It was done. There even was those small banners that said something in the way of "if you have gmail I won't mail you" etc.
Thing is, the broader public don't care. The difference between gitlab and gmail is primarily that developers care more about this stuff and value their code more than most people care about their email. They are also much more informed in the matter, most using gmail haven't got a clue.
No, they only care when the tools they are using are targeted. Otherwise, they couldn't care less.
We have tracking on websites and in apps on an industrial scale - built by developers in technology companies. We even have tracking of school kids courtesy of ChromeOS. When have developers ever shown any care about that? When have they ever spoken out about that? They're more likely to rush to defend that software and the company that built it: It's not being used to build profiles, or the data is aggregated and anonymous.
Presumably, if GitLab tracked behaviour 'anonymously' and in aggregate form, that would all be fine? Didn't think so. The hypocrisy that runs through the programming profession when it comes to online tracking really knows no end.
If I had a guarantee from Gitlab that _they_ were scrubbing the data, I would have no problem. I get the sense they know what they're doing (naive, maybe)
However, giving a third party script, potentially unvetted, access to the crown jewels of the company I work for? No fucking way.
They are tracking things anonymously at least in some places, judging by what I've read in the linked Gitlab issue tracker threads. The debacle started with someone higher up requesting to start recording user ID with that data, in order for the "growth team" to be able to do "experiments".
There's a difference between gitlab and gmail. People pay for gitlab while gmail is free. Google can easily declare "either you take it for what it is, or leave."
A lot of institutions used to run their own e-mail. Over the years I've watched as my e-mail addresses (both universities and my current employer) have been replaced by Gmail on the backend. All of them stopped being willing to manage e-mail themselves. None of them were willing to use a less surveillance-oriented provider. That choice wasn't made by consumers. It was made by the same kind of informed IT people. I suspect it wasn't free, either.
I thought the main problem with e-mail specifically was spam, and the reputation model that's arisen to combat it: a medium-sized university running their own e-mail service runs a risk of getting their domain blacklisted, if a few accounts are compromised and start sending out mass mailings.
My understanding was that Gitlab wanted to collect your data to improve their product. Google is collecting your data to sell ads.
I understand the reticence towards third party telemetry, but refusing basic interaction tracking for a product you pay for is just hurting yourself, even if you're already satisfied with the service. You don't go to the doctor for a checkup and then refuse bloodwork. Obviously there are rules around privacy for medical records that don't exist for interaction tracking. But I don't think the solution should be to get rid of tracking entirely, it should be to extend reasonable privacy rights and protections to our online data.
My understanding was that Gitlab wanted to collect your data to improve their product.
Gitlab could have collected anonymous data, with opting out of collection as the default, and promised not to sell it if they seriously believed it was about improving their product. Plenty of products record telemetry data only if you opt in to the program. Users understand and often accept that. That approach would have generated fewer headlines.
opt-in telemetry does not allow you to draw statistical conclusions because your data is skewed/incomplete due to selection bias. This is why developers are so intent on opt-out, it ensures that they have more accurate data to drive their roadmap. Clearly there are going to be privacy concerns with this, so they really need to minimize how much identifiable information they collect, and then communicate to users what will be collected, how it can be used, and who will have access to it. Gitlab seems to have jumped the gun and skipped over much of this part of the process, which sparked a justified backlash, but I don't fault them for wanting opt-out telemetry.
Opt-out is not a reasonable approach to telemetry, end of story. It's perfectly understandable how problematic that is for statistics, but statistics never trumps the fact that your software should not snoop without your permission.
No amount of vague promises over how good you will be and how nice you'll treat your users' information should be enough to make this acceptable. We have a huge body of evidence informing us that trust is a fundamentally bad idea when it comes to a corporation.
Gitlab has an excellent free plan, in fact it’s so good I honestly don’t understand how they can afford it and doubt it will last (but really hope it will for individual developers). They even give you Docker registries and thousands of CI hours.
Thing is, the broader public don't care. The difference between gitlab and gmail is primarily that developers care more about this stuff and value their code more than most people care about their email. They are also much more informed in the matter, most using gmail haven't got a clue.