Golang telemetry (again)

There are no “news”, but I’m worried about this business actually. I’m in knowledge that post already exists but I’m not clear at all.

Resuming: Google is trying to add telemetry to Go’s toolchain (such as .NET and Dart/Flutter). It also added the GOPROXY environment variable that uses the Google’s Go proxy to… Just collect more user data?

I’m a pretty beginner Go dev, but I’d like a toolchain without these telemetry or at least some instruction of how to opt out this thing.

Sorry for repost, but I don’t find enough information in any other place. :(

BlanK0,

Honestly I wouldn’t be surprised, I don’t know much about Go but based on Google’s track record it seems like the gameplan is to sell a bunch of user data to third parties and go rich

RuikkaaPrus,
@RuikkaaPrus@lemmy.ml avatar

Lmao Hope you’re not right (I mean, I hope no telemetry is imposed on my favorite programming language). But as you said, Google tracking/survillance history say that people privacy really don’t concerns him

BlanK0,

You can always switch to another language later on if anything goes south, since a lot of the thought process is the same behind the scripting 🤞

RuikkaaPrus,
@RuikkaaPrus@lemmy.ml avatar

Rust is my “alternative”. But I see Rust pretty hard (is a system level programming language lol) and differently scoped.

I like some Go characteristics like garbage collection, simpler syntax, crossplatform, 1 second C bindings, and so on.

sxan,
@sxan@midwest.social avatar

As long as it’s opt-in (which it is), I’m not sure I understand the concern. You’d have to enable it.

Go has been routing module requests through GOPROXY since modules were introduced; it’s where all of the mod version is cached, so any time anyone builds a Go package from source, calls are made to the mother ship. Unless the builder is running their own proxy, which is mostly corps, who care less about this sort of telemetry. There are good, valid reasons for the main Go proxy, but it’s certainly also a valid concern that the Go core dev team is utterly deaf to.

In any case, the only thing that’s new is the telemetry which, as I mentioned, is opt-in. I don’t see any reason for new concern.

RuikkaaPrus,
@RuikkaaPrus@lemmy.ml avatar

So, that means telemetry is optional? How I ensure is currently active or not? Just wanna an explanation. I (as I said) searched about this thing and got almost nothing :(

it’s where all of the mod version is cached, so any time anyone builds a Go package from source, calls are made to the mother ship.

I don’t understand it at all. Why I’ll need something like that?

Thank you for your response!

kevincox,
@kevincox@lemmy.ml avatar

Why I’ll need something like that?

IIUC it is mostly to avoid placing huge load on the original package host when people download the same package hundreds of times a day in their CI workflow. It also means that Google can take control over the user experience rather than huge issues coming up every time some smaller host goes down or someone deletes an existing package version.

Overall I doubt that this proxy was added as a source of tracking. And the privacy policy on the service is pretty strict: proxy.golang.org/privacy. So even though I am pretty wary of Google overall I think this is actually a fairly reasonable decision by them to have enabled by default.

RuikkaaPrus, (edited )
@RuikkaaPrus@lemmy.ml avatar

That’s a pretty good explanation about. Care if you reply the source of your information? I’d wanna keep it as reference <3

Thank you!

kevincox,
@kevincox@lemmy.ml avatar

I don’t really have a source. It is just me thinking logically about the system and many offhand comments I have read over time. Other than the privacy policy which I have linked.

kevincox,
@kevincox@lemmy.ml avatar

I don’t know what you mean by “the source of this concept”.

RuikkaaPrus, (edited )
@RuikkaaPrus@lemmy.ml avatar

Sorry my english spell is a shees.

I corrected my post

skullgiver,
@skullgiver@popplesburger.hilciferous.nl avatar

GOPROXY is already used. It has nothing to do with gathering data, the proxy is a cache to store packages so you don’t need full git clones every time. By default, Go will use Google’s package cache, but with GOPROXY you can specify your own. If anything, GOPROXY is more privacy friendly, not less.

SSH traffic is practically impossible to cache, but GOPROXY allows for packages hosted on smaller services to be consumed by millions without taking the server down during compilation.

As for their telemetry, after the first uproar they seriously cut back on the amount of data they’re gathering. They have added telemetry… and made it opt-in, with some levels of indirection to make it more difficult to identity individuals.

There’s always some level of Googleness in this stuff, but I don’t think the ad people that push the Chrome and Android people into making worse products know that the Go people even exist.

RuikkaaPrus,
@RuikkaaPrus@lemmy.ml avatar

Well, this makes sense to me.

beckerist,

deleted_by_author

    •
    RuikkaaPrus,
    @RuikkaaPrus@lemmy.ml avatar

    I searched A LOT about this information and got no information (but misinformation) about. Plus just look at this decision.

    What that means? I need to do a torsocks to every single command I type? (That last is just sarcasm. Please, I’m not so paranoid (by now))

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #