HACKER Q&A
📣 shutty

Is it ethical for open-source projects to have usage analytics tracking?


We’re building an open-source tool to do search/category/recommendation personalization (https://github.com/metarank/metarank), eventually planning to create a business out of it. We have a small number of pilot projects with real feedback, but we rarely have a chance to see how new people interact with the service, as it’s self-hosted backend tool with no UI.

We have an idea to add anonymous analytics reporting to get a glimpse of real usage (and places where people are struggling to improve), but are concerned if it’s ethical or not to do such intrusive things.

Is it acceptable for an open-source project to have this type of tracking, considering our materialistic plans to transform it into a business?

  👤 uberman Accepted Answer ✓
I don't personally feel it is inherently unethical (open or closed source) to have product telemetry. Of course one can collect more than they need and can certainly do some ethically questionable things with the data that is collected.

Supporting an option to opt-out of telemetry seems to be very ethical to me and in theory open source would allow one to unwind the telemetry so in some sense I think it is more ethical in open source than closed. In practice though I feel only a tiny percentage of people actually inspect let alone modify the open source they use so perhaps there is not practical advantage.

👤 XCSme
Usually the bigger problem is exactly what is being done with that data. Most companies use it against the user (increase prices, make them buy more, deceive them, sell their data), but if it is genuinely used to improve the product and user experience it should be fine.

Now, I don't think an open-source project really needs usage analytics, because users can already get in contact with you and mention what they like/dislike about your product and what changes they expect.

On a website, or classic non-developer end-user project (e.g. website, web shop), customers rarely give feedback regarding the platform itself (or they rarely even know themselves what they want/how would they improve the platform).

👤 ebonet
GitLab does this, as an opt in for it's self hosted customers https://docs.gitlab.com/ee/development/service_ping/. Let me me clear this is an opt-in, not an opt-out. The default is to have this turned off. This is preferable in terms of user experience over it being an opt-out.
👤 shutty
For example, Grafana has an opt-out usage tracking in the open-source version: <https://grafana.com/docs/grafana/latest/setup-grafana/config...>, so it seems to be somehow acceptable in general in the industry.
👤 lioeters
I question its practical value overall, but at least telemetry must be opt-in and explicitly stated.
👤 mtmail
Kong has it default on and I don't like it. I don't want a third-party to receive stack traces or IP addresses of internal production systems. It should be off by default. https://docs.konghq.com/gateway/latest/reference/configurati...
👤 verdverm
I recently readded this with an ask option like the gcloud cli

It sends very minimal information about what command you ran

Analytics is pretty common with most collecting more, being on by default, and leaving you to discover the option in the docs. Not sure if this is compliant with GDPR, but asking seems more ethical or right to me

Note, you can track downloads in several ways if that is what you are most interested in.

The type of tracking also depends on what you are building. Is it a library, CLI tool, or full application with a UI? This will partially determine what is appropriate and available