What should really be praised... Without further, congratulations to everyone protesting against this gitlab move. This is something that should be done years back when google started with its tracking, same with facebook. This was the behaviour that should be seen each and every time some company wants to take advantage of its users. But to my sadness it is rarely seen. So once again congratulations to each and every gitlab user that did anything against their move.
It was done. There even was those small banners that said something in the way of "if you have gmail I won't mail you" etc.
Thing is, the broader public don't care. The difference between gitlab and gmail is primarily that developers care more about this stuff and value their code more than most people care about their email. They are also much more informed in the matter, most using gmail haven't got a clue.
No, they only care when the tools they are using are targeted. Otherwise, they couldn't care less.
We have tracking on websites and in apps on an industrial scale - built by developers in technology companies. We even have tracking of school kids courtesy of ChromeOS. When have developers ever shown any care about that? When have they ever spoken out about that? They're more likely to rush to defend that software and the company that built it: It's not being used to build profiles, or the data is aggregated and anonymous.
Presumably, if GitLab tracked behaviour 'anonymously' and in aggregate form, that would all be fine? Didn't think so. The hypocrisy that runs through the programming profession when it comes to online tracking really knows no end.
If I had a guarantee from Gitlab that _they_ were scrubbing the data, I would have no problem. I get the sense they know what they're doing (naive, maybe)
However, giving a third party script, potentially unvetted, access to the crown jewels of the company I work for? No fucking way.
They are tracking things anonymously at least in some places, judging by what I've read in the linked Gitlab issue tracker threads. The debacle started with someone higher up requesting to start recording user ID with that data, in order for the "growth team" to be able to do "experiments".
There's a difference between gitlab and gmail. People pay for gitlab while gmail is free. Google can easily declare "either you take it for what it is, or leave."
A lot of institutions used to run their own e-mail. Over the years I've watched as my e-mail addresses (both universities and my current employer) have been replaced by Gmail on the backend. All of them stopped being willing to manage e-mail themselves. None of them were willing to use a less surveillance-oriented provider. That choice wasn't made by consumers. It was made by the same kind of informed IT people. I suspect it wasn't free, either.
I thought the main problem with e-mail specifically was spam, and the reputation model that's arisen to combat it: a medium-sized university running their own e-mail service runs a risk of getting their domain blacklisted, if a few accounts are compromised and start sending out mass mailings.
My understanding was that Gitlab wanted to collect your data to improve their product. Google is collecting your data to sell ads.
I understand the reticence towards third party telemetry, but refusing basic interaction tracking for a product you pay for is just hurting yourself, even if you're already satisfied with the service. You don't go to the doctor for a checkup and then refuse bloodwork. Obviously there are rules around privacy for medical records that don't exist for interaction tracking. But I don't think the solution should be to get rid of tracking entirely, it should be to extend reasonable privacy rights and protections to our online data.
My understanding was that Gitlab wanted to collect your data to improve their product.
Gitlab could have collected anonymous data, with opting out of collection as the default, and promised not to sell it if they seriously believed it was about improving their product. Plenty of products record telemetry data only if you opt in to the program. Users understand and often accept that. That approach would have generated fewer headlines.
opt-in telemetry does not allow you to draw statistical conclusions because your data is skewed/incomplete due to selection bias. This is why developers are so intent on opt-out, it ensures that they have more accurate data to drive their roadmap. Clearly there are going to be privacy concerns with this, so they really need to minimize how much identifiable information they collect, and then communicate to users what will be collected, how it can be used, and who will have access to it. Gitlab seems to have jumped the gun and skipped over much of this part of the process, which sparked a justified backlash, but I don't fault them for wanting opt-out telemetry.
Opt-out is not a reasonable approach to telemetry, end of story. It's perfectly understandable how problematic that is for statistics, but statistics never trumps the fact that your software should not snoop without your permission.
No amount of vague promises over how good you will be and how nice you'll treat your users' information should be enough to make this acceptable. We have a huge body of evidence informing us that trust is a fundamentally bad idea when it comes to a corporation.
Gitlab has an excellent free plan, in fact it’s so good I honestly don’t understand how they can afford it and doubt it will last (but really hope it will for individual developers). They even give you Docker registries and thousands of CI hours.
Yeah, people back then should have written angry replies to Google's and Facebook's advance warnings about the tracking they were planning on doing. /s
It's a tiny SaaS that depends on customer good will. A few hundred pings did the job because we matter.
If only this worked with giant corps. FB has around 2.4 billion MAU and a few nerd rants won't be noticed the next time they screw the user and a handful complain.
Frankly I can understand that ads selling company like Google wants to track its users. Their core business depends on that.
Why Gitlab wanted to do this I have no idea, sounds like some marketing people came up with such idea "because everyone is doing this"?
Tracking wasn't going to bring much revenue, if any, so they could just get rid of that, trying to turn it into some positive PR. The cynic in me tells me that if they smell any significant money from tracking they would tell HN and the rest to back off (or would added some convoluted way to opt-out from tracking).
If you want to ban tracking, I would totally oppose it. I think its great that google manage to make money out of my personal data, and in return I get to use their of free service. Fortunately, in the regards of google user, there are more people who are fine (or don't care) with tracking.
The ability for people to have amazing technology and spend no currency on it is, in my opinion, a net positive for the world. But it would be nice if there were some provable toggle switch to choose between paying with data and paying with currency, for those who prefer the latter. Since proof is problematic, carefully selecting your vendor is the toggle switch, and that kind of switching unfortunately has switching costs including the massive inconvenience when, say, using an Android phone without a Google account.
