Please don't make the "Don't use atom then" argument in response to someone sharing unexpected info about Atom. No one is saying that they are being forced to use Atom. They are sharing info others may not know about Atom.

You're saying "Don't use Atom", but what you're implying is "Don't talk about Atom"

> However, you are not the king of open source

I am, however, the king of my own computer, and this software does not respect my sovereignty.

You are the king of your computer, but if you don't create rules for your subjects they will do as they please.

That's very true. However, for several decades users had a bot more trust in FOSS as not betraying the user in the same way commercial apps do. Atom is abusing this trust. Just because Microsoft is doing what they want in Windows world it doesn't mean they can do the same when flirting with developers and preaching their love for FOSS.

Homebrew. Etcher. Gatsby. Atom. Syncthing.

Lots of programs are abusing user trust.

> "Like I said - if it matters to you, don't use it."

Or he can do one better: Not use it and publicly criticize it.

That’s not “better”, in fact it’s not really in the spirit of open source, where criticism comes in the form of patches and forks.

“Doing one better” would be patching and compiling from source yourself. Better still would be maintaining an up-to-date fork for the benefit of other like-minded people.

There's a whole lot of gatekeeping to be found in your comment and I don't think it'll help open source as a whole if things were actually as you describe. It's perfectly acceptable to call out bad behaviour and it always has been. If anything, the community became significantly more polite about it as open source software has become more popular, probably because the users are not exclusively militant programmers now.

I really want to agree with you. But that assumes that the vendor/maintainer of open source software has a responsibility to not engage in "bad behaviour." I simply disagree. The only reason Linus Torvalds doesn't screw over everyone tomorrow is because he places value in the reputation of his code tree. (And also because his code tree sees so much sunlight that any such fuckery wouldn't go unnoticed.)

Clearly the maintainers of Atom don't place value in their reputation. Just be thankful that the maintainers have conveyed their true colours for all to see.

> But that assumes that the vendor/maintainer of open source software has a responsibility to not engage in "bad behaviour."

> "it’s not really in the spirit of open source, where criticism comes in the form of patches and forks."

Everybody has an obligation to refrain from bad behavior whether or not they are an "open source" developer, and everybody has a right to criticize bad behavior whether or not they consume software, and whether or not the software they consume is "open source." That may not be what "open source" means to you, but in that case I want nothing to do with whatever it is that it means to you. I don't subscribe to any ideology that obligates me to hold my tongue when I see somebody doing something I think is morally wrong.

You'll just have to find a way to cope with people criticizing things or people you believe should be immune to criticism. The simple fact of the matter is you have neither the power nor authority to set the bounds for acceptable criticism. People will continue to criticize software they choose to not use, and there is nothing you can do to stop that. You certainly can't stop them by telling them to shut up or by trying to overload the definition of "open source" with your own inane pet philosophy [namely: "All criticism should be formatted as patches or forks."]

You're responding to an argument that I didn't make. Your entire post appears to be a response to a fictional rewriting of my posts which doesn't exist.

For the record—:

• I didn't say (and I don't believe) that developers "should be immune to criticism"

• I didn't describe (and I do reject) an "ideology that obligates [anyone] to hold [their] tongue."

• I never defined any "bounds for acceptable criticism."

• I never said "All criticism should be formatted as patches or forks."

Nobody is obligated to act in accordance with anyone else's opinion of the spirit of a community. People are free to do whatever they wish as long as it's within the bounds of law and license conditions.

I have no problem with any form of criticism, although I do find it more worthy of one's attention when it's constructive. I do have a problem with the attitude of some people who get offended when their criticism is rejected or ignored.

What I reject is the assertion that the copyright holder of an open source software project is obligated to follow a certain mode of behaviour. By contrast, you're saying that "everybody has an obligation to refrain from bad behaviour." So in a surprise twist, it turns out the only person obligating a certain ideology upon others here is you.

Putting a restriction on the definition of open source that limits discussion to those with the time and ability to submit patches sounds, to me, like the opposite of openness. A piece of open source software being used by people outside the development group is a resounding endorsement of both the product itself and the model of open source development that led to the product being so accessible. Developers know that writing software is hard, and receiving criticism or feedback on software you worked on can be hard, too, but I think it’s ultimately to the benefit of the community of both developers and users that shortcomings (or unexpected behaviour) in the software are known. It helps people make informed decisions on what software they choose to use in their personal life, or even what software they trust to run their business on.

It's not a restriction on the definition of open source. A truly open source marketplace has space for apps that do shitty things—and for forks that do fewer shitty things.

If anything is a restriction of open source, it's demanding that the developers of Atom implement a feature the way you want. If you don't like their code or their stewardship, badgering them on this one point doesn't fix the underlying difference in principles.

Ok, I'll bite.

Open source is a hacker thing. Hackers like open source because it avoids useless duplication of effort, which is toilsome and wasteful. Hackers don't like toil and unnecessary waste.

Forks are nothing but otherwise-unnecessary waste. They become necessary through asshattery like spying on users, but they are a last resort, because everything else about a fork is antithetical to most hackers: it's boring, wasteful, duplicated work, induced solely by an unreasonable upstream.

We try a lot of things before we fork, including naming and shaming.

The imperative to fork generally stems from fundamental philosophical disagreements between the current maintainer and the user base. Concern over privacy seems pretty fundamental to me.

Badgering the maintainer doesn't fix the fundamental philosophical disagreement.

Forks don't matter if they don't succeed—it only wastes the time of people volunteering to have it wasted. But when they do succeed, sometimes amazing things happen. The history of open source is rife with hugely consequential forks.

That's very neat, but it's not simply about me. It's about thousands and thousands of other, much less experienced people who use these software packages (Homebrew and Etcher and Atom in particular). They deserve privacy too.

I think most people don't realize. That's why these things do it silently.

Most people do care if you ask them. They don't want to be spied on. Given the option, most people will say "no, thank you". That's why these maintainers are so afraid of opt-in. They pay lip service to respecting user consent, but it's just that. They don't actually want to accurately reflect user consent, because they know that if they actually ask to measure it, they don't really have it. It's just like shitty web shops that automatically sign you up for their weekly marketing promo newsletter because you bought something one time. You don't want it, they know you don't want it, but they're still going to rob you of your time deleting them until you finally click Unsubscribe. Same deal.

Did you watch the John Oliver interview with Ed Snowden?[1] The show went out on the street and most people had no idea who he was or what he did or the information he released, but when asked if they knew that the government was logging all of their dick pics (which Ed gracefully confirmed that they are, in fact, doing), they said that they did not know and were not okay with it.

I think the core issue is ignorance, not apathy. I intend to educate people on the matter, and give them actionable steps to take to express their displeasure to the maintainers and their parent organizations. We can solve this issue before it gets any larger.

[1]: https://www.youtube.com/watch?v=XEVlyP4_11M

On the flip side, if you ask nicely I'm usually more than happy to give you some sort of usage information if it seems reasonable. If you don't, you sure aren't going to get anything from me, and I will go out of my way to stop you from collecting that information and tell other people about what you're doing, because you have clearly shown that you cannot responsibly collect usage data.

> However, you are not the king of open source, and you cannot dictate how other authors must write their projects

No, but I can convince other people who don't like their computers being used a spying tools against them to put social pressure on maintainers so that they stop doing this nonsense.

Atom's telemetry used to be on by default; spying silently caused them such a shitstorm that they added a consent dialog. They're almost there! Now they just have to make it functional.

https://github.com/atom/atom/pull/12281

There are precedents. We can push back, especially against open source projects.

> There's always going to be trade-offs.

I don't think that's how software works. I certainly don't take that to mean that I should just accept that it's going to spy on me. I don't want that, and I don't accept that, and I will yell, loudly, at anyone who says I should accept that without a fight.

But here's the thing: They don't disclose that they'll check for updates before asking for permission.

So how would a user, who hadn't seen this discussion, know that their "we'll ask" reassurance was bullshit?

OK, are there any standard Debian packages that do this?

As I recall, it was a huge upset when Ubuntu app search hit Amazon by default.

And when you install Debian, it asks whether you want to participate in the packages survey. And the default is "no".

Edit: And just to be clear, this isn't about me. I assume that stuff will leak my IP address without warning, so I only connect via nested VPN chains. Or when I really care, that plus Tor.

This is about people who trust stuff that they use.

i use Little Snitch and DNS blackholing of tracking services, so these issues don't really affect me.

today i decided i care more about strangers than i thought i did

people brand new to our industry should be able to download a nice gui editor and not get their consent trampled and get spied on even after they click the "dont spy on me" button

it's easy to laugh and be like "oh lol it's software from microsoft what did they expect, noobs" like someone else did in this thread

but that's bullshit and you and i both know it

the software simply shouldn't do that when you say "don't send my data away pls"

i don't want everyone to have to say "oh use homebrew it's great but also add this weird line about analytics to your .bashrc before you install it oh wait you don't know what a bashrc is huh" when they talk to some teenager who just got a $15 rtlsdr and wants to install gnuradio on their mac

that's not a good first-10-minutes-at-the-command-line experience.

i don't think that's fair or good or optimal.

i want the world to be different, and i want these maintainers to realize that they made a mistake, and revert it. i don't think they're bad people, i think they're just misguided, and they're optimizing for vanity metrics like user count, which will effectively go away entirely if i succeed and they only get telemetry from users who said "yes it's ok i don't mind". that's a lot fewer users, and they know it, which is why so many of them are refusing to engage with the ethical argument about silently using a user's own hardware to spy on them without their knowledge or consent.

it shouldn't be a controversial position that our tools should not spy on us.

Thanks for defending your points.

I don’t understand why some here take your reports on GH personally. The fact that your reports aren’t taken seriously by the Atom team worries me. Your battle is right and presented in the right tones.

Whereas my point is that the developers of Atom have shown their true moral colours—and their honesty isn't sufficiently instructive to you? Unless you can get the developers to change their principles, getting them to change their source code today seems to be a rather temporary fix.

Meanwhile, isn't it strange that the default behaviour (on nearly all major consumer computer platforms) that we implicitly trust all applications with near-unfettered access to the internet. And we merely hope they don't betray us.

The issue here is that there is no way of knowing what'll spy on you without using it and running these services.

> " This person has been saying 'no one forces you to use atom, just don't use it'"

That is a flat wrong summation of sneak's arguments in this discussion. I think you must have misread usernames, because sneak is saying quite the opposite of what you think he's saying.

Note that sneak is not sjwright (the other person in this thread you've responded to and who's argument you seem to have misattributed to sneak.)

This is about not lying to your users

How are you meant to know about this a priori unless you've read an article about it on an obscure tech website?

Use strace on every process? Inspect all code that ever runs on your boxen? Those work but, I still prefer the canary-article. Much easier.

What'd be really nice is transparent, built-in sandboxing of every non-system application by the OS. The desktop security model of "protect your files from other users but not from applications you run" is horribly outdated.

On top of all that, we also need deep packet inspection and filtering. All the data flowing into and out of the sandbox must be inspected while in the clear by filtering software under our control. If the packet is known to contain nothing but a unique identifier for tracking, it gets blocked. If it also contains useful data, the identifier is either deleted or anonymized before the packet goes through.

ISPs, companies and governments can do it for surveillance, censorship and security reasons. We should be able to do it too in order to empower ourselves.

flatpack on Linux has all ingredients to enforce such sandboxing

>However, you are not the king of open source, and you cannot dictate how other authors must write their projects.

And you're not the king of what people are allowed to voice their views and opinions on in public forums.

Authors can do whatever they want and users can say whatever they want as a result. Doing something does not mean you are free of the consequences, including people voicing their opinions, of those actions.