telemetry is killing open source

Every week, tech Twitter lights up with some shiny new open-source project. Sleek landing page. Free to use. MIT license. A promise of freedom in your terminal window.

But when I dig in, I find the same thing over and over.

Telemetry.

Undisclosed data collection.

Silent calls to third-party APIs.

The same invasive garbage we tried to escape by leaving Big Tech behind.

I used to get excited about open-source. It felt like rebellion. It felt like craft. It felt like humans building tools for other humans, not for shareholders or engagement graphs.

Now it feels like bait.

We’re swapping one kind of surveillance for another. Corporate spyware for founder spyware. Google Analytics hidden behind a smiling developer avatar.

Most of these projects don’t even mention it. Some leave a vague sentence buried in their readme. Others don’t even bother. They just start watching.

• “It’s anonymous data.”

• “It’s just to improve the product.”

• “You can opt out.”

No. I’m done.

You don’t get to call yourself open-source while silently extracting value from the people who trust you. You don’t get to sell me freedom while logging my keystrokes. You don’t get to build a community while hiding your true business model in a POST request.

If you're collecting data, say it. Say what, say why, say where it goes. Or better yet, don’t collect it at all.

Because when trust dies, your whole project dies with it.

This isn’t just about code. It’s about culture. Something in the soul of open-source is breaking. We used to build because we cared. Now we build to convert. We build to sell. We build to impress VCs and Hacker News. We track users not to understand them, but to sell the dream that we “have traction.”

It’s disgusting.

I see telemetry in AI wrappers. Telemetry in note-taking apps. Telemetry in static site generators. Most of them don’t even need it. It’s not for product improvement. It’s not for crashes. It’s for validation. For clout. For graphs in pitch decks. Open-source is becoming just another funnel.

So here’s what I’ve started doing:

If I see undisclosed telemetry, I delete the repo.
If I find vague privacy policies, I don’t even test the tool.
If I catch a project calling home behind my back, I block the domain.
And if I love a tool, I fork it and rip the spyware out.

I want tools that respect me. That see me as a person, not a metric. That treat my usage not as an opportunity, but as a responsibility.

We need to start asking harder questions.

• Does “open” mean anything if the software reports back?

• Can something be “free” if the cost is my data?

• What kind of future are we building if even our alternatives are watching?

This isn’t a technical problem. It’s a moral one.

• If you're building something open-source, stop spying.

• If you're using something open-source, start checking.

• If you're funding open-source, demand transparency.

And if we all stay silent, we deserve the telemetry hell we’re getting.

Open-source was supposed to free us.

Not follow us.

Not mine us.

Not sell us.

So pick a side. You're either building for users or building for leverage.

You don't get to do both.