Storybook is one of those projects, like Postman, that has completely lost the plot. It's unclear what objectives they are pursuing but in terms of developer experience they seem increasingly developer hostile. The CSF format is an unreadable joke and doesn't play that well with TypeScript, the number of plugins you need to do anything sane is ridiculous, and this telemetry story is a farce - open source should not skim data by default.
I remember writing a super simple wrapper around Jasmine to do the same kind of thing, and was glad when I could ditch it for Storybook many moons ago. But if I was starting a project now I would probably rawdog it again, Storybook just causes too much pain.
Is anyone aware of any similar projects that are more developer friendly?
What should people use instead of Postman these days? It seems to still be the only decent client for testing particular protocols, like OAuth 2.0. There's no way I'm using curl for that.
I don’t mean to dismiss the importance of users owning and controlling their data, but isn’t telemetry a valid tool for software projects to gain valuable insights into how their product is being used and thus how to improve it? Yes, it can be (and, probably frequently is) abused. Yes there should be a way to opt-out of telemetry if a user desires for whatever reason. But I can’t help but feel this is posted in the spirit of “telemetry by default is bad” and I don’t really agree.
Full disclosure: this is the first I’ve ever heard of Storybook, so if there’s something particularly gross about telemetry for this use case I’m not aware of it.
I have the same opinion on telemetry but I have never opted in for any tool no matter how politely they asked and also never seen any other technical person doing it either. So maybe for software developers it doesn't work if it's opt-in and opt-out is a good strategy?
If telemetry is so valuable these companies should give you discounts or payments for enabling it instead of sneaking in like a thief in the night to take it.
A lot of modern software seems overloaded with dark patterns to trick users into unintended actions that make the company more money. I suspect for many companies telemetry's real value is for marketing research and A/B testing the effectiveness of the latest dark pattern implementations.
> isn’t telemetry a valid tool for software projects to gain valuable insights into how their product is being used and thus how to improve it?
"Valid" is doing a lot of work here.
Trivially, telemetry can provide insights. That's obvious. But how are users supposed to divine which insights the telemetry is supposed to provide? What if the data-collector doesn't know what they're looking for, and is just scraping everything?
> the spirit of “telemetry by default is bad” and I don’t really agree.
You're entitled to your view. My view is that telemetry (i.e. remotely observing what I do on my computer) is definitely "bad", if I don't consent to it explicitly.
I think its value is considerably overstated from the use I've seen made of it.
Executives absolutely love it though. It makes them feel scientific in their decision making and gives them ass-cover when justifying their decisions.
I really think that the ability to collect opt in opinions at strategic points in the app is vastly more effective, not to mention less creepy and invasive.
Absolutely agreed with the second point. I’m not sure I agree with the first though. At least not that that’s the main reason telemetry is desired from product teams. (Though obviously telemetry does provide fodder for that type of stupidity for sure.)
To give a concrete example from my past experience, I used to work on a product that essentially knitted a bunch of services from a major cloud provider together to provide a user experience comparable to traditional HPC clusters. We never included telemetry, but we always wanted to in order to gain insight into how many compute queues people were using, how many VMs were in each of them, how many jobs were run over a certain amount of time, how many VMs those jobs ran across, etc. The sole reason we wanted this information was because the configuration exposed for this product was extremely complex, and we wanted to put layers on top of it to more easily enable the most common use cases.
Is this not a legitimate reason to collect telemetry? Is the concern that, even though the dev team wanted the data for legitimate purposes, eventually bad actors will use the capability to start collecting data for more nefarious purposes?
Edit: I see you amended the original to include a statement about opt-in opinions. What do you mean by that?
Telemetry is fine, it's just that under GDPR and co, it has to be opt-in; the user needs to make an informed decision on whether or not the app can collect and share telemetry.
I took some interest in the concept of hashing IPs to avoid PII issues [0], and it turns out that since there's only so few IPv4 addresses, it's trivial to simply take the salt the project uses and calculate all the hashes. On my laptop it would take around two hours with the most naive implementation, so I don't really think this solves anything. This problem would be sidestepped by IPv6, but we all know how that is going so far.
The classic better approach would be to drop part of the IP address entirely, so it's impossible to recreate the full value.
For example, dropping the last octet (turning 123.4.5.6 into 123.4.5.0) means you can usually still do useful IP things (where in the world do our users come from, very roughly) while making it impossible to track unique users, or to definitively recognize real individuals.
I've seen one octet masking used as standard, probably just because it's easy, but you could do any other similar change you like, optimising for more or less anonymity/granularity as required.
Isn't there a telemetry manifesto? I understand that developers want to peek into what their users are doing. That is the fruit of their labor after all. However telemetry became increasingly easy lately, and it is impossible (in theory and in practice) to do it right.
Collecting data of your users is
- stupid
- illegal
- harming your users
- makes your software a spyware
so in summary, don't do that. Instead, do the exact opposite, and excessively delete any data that you may store. Also make sure that your users are exposed against 3rd party (isp, cnds and such) to the minimum when they check and get new updates. (Randomized update checks over TOR, for example.) They trust you, and allow your program to handle their network, so use it wisely.
Also there are sane methods to know what your users are doing, for example you can buy usage blogposts from them, which you can showcase, and link in the manuals and support.
This is pretty basic stuff, but developers and the HN audience have a hard time to accept that.
Ask yourself what value you got from your telemetry lately. Also how much effort you put into it. Do you even look at it regularly? Does it still make sense?
Maybe consider the legality? Hint - if it isn't opt-in you are most likely doing something illegal. Congratulations! Does it still make sense?
Maybe consider not being a total jackass and insult your users? Does it still make sense?
I wonder how do you know the things you build is useful if you don’t know it is being, well, used?
On the other hand, back in the server side everything days, I can have more or less all metrics I want from nginx log. I wonder was it equally frowned upon or is the frowned upon an SPA phenomenon?
Submission title is a bit confusing: “opt-in” means you have to opt-in, that is, the default is “off”. The sentence “opt-in by default” is the opposite of what I assume the poster meant.
Storybook’s telemetry is opt-out as stated at the top of the page.
This also looks like something that should be posted as a text submission with commentary - simply editorializing a link + title is discouraged in HN.
"Opt" means to "To choose; select" [0]. If you opt in (i.e. make the choice to go in), that implies that you were not already in. In other words, it implies that the default (when you don't make a choice) is "out", i.e. disabled.
"Opt-in" and "opt-out" describe what the default is, so adding "by default" doesn't make any sense. If you can choose to go in ("opt-in"), then the default is "out". If you can choose to go out ("opt-out"), then the default is "in".
Some companies appear to be trying to twist this into "The choice is yours, and we have taken the liberty of making that choice on your behalf.".
Readit News
I remember writing a super simple wrapper around Jasmine to do the same kind of thing, and was glad when I could ditch it for Storybook many moons ago. But if I was starting a project now I would probably rawdog it again, Storybook just causes too much pain.
Is anyone aware of any similar projects that are more developer friendly?
[1]: https://histoire.dev/
https://github.com/tajo/ladle looks promising if you use React
Full disclosure: this is the first I’ve ever heard of Storybook, so if there’s something particularly gross about telemetry for this use case I’m not aware of it.
There should be a way to opt-in. Anything else is egregious.
A lot of modern software seems overloaded with dark patterns to trick users into unintended actions that make the company more money. I suspect for many companies telemetry's real value is for marketing research and A/B testing the effectiveness of the latest dark pattern implementations.
"Valid" is doing a lot of work here.
Trivially, telemetry can provide insights. That's obvious. But how are users supposed to divine which insights the telemetry is supposed to provide? What if the data-collector doesn't know what they're looking for, and is just scraping everything?
> the spirit of “telemetry by default is bad” and I don’t really agree.
You're entitled to your view. My view is that telemetry (i.e. remotely observing what I do on my computer) is definitely "bad", if I don't consent to it explicitly.
Executives absolutely love it though. It makes them feel scientific in their decision making and gives them ass-cover when justifying their decisions.
I really think that the ability to collect opt in opinions at strategic points in the app is vastly more effective, not to mention less creepy and invasive.
To give a concrete example from my past experience, I used to work on a product that essentially knitted a bunch of services from a major cloud provider together to provide a user experience comparable to traditional HPC clusters. We never included telemetry, but we always wanted to in order to gain insight into how many compute queues people were using, how many VMs were in each of them, how many jobs were run over a certain amount of time, how many VMs those jobs ran across, etc. The sole reason we wanted this information was because the configuration exposed for this product was extremely complex, and we wanted to put layers on top of it to more easily enable the most common use cases.
Is this not a legitimate reason to collect telemetry? Is the concern that, even though the dev team wanted the data for legitimate purposes, eventually bad actors will use the capability to start collecting data for more nefarious purposes?
Edit: I see you amended the original to include a statement about opt-in opinions. What do you mean by that?
https://www.justus.pw/garden/telemetry.html
It’s opt out, and it doesn’t even completely disable it (unless given an env var as well)
The devs know about this:
https://github.com/storybookjs/storybook/discussions/19910
[0] https://github.com/storybookjs/storybook/discussions/19910#d...
For example, dropping the last octet (turning 123.4.5.6 into 123.4.5.0) means you can usually still do useful IP things (where in the world do our users come from, very roughly) while making it impossible to track unique users, or to definitively recognize real individuals.
I've seen one octet masking used as standard, probably just because it's easy, but you could do any other similar change you like, optimising for more or less anonymity/granularity as required.
- Storybook unique identifier: One-way hash generated during Storybook
- One way hash of the IP address
I really doubt that that's "completely anonymous data"
Collecting data of your users is
so in summary, don't do that. Instead, do the exact opposite, and excessively delete any data that you may store. Also make sure that your users are exposed against 3rd party (isp, cnds and such) to the minimum when they check and get new updates. (Randomized update checks over TOR, for example.) They trust you, and allow your program to handle their network, so use it wisely.Also there are sane methods to know what your users are doing, for example you can buy usage blogposts from them, which you can showcase, and link in the manuals and support.
Ask yourself what value you got from your telemetry lately. Also how much effort you put into it. Do you even look at it regularly? Does it still make sense?
Maybe consider the legality? Hint - if it isn't opt-in you are most likely doing something illegal. Congratulations! Does it still make sense?
Maybe consider not being a total jackass and insult your users? Does it still make sense?
I wonder how do you know the things you build is useful if you don’t know it is being, well, used?
On the other hand, back in the server side everything days, I can have more or less all metrics I want from nginx log. I wonder was it equally frowned upon or is the frowned upon an SPA phenomenon?
Storybook’s telemetry is opt-out as stated at the top of the page.
This also looks like something that should be posted as a text submission with commentary - simply editorializing a link + title is discouraged in HN.
The title is now "Telemetry" and 90% of the discussions makes no sense anymore.
The policy is "opt out" but you are "opted in" by default.
Deleted Comment
Deleted Comment
Deleted Comment
"Opt-in" and "opt-out" describe what the default is, so adding "by default" doesn't make any sense. If you can choose to go in ("opt-in"), then the default is "out". If you can choose to go out ("opt-out"), then the default is "in".
Some companies appear to be trying to twist this into "The choice is yours, and we have taken the liberty of making that choice on your behalf.".
[0] https://en.wiktionary.org/wiki/opt#English
(“Opt-in by default” is a double positive, a less common sibling of the dreaded double negative)