The problem is how you define those terms: “spying” has a strong value judgement and opinions vary widely, as does the threshold for what people believe constitutes informed consent.

that's a feature not a bug.

If you go down and try pin those terms, you will get "language layers" that will try to go as close to the line as possible and when they cross it argue the definitions.

Be as open and forthcoming as possible.

I think you meant “language lawyer” or, given the context, just “lawyer” but it’s not really what I was talking about: my point was just that projects can define what they collect, what they do with it, and how to control it, and they will still get angry rants from strangers on the internet. Analytics is a really useful tool but it is also a lightning rod for criticism and conspiracy theories.

Your perspective depends a lot on where you're looking from. Small projects have no need for opt-out ("spying") telemetry. Explicitly reported bugs and telemetry from self-selected users will provide more than enough stuff to work on, and there really isn't that large a space for bugs to hide in anyway.

If you have 100 million users, depending in the bias inherent in opt-in reporting is deadly. You need the statistical correlations for a lot of things to be tractable. You can't afford to staff your development organization as a percentage of your user base, not if you have any competition at all. You'll have to get comfortable with some things that feel like software malpractice at smaller scales - such as accepting that bad RAM really is a significant source of problems when you have millions of users, and you'd better get a feel for what the resulting problems look like.