To me, telemetry is ok. That is, how the software runs, which operations are slow, where crashes or recoverable errors happen. Anonymous technical stuff, preferably in a user-unelectable form.
What I'd be concerned about is personal profiling, knowing which sites I visit, which forms I submit (including web search), etc.
We're talking about telemetry here. Spyware is something different. It is covert malware, hidden in software that purports to do something useful. It would not be explained in privacy policies.
Software that incorporates silent and nonconsensual telemetry is spyware.
If it's reporting telemetry silently, it's covert.
If it's not asking for permission first, for some percentage of users, it's nonconsensual, and is thus rightly qualified as malicious.
It's still malice even if the telemetry is just for product improvement, against the user's wishes for privacy. (It also has the side effect of informing the ISP and military intelligence surveillance apparatus of the user's usage habits.)
Tools that misuse the user's system to benefit the software manufacturer against the wishes of the user by exfiltrating their data without advance warning (covertly) are malware.
> It is covert malware, hidden in software that purports to do something useful.
You just described a software package with silent, no-opt-in telemetry, such as Visual Studio Code, Balena Etcher, the Adobe Creative Cloud, Mozilla Firefox, the Netlify CLI, the Gatsby static site generator, the Google Cloud CLI utility, and many others.
What I'd be concerned about is personal profiling, knowing which sites I visit, which forms I submit (including web search), etc.