undefined | Better HN

0 pointsPaulKeeble3y ago0 comments

For those conscious of the security implications of that code even existing it all comes down to whether you trust Google, I would argue at this point you definitely shouldn't. Given that if you program in Go now and have code you really wouldn't just give Google then you probably need to run all your go executions in a VM without network access. This alone is going to be ardious enough from a security point of view to make other languages more interesting.

The entire idea is bad, the defaulting reduces the impact to many but the very existence of this telemetry is enough to take more significant security defence against the tool. Once you start doing that as an organisation Go becomes legacy with a strong desire to replace it. Its definitely a mistake to make it opt in, the data will be lower quality and it will still drive security concerns.

0 comments

majorhelmet3y ago

> all comes down to whether you trust Google

Not true. The code is open source and everyone can trivially with minimal effort check that they are sending only the data they said they would send.

j / k navigate · click thread line to collapse

0 pointsPaulKeeble3y ago0 comments

0 comments

majorhelmet3y ago

> all comes down to whether you trust Google

Not true. The code is open source and everyone can trivially with minimal effort check that they are sending only the data they said they would send.

j / k navigate · click thread line to collapse