
Pkg.jl telemetry should be opt-in - open-source-ux
https://discourse.julialang.org/t/pkg-jl-telemetry-should-be-opt-in/42209
======
musicale
If you're doing something that could be considered a violation of user
privacy, like phoning home to a telemetry service, it should not be opt-out.
Probably it shouldn't exist at all. Not everything has to have "telemetry"
baked into it.

~~~
raxxorrax
The matter of course to include telemetry eludes me. I think this criticism is
correct and should even be expanded. I never looked into Julia, only R a bit
and they have mutual interfaces. These discussion don't sell me the language
at all.

------
sc11
For context, this is the official page explaining what data is collected:
[https://julialang.org/legal/data/](https://julialang.org/legal/data/) (the
link is a bit hard to find between all the other links in the Discourse
thread)

~~~
open-source-ux
The data collection page is well-written and clearly explained. However, I
still dislike like the idea of enabling 'anonymous telemetry' by default.

The problem of growing a programming language is one shared by many programing
languages. Languages like Nim or Crystal have arguably even smaller
programming communities than Julia. These other languages have not decided to
pursue the option of telemetry to track usage (at least, not yet).

There are other ways of measuring the adoption or popularity of a language:
libraries, courses, books, tutorials - they are not neccesarily accurate, but
they give some insight.

Anyway, if this telemetry feature goes ahead, I think the clearest way to do
it is as follows:

\- When installing a package, the user is informed that anonymous data will be
sent to Julia's servers. Make it clear this data transmission is optional.

\- There is a link to the data collection/privacy page

\- There should be a clear link for users to see all the data from their
computer that will be transmitted before it is sent.

\- Users can accept or decline the transmission of data.

\- Users can choose to bypass telemetry consent for future packages

\- Somewhere in the process above, there should be clear instructions (or a
link) telling users how they can switch on and off telemetry at anytime.

This sounds like a lot. But at least by being clear and upfront, users can
make an informed decision.

I realise it might seem churlish to complain about data collection when
developers use tools and services that track their usage on a daily basis e.g.
Visual Code by Microsoft or Google's vast (non-anonymous) services. But why
stoop to their level?

------
gpm
Am I mistaken in thinking that this is a blatant violation of the gdpr and
that distributing Julia to anyone in the EU is now illegal?

~~~
ninjin
Not according to Karpinski [1], that is a core developer.

[1]: [https://discourse.julialang.org/t/pkg-jl-telemetry-should-
be...](https://discourse.julialang.org/t/pkg-jl-telemetry-should-be-opt-
in/42209/28)

~~~
gpm
Interesting... I'm sure that lawyer knows more about this than I do so I
wonder what part of it I misunderstoood...

------
boromi
Opting out should be straight forward.

~~~
ihumanable
It is pretty simple to do and well documented. There's also a fair bit of
control for the user to either completely opt-out, just opt-out of sending
some data.

[https://julialang.org/legal/data/#opting_out](https://julialang.org/legal/data/#opting_out)

Has all the details.

~~~
boromi
I think it should be simpler than that, personally. Like the first message
after or before installing Julia.

As it stands, I wouldn't have any idea upon first usage that that's how I'm
supposed to turn it off.

~~~
ninjin
It looks like `mkdir -p ~/.julia/servers && echo 'telemetry = false' >
~/.julia/servers/telemetry.toml` will do it unless you have messed with
`JULIA_HOME`. Still, the documentation [1] makes it clear that there is no way
that I would call “easy”.

[1]:
[https://julialang.org/legal/data/#opting_out](https://julialang.org/legal/data/#opting_out)

As someone that has been a Julia user for more than half a decade and a part
of the community I feel very uneasy about now having to opt out of this
feature each time I install anything above v1.4. Not to mention that I feel
that I morally would have to notify other users when I recommend Julia to
them. Performing privacy workarounds for FOSS is a rarity and I would be sad
if we shift towards it becoming the norm, despite seeing that it can have
upsides to the community itself.

~~~
chrispeel
> As someone that has been a Julia user for more than half a decade and a part
> of the community I feel very uneasy about now having to opt out of this
> feature each time I install anything above v1.4.

I'd certainly appreciate it if you repeated this in the discourse thread

~~~
ninjin
Here is my attempt [1]. I find it incredibly difficult to motivate rationally
and constructively the way I feel though. At times wondering if I am best
ignored for the good of the community overall. What you are reading is my
third attempt at a response is that thread. The first one ended up being some
sort of long-winded mixture of a philosophical/technical monologue, the second
one a simple statement of “I disagree, but I can not articulate why”, the last
attempt is what you read and I think I finally have arrived at the core of the
issue for me which is consent. Is there any good write up anywhere on this? I
feel like I just joined the FOSS camp about 20 years ago and that this has
shielded me from ever having to lay out exactly why I want a future with more
and more anonymity on all fronts.

[1]: [https://discourse.julialang.org/t/pkg-jl-telemetry-should-
be...](https://discourse.julialang.org/t/pkg-jl-telemetry-should-be-opt-
in/42209/63)

~~~
chrispeel
Thanks!! Yes, I do think that consent is at the core of it for me as well. I
wasn't nearly as articulate and self-deprecating as you were :-)

It seems to me that the counts for Julia and for packages can be gamed by
doing Sybil attacks, so to me it both feels morally wrong, and that it won't
work well.

thanks again

~~~
ninjin
You are welcome and thank you for raising this to my attention as I sadly do
not have the time to be as involved as I once was.

Since we are currently Julians is a wider forum I would also like to advise
non-Julians and Julians alike against kneejerking along the lines of: “They
are coming to take our freedom!”. As opposed as I am to this specific feature,
one would do well to read the technical background [1,2] as there are plenty
of points in there that I gladly support as moves towards a world with more
privacy and platform diversity than the current one – it also makes for
interesting technical reading at that. Those behind this are not horned demons
and do have the community in mind even if we seemingly disagree on the matter
of consent.

[1]:
[https://github.com/JuliaLang/Pkg.jl/issues/1377](https://github.com/JuliaLang/Pkg.jl/issues/1377)

[2]:
[https://github.com/JuliaLang/Pkg.jl/pull/1544](https://github.com/JuliaLang/Pkg.jl/pull/1544)

