Debating making SSL a hard requirement for official servers as well as requiring a valid certificate. This will effectively force a domain name as well, but I think that's alright? (Is there a cost issue with this?)

EDIT: SSL enforcement has been added to the latest draft of this document. Leaving this thread open for posterity.

I honestly think this should be a hard requirement - Domain names are relatively affordable and using LetsEncrypt for SSL is easy and free.

Ah, I forgot to update the comment. I've updated the proposal to require SSL now.

I'm still a bit mmmm about requiring a domain name, since it is a cost burden on developers who may not necessarily be able to afford it, but I suppose there are services like afraid.org and NoIP for home-hosted official servers.

Something to note: plugin devs do not need to require SSL if they're implementing custom home servers. This requirement only applies to the officially-run and officially-shipped default server.

Add a section noting that any analytics ID must be user-resettable at any time.

I don't think uploads should be opt-in
Most users don't care, so if they don't even bother to opt-out, why would they bother to opt-in

Same principal as silent agreement, you got informed that information may be uploaded, you can opt-out here, done
Example for this practice are both SubmarineTracker and Tracky, they inform the user and give them some hours to opt-out before any upload starts

Also dalamuds Universalis upload isn't opt-in either, as far as i remember

These plugins either have large focus on data collection (RNG) or are explicitly designed for it, which is a different court compared to something like Simple Tweaks installation information. IMO whether opt-in is required should become a case by case basis.

I clarified this point a bit - opt-in is intended for plugins collecting "non-essential" information; that is, any information that is not required for a plugin to do its job. This would include things like how many people are using what features, any sort of census information (e.g. how many Miqo'te are using this pluign), and similar.

Things that are "essential" for a plugin's function (that is, if you don't want to submit that data, why are you even using this plugin) don't need an opt-in as the opt in is the very act of installing the plugin - or, ideally, a consent screen forcing a decision.

The intent here isn't to block telemetry as much as it is to encourage devs to consider the data they're collecting, why they're collecting it, and what that data is going to be used for. Any data collected should serve a purpose of some sort, and that purpose should (overall) be in line with our project's values.

See also goatcorp/Dalamud#1547, which will make Dalamud responsible for Analytics ID generation in a compliant fashion.

This one is also very sticky - there are some cases where this is unavoidable, but expressing that as a hard and fast rule is difficult. The intent here is to avoid "GM installs plugin and goes on a banning spree", but maybe this isn't a problem?

Consider that GMs aren't the only people who would want this data. Malicious actors seeking to gain information on players may mass scrape services for accounts (see the recent Discord spy.pet drama).