As a developer who has relied on crash reports countless times in the past for fixing bugs and improving products, I applaud Ubiquiti for taking a principled stance and choosing what is best for most of their users.
I wish more companies would stand their ground and refusing caving to a vocal, but demonstrably toxic minority.
Whatever happened to serving customers being the top priority? That’s how you make money - by selling something that serves people’s needs and wants.
In this case, Ubiquiti’s actions are particularly irksome because they’re changing a product after its sale to do something that would have caused many customers to avoid purchasing it in the first place if it had shipped that way — and without giving customers an easy way to turn it off.
Curious to hear how this change could harm any customer. Judging by the vitriol and strong language in this thread, there must be some grievous harm telemetry causes that I am not aware of.
Lack of transparency - lack of communication - lack of at the very least an opt-out.
Lack of Transparency: No specific details on what or when they transmit.
Lack of Communication: Didn't tell customers they were putting this in place.
Forcing customers to employ additional network security on a network device if they don't trust what you're doing ... which is hard to do given the lack of transparency and communication.
>there must be some grievous harm telemetry causes that I am not aware of.
What you're not aware of is the same thing the rest of us aren't aware of ... and that is what is actually sent and what triggers that etc.
What is a “crash report”? Is it just a log saying that the machine crashed? Is it a core dump? Is there PII in the logs? Does it expose information that is protected by law? It’s not the fact that there’s telemetry, it’s that it wasn’t communicated well so people can mitigate risks. This shows that there isn’t a culture of paying attention to this sort of thing over business intelligence.
It’s not the fact that there’s telemetry, it’s that it wasn’t communicated well so people can mitigate risks.
I respectfully disagree. It is also the fact that there's telemetry. It is not OK for me to punch you in the face just because I tell you I'm going to do it first. You shouldn't have to mitigate that risk. The risk wouldn't exist if I weren't punching you in the face.
In what way is not providing a heads-up that this was being introduced and refusing to add an opt-out a “principled stand” for the benefit of their users?
It's not the user's responsibility to justify why thy don't want you eavesdropping on their property. Even if you manufactured the device, its not your property after you sold it.
It's your responsibility as the manufacturer to ask for permission if you want to observe someone's private property in any way.
> demonstrably toxic minority.
Standing up for property rights is toxic? Just because software made it easy to observe and/or control a device after the 1st sale doesn't give you the right to eavesdrop on other people's property (or vandalize it with an unwanted, forced update).
The phoning home isn't the issue - it's the lack of communicating it and lack of offering an ability to turn it off that is the problem. A vocal minority may grab pitchforks if it's opt-out rather than opt-in but most would be fine with it.... Ubiquiti did it one worse and didn't even offer opt-out.
Instead you have your network device provider saying - well if you don't want our devices to call home use another device in front of us to block it.
So the core issue is trust and basic respect for your clearly technical and security minded customers.
The proper way to do this IMHO would be to first not sneak this in quietly. Then have those logs collected on the controller, where they can be reviewed and manually submitted.
I can understand them wanting logs of crashes, it's a reasonable way to try and improve their service. Since you can use their APs with other controllers that would limit their collected data. Having the data being manually sent would also limit their collected data.
I'm ok with them actually collecting data, as long as they're:
* Open about what actuall data is being collected.
* Open about them actually collecting data and not sneaking it in.
* Providing a way to opt-out.
* Adding the proper GDPR documentation around this so as clearly not to break the law. As it is it's a grey zone, why not be clear about it.
I wish more companies would stand their ground and refusing caving to a vocal, but demonstrably toxic minority.