I am well aware of the story, as I reported on it on my radio show so had to go digging.
Yep it is bloatware, but it does need to collect system info for bug reports (other clients such as Steam, Epic and itch also do this), and game account info so it can use the various accounts as fully as possible (without this is serves no purpose).
To be able to work as a unified IM chat between as many services as possible, it will need access to your friends lists.
Some of the data is only needed locally, and some only collected and sent on-demand, but to work effectively across re-installs and multiple instances some data will have to be kept remotely in your account.
For comparison. I use Trillian instant messenger.
To operate as a unified multi-client effectively, so you can combine peoples IDs into single meta-contacts, and have it all reappear and sync when installed on another device.
All that info is kept in the cloud with my account, and as Cerulean studios are HIPPA compliant I am more than happy with their privacy statement.
Trillian was also subject to people freaking out over privacy concerns, due to sensitive data going being uploaded.
It seems whoever reported it had not read the info relating to enabling the debug mode.
If you switch on debug mode whatever text would be in your log file is sent for analysis.
As for "GOG has proven they cannot be trusted"
In what way ? Collecting info is very different from disseminating info.
If GoG have suffered with a data breach, or are selling collected data to 3rd parties, can you provide links so I can report it on next weeks show ?