The stewards of Google's open source Go programming language (Golang) have reversed course and committed to implementing software telemetry on an opt-in basis rather than turning data collection on by default and requiring developers to opt-out.
The opt-out proposal was put forth in early February by Russ Cox, the Golang tech lead at Google, as a way to understand how Go code is being used and to prioritize development and maintenance decisions related to the language.
The idea was that as programs in the Go toolchain were run, they'd record various events like cache hits, feature usage, latency, and so on to a local file. The file would consist of counter values and function names, but crucially not user data or identifiers.
Meanwhile, the Go team would operate a collection server that had a 10 percent chance per week of capturing this data without any identifier – login, machine ID, location data, or IP address. That said, IP addresses would be visible to the system for TCP connections but would not be part of the telemetry report.
The data at issue, Cox said in his initial proposal, consisted of answers to questions like what portion of Go command invocations use particular settings, operating systems, or modules. He made the case that making telemetry opt-in would result in too few people participating to collect meaningful data about the Go ecosystem.
- Google now requires two staff to sign off each Go change
- Sourcehut to shun Google's Go Module Mirror over greed
- What happens when you host code and git clone turns into a DDoS? Let's ask SourceHut
- Google submits Go apps container project to Cloud Native Computing Foundation
But many Go developers objected to telemetry being active by default and they made their concerns known in hundreds of replies to Cox's discussion post.
Different projects have taken different positions on whether telemetry should be disabled by default (opt-in) or active by default (opt-out). Homebrew, the open source macOS package manager, for example, collects analytics data by default.
Similarly, Microsoft Visual Studio Code implements telemetry by default and requires users to opt-out if they don't want to participate. Rust, meanwhile, decided to remove telemetry back in 2019.
For the Golang community, it didn't help that the language came out of Google, an advertising platform with accessories. The Chocolate Factory has consistently opposed opt-in data collection – you still have to rename your Wi-Fi SSID to opt-out of Google mapping your Wi-Fi access point, for example. And it continues to promote a definition of privacy that skews toward data usage rather than data denial.
As one discussion participant put it, "I don't think 'I trust the Go devteam' is a long-term assurance. Google, as diverse a conglomeration of interests and motivations as it might be, is still a faceless megacorporation who could can the whole team at any time, for no reason whatsoever, or even for bad reasons."
"The fact that the Go dev team has taken zero steps to divest itself of utter reliance on Google dollars and Google services is proof only that the dev team trusts their managers. I do not share that trust, and I think the team would be well served to examine the long-term consequences of both that dependence and large-scale information-gathering exercises which submit the collected data to corporate ownership."
Nor did it help that comments opposing telemetry without permission were minimized so they would not be visible.
About a month after the issue blew up, Cox floated an opt-in proposal and on April 12 the proposal was finally accepted.
"There is good reason to believe that with even tens of thousands of users opted in, we should be able to get helpful data," said Cox in the amended proposal. "It will not be as complete as the opt-out system, but it should be good enough." ®