"The open source community" is a vague and nebulous concept. There was a lot of pushback against Audacity a while ago, but the forks that were predicted to kill off Audacity didn't really go anywhere last I checked, and Audacity essentially just continued as before without much effect. So one must wonder: was there really that much of a pushback from "the open source community" or was it a loud minority of users (some of whom may not even be Audacity users)? You need to be very careful having these kind of discussions in open participation forums like GitHub.
The forks didn't go anywhere because Muse removed the telemetry and left it with optional crash reports and optional update checking. It did not just continue as before; the default telemetry was removed.
Furthermore, I have enough trust in various core developers to "do the right thing", or at least to not "be evil".
I don't, but this isn't about whether or not I have warm feelings toward random Google employees. The current proposal happens to be about Go, but the introductory blog post being titled "Transparent Telemetry for Open Source Projects" instead of "Transparent Telemetry for Go" is probably not accidental. The pushback here is not specific to Go; a larger discussion is happening around whether the "open source community," vague definition notwithstanding, wants baked-in telemetry to be a part of the culture.
It's obvious this stuff is going to get put into the Go programming language. It would look bad for Russ' proposal to get shot down, the Go governance team does not have a history of incorporating external feedback, and half of the Go maintainers are already too emotionally attached to the idea to even consider backtracking now. That's fine; it's Google's sandbox, we're all just playing in it.
The question is whether this behavior convinces people that it's ok to bake telemetry into open-source projects. Previous attempts have been shouted down, but previous attempts were not bankrolled by a corporate behemoth. Google has sufficient influence to swing lots of opinions. Any objection has to be loud or it will not even be noticed. I personally don't want to live in the world where open source projects are rife with baked-in telemetry, as I regard it a technological shortcut: an attempt to bypass the proper community relationship building and trust-fostering that would enable necessary feedback to happen organically. "It's okay, we don't need to talk to anyone, we'll just have their computers report on them for us" is not a healthy community feedback channel, especially with an opt-out flag to ensure it's just a sampling bias factory.
But to bring this back to Go, I don't think "I trust the Go devteam" is a long-term assurance. Google, as diverse a conglomeration of interests and motivations as it might be, is still a faceless megacorporation who could can the whole team at any time, for no reason whatsoever, or even for bad reasons. The fact that the Go dev team has taken zero steps to divest itself of utter reliance on Google dollars and Google services is proof only that the dev team trusts their managers. I do not share that trust, and I think the team would be well served to examine the long-term consequences of both that dependence and large-scale information-gathering exercises which submit the collected data to corporate ownership. It's not that hard to set up an independent body to hold the data in escrow. Hell, a public-benefit corporation dedicated to being a telemetry ombudsman might even be a good business to run. But that's not even being considered here; all the governance is just being taken for granted, and that indicates a lack of depth of consideration beyond the mere technical implementation of the tools.
Content warning for this paragraph: offensive terminology reference
Google has a history of unilateral decisions that have unintended consequences. Consider this document: https://support.google.com/maps/answer/1725632?hl=en Google's position is simple. If you don't want us to geolocate your wifi host, reconfigure your network name to "_nomap." The desires of the network owner, local regulations, and corporate compliance are irrelevant to Google; change your SSID or we will gather your data. We can briefly set aside the hubris of "everyone else in the world has to change but us," to focus on the actual implementation. When this policy was foisted upon the world ten or more years ago, it was merely obnoxious. However, we've had ten or more years of internet trolling since then, and now, unrelated to Google or their wifi data, some trolls have convinced parts of the public that "nomap" is short for "non-offending minor-attracted person" -- i.e., a pedophile. Searching the term on most major search engines brings up this disgusting definition and very little about Google's wifi geolocation. So, here we are, in 2023, and Google still has a policy document instructing people who value their privacy to brand their wifi with an abhorrent label.
Content warning section ends
Obviously nobody deliberately set about to create this situation. Someone at Google just decided to do a thing, and nobody ever revisited that decision. So, when someone at Google sets about to do this thing, they might want to put more thought into what the long-term consequences might be, whether it might be wise to revisit the decision some years down the road, what potential for abuse it might have, and so forth. It's not promising that people who are already asking about abuse vectors are being told that the proposed software is just way too clever to be gamed, even before the software has actually been implemented.
In short, a lot of words to say "there is a lot more to worry about here than Go, but we should worry about Go too."