Just curious if anyone knows of one that is commonly accepted. My brief searches didn't turn up anything.
Currently we set the environment variable on all our machines to turn off dotnet core CLI data collection. (Even though this does not appear to stop it in some cases.) I have always hated data collection schemes, but given recent headlines, it seems only prudent to start taking more proactive measures.
Edit: It occurs to me that some might be unfamiliar with data collection in .NET Core CLI. So I will repost an explanation below.
Microsoft calls their data collection "telemetry", and it is in the dotnet core command-line tools. It is enabled by default, but you can opt out by setting an environment variable. It is not well-liked.
@blackdwarf @piotrMSFT I am very disappointed to discover that .NET core comes with a hidden and enabled spy utility that reports on its users. (Lakshanf/issue2066/telemetry #2145). Apparently, MS has learned nothing from the backclash against Windows 10 spying on users. I suspect many will not want to install .NET core for this reason, which is a shame because .NET core is otherwise cool.
It was announced as sortof a footnote of a release candidate build back in 2016.
The MSDN page about it -- as well as opt-out instructions -- can be found here. Although some of the wording there is understated.
Steps to reproduce
dotnet in console
There is a notification about using telemetry and how to disable it by using environment variable. Th message states that telemetry data is shared with community.
The wording of the message is inaccurate and misleading as only "some" of the data "used to be" shared with the community. Looking at https://docs.microsoft.com/en-us/dotnet/core/tools/telemetry tells us that only 5 out of 13? Data Points "used to be" shared. Also, data blobs are not raw data, they are already preprocessed and are missing a lot of useful information that is gathered by telemetry but not exposed to the public such as time of invocation. What I mean by "used to be" is that last blob that is currently available comes from late 2017. Latest data is not publicly available (5 last quarters right now) even in this tiny aggregated form.
I don't expect more than - for the very least - change to be applied to the wording. Get rid of the sentence about sharing data with community. Alternatively change wording to take into account that only some portion of the gathered data was shared with the community.
EU GDPR Sidenote
According to this page https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en gathered data, especially MAC addresses(even hashed obviously) makes it personal information which should be managed scrupulously.
ML.NET telemetry (Added day later)
mlnet cli tool uses this messaging: "The data is anonymous and doesn't include personal information or data from your datasets." which is also inaccurate and somewhat misleading. Calling this dataset as containing anonymous data and not containing personal information is false. Also I wasn't aware that mlnet cli is going to use telemetry. Therefore I disabled it only after I runned it for the first time with quickstart example. Basic
mlnet command doesn't tell you about telemetry. That is a bit concerning.
IMHO some variant of the 99% anonymised(as in nearly impossible to cross-check, correlate) telemetry makes sense for usage metrics... This data used by dotnet, mlnet is not so much anonymous. Sharing publicly only portion of the data leads to different conclusions about the planned usage of the data.
Note: It does not currently collect runtime data. Meaning, when you invoke a built app with
dotnet MyApp.dll, it does not collect anything at this moment. It does record and report some data points as you use it for dev purposes (e.g.
dotnet run) unless you opt out by setting an environment variable. It has been reported that some post-install scripts send off telemetry data even if you opted out. But afterwards, it should not.