For gitlab it probably means getting information on what buttons are pressed, how long users stay on a page, etc. For users, it means running proprietary javascript snippets from 3rd party tracking services. How much should you trust that code? You may trust gitlab, but do you trust the vendors they work with? How much visibility do you have into that?
As you can imagine, a lot of businesses are not willing to take that risk with trade secrets like source code and internal bug tracking -- especially when there's no upside to them.
I think the furor is probably less about the data being collected (although people aren't happy about that), and more that Gitlab just offloaded a lot of risk on their users for purely selfish reasons. (And it is selfish. They can get the data in other ways, or, make decisions based on expertise and customer feedback instead. You don't need a mountain of data to drive a product).
As you can imagine, a lot of businesses are not willing to take that risk with trade secrets like source code and internal bug tracking -- especially when there's no upside to them.
I think the furor is probably less about the data being collected (although people aren't happy about that), and more that Gitlab just offloaded a lot of risk on their users for purely selfish reasons. (And it is selfish. They can get the data in other ways, or, make decisions based on expertise and customer feedback instead. You don't need a mountain of data to drive a product).