If you position your product as being about privacy, your company about being about privacy, and talk about the importance of online privacy whenever you get any sort of opportunity, then it looks extremely bad if you can't refrain from spying on your users. I don't really think there is any way around this fact.
If this type of telemetry is necessary for Mozilla to develop software, then perhaps they shouldn't be talking so much about privacy, because as it stands, they're not walking the talk, that's what ultimately looks bad. The telemetry is incidental. Nobody is railing against Microsoft for doing the same thing because they're not constantly seen preaching about how bad it is.
> do you seriously consider counting how many installs are triggered from a download "spying"?
Yes. It is a unique identifier that they are fully capable of associating with telemetry data and other personal activity. It could be used by various parties to deanonymize me. That is spying. You are playing dishonest semantic games.
Effective privacy may well be complicated. Perhaps you can maintain effective privacy in various ways even while being actively spied on in some manners. That doesn't mean that spying isn't spying.
There is a very large difference between "X is spying on Y" and "X could spy on Y if they started to record and correlate things". And even "I don't trust them not to" is not the same as "they are". A lot about privacy involves not looking at things you could look at.
E.g. picking the example mentioned repeatedly in this discussion: Network transfers annoyingly involve IP addresses. That doesn't mean every server you talk to is spying on you, and there is wide a range from "doesn't record anything", over "keeps a log of errors for 5 days that's only used for debugging", over "looks in GeoIP database and counts visitors per country", to "immediately connects your IP to your user profile and shares that data packet with 50 ad networks". I have a hard time calling the first three "spying", it starts IMHO somewhere after that. And annoyingly, telling the difference comes down to trust at some point.
Or even simpler, I could trivially spy on my neighbors with what reaches my apartment. I don't though.
If this type of telemetry is necessary for Mozilla to develop software, then perhaps they shouldn't be talking so much about privacy, because as it stands, they're not walking the talk, that's what ultimately looks bad. The telemetry is incidental. Nobody is railing against Microsoft for doing the same thing because they're not constantly seen preaching about how bad it is.