Telemetry and Trust

February 25, 2023

I recently read an article about Go opt in tracking being a mistake. The author was very earnest about the pros of compiler tool chain telemetry, how it was very common among Google and Go’s competitors, and how opt in tracking would skew the data set. Their general argument was that anonymized telemetry is extremely useful for compiler writers, and that shifting Go to opt in rather than opt out doesn’t help user safety and reduces the ability of the Go team to correctly steer their important project

Reading the article I was struck by a feeling of “I’m confused why you’re confused”1. The author made a ton of great points, but to me they missed the main problem completely. The issue never was telemetry, the issue was Google2. Very few people trust Google anymore3, and therefore the problem was that the telemetry suggestion came from Google. Focusing on the pros and potential safety rails of an open telemetry system is not wrong per se, it’s just completely orthogonal to what got everyone worked up in the first place.

Google as an organization has spent its credibility, both among the larger public and among engineers. It spent its credibility misleading consumers about the privacy implications of its actions, it spent its credibility by carelessly killing off services people loved, and it spent its credibility by regularly breaking non-Google developers stuff. And like many large organizations it has made the catastrophic mistake of assuming that its size, money, and market penetration means that its credibility does not matter. And now they’re discovering exactly how wrong that assumption is.

In this specific case, google is discovering that low credibility makes anything involving public consent really hard. Easy things become difficult, possible things become almost impossible, and prophecies become self fulfilling . Even when the Go team goes way out of their way to demonstrate good intentions, people don’t believe them. And of course they don’t! It’s not like we’ve all seen Google sneak in privacy defeating “features” under the guise of performance or safety before. Why shouldn’t people assume that this data collection proposal won’t be abused?

No amount of promises, analysis, or poorly advised accusations of trolling 4 is going to overcome an issue of people not trusting you. In fact it probably makes the problem worse, not better. The only solution for low credibility is to take the long, incremental, and unpleasant steps required to repair that credibility. Opt in telemetry is probably a good step in this direction, or it would have been if they’d not been dragged kicking and screaming to it.

  1. I’m not actually certain if OP is confused. But this is the short hand phrase I say when some extrenal problem is immediately obvious to me, and I’m confused why someone else doesn’t focus on same thing I do. ↩︎

  2. I believe that the official line is that Google doesn’t own Go, it just happens to employ everyone who is on the core team. I find this unpersuasive. ↩︎

  3. A few years ago I would’ve joked that the only people who trust Google work at Google. But after the layoffs and weird desk sharing mandates, I don’t think many people at Google trust Google either. ↩︎

  4. Seriously, don’t call concerned end users trolls. It will never work out for you. ↩︎

Lets Talk About Trains