Google Go language goes with opt-in telemetry
Go go gadget data collection
The stewards of Google's open source Go programming language (Golang) have reversed course and committed to implementing software telemetry on an opt-in basis rather than turning data collection on by default and requiring developers to opt-out.
The opt-out proposal was put forth in early February by Russ Cox, the Golang tech lead at Google, as a way to understand how Go code is being used and to prioritize development and maintenance decisions related to the language.
The idea was that as programs in the Go toolchain were run, they'd record various events like cache hits, feature usage, latency, and so on to a local file. The file would consist of counter values and function names, but crucially not user data or identifiers.
Meanwhile, the Go team would operate a collection server that had a 10 percent chance per week of capturing this data without any identifier – login, machine ID, location data, or IP address. That said, IP addresses would be visible to the system for TCP connections but would not be part of the telemetry report.
The data at issue, Cox said in his initial proposal, consisted of answers to questions like what portion of Go command invocations use particular settings, operating systems, or modules. He made the case that making telemetry opt-in would result in too few people participating to collect meaningful data about the Go ecosystem.
- Google now requires two staff to sign off each Go change
- Sourcehut to shun Google's Go Module Mirror over greed
- What happens when you host code and git clone turns into a DDoS? Let's ask SourceHut
- Google submits Go apps container project to Cloud Native Computing Foundation
Different projects have taken different positions on whether telemetry should be disabled by default (opt-in) or active by default (opt-out). Homebrew, the open source macOS package manager, for example, collects analytics data by default.
For the Golang community, it didn't help that the language came out of Google, an advertising platform with accessories. The Chocolate Factory has consistently opposed opt-in data collection – you still have to rename your Wi-Fi SSID to opt-out of Google mapping your Wi-Fi access point, for example. And it continues to promote a definition of privacy that skews toward data usage rather than data denial.
As one discussion participant put it, "I don't think 'I trust the Go devteam' is a long-term assurance. Google, as diverse a conglomeration of interests and motivations as it might be, is still a faceless megacorporation who could can the whole team at any time, for no reason whatsoever, or even for bad reasons."
"The fact that the Go dev team has taken zero steps to divest itself of utter reliance on Google dollars and Google services is proof only that the dev team trusts their managers. I do not share that trust, and I think the team would be well served to examine the long-term consequences of both that dependence and large-scale information-gathering exercises which submit the collected data to corporate ownership."
"There is good reason to believe that with even tens of thousands of users opted in, we should be able to get helpful data," said Cox in the amended proposal. "It will not be as complete as the opt-out system, but it should be good enough." ®