The installer gives a warning message before sending the first analytics, with a pointer to the above URL for how to disable analytics. From install.sh:
ring_bell
# Use an extra newline and bold to avoid this being missed.
ohai "Homebrew has enabled anonymous aggregate formulae and cask analytics."
echo "$(
cat <<EOS
${tty_bold}Read the analytics documentation (and how to opt-out) here:
${tty_underline}https://docs.brew.sh/Analytics${tty_reset}
No analytics data has been sent yet (nor will any be during this ${tty_bold}install${tty_reset} run).
EOS
)
"
> and showed me what was being sent (instead of obfuscating it),
You can also view all the information that is sent by Homebrew’s
analytics by setting HOMEBREW_ANALYTICS_DEBUG=1 in your environment.
Please note this will also stop any analytics from being sent.
I verified that using it dumps JSON analytics to the terminal, and it didn't seem that obfuscated, given the documentation in that Analytics page.
None of this is user-friendly - all of it is obfuscated. I have to add resources to my system (env vars) in order to opt-out - and that is the issue!
There are no hints/tips about this produced to educate a new user - if it weren't for your help, I wouldn't have known.
The non-resource-using method I propose is that homebrew merely ask the user if its okay, after 5 or 10 runs, to send some info - and then shows me the info. No, I don't want to add resources to my environment to get this info - I want homebrew developers to be honest about it, up front, and overt.
They are being sly, using dark patterns to make it unfeasible to disable analytics, because they know this is an unpopular feature of their software.
> None of this is user-friendly - all of it is obfuscated
This is a message which is printed with very clear instructions the first time you run any command. It’s a simple command and there’s no noticeable difference in resource usage compared to the actual package management system, which also needs environmental variables to be set.
The big thing you’re missing is that the Homebrew maintainers are freely giving you the product of many thousands of hours of skilled work, the kind of service developers used to pay money for. In exchange, they ask for some non-personal statistics to help them avoid mistakes which could cause problems for you. I don’t think it’s fair to act like they’re tricking you when you’re getting so much out of the deal and it’s all disclosed publicly. They could be tracking stats on the package distribution infrastructure without your knowledge at all but instead chose to be fully above board about what the system does and why, and offer a trivial opt-out mechanism.
>the kind of service developers used to pay money for
I've donated to homebrew, I support them that way.
The moral issue is, I'm using their tools and trusting them, and they are violating that trust by phoning home and sending analytic data without my involvement or approval. While it may seem trivial to you to set an environment variable, having to do that with every new homebrew install adds up, and when its forgotten about, results in a negative impact on my networking and IT resources.
> a trivial opt-out mechanism
Its not trivial, and thats the point where we disagree. No, maintaining environment variables to prevent tooling from sending unknown analytical data: this is not trivial. It is an anti-pattern designed to gain the data from un-sophisticated users, rather than treating users with respect and letting them have agency over whether their resources are used by the homebrew developers.
Tracking should always be opt-in and if it isn't, that is simply a dark pattern being used to scam resources from the users.
> No, maintaining environment variables to prevent tooling from sending unknown analytical data: this is not trivial. It is an anti-pattern designed to gain the data from un-sophisticated users, rather than treating users with respect and letting them have agency over whether their resources are used by the homebrew developers
A dark pattern would conceal this, not prominently warn you, or it would be hard to do - not requiring only a skill you already used and giving you precise instructions. I think there’s a legitimate debate for opt in or out but I don’t think “dark” is warranted for something people are talking about because it’s in the open and prominently disclosed.
I updated to 4.0 and didn't get an alert about the new analytics - if I hadn't read about it here, I wouldn't even know there were different environment variables to stop analytics tracking now.
I'd wager there are thousands of users who would prefer this not be tracking them, but yet do not know it is. That's a dark pattern.
> I wouldn't even know there were different environment variables to stop analytics tracking now.
Where does it say there are different environment variables to stop analytics tracking now?
The linked-to post says there's a new setting if you are okay with the new analytics and don't want to use the Google analytics:
> If you had previously set HOMEBREW_NO_ANALYTICS because you didn’t like Google Analytics and/or data being sent to the USA: please consider unsetting this and setting HOMEBREW_NO_GOOGLE_ANALYTICS instead, allowing analytics data to be sent to our new InfluxDB host.
but that reads like the old settings still work with brew 4.0.
> I have to add resources to my system (env vars) in order to opt-out - and that is the issue!
FWIW, I use "brew analytics off", not an environment variable.
You can't install brew without adding resources to your system.
But I think your real complaint is not about resources, but that the default is "opt-in with a warning" rather than "opt-out then ask for permission".
Which I can understand and agree with.
What I disagree with is characterizing the process as "hidden or hard to opt-out."
> There are no hints/tips about this produced to educate a new user - if it weren't for your help, I wouldn't have known.
I don't understand how you can say this.
The hint/tip is produced in the installer output. I quoted it. It even uses a terminal bell and bold text.
I can understand that you might prefer, say entering "yes/no" to a "may we enable analytics?" question (though it's a bit more complicated as someone may be fine with the new EU-based InfluxDB analytics but not Google Analytics).
But that's not the same as saying there are "no hints/tips about this produced to educate a new user", when it's right there in the installation output.
> merely ask the user if its okay, after 5 or 10 runs
Tracking the number of runs since the previous report is also adding resources to your system, which makes it hard for me to understand how adding those resources to your system is fine but adding an on/off resource is not.
I agree it's a dark pattern which makes it less likely that people will opt-out.
But I also think "unfeasible" is not an good characterization of "read the installation output then run 'brew analytics off'".
According to that https://docs.brew.sh/Analytics page, to see what it sends:
I verified that using it dumps JSON analytics to the terminal, and it didn't seem that obfuscated, given the documentation in that Analytics page.