The readme mentions you collect telemetry, but it doesn't include information on how to opt out. Opting out is critical, and understanding how should be provided.
I might have missed where this is shown, but I'm not sure I see it.
Howdy, thanks for updating a note - I'm sorry though - I asked for how to opt out of telemetry entirely. Surely there is a way. If not, you will want to add it. Please reopen this issue.
Hi, As I mentioned in the pull request for the readme update, diagnostic data collection (telemetry) is not enabled for private builds of this project and is enabled only on the release builds (https://github.com/microsoft/winget-cli/releases) and the app installed via Microsoft store. This data collection is covered by windows 10 privacy, You can find the windows 10 privacy statement and details of controlling the diagnostic and feedback settings here -https://support.microsoft.com/en-us/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy
I asked for how to opt out of telemetry entirely. Surely there is a way. If not, you will want to add it. Please reopen this issue.
It's not possible to let MS give you the option to opt-out of telemetry in their releases and that's why VS Codium comes out. This is not good.
Um no, you need to allow opting out of telemetry. That's not being a good citizen.
Even if it's a global registry key that people need to explicitly set to opt-out of telemetry, the option needs to be there.
that's a shame. I hope MS will reconsider.
I guess this is the new "open source": release the code in the open, but package it behind closed doors and release a binary with tracking added.
@mapill-msft you haven't actually responded to the question being asked.
2 things should happen here:
As long as what telemetry is logged is clear, I most probably won't mind (like with VS Code for example, where I'm happy to share what they collect if it helps) - but it _must_ be clear, and it _must_ be possible to opt-out at a minimum.
@akatechis, this is not the "new open source". That's how open source is. Freedom for large corporations and the same prison for users
Hi, As I mentioned in the pull request for the readme update, diagnostic data collection (telemetry) is not enabled for private builds of this project and is enabled only on the release builds (https://github.com/microsoft/winget-cli/releases) and the app installed via Microsoft store. This data collection is covered by windows 10 privacy, You can find the windows 10 privacy statement and details of controlling the diagnostic and feedback settings here -https://support.microsoft.com/en-us/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy
Why do you feel your users aren't entitled to privacy?
You say "the release build is covered by Windows 10 privacy", but Windows 10 does not permit Home or Pro users to opt-out of telemetry. Only Enterprise and Education licenses are permitted to do this.
1) Can MS confirm that when an Enterprise or Education Windows 10 install has telemetry set to "Security", renamed "Diagnostic Data Off" in Win10 version 2004, winget will not dispatch any telemetry back to MS or elsewhere?
2) What telemetry specifically is sent when a Windows 10 Home or Pro install has telemetry set to "Basic", the minimum permitted level? Can it be found in the "Windows 10 Diagnostic Data Viewer" app?
This is definitively not GDPR conformant.
Windows 10 telemetry overall is probably not GDPR compliant. It's being investigated now by Dutch and Irish data protection agencies. The MS dev noted winget is treated as part of Windows 10, which makes sense to me.
This is definitively not GDPR conformant.
Probably not CCPA compliant as well.
It's not as if compliance with regulations has stopped microsoft before, but they can stop it now by cutting away the default boilerplate "same telemetry options as w10" statement in their open-source projects, and instead providing isolated telemetry/privacy outlines, to make their later work reversing the bulk of it across their entire gallery much easier.
Better start now than being required to finish tomorrow.
@mapill-msft it's obvious there's much interest for this subject, can this issue be opened? If not, please assign/suggest/create a new issue where this topic can be discussed and voted on.
it's obvious there's much interest for this subject, can this issue be opened? If not, please assign/suggest/create a new issue where this topic can be discussed and voted on.
(pinging @JohnMcPMS as well for this same question)
You can't submarine consent to telemetry using an app or an update when the terms of the GDPR are applied. Here's why:
Using a Microsoft account to login to Windows 10 means that the product (and Microsoft) has access to personally identifiable information about the user.
This personally identifiable user must be offered the opportunity to opt out of any and all personally identifiable data collection, must be allowed a copy of any and all collected data upon request and must also not be opted in by default to any personally identifiable data collection. This is the GDPR and you know this.
Anonymous information collection is something that this particular case cannot claim to be due to the fact that the login account is an identity. An identity Microsoft already has a copy of. The same identity which is used to identify the user when they login via their Microsoft account.
This means that the data is explicitly not anonymous.
If the user has agreed to the EULA for Windows 10 (and therefore agreed to telemetry at that particular point in time) the agreement concerns the software at that particular point in time and only Windows 10. It does not cover an application installed at a later date. Nor does it cover a software app store or an app installed from said store. This is particularly applicable to software which is not required to run the operating system. The EULA covers only the core of the operating system (which was installed onto the machine at the time the EULA was agree to.) And only that.
If data collection is being made via an app store, consent to do so must also be separately sought when a personally identifiable user is involved.
This means that an update or an app cannot be installed into a personally identifiable user's account that enables data collection without them first explicitly agreeing to it. Doing so is a dark pattern referred to as 'submarine-ing consent.'
Aside from this, telemetry in Windows 10 must also be opt out by default in compliance with the GDPR due to the fact that a logged in Microsoft account holds personally identifiable information. The EULA is a contract between the individual and Microsoft. It is only enforceable against the individual if Microsoft knows their identity.
Be careful too. A person agreeing to a long and obfuscated EULA is no agreement between the two parties to waiver the default opt out. The GDPR also covers this too.
Privacy; Consent to Use of Data. Your privacy is important to us. Some of the software features send or receive information when using those features. Many of these features can be switched off in the user interface, or you can choose not to use them. By accepting this agreement and using the software you agree that Microsoft may collect, use, and disclose the information as described in the Microsoft Privacy Statement (aka.ms/privacy), and as may be described in the user interface associated with the software features.
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm
In order to provide this computing experience, we collect data about you, your device, and the way you use Windows. And because Windows is personal to you, we give you choices about the personal data we collect and how we use it.
https://privacy.microsoft.com/en-gb/privacystatement
Is illegal under GDPR because:
This agreement describes your rights and the conditions upon which you may use the Windows software. You should review the entire agreement, including any supplemental license terms that accompany the software and any linked terms, because all of the terms are important and together create this agreement that applies to you. You can review linked terms by pasting the (aka.ms/) link into a browser window.
By accepting this agreement or using the software, you agree to all of these terms, and consent to the transmission of certain information during activation and during your use of the software as per the privacy statement described in Section 3. If you do not accept and comply with these terms, you may not use the software or its features.
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm
personally identifiable information collection must not be opt in by default.
I think you mean personally ID information must not be optED-in by default. In American English, "opt-in" implies it's opted-out by default, which is of course a good thing.
Otherwise, completely agreed, Windows 10 telemetry does not meet the GDPR. I'm sure MS is negotiating with the EU about it as we speak.
What's stopping folks from spinning off a fork without telemetry?
What's stopping folks from spinning off a fork without telemetry?
Nothing, that's what VS Codium did with VS Code. It shouldn't need to come to that though - just be clear and allow an opt-out!
@lyja @cocowalla
My stance (and why I feel so strongly about this): I believe that no one has a right to your data. It's not just a respect thing, it goes deeper than that.
You may also realize that I am the creator of Chocolatey - the Chocolatey client side tools have never (and will never) collect telemetry or any data, because we respect our consumer's right to privacy. It's not our information to collect, and what people do with the tools is their business alone.
In being fully transparent, if you happen to use the community repository (https://chocolatey.org/packages) to install packages with choco, the repository (server side) does need to collect IP addresses and some request information. This is done for download statistics for packages and identifying abuses of the service. This is noted in https://chocolatey.org/privacy#what-information-do-we-collect (see automatic collection).
When folks are using Chocolatey internally or within an organization where they never touch the community repository, there is zero collection of telemetry. Zero call home. Zero. Again, it's not our right to collect it, and having the data to understand how you use the tool to make it better is not a good enough reason. There are other ways to get that information - like I don't know, maybe asking folks how they use the product and how it can be better. That's what we've been doing for over nine years and it's been working pretty well so far.
My hope is that the team working on WinGet takes the same stance here.
@ferventcoder My respects to you, you are representing the essence of oss here and I will, as long as I can, keep using choco as long as possible.
Even though Microsoft tries and tries to be the cool kid, claiming they love linux and they respect users privacy and blah blah blah... old habbits never die. Same corporate behemoth as always, just with little better PR.
More of the same from MS. "On the wrong side of open source" still has a long ways to go.
What telemetry specifically is sent when a Windows 10 Home or Pro install has telemetry set to "Basic", the minimum permitted level? Can it be found in the "Windows 10 Diagnostic Data Viewer" app?
Per https://support.microsoft.com/en-us/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy, the basic setting is focused around making sure updates install correctly and has a limited, pre-defined list of events it sends (https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields). Given winget is just a package installer, I don't see it being classified as required data.
So yes, if winget is indeed tied to system setting as has been stated, having your telemetry set to 'Basic' should already be an opt-out.
The reaction in this thread seems a little over the top given the nature of the tool itself. Microsoft already knows what applications you have installed via basic telemetry and can see download stats on the windows store. Realistically there's not a lot of additional insights to be gained here outside of error reporting and basic usage stats (both of which the OS is effectively already providing based on the telemetry setting).
If winget isn't classified as required data and thus won't send any telemetry, it would be trivial for MS to update this issue saying so, completely satisfying everybody coming here asking about it.
In addition to literally everything stated above - not allowing people to opt out of telemetry (regardless of the complexity) is a trash decision. You can still count success without having full-sized MAU numbers to present at an all-hands meeting.
Winget is a huge opportunity, why put such a bad light on it from the start?
Hey folks, my sincere apologies for the way this was handled. We have had a busy week.
There is ABSOLUTELY a way to opt out of telemetry and always has. Privacy is paramount and we are updating docs and readme to make this clearer. Thanks to @ferventcoder for pointing this out.
Hacker News first page works :+1:
Hmmm... let's check the progress board for MS and FOSS.
Embrace 鉁旓笍
Extend 馃毀
Extinguish 馃搮
Couldn't smother it in the crib so it needs 3E approach.
You can't submarine consent to telemetry using an app or an update when the terms of the GDPR are applied. Here's why:
Using a Microsoft account to login to Windows 10 means that the product (and Microsoft) has access to personally identifiable information about the user.
This personally identifiable user must be offered the opportunity to opt out of any and all personally identifiable data collection, must be allowed a copy of any and all collected data upon request and must also not be opted in by default to any personally identifiable data collection. This is the GDPR and you know this.Anonymous information collection is something that this particular case cannot claim to be due to the fact that the login account is an identity. An identity Microsoft already has a copy of. The same identity which is used to identify the user when they login via their Microsoft account.
This means that the data is explicitly not anonymous.
If the user has agreed to the EULA for Windows 10 (and therefore agreed to telemetry at that particular point in time) the agreement concerns the software at that particular point in time and only Windows 10. It does not cover an application installed at a later date. Nor does it cover a software app store or an app installed from said store. This is particularly applicable to software which is not required to run the operating system. The EULA covers only the core of the operating system (which was installed onto the machine at the time the EULA was agree to.) And only that.
If data collection is being made via an app store, consent to do so must also be separately sought when a personally identifiable user is involved.This means that an update or an app cannot be installed into a personally identifiable user's account that enables data collection without them first explicitly agreeing to it. Doing so is a dark pattern referred to as 'submarine-ing consent.'
Aside from this, telemetry in Windows 10 must also be opt out by default in compliance with the GDPR due to the fact that a logged in Microsoft account holds personally identifiable information. The EULA is a contract between the individual and Microsoft. It is only enforceable against the individual if Microsoft knows their identity.
Be careful too. A person agreeing to a long and obfuscated EULA is no agreement between the two parties to waiver the default opt out. The GDPR also covers this too.
Privacy; Consent to Use of Data. Your privacy is important to us. Some of the software features send or receive information when using those features. Many of these features can be switched off in the user interface, or you can choose not to use them. By accepting this agreement and using the software you agree that Microsoft may collect, use, and disclose the information as described in the Microsoft Privacy Statement (aka.ms/privacy), and as may be described in the user interface associated with the software features.
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm
In order to provide this computing experience, we collect data about you, your device, and the way you use Windows. And because Windows is personal to you, we give you choices about the personal data we collect and how we use it.
https://privacy.microsoft.com/en-gb/privacystatement
Is illegal under GDPR because:
This agreement describes your rights and the conditions upon which you may use the Windows software. You should review the entire agreement, including any supplemental license terms that accompany the software and any linked terms, because all of the terms are important and together create this agreement that applies to you. You can review linked terms by pasting the (aka.ms/) link into a browser window.
By accepting this agreement or using the software, you agree to all of these terms, and consent to the transmission of certain information during activation and during your use of the software as per the privacy statement described in Section 3. If you do not accept and comply with these terms, you may not use the software or its features.
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm
personally identifiable information collection must not be opt in by default.
Someone doesn't seem to understand GDPR at all.
GDPR doesn't mean "no tracking no data sent anywhere ever"
GDPR requires explicit opt in if the data collected is not anonymous.
IF the data is anonymized it's fair game.
Which also doesn't mean they send your names, email, phone and what have you when you use the products. Telemetry simply means "Anon used pictures app 10 times today, and rotated 3 pictures"
The post you're quoting explicitly addressed anonymity. Perhaps you should read the whole post before responding to it?
Hey folks, my sincere apologies for the way this was handled. We have had a busy week.
There is ABSOLUTELY a way to opt out of telemetry and always has. Privacy is paramount and we are updating docs and readme to make this clearer. Thanks to @ferventcoder for pointing this out.
Thank you for the reply, could you thus maybe open this issue till the underlying issue is resolved? Just to signal that this is being worked on seriously, I think most of us here feel like the closed status of this issue is signifying a "swept under the rug" attitude towards this issue, so lifting it would help a lot.
GDPR requires explicit opt in if the data collected is not anonymous.
IF the data is anonymized it's fair game.
Which also doesn't mean they send your names, email, phone and what have #you when you use the products.
It's a little more nuanced than that. It can be argued (and is being in cases like those against Microsoft) that assigning a static identifier is not anonymous, merely *pseudo-anonymous.
The page you actually linked to explains some of this, so the snark in your comment was completely unwarranted.
GDPR requires explicit opt in if the data collected is not anonymous.
IF the data is anonymized it's fair game.
Which also doesn't mean they send your names, email, phone and what have #you when you use the products.It's a little more nuanced than that. It can be argued (and is being in cases like those against Microsoft) that assigning a static identifier is not anonymous, merely *pseudo-anonymous.
The page you actually linked to explains some of this, so the snark in your comment was completely unwarranted.
Well aware of the pseudo anonymous vs true anonymous telemetry.
But what data is sent matters, because GDPR covers only personal and identifiable data.
If it's proven data is not truly anon, MS should face a fine, else there is no issue at hand.
My snark was towards people screaming GDPR left and right without understanding it, hence why linked an explanation about anon usage.
@denelon
Thanks a lot! Hopefully this'll result in helpful discussion around the topic from this point onwards.
For refreshment and mediation, i'll restate a 2 big demands which i've seen in this thread so far:
1: Complete opt-out out of telemetry.
2: Fine documentation about what data, in which way, with what identity, is collected and called home.
I think talking around these topics, looking to the future, and taking initiative to make sure the community's demands are met, would be a good way to move ahead.
Edit: Whoops, I just saw it says it right there in the (new) title, but I think a reiteration to get the conversation back on track would be helpful anyways, so i'll leave this comment.
For the record, this is how Homebrew (the sort-of de facto package manager for macOS) handles telemetry and opting out:
https://github.com/Homebrew/brew/blob/master/docs/Analytics.md
I agree that Microsoft should give users the clear option to opt out of any and all telemetry, lest they hurt their goodwill with a sizeable portion of the audience.
We have reopened the issue to discuss additional options for opt-out. The current client does respect machine wide privacy settings and that users can opt-out on their device. In short, to opt-out: Start -> Settings -> Privacy -> Diagnostics & feedback.
@kolokd If you do not want to use microsoft's products, then simply don't, i'm here to try to find out if i can make upcoming microsoft products better, trying to bring that down is counterproductive and a self-fulfilling prophecy, break the cycle.
And I thought I disliked Microsoft
Sorry but GDPR states that every user has the right to opt-out?
All, I'm looking through the rest of the Issues. I haven't caught fully up yet. I'd like to propose a new Issue for an explicit "Opt-Out of Telemetry" feature build directly into the client if that hasn't already been created.
Opt-Out of Telemetry #279
From the PR, winget sends no telemetry when Diagnostics & Feedback is set to Basic. If so that is sufficient for me personally. Thanks for the clarification.
The readme mentions you collect telemetry, but it doesn't include information on how to opt out. Opting out is critical, and understanding how should be provided.
Well, you can always just download the source code (MIT License), comment out anything you don't liike, and compile it yourself!
That's the real power of FOSS. Right? :)
Most helpful comment
Um no, you need to allow opting out of telemetry. That's not being a good citizen.