I'll point out that disabling SQLCEIP's service is not a supported configuration, so while you can disable sending information to Microsoft in the paid versions of SQL Server 2016+, the proper mechanism for doing this is documented here:
https://learn.microsoft.com/en-us/sql/sql-server/customer-experience-improvement-program-for-sql-server-data-tools?view=sql-server-2017
(This would leave the SQLCEIP service running and not emitting information to Microsoft). Microsoft recommends you follow documented procedures to make sure that when you are engaged with customer support on an issue they can help fix that issue quickly.
As to your specific question about what this "extra" session is, that feature is not something that is emitting information out to Microsoft. It is a feature that enables a tool that customers can use to determine how many copies of SQL they have running in their organization. The data emitted from SQL goes into a file on the local Windows machine. You can use the tool yourself to see what it does - it is called the Microsoft Assessment and Planning Toolkit, and you can download it here:
https://www.microsoft.com/en-us/download/details.aspx?id=7826
As for whether SQLCEIP is "spyware", I'll try to make sure that you have full information about what kinds of information is collected/not collected through the SQLCEIP mechanism. Microsoft does not try to capture keystrokes, customer data, or otherwise use information we collect to market to customers at all (as you might find in a traditional definition of spyware such as https://simple.wikipedia.org/wiki/Spyware ). The information collected through SQLCEIP is used to make sure that features are working well for customers both during the development cycle of a new version of SQL/new features and to make sure that we understand how our customers use the product so we can make it better. We don't collect information to personally identify anyone and we don't want to know who you are or what you do individually. We are interested in "how many people use Columnstore indexes?" and "how many rowgroups inside of a Columnstore index are optimally packed so that the customer is likely to get a good performance experience?". The information collected help us make sure that our engineering teams have done a complete job at making each feature work for customers.
You can audit all the information collected by SQLCEIP to see this for yourself. The instructions are here:
https://learn.microsoft.com/en-us/sql/database-engine/install-windows/local-audit-for-sql-server-usage-feedback-collection?view=sql-server-2017
Furthermore, we document our privacy policies about what kinds of information we collect/do not collect. Microsoft recently re-vamped all parts of the company to use a single privacy statement, but SQL has a supplement which is aligned closely with its former separate privacy statement since we wanted it to be easy to read/understand and not get lost in the data collection policies for the other consumer services Microsoft provides.
Here's the top-level Microsoft privacy statement:
https://privacy.microsoft.com/en-US/privacystatement
Here's the privacy supplement for SQL Server:
https://learn.microsoft.com/en-us/sql/sql-server/sql-server-privacy?view=sql-server-2017
I hope that this answers your questions as to what the software usage metrics mechanism is and why it is not sending information to Microsoft/related to SQLCEIP.
