At issue here is your front page, which says:

"Private & Secure: All cloud features are opt-in. Data is encrypted at rest."

While you might have some wiggle room to say that telemetry is not a "cloud feature", logging in with github is absolutely a cloud thing and it's not really opt-in if you can't use the software without literally identifying yourself to a cloud service.

You should at the very least remove that text from your front page until you're out of beta and it's actually true.

And that's ignoring the fact that there's no victory in splitting hairs over the definition of cloud stuff to pretend you're not walking a very fine line.

Zach, this telemetry approach is fine for Google Docs retail users but Warp's target customers are some of the tech savviest people on the planet. They are going to hold Warp to much higher standards of security and privacy.

Second, your user onboarding has too much friction with mandatory Github logins. You need an advisor / product manager who can guide you better when making these "human" decisions.

Yikes!

Because you posted directly to HN and clearly want to show this audience the value of your work, I expected a somewhat different reply to this critique.

A more user-centered reply might have been to say you understand the confusion and will look into making this truly opt-in with the team. I think the strong message you're getting from this community—who is, after all, your target audience—is that before sending any data (whether you choose to label it telemetry, tracking, diagnostic data, or otherwise), you should explicitly ask in the terminal itself whether the user finds this acceptable.

I don't want to put down an effort with seemingly good intentions like this one, so please take this engagement in the spirit it was given.

That doesn't fit people's normal expectations. You're being intentionally deceptive.

> Opt-in refers to anything that sends any contents of a terminal session to our servers

There shouldn’t even be the option to opt-in to something so privacy violating.

Having built-in sending of session content means dangerous data exfiltration is always just one bug or accidental click away.

I was confused by your wording, but I think this section of the link is very relevant:

>When Warp comes out of beta, telemetry will be opt-in and anonymous.

>But for our beta phase, we do send telemetry by default and we do associate it with the logged in user because it makes it much easier to reach out and get feedback when something goes wrong.

I highly doubt anyone reads that. I think the only way to be up-front about it is to have an annoying pop-up that with a button that says "OK YOU CAN SEND TELEMETRY" that must be clicked before proceeding.

To be fair, I think HN is a collection of outliers when it comes to caring about network activity caused by running programs. Most devs will probably just be happy that the tool provides a lot of value.

Wrong crowd for this approach, I think.

If you really wanted to be open source but don't accept contributions at the time, setting up a read only minor with a proper FOSS license will be a good way to do that.

Do you believe your policy is GDPR compliant?

No way this is GDPR compliant. A mandatory Github login sends data to US servers. Even with the normal additional standard contract clauses it is at least disputed, if this holds any grounds in a CJEU trial.

Twilio, the owner of Segment.io is also a US company and will receive individual-related telemetry data, which should break with GDPR.