"This project collects usage data and sends it to Microsoft to help improve our products and services. Read our privacy statement to learn more. Telemetry is disabled in development builds by default, and can be enabled with the SEND_TELEMETRY build flag."
Even on a simple calculator.
One which might be cause for concern is LogInvalidInputPasted() specifically because pastedExpression is included in the Telemetry Event.
I also have questions on LogConversionResult(). Why is that recording NetworkAccessBehavior or the raw conversion values? Wouldn't knowing the FromUnit/ToUnit be enough to know how much something is being used?
Only "might"? If you just accidentally paste your password to the calculator...
fields.AddString(L"AddSubtractMode", isAddMode ? L"Add" : L"Subtract");
Separately, I question whether anyone looking at the telemetry on the backend. In my experience, developers add this stuff because they think it will be useful, then it never or rarely gets looked at. A telemetry event here, a telemetry event there, pretty soon you're talking real bandwidth.
I don't even want them knowing when I'm using my computer.
“What gets measured gets managed.”
All the concerning privacy issues with Facebook or any other company should be seen rigorously by its users. Telemetry at OS Level is one of the worst offending practices IMO.
It's always good to trust but verify, although here the the safeguard is pretty strong.
 Very little to not at all.
Why not? If they're paying people to build this software, they presumably want to make it good. With this data, they can learn all kinds of things to help improve future versions: when/why is it crashing, what features are people using most/least, are there patterns of clicks that suggest people are mis-understanding or mis-clicking certain features, etc, etc.
edit: Another one that's often useful is looking at different usage patterns across countries. For example, if nobody in Israel is using COSINE, then there's likely a problem with the right-to-left internationalization that you should fix.
There's a lack of user control and a lack of transparency. Even if you are a Windows 10 Enterprise user (lucky you, you can turn off system telemetry, unlike the plebes who run Windows 10 Professional), and you turn off telemetry for Windows as a whole, does that include the Calculator or not? Maybe it does. It's really unclear to most people.
I find it more likely that the real answer is they're trying to "maximize shareholder value." If Microsoft wanted to make good software, there are several thousand other things it could do other than collecting information on people using a calculator.
Even from people who Do Not Want their data collected for this purpose?
So it's OK, then. Jimmy jumped off a bridge, so it's OK if Johnny does it, too. No harm done!
but suddenly when Microsoft does it it's a Big Deal
No, it's a big deal because Microsoft feels entitled to collect information about people using... wait for it... a calculator.
using anonymous data
It's not anonymous. We know it's going to at least get a timestamp and IP address.
I don't see the issue with refining UX
Neither do I. Do it by bringing people in and testing the program on them, the way it was done for decades before "telemetry" became one of those SV euphemisms.
Every high quality commercial app does this.
No. They don't.
Apple does not collect data at anywhere near this granularity, e.g. which buttons were pressed.
One interviewer told me that keystrokes were being measured by conhost.exe. Not just for internal testing. He clarified that it was done on customer machines. It wasn't clear if they collected individual key presses because we were discussing something you could infer by knowing keystroke timing.
Windows 10 is the most prolific malware in the world.
There are a couple instances where we trace API call timings, but only that of API calls initiated by an attached console application.
From looking at conhost.exe in IDA Pro, there are some references to telemetry in a function HandleKeyEvent: https://i.imgur.com/MwaBLcW.jpg
But looking more closely it's just used to increase some counters when Ctrl+C or Ctrl+V are used: https://i.imgur.com/29e2qLD.png
There is another one for Ctrl+A elsewhere in the function as well.
Seems these are for when clipboard operations happen, there is other telemetry nearby for when key activity causes a paste: https://i.imgur.com/xONKrGJ.png
So Microsoft are indeed collecting keystroke telemetry in conhost.exe, but it's just some boring old counters to measure clipboard usage.
Additional telemetry points include whether the "Find" dialog is being used (explicitly, whether "find next" has been clicked, and how long the search string is -- no other user-generated search content is included in event logs), when a process detaches from the console, and when the window is resized.
Today. After the next (forced?) upgrade...?
Surely Microsoft has an accountant or two on staff. Let them test it in-house.
Like, what the hell do they even track? I guess the obvious ones are things like application crashes, but now I'm curious if they have the data on the most common calculations, folks' favorite numbers, etc.
A small selection:
constexpr auto EVENT_NAME_INVALID_INPUT_PASTED = L"InvalidInputPasted";
constexpr auto EVENT_NAME_VALID_INPUT_PASTED = L"ValidInputPasted";
constexpr auto EVENT_NAME_BITFLIP_PANE_CLICKED = L"BitFlipPaneClicked";
constexpr auto EVENT_NAME_BITFLIP_BUTTONS_USED = L"BitFlipToggleButtonUsed";
constexpr auto EVENT_NAME_ANGLE_BUTTONS_USED = L"AngleButtonUsedInSession";
constexpr auto EVENT_NAME_HYP_BUTTON_USED = L"HypButtonUsedInSession";
constexpr auto EVENT_NAME_FUNCTION_USAGE = L"FunctionUsageInSession";
constexpr auto EVENT_NAME_BITLENGTH_BUTTON_USED = L"BitLengthButtonUsed";
"You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our products."
"Microsoft uses the data we collect to provide you with rich, interactive experiences. In particular, we use data to:
Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers."
TL;DR: AdvertisingID handles ad tracking in windows and can be opted out of during install, in settings and globally on your account. AFAIK you can also wipe any previously tracked data. AID tracking is unrelated to telemetry.
Telemetry does not contribute to advertising at all unless "tailored experiences" is enabled in settings, and even then the data is mostly used for Microsoft to suggest features and fixes for problems.
So it's not ideal from a privacy perspective to have to worry about usage telemetry in a calculator. But at least there is the silver lining of having telemetry disabled by default _somewhere_, even if it is only for dev builds.
Obviously one option is just a dev build flag in your telemetry payload, but I can see the logic in just turning it off altogether.