Well, who benefits from having the ads there? Wouldn't it be better for most users without the ads? What value is Kite adding?
It's a slippery slope, similar to the controversies over using BitKeeper for the Linux kernel or adding DRM to HTML5 (both justified, I think). The openness in open source needs to be defended.
While I would not argue anything about ads directly, I think that all users benefit from having additional options in the plugin, and if the ad is relevant to a portion of users and leads to some users discovering an additional dev tool for their workflow than it was worthwhile. That is the perspective I have in mind for the hypothesis that Kite was testing.
I genuinely don't understand why this service is getting a disproportionate amount of backlash relative to the plethora of cloud based services out there that analyze one's entire codebase. Maybe it's because they're interacting with the code from the dev machine directly vs integrating with repos on the git server? Would that make it different to you?
The massive difference is that Kite is using manipulative, dishonest tactics.
When I sign up for a service like Code Climate it's very clear that I am giving them access to some of my code. I also have easy control over what code they can see. They are honest and upfront about what they are doing and why.
Kite has been trying to hide what they are doing, with the goal of tricking developers into doing things they otherwise wouldn't. They're taking advantage of the huge amount of trust in the open source community. Kite must know that abusing this trust has a high chance of hurting the community, but they don't seem to care, as long as they can make a quick buck or two for themselves.
A lot of people here really cherish that trust and goodwill among strangers in the open source world, and are understandably pretty pissed when someone comes along and messes with it.
The bottom line though is being honest and upfront with developers. I suspect Kite could have been a bit more forward about what they were doing and the developer community would have reacted with much less outrage.
Where I work, the VPE signed up for Code Climate. Code Climate also gets our code by asking for git creds, making it very clear what they're doing.
Installing Kite and accidentally allowing them to sucker me into uploading the entire corporate source tree -- quite possibly with creds -- is literally a walk you out fuckup. At bare minimum I would have to page ops and roll creds on every bit of prod. Want to know why there's both a gitignore and a git commit hook making sure 'config/creds.py' is not uploaded anywhere?
There's virtually no ethical way to build that dialog unless you put 40 point red font saying "We upload your entire source tree" and make you wait 10 minutes before continuing. This is not a decision line level devs are allowed to make on their own, and Kite tricks them into doing exactly that.
It's a slippery slope, similar to the controversies over using BitKeeper for the Linux kernel or adding DRM to HTML5 (both justified, I think). The openness in open source needs to be defended.