I wonder how many users would understand what these files are, why Facebook might want them, and what the risks are associated with sending these.

That's why telemetry uploads metadata, not actual binaries. If you don't upload other's files, you don't need to ask permission to do so.

That seems like a stretch. Metadata is still data.

Except it's not the data that's protected by copyright laws. ...and that it's not the original file is what makes it ethically palatable that Facebook is doing this without explicitly notifying the users that it's happening, although they damn well should have because it represents a profound change in the relationship.

> what the risks are associated with sending these.

What are the risks?

It enables very precise fingerprinting based on device and OS version, down to hardware revision and security patch level.