Regarding that telemetry

[wjk]

From the README:

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

This text states that AppSDK code may send some kind of automated telemetry to Microsoft. What exactly do you collect with it enabled? Why have you chosen to collect it? The boilerplate legal disclaimer makes does not it look like you are operating entirely in good faith. (I have a rather jaded perspective on these matters given Microsoft's track record regarding telemetry in Windows.) I know that the MS legal team instructed you to post it as-is, but some extra clarification would be greatly appreciated. Keep in mind that we are the ones with ultimate responsibility for what we ship. Limited runtime telemetry is acceptable for me and my business, but I want to know what data is being sent so I can provide my users with a detailed privacy statement instead of a generic one.

Also, how would I disable telemetry for the entirety of AppSDK, as implied would be possible in the README? I'd accept runtime-only disabling options (trusting that Microsoft would respect them), but I would prefer to be able to remove them at compile time. Hence, how would I build all of App SDK from source, including WinUI 3? (I want to be able to go from fresh clone(s) to NuGet packages identical to the ones on NuGet, except for the code signature and maybe the reserved name prefix. I'm fine if this involves a very long or bandwidth-hogging process; I would only need to do this fully once, and after that I can build incrementally as I choose.)

Please accept my sincere apologies for the rather vitriolic opinions on the above subject matter that I included in my original post. They have since been removed.

[ghost]

Let's see how WASDK team ignores this ¯_(ツ)_/¯

[riverar]

I think you have some legitimate questions, buried in your armchair legal analysis and opinion. I recommend you take a step back, take a deep breath, and create a new issue or discussion topic with perhaps these questions:

• How do I build Windows App SDK from sources?
• How do I opt-out of Windows App SDK telemetry? Can I do so programmatically for my app?

[float34]

I recommend you to stop being arrogant and provide a proper answer instead of acting like a clown. MS has created a pretty convoluted and confusing dev story and people really feel lost. And instead of a helping hand you make it even more unwelcoming.

[riverar]

OK @Torquerrr.

[BenJKuhn]

The runtime components of the Windows App SDK are an extension of Windows and follow Windows policies and practices for telemetry and data collection. As with all telemetry from Windows, users are in control via settings. In Windows 11 this is under "Privacy & security" -> "Diagnostic & feedback". In Windows 10 it can be found in Settings under "Privacy" -> "Diagnostic & feedback".

From a software architecture perspective, the boundary between App SDK and functionality delivered via the Windows OS install is dynamic. Whether behavior is "in Windows" or "in app SDK" is different on different OS versions. The Windows App SDK defers to the OS for some behavior on Windows 11 but carries its own implementation for Windows 10 when the functionality is unavailable. That means from a telemetry perspective, trying to differentiate between the App SDK and “in-box” components could be confusing.

For components that can be built from public source, if you fork and build your own copy of any App SDK code, it won't send telemetry to Microsoft. You don't need to worry about accidentally getting into this state: The telemetry support is injected in our internal build / release pipelines, not as part of the default project configuration on GitHub.

Ben