Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> How does this “kill the product for healthcare, finance and defence sectors”? This is part of the SDK tooling, it should not installed or run in the deployment evnvironment.

This will also be installed in places like the build server that may have extra permissions into the production environment. Often the firewall between production and development won't be as great as you think and all software has to be compliant because the developers will be dealing with real private data.

> If teletmetry is bad, running “dotnet restore” to download code from the internet is worse

"dotnet restore" could be hitting a local repository only, which is much more common in these environments.

> If having telemetry in the development environment is bad too, then so was the “Visual Studio Customer Experience Program”.

Typically it would be disabled, but things slip through the cracks, no matter how many precautions there are, which is why off by default is important.

Aside from that, it kills trust. The developers don't even understand that this is a privacy violation and refuse to fix it, so when the next thing on the slippery slope comes along I don't expect them to appreciate the ramifications of it. Will compiler error codes be considered telemetry? How about exceptions? How about code metrics? I can't trust the dotnetcore developers to respect privacy.



> "dotnet restore" could be hitting a local repository only, which is much more common in these environments.

You have to do this as part of your configuration. Alongside that configuration, you can change a single environment variable to turn telemetry off.

> but things slip through the cracks

I don't see how negligence is a valid counterargument. You could use the external repository by mistake and do far more damage. Are you more likely to forget about the the telemetry opt-out? After all this fuss I doubt it.

The root comment also claims that Microsoft refuses to engage and allow the removal of it. The environment variable exists, Microsoft has clearly engaged and allowed the removal of it. This comment chain is FUD.

Finally, if you really care about privacy this much you should be building things from source. This applies to .NET Core as much as it applies to GCC. .NET Core is open source, so this is absolutely possible to do.


> Finally, if you really care about privacy this much you should be building things from source. […] .NET Core is open source, so this is absolutely possible to do.

It's not that simple. Until recently, you had to have .Net Core installed to build .Net Core. There is now a way to build from source (https://github.com/dotnet/source-build), but it only works on Linux.


No, it does not kill trust. Maybe only in people who doesn't know how to configure and use CLI tools properly. Just disable this feature and move on!


> Just disable this feature and move on!

This implies that you're aware of the feature in the first place. One of the major points is that they don't make any sort of notice that telemetry was added in, turned on by default. There's a good example in the issue comment chain how Yeoman asks on first run if you want to send anonymous data.[1]

[1] https://cloud.githubusercontent.com/assets/361677/15396939/3...


They do, the first time you run dotnet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: