The best way to think of it is the software must serve me, the owner of the computer, and nobody else.
Years ago when spyware was not the norm, there would be outrage if anyone caught some software sending as much as a single packet of data that was not legitimately initiated by the needs of the user/owner. We need to return to that mindset.
I think this is really simple: telemetry should be opt in, anonymous, and _in_ the interest of the user in the long term by the improvement of the software. Because it’s _not_ possible to get this information any other way through user studies etc.
If it’s hard to disable, contains any PII or sensitive info (urls, file names) then it’s not OK.
Years ago when spyware was not the norm, there would be outrage if anyone caught some software sending as much as a single packet of data that was not legitimately initiated by the needs of the user/owner. We need to return to that mindset.