Yeah but when you don’t pay any money for something (google, facebook…) then what’s in it for them? How do they make all this money if they don’t charge for their service? Well they do charge, they want information, because they can turn that into money.
Maybe not in every case, and I’m still against tracking and profiling and all that junk.
That said I don’t think that an OS turning on performance telemetry unless you opt-out is unethical, they’re not human trafficking or anything so I feel like there’s bigger ethics fish to fry, as it were.
It should ask you explicitly yes or no in the installation process, no default value, and not buried in a menu where you’ll never find it.
There’s something that got brought up a lot that I didn’t get to much, the idea that the consequence of an opt-out can be so innocuous that if we’re reacting proportionately we should be overlooking it or just making a slight mention especially if it’s for the benefit of FOSS software.
It’s comparable to something like a white lie, telling someone you’ll be on time when you know you’ll be 30 seconds late.
But does that make white lies ethical? Does that make a manipulative technique ethical? That’s the only point i’m making. Just because something is mild or the reaction can be described as making a mountain out of a molehill doesn’t change the definition of what it is.
What to react to and how much is a totally seperate topic and I think a lot of the confusion was over the baggage the term unethical comes with which implies harm by default. I don’t think the argument needs to qualified though because standing up for ethics doesn’t require any harm be done at all. It’s supposed to be a stupid fight over “nothing” right up until all those established excuses support the foundation of something that’s really a problem.
I say draw the battle line on opt-out instead of further back.
Ultimately, I think it boils down to this; Linux is about choice. If telemetry is needed, let them ask for it and provide for a method for us to control what is being collected and how often.
Note 1: I typically make replies in a batch single reply so if you got pinged by this post then scroll to find yours. . . . oh also I reply in chronological order so you may be included multiple times depending on how many replies you made.
Note 2: Opt-Out can of course be used unethically so any time I am talking about using it ethically I am referring to companies that respect user choice. Forced consent like EULAs or fake choices that are required are irrelevant to my points.
I think this is where we disagree because I don’t think opt-out is automatically manipulative. It is very often manipulative and many software companies and what not require opting in to simply use the software . . . it is 100% manipulative and atrocious for a forced requirement of consent . . . thus making it not consent.
However, I don’t think opt-out automatically implements that approach. Ubuntu’s method provides the ethical approach to opt-out. The user has the choice, their choice is their’s alone to make and their choice is observed and respected by the system.
Yes, I would agree that it would likely result in some cases where people might agree without reading the question. However, if it is a forced choice there is no ability to agree without reading so its not really a fair comparison.
What ethics are violated by opt-out if the user is provided a choice and the choice respected?
I understand why forcing a choice would be preferable to some people but how is that unethical?
Let’s take Ubuntu’s method for example . . . lets say someone is a distrohopper and is completely aware that this question is asked and they don’t mind it. They can easily click next and moved past if fast. If the forced option is made then they will have a barrier put in place for them to continue every time they install Ubuntu or any flavour that uses the data request. Both of these are problematic depending on perspective.
However, what makes the opt-out unethical? What right or choice has been violated by having it opt-out? Annoying or Irritating to some sure but unethical?
By the way, the newsletter thing is fair in terms of opt-out there BUT not in terms of opt-out on Ubuntu because they aren’t asking you to allow them to spam you.
Except for when they do, like Ubuntu.
This is not a good example. This is an example of the illusion of choice. It gives the user the choice to agree or not but if they don’t agree then they can’t use it, that’s not a choice. That is a requirement of consent and thus is not an example of opt-out being unethical but rather the facade of choice and thus the opt-in or opt-out is irrelevant. If that was set to “Disagree” then what changes? Nothing. It would still require agreement to continue.
This is not a discussion of giving up personal information. Every time an example is needed I use Ubuntu’s telemetry system because it asks for data without personal info and it does so while respecting the choice of the user. If the user says “no, you can’t have it” their system just says “ok then”.
I completely agree with this . . . the idea that a company needs my address to work on my car is asinine. Asking me at all is absurd. However, this is not relevant in to the thread’s main question. Ulfnic made this thread based on something I said regarding being ok with opt-out in specific circumstances.
So you are saying that it isn’t unethical to have a default value but you would prefer it to not have one? If my interpretation is correct then I agree.
Most welcome! I think this is an interesting discussion to have for sure. I need to add link in DL show notes too.
I don’t know who brought this up but I don’t think comparison of severity/importance is valid in most discussions. As I’ve said prior, I think it is ethical if a choice is given and that choice is respected without restriction of usage or access. So comparing this to anything of more or lesser importance/severity is irrelevant because that assumes fault/violation when I don’t think it violates anything.
I agree that 2 options with a requirement to choose would be preferable but how is it encroaching a user’s rights of self-determination or autonomy?
Ubuntu’s method offers the choice of yes or no, the choice is respected by the system and the installation process continues either way so there is not a negative outcome for saying no. What right is violated here?
The GPL and MIT have nothing to do with ethics, they are legal agreements. You can still have a debate of ethics regardless if someone obeys the structure of a license such as GPL or MIT. Though to be clear the MIT licenses essentially can be interpreted to be “do whatever you want, I don’t care”.
I think taking something for free without feeling any obligation to give back could be up for debate on the level of ethics. I don’t think it is unethical but I can see the perspective of where it could be viewed as such. Open Source or FOSS is suppose to be about collaboration but if the user refuses to help even in the case of anonymous data that could be used to improve the system . . . that’s not collaboration. So I don’t think it is necessarily a guilt-trip to opt-in to sending data but it is a guilt-trip to opt-in to do something. If a user opt-outs of everything and never gives back at all . . . I would call that unethical on their part.
I disagree. Skill level and experience is irrelevant to the Ubuntu example I gave. The ONLY requirement of the use is to read what they are clicking “next” to. I understand the preference of forcing a choice here but I don’t think it’s unethical solely based on the impatience or lack of paying attention to what someone is agreeing to.
If the choice was hidden behind a massive EULA that everyone hates to read with a ton of legal jargon and nonsense then yes that would be unethical even if everything else was kosher. However, Ubuntu does it in a reasonable way of a simple question and simple answers with details of exactly what is requested if the user chooses to see what would be sent. Nothing is hidden, nothing is burried and all of it is immediately presented to the user. If the user can’t take 5-10 seconds to read before clicking “next” . . . that is not a skill level issue.
I agree, this would be preferred. However, the original question of the thread is “is opt-out ever ethical?” and that implies that it is always unethical. The debate of which is more ideal is different than whether or not opt-out can be ethical. I am saying that if implemented honestly and clearly with simple choice provided to the user and that choice is respected and continuing is not hindered by the choice of no then yes, that is ethical.
Are you saying giving users the choice of what specific pieces of data are included in the collection? If so, I would disagree because that would automatically skew data to such a large degree that the data might become worthless. If the data collected is known up front is ok to the user then great send, if not say no and don’t send. I think that would be more valuable . . . unless there was a 3rd choice of “you said no, please let use know what part of the data was objectionable to you?”
You’re welcome and now to go add this thread to the show notes.
#1 Disrespectful. I disagree with your use case. I think the bigger burden is put on the those that shouldn’t have to take an action to say no. That, in my opinion, should be the default. If you do care, then you would be willing to opt-in.
Also, there is the bandwidth stealing perspective. I’ll just leave that right there.
#2 That depends on how the development is done. The data doesn’t have to be skewed. One might not mind spending application data, but might care about some other item, especially if it includes PII, like IP address et al.
Here’s an indirect, but interesting example taken from a privacy-policy:
quote #1: “company_name does not track users across the web, nor does company_name authorize the collection of PII (Personal Identifiable Information).”
quote #2 ( from the exact same privacy policy, located in the very next paragraph ): “We collect personal, demographic and ordering information provided by users when they register with and/or place orders on the company_name Sites. This information may include, among other things, names, addresses and other personal information, email addresses, mobile and other telephone numbers, instant messaging (“IM”) addresses, age and date of birth, and product and restaurant preferences.”
Now, I may be biased due to my cyber security training, but the wide-spread distrust of any company with data collection processes did not start with the general population. This example is why I am leery of any data collection activity and why I want complete control over privacy when it comes to any information about or related to me.
I don’t think it’s disrespectful. They are respecting the user by offering the choice, showing exactly what is sent if sent, respecting the choice made and not restricting anything based on a no.
Is it ideal, no but I don’t think it’s unethical or disrespectful either.
in the Ubuntu example, the user’s bandwidth for a few kilobytes or less is nothing in comparison to the bandwidth for the ISO, so that’s a moot point to me.
Of course it depends on what is requested but I give the Ubuntu example because it gives a reference of where it can be done ethically. There’s no PII in their request and it is respectfully done.
I’m not debating opt-out vs opt-in, I’m on the side that opt-out is not automatically unethical. Opt-in is obviously better but that doesn’t mean that opt-out is therefore unethical.
Possible summary or a next step, my interpretation is…
We all agree there should be a choice if it’s something like software telemetry.
We also agree there’s GUI techniques that despite showing clear and comprehensive information can get some users to do things they’d otherwise not be comfortable with in a neutral choice. This doesn’t include users who’d blast through either way and i’d add trick-able users aren’t always the carefree user trope.
Here’s where the split is…
I don’t think anyone is arguing that picking those techniques for personal gain is ethical under a microscope, but in practice they’re always woven into a larger context which needs to be viewed at a resolution that isn’t too pedantic or dismissive otherwise it’s not a useful measurement for how to act which is the goal of ethics.
For example… I could argue, “Is information about a telemetry choice in all caps ever ethical?”, under an AB comparison you could show how more users are tricked into thinking it’s a boilerplate user agreement. Under a microscope that isn’t ethical. But for ethics to be useful is that the right resolution to use considering the context or is it too pedantic for a reasonable overall assessment? You can apply this AB question to anything human’s do that isn’t perfect.
It’s a lot like how the length of coastline increases or decreases endlessly proportionate to the measurement detail, if you’re making a map for a swimmer or an ocean liner the context changes what amount of detail is the most useful.
So we’re all technically right, we’re just debating over what resolution to use.
I’m coming from a software engineer perspective where you should always be pushing your boundaries and others are coming from a information sharing perspective where they need to represent things as realistically as possible to someone wanting to try something.
Everything is subjective, but only a finite range of view points are useful for acheiving a desired outcome. It’s a lot like the coast line problem, if you’re going to swim around the coast only a certain sensitivity of measurement (not too high or low) is useful.
So by appealing to usefulness it helps correct for any non-useful subjectiveness in people’s preference and opinion.
What i’m eager to hear thoughts on is if the framing in my conclusion sounds right. If a software engineer should be using a more sensitive measurement of ethics (that includes no opt-out) compared to someone recommending software packages as a whole for the reasons I gave in my last post.
You’re right about everything being subjective. One’s black and white area is grey to another. Some have the gift of detail, others will treat a certain lack of detail as being deceitful.
So, the real analysis boils down to the art of compromise when attempting a balance with ethics. A slippery slope, indeed.
Avast was recently caught sharing opt-in data easy to de-anonymize. As Noah likes to remind, “there is no such thing as anonymous data (repeat 3 times, last 1 for the people the back)” :).
Pretending the information was 100% honest and comprehensive for the sake of the debate though:
This is the fore-mentioned agreeable “forced choice” but it’s looking more like a vague indicator than a goal post. The example here is Avast using styling to encourage a desired behavior that users are more likely to regret if given a full review of their choices in post.
We can also imagine a scenario where the same button styling is a mandatory click on several mundane agreeable prompts except one to produce a habit that’s more likely to achieve a regrettable decision for the user.
Accepting the degree of valid arguments for victim blaming, the developer is still deploying a manipulative technique that achieves my proposed test so this may be a much better one:
Ignoring opt-in, opt-out or forced choice… would a reversal of the user options in terms of styling (color, bordering, position, ect) cause the user to be less likely to make a regrettable decision? If the answer is yes then it’s unethical to use it.
Fixable in one of 2 ways:
Make choice styling absolutely neutral and contextually non-habit forming.
Randomize which choice has what styling (potentially problematic for macros especially with placement, mitigate with macro friendly ways to read state and a warning).
. . . oh also I reply in chronological order so you may be included multiple times depending on how many replies you made.