You are free to setup your own DB if that's a concern for you. It's a totally justified concern, but this is just concern-trolling. Most people would use this either way. People with strong privacy concerns may setup their own DB, but they represent the minority (despite the heavily privacy-biased stance of HN users).
If you're in the minority, you should expect to have to do more work to get the right balance of security and privacy.
I am just criticizing collecting data under the veneer of security or creating a dependence at this point. These are two completely separate issues and the argument for security is used to justify questionable practices.
> If you're in the minority, you should expect to have to do more work to get the right balance of security and privacy.
It is exactly this false dichotomy that I am criticizing here, because it is completely baseless.
You are reading an article that hints to privacy violations.
You can only be secure if your privacy is protected. That is the causal relation between these two needs.
> I am just criticizing collecting data under the veneer of security or creating a dependence at this point.
This isn't a veneer. It's a signature check to ensure a package is what it says it is. Have you seen the hassle npm routinely goes through because of this? A centralized, trusted server is a sensible "default" setting. The fact that they offer a self-hosted solution is a great benefit.
> You can only be secure if your privacy is protected. That is the causal relation between these two needs.
Nonsense. I can have a completely secure system and everyone knows who I am. I can have an entire insecure system with zero means of identifying the owner and thus, remain private.
You aren't just conflating privacy and security, you are implying a casual relationship between them. Both are nonsense.
If you're in the minority, you should expect to have to do more work to get the right balance of security and privacy.