The privacy issue can happen in two ways that I can think of:
1. Unclear boundaries of data.
How many points of data are being collected and sent 'home'? CPU performance? OK. Device name, pc username, usage duration, times the program is opened and closed. System account email address, IP address, hostnames contacted (i.e. websites visited), WiFi-based location, webcam stream for inference of end-user mood, microphone for emotion analytics?
These are all examples of telemetry that could be argued are 'needed' for purely for product improvement.
2. Even if only a couple of data points are collected, it is very possible to identify the real name of the end user through analytics of the data. This inferred information is very valuable, and definitely is then a privacy issue.
I hope the vast majority of developers and company execs don't intend to 'do evil' with this information, but unfortunately we have seen examples of this from public companies, despite auditing etc.
1. Unclear boundaries of data. How many points of data are being collected and sent 'home'? CPU performance? OK. Device name, pc username, usage duration, times the program is opened and closed. System account email address, IP address, hostnames contacted (i.e. websites visited), WiFi-based location, webcam stream for inference of end-user mood, microphone for emotion analytics? These are all examples of telemetry that could be argued are 'needed' for purely for product improvement.
2. Even if only a couple of data points are collected, it is very possible to identify the real name of the end user through analytics of the data. This inferred information is very valuable, and definitely is then a privacy issue.
I hope the vast majority of developers and company execs don't intend to 'do evil' with this information, but unfortunately we have seen examples of this from public companies, despite auditing etc.