This should apply not only to phones. Every device with CPU and programmable memory should allow user to reprogram it. However, the user may waive this right for purpose of theft protection.

Agreed. And it does not mean that they should open source everything.

If I buy a connected fridge, they should give me a technical way to flash my own OS on it. Maybe I will lose most functionality by doing that, and maybe it will be a lot of work for me to get the OS working properly with the fridge. But it should be possible.

Oh come on. Look what happened to Russian enterpreneur, Pavel Durov in France, and what happened to Julian Assange and to Edward Snowden. It's the same thing just wrapped in different colored package. You don't cooperate with the government, you have some suffering.

I don't know what Durov did, but Assange and Snowden released classified government documents.

Is that what these two founders did?

Maybe we could use a subset of SVG or PDF?

I don't like that SVG uses things like CSS and JS and requires pulling in the whole browser to display. Instead of being a simple vector image format, it became just an extension of HTML. Maybe we need a new format, and if someone decides to do it, please add ability to embed fonts, wrap text and decent animations.

Wrapping text is a bit tricky because of differences in text wrapping algorithms. Though I suppose an "easy" fix would be to be able to specify a very specific algorithm (to ensure equal representation across systems), or allowing custom (possibly better-quality) wrapping.

But for the most part, I 100% agree, and I've been considering making a format for my own use-cases. I think the biggest issue is in agreeing as to what subset is necessary; plus, of course, getting any level of adoption (though the latter isn't a factor for my own use ... except in the sense that there are no tools to help).

For example, do we need animations? Gradients? If so on the latter, what kind?

Cannot it be a noise from imperfect switching? The switching occurs at lower frequency, and the noise is high frequency.

Honestly it seems that most of Web Standards are used mostly for fingerprinting - I think a small number of websites uses IndexedDB (who even needs it) for actually storing data rather than fingerprinting.

That's why expansion of web standards is wrong. Browser should provide minimal APIs for interacting with device and features like IndexedDB can be implemented as WebAssembly library, leaking no valuable data.

For example, if canvas provided only access to picture buffer, and no drawing routines calling into platform-specific libraries, it would become useless for fingerprinting.

You can use a browser extension like "Local Storage Editor" to see the contents of the Local Storage of a website. So far, I've seen it used for caching long-life images (like on gmail), or used as another way to do logins instead of cookies.

> You can use a browser extension like "Local Storage Editor" to see the contents of the Local Storage of a website.

Or just open dev tools

I'm with you up to the bit about canvas. The problem there is that if you want hardware acceleration then either you can't permit services to read back what was rendered (why do they need to do that again?) or else you're inevitably going to leak lots of very subtle platform specific details. Personally I think reading back the content of a canvas should be gated behind a permission dialog.

You can put hardware acceleration behind permission.

You can hire people to test your product and provide analytics. But not try to siphon the data for free.

I'm not taking a side on whether a product should add telemetry. I'm rejecting the absurd notion that these suggestions are at all giving the same information.

No one claimed that they give the same information, only that it's viable to produce a good product that solves your user's needs without using telemetry. The whole point is that you don't get the same information, e.g. no private data that the users haven't provided informed consent for upload to your servers.

Then pay for the data if you need it so bad.

You could hire people to be testers and pay them for the analytics, I think they would even allow you to record the screen if you paid well enough. The problem is that you do not want to pay or get consent, you want to grab the data for free and without permission and without people realizing what you do. And such kind of people deserve much worse treatment than they are treated today.

Why do you need to collect hardware fingerprint, IMEI, phone number, geolocation, list of nearby wifi access points, list of installed applications, selfie and passport photo when you can simply count how much times a server route was called?

My comment explicitly uses "how many people clicked the secondary button on the third tab" as an example, not any of that nonsense -- you are not responding in good faith.

That's a slippery slope and we both know it. Telemetry does not automatically include those things.

Indeed it's not fair in discussion context, so wonder if it was meant as a statement on the ills of telemetry as a whole.