Manjaro is experimenting with **opt-out telemetry

I don't think the bar is unreasonably higher for free software, I think the bar is unreasonably lower for Apple.

Apple has a few advantages that make this the case: a) they have really good marketing and b) they will always be compared against Google, Meta and Microsoft, which make their money from selling your data (either directly or through targeted advertising); whereas Apple makes their money from selling overpriced hardware.

But Apple is not pro-privacy, it is just less anti-privacy than other companies. And there are still people like me which would never use their products on principle.

That's true, but also true is the fact that a large part of the reason for using alternatives is to avoid this kind of data collection. So it's reasonable to expect to lose users with a decision like this.

I remember times when supposedly low Opensource software quality was a constant complaint. On the other hand I think taking Linux as an example, I always found it to be significantly more stable than Windows.

That said, it's a funny choice for Manjaro to go for opt-out telemetry. As a simplified Arch it seems to be popular among privacy conscious users. (But I don't know the project goals, maybe that's just coincidental)

The bar is no different. It is probably different people that have opinions on OS X and Linux distros.

Earlier you could in practice trust Apple etc with your data since it was inpractical to spy on you if you were 'insignificant'.

Machine learning changed that and now even mpre with the new LLMs, it is way cheaper to profile a random user.

Whether it is commercial or open source the solution has always been to explain to the user and ask informed consent. No one is so busy or so stupid that they cannot read a small para of text (possibly linking to a detailed document if they're so interested) and press one of two/three choices at some point during system setup or usage. Of course these permission prompts tend to grow out of hand as we can see from commercial operating systems but this is something Linux distributions can do better since nearly all software just want usage data and not user data like their commercial counterparts do.

> The meta-problem here is that the bar is unreasonably higher for free software than proprietary.

No. The standard is extremely simple, and for-profit companies deviate from it because there is no regulation guarding privacy sufficiently. No opt-out telemetry, ever. Opt-in telemetry is fine.

As a statistician, I get it. You want unbiased samples which an opt-out option helps to get to versus opt-in. But privacy has been violated too many times for people to be okay with opt-out telemetry.

The bar appears higher for FOSS because you can see the telemetry code directly. Just because for-profit companies are failing the bar doesn't mean FOSS should too.

> Apple, who is known for being pro-privacy

You're using weasel language. Are they known for it, or do they exhibit it?

>I'm happily using a MacBook nevertheless and I bet a lot of people browsing HN also do.

Yeah, of course I am too. Because when I voice certain displeasure with mass market products people tie too much of their ego to, well that makes me a cold cynical asshole subject to social rebuffing.

In office after office of software professionals, I am the weirdo for caring about product features. So at the next office, I just stopped having those opinions.

I use Linux exactly because the bar is higher. If it will start behaving like commercial systems then it will be easier just to install Windows and move on.

The bar is no higher for free software, just there are a lot of very strange people who enjoy giving a lot of money to get convinced by a company that their privacy and rights are being protected while they are being invaded.

Not really sure how to snap apple customers out of their dream, but i think people just like playing pretend, and like it even more when they pay a lot of money to do so.

> it's useful for me to

Still, can you do without?

> It's a tough spot to be in, as a dev, to want insight into how people interact with your system, while also wanting to give people a chance to decline.

It is, but the underlying issue is trust, or rather, lack of it. Vendors feel so entitled to this data, that even when they obey what's actually rule of the land over here in EU, they don't even try to level with the user and give them a reason to opt-in - they'd rather show a beg screen with information-free boilerplate text, and then act annoyed that pesky regulators and lazy users deny them the data they're entitled to. Thing is, they're not entitled to it. Never were.

"We collect data to improve our product and your experience" is zero-information-carrying bullshit that hardly anyone believes in. In fact, the first sentence of your comment is strictly superior - so much, that I'd consider opting in based on that alone:

"it's useful for me to have stats about how frequently abilities are used, what items players use, etc. to tune game systems"

Now I have at least some idea what you're collecting and why, and how it benefits me and other players. And, more importantly, you came forward with it.

> Would it be useful to have the ability to see exactly what was sent?

Very much yes. Not for everyone, most players probably won't care. But some will, and I imagine reviewers will too. Being open about what you're collecting would go a long way towards establishing trust with the players, and if more people would do that, it could even change the overall perception users have.

Maybe I'm an outlier but the better you describe what you're collecting the more I will trust you that it's just that. Not "Hey I want to collect and send stuff to improve whatever" (that could be a keylogger, or in the case of an editor it could be a list of the files in my top-secret project, if I was paranoid) but if you linked a document describing what exactly you send (or like the Valve hardware survey, a textbox with exactly the content I can skim..) fine!

I know this is an unreasonable amount of work and most non-devs would not react differently or have a higher conversion rate.. but that's the type of reports I have given to various open source projects, because explaining it in detail and then sending different stuff I do not agree with is a kind of maliciousness I don't usually expect, except from content marketers and growth hackers.

To add on to what others have said, as a habitual "no don't send telemetry" clicker, I think this is heading a direction where I _would_ hit allow.

Two adjustments I could think of that would make it better (besides explaining clearly, etc):

Ask me when you're not actively obstructing me from getting to what I want. Like asking on first boot I've gotten no value from the software yet that I might feel I need to pay back, and I'm actively trying to get _in_ to the game and your pop-up is in my way. The easiest and safest way to get rid of it is "do not allow". Try asking _after_ I finish a game/round/whatever.

And that would also give you the opportunity to do something like collect real analytics information to show to the user. Like "Hey I hope you're enjoying the game it's useful for me to have stats about how people use abilities and items to tune and balance the game systems. Would you be willing to contribute to the game's further development by sending information like that below which was collected from your last round?" And then skip the JSON/etc unless your audience is programmers, just show them a table.

Finishing some play time having had fun and getting a pop-up that explains what, why, and gives me a chance to make an informed decision on whether to send something innocuous like "(offset-timestamp, event-type, item-id/ability-id)"... I'd actually probably allow it.

> Would it be useful to have the ability to see exactly what was sent?

That's helpful (as long as the user can opt not to send it after review), but to be honest, I never really trust that all of the data that is going to be sent is being disclosed. Our industry hasn't exactly behaved in a way that encourages trust.

> I know that telemetry should be opt in, but no players will ever turn it on

If you just ask the user yes or no and they massively decide no, who are you to turn it on by default and make them dig around to turn it off? Yes a lot of them won't go to that trouble or simply don't know it's there. But you know they're not ok with it when given the option.

> Would it be useful to have the ability to see exactly what was sent

Maybe an opt-in analytics type feature, a dashboard of sorts to see how one plays. I would be curious to see how often I use items, abilities etc. in games

I’d show a pop up at the first start-up, asking the user to opt in, and very clearly and honestly explaining what will be sent and why. And make it easy to opt out, if clicked by mistake.

You could make it mandatory to choose opt-in or opt-out, and make it transparent what data will be sent and what you will use it for and the retention period. Then more people might opt-in.

I like how 0ad (open source strategy game) does it, maybe check that out.

Easy, just explain exactly what you collect, what not, for which exact purposes you will use that data and why — and exclude purposes you will definitly not use it (e.g. send it to third parties, sell it to the highest bidder). Additionally say what is anonymized, aggregated etc, if that applies.

Then add a: "If anything about that should ever change, you you will be notified and asked again within this game".

Then consider addin an option where technically interested users can actually see that data in full.

If you collect reasonable data and explain clearly why people help you the dev when they share it with you, more people might be inclined to do so.

If you make a wishy washy marketing speech that says nothing will just click no.

TL;DR: Be honest, precise and make a promise that people can check you on and explain why they help you with this.

What did you switch to?

I switched to Manjaro from Arch in 2017 because I don't have time to debug / fix broken updates, and the same Manjaro install has been completely stable since then.

Is there another distro which can do this (and I also don't want to have full reinstalls / upgrades every few years like Ubuntu/Mint)

Arch has an installer now. Arbitrarily delaying packages doesn't really make things any more stable. If anything it causes stability problems if you use the AUR that assumes you are on latest arch.

Yeah, indeed they've been falling out of grace for years now. EndeavourOS has taken its spot as the beginner-friendly batteries-included Arch desktop.

https://endeavouros.com/

Debian has had telemetry for years, but it's opt-in, so lots of people don't know about it. I think the installer may ask?

Install "popularity-contest" if you want to turn it on.

Out of curiosity, what time investment is required for maintaining an Arch install?

I've been using Arch for the past decade and other than the turbulence when switching over to systemd, I don't do anything other than `pacman -Syu` and can only recall exactly one time where the system broke and it was because mkinitpcio failed to run after updating a kernel and was fixed by chrooting into my system and rerunning it.

I often had more issues with Debian or other distros because of having to fight the system to install packages that were built within the past year.

Why did you now wait for they to decide on whether it would be opt-in or opt-out? In the meantime did you vote on the poll in the forums? https://forum.manjaro.org/t/mdd-opt-in-vs-opt-out/170462

> "Oh, well both Windows and Manjaro collect telemetry now, so one less reason to change"

It is one less reason to change from Windows to Manjaro...

People that can't get such a simple thing as no "opt-out" spyware in the distro right can't be trusted.

All telemetry that is enabled by default and requires action/configuration to disable is equally evil, no matter if it is collected by a commercial company or by non-commercial company.

Telemetry must be opt-in only.

Since almost everyone doing telemetry feels entitled to it, thus doesn't even try to convince or justify it to the users - yes, all telemetry is equal until proven otherwise.

Yeah it's a pain to dig into / debate the details (if you can), but they matter.

Arguably I collect some "telemetry" with some products I work on. It's some very basic "anyone even really use this feature" stats that I would find difficult to narrow down to a user / and some "woah did this crash" type information.

But that's nothing like some software...

> Most of them are happy to enable it once you describe what it is and how it works.

This is going to depend very much on how you describe it.

> The middle ground is having a clear question where the telemetry option and the no-telemetry option is clearly shown and the telemetry is preselected. So you have to do a choice but the "I don't care" next > next > next choice is going to be to opt-in.

That's not a middle ground at all but very biased towards data collection. The middle ground is to play it safe and not collect any data where you are not sure you have informed consent, which includes users who do not understand the question or do not care to read it.

The better option would be to not add the data collection at all.

> Whether this is acceptable also depends on the nature of the program and the users. It's much easier to get acceptance for this if it's a piece of software that will make 100 requests to 10 different servers during normal operation (where all of those servers will likely know program version and even more client info anyway), but now makes 101 requests to 11 servers when you enabled the telemetry. A program that used no network requests at all without telemetry should probably be strictly opt-in since its such a major change in behavior.

It sould be strictly opt in for ALL software. Otherwise you are writing malware.

> The problem with opt in is that people don't opt in. Not because they don't want telemetry, but because they don't care.

That's not a problem, that's the correct behaviour. Privacy should be the default setting.

That's the kind of thing you do with spy- or ad-ware. What does Manjaro offer over plain Arch that is "super comfortable"?

It's not that hard to convert a manjaro install into plain old Arch. Did it a couple of times.

It doesn't matter what data is sent. The act of making any network connection at all creates metadata about you at every hop between you and the telemetry server. The network itself is always listening.

I would consider a complete list of hardware to be at least a little sensitive.

They send the size of your account in home.size_gb. That’s very personal for me.

Maybe, but it's a slipery slope. They could make it worse in a month, and worse the next month and so on.

That is not my motivation for using a Linux system, it does play a part, but it's far from the entire point for me and I suspect many others as well.

Monkey see monkey do. It's the same on the web where smaller sites just cargo cult all the usual dark patterns because that's what the devs are used to.

It is not. Specifically "opt-out" mechanisms are not considered consent.

This is from the guidance of the UK's data commissioner, the ICO:

   "You must ask people to actively opt in. Don’t use pre-ticked boxes, opt-out 
   boxes or other default settings. Wherever possible, give separate 
   (‘granular’) options to consent to different purposes and different types of 
   processing."

This new congress is more likely to pass a law that makes opt out legally required than that.

You can request your account deleted https://news.ycombinator.com/item?id=23623799

[We should improve society somewhat.avif]

That has nothing to do with telemetry.

No such thing as "automatic opt in", there was no opting in that scenario. That's called opt out.