) may include confidential information (file names, variables?) unless you are sure that they only contain information about (I understand your pain -- privacy is hard since it requires balancing fundamentally opposed legitimate interests. There is no perfect solution here...) |
The error log only contains the stack of the language service itself, and does not contain user code. The only possible problem is that user name and other information may appear in the location of the language service file. I am considering modifying the |
|
Also, I would recommend looking how the Julia Language server handles this; see, e.g., https://github.com/julia-vscode/julia-vscode/wiki/Privacy-Policy There was a long and very heated debate about this when they started doing it... |
|
If there's a LOUD error message at startup that tells me to enable/disable telemetry or your langserver will refuse to work, I will breathe a sigh of relief, enable telemetry, and go on with my life. You're doing hard work here, no need for me to make it even harder. My only issue was with the GDPR thing and telemetry being enabled by default without it being mentioned anywhere—if that is kept, I am not legally allowed to use your langserver at my work. :( |
|
It was brought to my attention by the IT guy who manages our corporate firewall that the domain name used by this extension for telemetry triggered the child pornography filters. (moe-loli.love) |
Funny. But certainly not interesting, it is very easy to say that without proof and disclaiming any responsibility. As a reminder, a domain name does not make the content of it, and a domain name can be redeemed. If you have evidence, thank you for sending it to us. |
Im sorry to hear this. I use this domain name just for funny, as |
If I may add my opinion as the OP: I assumed that the name was chosen for fun and no harm intended, but the optics are indeed not good, at least in Europe/US. At best, it makes the project look much less serious than it is; at worst, it does trigger connotations that are now seen as at the very least distasteful. (Public opinion has changed since the 90s/2000s when this was just a harmless subculture meme. Just to be clear: I'm not saying you cannot use these terms ever; just that I would counsel against using them outside their "natural" fandom setting.) If you are tied to the |
|
Should be resolved. |
|
Thank you! I really appreciate that you took this seriously and worked so hard to resolve it quickly. I know privacy issues are annoying and much less interesting to deal with than new features. |
|
The policy of collecting personal data by IT giants Microsoft and Google has led to users will turn off any telemetry if they have the opportunity to do so. And nobody will read the Privacy policy at all. It is see, that as a result of the change in the opt-in policy, the users counter is decreased dramatically. If the setting In this case, there will be no GDPR violation and the user will have a trial period of 15 minutes to understand how an excellent this extension is, read more the privacy policy, and set Suggested changes in Private policy: The sections could arrange in the following order -- |
|
yikes |
太不容易了,这个项目做得是真的好,甚至不输主流ls。要是没有这个项目我真的不想用lua写nvim配置和插件。 |
|
I ended up here, because the server tried to connect to I don't want to do wild accusations, but based on your profile picture there is a good chance that I talk to the right person, or please cc the right person in regards of this. Personally, I don't care any orientations or fetishes so long nobody gets hurt. Some might argue when it comes to "moe" or "loli", I'm not here to argue, I literally don't care. What I do actually care is: Imagine trying to explain a system administrator these domain entries in their firewall logs. It's just unacceptable in a business environment. On top of that, I haven't enabled any telemetry, yet the language server tries to call home. I'm dissatisfied things like these popping up. That's highly unprofessional. EDIT: I do realize that things have been removed in the latest version and |
Lua-language-server has a telemetry function that is enabled by default.
While I understand that telemetry is useful and that making it opt-in will significantly limit that usefulness (because almost no-one will actively enable it), in times of increasing concern for privacy and data autonomy, this kind of silent telemetry (enabled by default without notification, no prominent mention in the README) will needlessly harm users' trust in the project. (To be clear, I'm not accusing you of bad faith here! I'm just describing how people react to such a feature in general.)
I therefore suggest the following: If the
telemetry.enableconfig key is not set (to eithertrueorfalse), lua-language server should print a message on startup sayingIn addition, it might be better to put the whole block https://github.com/sumneko/lua-language-server/blob/6ba92a465c2686fe421fc398251d45c5d4381061/script/service/telemetry.lua#L62-L87 behind a
if config.config.telemetry.enableguard so the timers aren't even run if the setting is not enabled.The text was updated successfully, but these errors were encountered: