My thought is if you’re not trying to sneak something by the user why wouldn’t you increase the odds they make an informed choice? Is it ever ethical to pick a slightly different GUI option which makes mistakes much more frequent for the developer’s benefit?
2nd question. Are users “just getting what they deserve”? I think it takes two to tango and developers are far more likely to know better. There’s a power differential which conveys more responsibility even if both parties are to blame so placing it all on the user with “just” seems almost the opposite of who’s mostly at fault.
Edit, (thank you Michael): The arguement is assuming the information is honest, comprehensive and easy to consume. This is strictly about a developer’s descision to use a known manipulative GUI technique.
Ok - let me qualify this by saying that the rest of my response is talking in terms of truly anonymous data, such a cpu + chipset + video card and rough geographic location… (Country, Continent - or in the case of US, State and USA). Nothing at all that says Jim from East London is using x, y, and z…
This is also talking about information collection - not having to opt-out so you don’t get ‘charged’ for something is so completely unethical, but is not the topic at hand…
Unfortunately, there are too many people who are ‘users’ and don’t contribute… I see this all the time with parents of students in school… I used to be on the band boosters, where the parents of the band students needed to donate some time (about 4 hours per sport season - so basically 1 night during the 2+ months of football season, and 2 nights during the 4+ months of basketball season) to help with the concessions (which the monies were used for their band students, instead of requiring the parents to pay extra for their students band needs)… and for the 6 years I was involved, it was always the same parents who helped (about 20% of the parents) while everyone else did nothing…
And this is the state of our world… the vast majority will use the product, and make no effort to give back in even the slightest…
So why is it ‘unethical’ for a company to gather generic, anonymous information about their product which they find vital to improve their product, which is FREE… Isn’t it more unethical to use someone else’s labor without giving back???
I don’t think there is anything unethical about creating a unique ID, get some generic processor/chipset info, and the generic area of the users location.
Why is it unethical for a company to be allowed to know who is using their product? I find it incredibly absurd that a company like Canonical, or any of their derivatives can’t actually say with 95%+ accuracy of how many people are using their software.
I find it more unethical that someone would even opt-out of this type of information collection… especially if you are using it without donating to the project in some way…
Why isn’t Canonical / Red Hat / Zorin / Elementary / Solus / [Your linux distro here] allowed to accurately know how many users they have and on what type of hardware??? Again, not WHO their users are, but how many, what’s being used, and roughly where in the world these users are…
Ethically speaking - the only person who has a right to use a piece of software truly anonymously is the writer[s] of said software… Everyone else should should be required to pay for said software use - either monetarily, through effort, or simply with the knowledge that its being used… and again, I’m talking ethical - not legal…
So I find it funny (and not ha-ha funny) that this is even being raised…
Simply because they didn’t ask. I do understand what you are saying, but once I purchase said computer, it becomes my property. Do I not have a say in what and how information from my property is collected ( and used )? Remember, this collection is going to be pulled from my computer using bandwidth that I pay for. I think if companies were more up front with this, and were very clear in what they were collecting, how they were collecting it, and made the collected information publicly available this would be much less of an issue. However, most companies hide their data collection, and, in some cases, what they are collecting. This gives the appearance of deceit.
“Why is it unethical for a company to be allowed to know who is using their product?” If I purchase the product, does it not become my product at that point?
None of the companies that code phone-home functions in their software have ever offered to compensate me for the bandwidth they are “stealing” from me. Open Wireshark on your network at home and take a look at the amount of bandwidth that all of the products combined are consuming. It might surprise you. I run a pi-hole at home to block ads. As much as 30% - 40% of all DNS queries on my network are ad and / or telemetry related.
I agree that a developer has rights to their software, until they sell it. Then rights are transferred ( not all rights, but some ). The same goes for photographers.
It’s unethical if they don’t have permission to collect the information from the owner. It’s also unethical to collect information using bandwidth being paid for by someone else.
If i’m correct, you’re arguing it should be ok to sneak things by a user if the developer is owed something and the information is harmless (ex: it can’t identify the user).
Even if we ditch the importance of upholding ethics, i’d make the case that what someone is owed and if the information is harmless are both totally subjective.
On being owed:
Does a Linux kernel developer owe telemetry to a developer using their kernel to run the software?
Is someone owed telemetry if they’re enjoying the fruits of their own labor and github is footing the hosting bill?
If I hand someone code and say, “this is free”. Is it ok to omit a “but” about how i’ve geared it to fulfill my expectation of getting something of value back?
On identifying information:
https://panopticlick.eff.org/ is a good example by the EFF on how enviroment information is used by data miners to narrow down who someone is. The more information you have on someone the easier you can narrow down who they are.
Apple’s Differential Privacy is a beautiful example of telemetry done “right” but I don’t know of any other company fuzzing data so for others it’s just naked information.
On how free software contributors benefit:
I could list the mundane stuff like networking, having a greater say in the software they use, resume material, common hobby for making friends, ect but that doesn’t cover the amount of work. Someone who makes free software by default is never made whole.
Not directly…
This is obviously not an even equation but consider what free software has done for science, industry, entertainment, your broke AF neighbor who turned it around and made a local company. Similar to the outcome of teachers and other selfless jobs a rising tide raises all boats. The quality of life that contributors enjoy is in large part a collective return on investment for which no one asked for anything in return. Ultimately it’s a labor of love though.
TLDR; I agree that if you purchase the OS/Distro/App - then it should be ‘opt-out’ by default and the item in question should ask you to opt-in… But if you are using it without paying for it… then the item has the right to be opt-in by default!
Fair enough on the bandwidth issue… but…
but once I purchase said computer, it becomes my property.
But this isn’t talking about purchasing a computer - this is talking about downloading a FREE (as in you more than likely didn’t pay / donate) OS.
If you bought a computer - that is one type of info that can be passed on - so the telemetry data collection should be turned off by default (and then maybe the OS can ask you to turn it on if you want) - but you are right, in that you paid for said computer with OS…
But when you download the OS - you should have to report… and as for the bandwidth, while this should be basically negligible for most as the basic data SHOULD BE SENT once - and then maybe a daily or better weekly packet is sent saying ‘still here’ [and if this is not being done this way - then that should be changed by the OS]…
If I purchase the product, does it not become my product at that point?
Let’s through the current license BS out, and I’ll agree… IF you purchased the product - the company then has a sales figure that some bought the OS - so again, by default it should be off and ask you to turn it on… But again, 999/1000 this is someone who didn’t purchase it, and in my opinion shouldn’t get to opt out!
If it is offered for free, then it should be free. It is still wrong to collect data without asking for permission.
BTW, I do donate, as I believe in supporting the efforts…
I shouldn’t ever “have” to report. It should be optional. If it is NOT optional, then that needs to be made clear before one is offered a link to download. Why do you think I should not have a choice in the matter?
You can justify how little the bandwidth consumed is until you add up every app, OS, device, IoT, phone, phone-add…they all add up. It is bandwidth theft if done without permission.
Personally, I don’t have any issue with the collection of some information, as long as I agree prior. I want to know what is being collected and how that information will be used / shared before I will agree. ie EULA agreements.
About a month ago, I read through a EULA that stated that the company did not collect any PII ( personally identifiable information ). The very next paragraph stated that they do collect the following information:
IP address
phone number
email address
and, if contacted for support, birthdate. Which of these is not PII?
The whole collection of data comes down to trust issues. Too many companies have abused this and most people take a defensive stance with this subject. It’s not hard to understand why.
I think it is only unethical of it isn’t made clear what they are doing.
At the end of the day you are using their product, if they want to collect data and are upfront about it and offer a clear, easy option to decide that isn’t hidden within a wall of small print, then there’s nothing unethical about it in my opinion.
I hear your point, would you agree in practice opt-out usually gets more people to “agree” to something they’d otherwise say no to if it was a forced choice?
Yes I think I would agree. But I don’t have a problem with that, the user of the software has to take a bit of responsibility in reviewing what they are signing up for.
Thinking about my previous statement some more, I should probably clarify, i only think it is not unethical assuming they are using the data for things that aren’t unethical
It is always ethical if the choice is presented to the user prior. Business Ethics applies to honesty to consumers and not doing anything that goes against the wishes of the overall consumer. If a company is transparent about what information is being collected and the user/consumer has the option to choose whether or not to participate then it is ethical.
There are unethical ways to use that data once collected sure but that is a “in good faith” trust issue of the company/project doing the collection. That is not relevant to whether or not the concept of opt-out can be ethical.
For example:
Ubuntu does the Opt-Out method. Ubuntu explains what is being collected in the setup screen, they also provide a button to show the entire report prior to it being sent if someone wants to see it. Nothing is hidden from the user, the user has full control as to whether they participate or not.
What exactly is “unethical” about that?
Ethics relates to honesty and offering choice to the user, both of these aspects are completely fulfilled and thus it is ethical.
If you want to discuss which one is better in an ideological way then that’s totally something worth discussing and forcing a choice could be argued to be more ideal even though it creates its own issues.
This assumes there is only one answer to the first question. I think it is totally ethical due to the above reasons so this question in my opinion is moot.
You can ask first while also being Opt-Out. This is how Ubuntu does it. They ask and they set the default structure to Opt-Out. I see nothing wrong with that because the user has the choice prior to any information being sent.
That is an interesting point. I agree. If someone wants to use something for free without ever participating in any way at all . . . would that be unethical? I’d say so.
(this applies to never doing bug reports, never helping on forums, etc.)
Canonical does ask and they even were transparent about it being added prior to it being added. Zorin screwed up but that only applies to what Zorin did.
In the Ubuntu example, you aren’t forced to send that information. You have the choice to not send it.
In regards to bandwidth argument, you are using their bandwidth to download the ISO and to do upgrades to packages so you at the very least can send them a message of “no thanks on the data collection” because in regards to bandwidth, you’d be spending a lot more of theirs than they are of yours.
Canonical does all of that.
I think the discussion here is being misconstrued into a different discussion. I think @Mr_McBride is discussing ethics of business in a general sense rather than the direct question of this thread. “Is opt-out ever ethical”?
Is there a single scenario where Opt-Out is ethical? That is the question. If your answer to that is no then alright but saying “because they didn’t ask” implies there is a possibility that you might consider it ethical if they did ask.
Opt-Out does not automatically mean “sneak things by a user”. There are companies that do try to sneak things by BUT that doesn’t automatically mean that there is no scenario where opt-out can be ethical. I think Canonical has proven there is a scenario where something can be opt-out and be ethical.
I could have done better with the title/description, I added an edit. The argument i’m making assumes the information is honest, comprehensive and easy to consume.
We agree that honest information is an ethical qualifier and that the Ubuntu install is a good example of passing that qualifier.
Where I think we disagree is if opt-out is just a variable in finding an ideal GUI solution or if it’s a well known manipulative technique for achieving a desired outcome that should be considered it’s own ethical qualifier.
It’s for some of the reasons above that Europe is banning opt-out as an unethical practice. Not that i’m particularly fond of GDPR or think it’s a source of truth but it at least shows how broadly this view is held.
Where the rubber meets the road for me is this question:
We might argue over severity but I can’t see how a technique that’s well known to be manipulative can ever be considered ethical even under the lightest of circumstances.
At some point here, we are just going to have to agree to disagree. I’m ok with that.
I understand the reasoning behind Opt-Out, but I will never agree that is best option. Making an assumption on behalf of someone else just does not show respect to that person. I will always side with the ask and the let the user choose approach.
Just like some web pages automatically place a check-mark in a box for adding your name to their “news letter”. There’s one-more click I have make and my opinion of that site is degraded because of it. Stop trying to make decisions for your constituents.
BTW: I find it informative and entertaining to read the “Asshole Design” sub-reddit. There are all sorts of “dark patterns” listed there, not just the opt-out pattern we are discussing here.
I’m not really a reddit reader but my god that sub is an advert-fest of mixed content (my mistake for looking at work with no blocking of any kind I guess?). Dark pattern indeed.
Here’s a good example of the opt out problem. The information is honest, comprehensive and easy to consume. Even if we assume 100% responsibility for the user it doesn’t make this any less of a manipulative practice.
I can’t speak of the ethics of opting-out, However my opinion is that everything should be out out, and if you want to give up your rights to your personal information, then you can opt-in.
No retail business should ask you where you live, how much money you make, how many are in your household, etc. All they need to do is take the money for the product and by their inventory see what is being bought, and so forth.
