Collecting any data without request is unacceptable, and unlawful.
In fact, it might violate more than a dozen of laws in the EU.
This is a general matter of principle. You do not get to access anything that is mine without approval.
If no one opts in, that's your problem, and you need to rethink your business model - and not break into users systems and steal their data. This is malware.
I'll agree with you if you explain this: Why is it ok for a website to do it, but not ok for an editor plugin to do it? Just because the content is streamed from a server? That's a rather convenient distinction.
I don't endorse Kite's behavior, but our reaction here is so far over the top that it seems like normal onlookers will start to take us less seriously. We're talking about violations of law and data theft over answering the question "Which language are you editing today?"
Zero tolerance is a rejection of "Let the punishment fit the crime."
It's not okay for websites doing this, and any website doing this from May 2018 on will end up fined hundredthousands of dollars every time they do this.
The European General Data Protection Regulation [1] is coming, and everyone that doesn't comply with it will have more than just a little problem.
No site or program is allowed to track or store anything about me, to transmit anything to a third party, or to even connect to a third party without my explicit authorization, and I have to be able to opt out of it all, and still be able to use it.
This is a simple moral principle of consent. You don't get to access anything that is mine without my explicit consent.
I don't know anything about the regulation and just skimmed the Wikipedia article for a minute, but isn't this regulation unenforceable in practice? If I have a website, how am I supposed to know if a visitor is a citizen of the EU? If my company operates outside of the EU, the EU has no jurisdiction.
I work for an email software company based in the US, but we are required to take GDPR very seriously. Large swaths of how our application stores and handles data has to be rewritten, because if a single one of our clients' emails is sent to a citizen of the EU, and we are not compliant with the new rules, we and our client are legally liable.
How that pertains to a normal website on the internet, I am not sure.
*Edit: At least this is my understanding and my company is already making development plans on how to comply with the new law.
This is an interesting thing, but, in response to the US applying their laws supraterritorially[1], the EU has decided that the EU GDPR will apply supraterritorial (aka, everywhere, globally, as soon as an EU citizen could be affected).
So, if you're outside the EU, and you violate it, you might suddenly experience that your bank accounts get frozen.
[1] Just look at the recent case where US citizen sued Saudi Arabia in a US court, and the US senate overrode a veto of President Obama to allow this to happen supraterritorially.
> Zero tolerance is a rejection of "Let the punishment fit the crime."
There's to say though, as a counterpoint, that said principle always takes into account repeated offenses (recidivism), and they are at strike 3 or something.
In fact, it might violate more than a dozen of laws in the EU.
This is a general matter of principle. You do not get to access anything that is mine without approval.
If no one opts in, that's your problem, and you need to rethink your business model - and not break into users systems and steal their data. This is malware.