18 comments

[ 3.0 ms ] story [ 51.6 ms ] thread
For context, this is the official page explaining what data is collected: https://julialang.org/legal/data/ (the link is a bit hard to find between all the other links in the Discourse thread)
The data collection page is well-written and clearly explained. However, I still dislike like the idea of enabling 'anonymous telemetry' by default.

The problem of growing a programming language is one shared by many programing languages. Languages like Nim or Crystal have arguably even smaller programming communities than Julia. These other languages have not decided to pursue the option of telemetry to track usage (at least, not yet).

There are other ways of measuring the adoption or popularity of a language: libraries, courses, books, tutorials - they are not neccesarily accurate, but they give some insight.

Anyway, if this telemetry feature goes ahead, I think the clearest way to do it is as follows:

- When installing a package, the user is informed that anonymous data will be sent to Julia's servers. Make it clear this data transmission is optional.

- There is a link to the data collection/privacy page

- There should be a clear link for users to see all the data from their computer that will be transmitted before it is sent.

- Users can accept or decline the transmission of data.

- Users can choose to bypass telemetry consent for future packages

- Somewhere in the process above, there should be clear instructions (or a link) telling users how they can switch on and off telemetry at anytime.

This sounds like a lot. But at least by being clear and upfront, users can make an informed decision.

I realise it might seem churlish to complain about data collection when developers use tools and services that track their usage on a daily basis e.g. Visual Code by Microsoft or Google's vast (non-anonymous) services. But why stoop to their level?

(comment deleted)
Opting out should be straight forward.
It is pretty simple to do and well documented. There's also a fair bit of control for the user to either completely opt-out, just opt-out of sending some data.

https://julialang.org/legal/data/#opting_out

Has all the details.

I think it should be simpler than that, personally. Like the first message after or before installing Julia.

As it stands, I wouldn't have any idea upon first usage that that's how I'm supposed to turn it off.

It looks like `mkdir -p ~/.julia/servers && echo 'telemetry = false' > ~/.julia/servers/telemetry.toml` will do it unless you have messed with `JULIA_HOME`. Still, the documentation [1] makes it clear that there is no way that I would call “easy”.

[1]: https://julialang.org/legal/data/#opting_out

As someone that has been a Julia user for more than half a decade and a part of the community I feel very uneasy about now having to opt out of this feature each time I install anything above v1.4. Not to mention that I feel that I morally would have to notify other users when I recommend Julia to them. Performing privacy workarounds for FOSS is a rarity and I would be sad if we shift towards it becoming the norm, despite seeing that it can have upsides to the community itself.

> As someone that has been a Julia user for more than half a decade and a part of the community I feel very uneasy about now having to opt out of this feature each time I install anything above v1.4.

I'd certainly appreciate it if you repeated this in the discourse thread

Here is my attempt [1]. I find it incredibly difficult to motivate rationally and constructively the way I feel though. At times wondering if I am best ignored for the good of the community overall. What you are reading is my third attempt at a response is that thread. The first one ended up being some sort of long-winded mixture of a philosophical/technical monologue, the second one a simple statement of “I disagree, but I can not articulate why”, the last attempt is what you read and I think I finally have arrived at the core of the issue for me which is consent. Is there any good write up anywhere on this? I feel like I just joined the FOSS camp about 20 years ago and that this has shielded me from ever having to lay out exactly why I want a future with more and more anonymity on all fronts.

[1]: https://discourse.julialang.org/t/pkg-jl-telemetry-should-be...

Thanks!! Yes, I do think that consent is at the core of it for me as well. I wasn't nearly as articulate and self-deprecating as you were :-)

It seems to me that the counts for Julia and for packages can be gamed by doing Sybil attacks, so to me it both feels morally wrong, and that it won't work well.

thanks again

You are welcome and thank you for raising this to my attention as I sadly do not have the time to be as involved as I once was.

Since we are currently Julians is a wider forum I would also like to advise non-Julians and Julians alike against kneejerking along the lines of: “They are coming to take our freedom!”. As opposed as I am to this specific feature, one would do well to read the technical background [1,2] as there are plenty of points in there that I gladly support as moves towards a world with more privacy and platform diversity than the current one – it also makes for interesting technical reading at that. Those behind this are not horned demons and do have the community in mind even if we seemingly disagree on the matter of consent.

[1]: https://github.com/JuliaLang/Pkg.jl/issues/1377

[2]: https://github.com/JuliaLang/Pkg.jl/pull/1544

If you're doing something that could be considered a violation of user privacy, like phoning home to a telemetry service, it should not be opt-out. Probably it shouldn't exist at all. Not everything has to have "telemetry" baked into it.
The matter of course to include telemetry eludes me. I think this criticism is correct and should even be expanded. I never looked into Julia, only R a bit and they have mutual interfaces. These discussion don't sell me the language at all.
Am I mistaken in thinking that this is a blatant violation of the gdpr and that distributing Julia to anyone in the EU is now illegal?
julialang.org also lacks a privacy policy and loads trackers like Google Analytics without user consent. The core devs don't seem to care about the GDPR.
That's really not a fair characterization of the situation.