And the latest version introduces many other data collection ways. Search them in settings with the keyword "online", you will find them all. Don't know whether or not there are other hidden ways which are not shown in the setting page.
We have looked into this, and haven't found an intentional change that should change your opt-out settings. This shouldn't happen.
We have two theories:
1) Your settings file was deleted, which means that you would have lost all of your settings, and not just the telemetry setting. This can happen if the AppData or ~/Library/Application Support was cleaned up.
2) One of your installed extensions updated the settings either accidentally or on purpose. This would require further debugging, and a list of your installed extensions.
To help debug this further, it would be great help if you could open an issue on Github, https://github.com/Microsoft/vscode/, with more details about your OS, VS Code version and installed extensions, so we can figure out what happened.
totally a bug
I also question how 'evil' policies like this could propagate across company divisions to the point where they are actually implemented in code—in today's age where engineers have a lot of agency over what they do and often speak up—without someone leaking said policy.
This is just a conspiracy theory.
Not necessarily malicious - just myopic.
That said, if usage data is the goal, then any personal info or content you work on being uploaded would be a critical bug, a bug of the kind that could just as (un)likely appear in any other part of the software regardless of whether telemetry is on. E.g the request to fetch extension listings could accidentally contain your info, or the git code could post your stuff suppose to go to a private repo to a public one through a bug.
I really don’t see why sensitive or personal info would be at risk with telemetry (of the acceptable kind ie feature use stats). If that is compromised by telemetry then it’s either a) a bug (see above) or b) they are deliberately being malware. And in that case - why even ask?
Do you think that VSCode’s telemetry uploads your code to Microsoft?
The instructions here and here help with disabling telemetry.
There are no strict limits on paranoia... Maybe Satya Nadella threatened to literally murder everyone involved with VSCodium.
Unfortunately vscode hits that sweet spot that only Atom comes close to.
Of course, you should always be able to disable this sort of collection.
I'll happily enable certain kinds of data collection when a tool is transparent and it makes its data collection opt-in.
Usage analysis is different, and should be opt-in.
How do you intend to tell the difference between Atom's and VSCode's Git(hub) integration, app updater, package manager, telemetrics or an exploitation? The difference between a Signal, WhatsApp or Telegrams' messages and their telemetrics?
Your proposed heuristic only works for applications that would not otherwise have any network traffic, and even then, only if you do on-machine per-process network monitoring. Once it has any valid traffic what-so-ever (which is the case for basically any modern GUI application), then you quickly descend into needing to disassemble binaries locate the cause.
Opt-in vs. opt-out is about privacy and rights, not about security. Malicious companies whose traffic are a security breach and things down those lines are problems that belong in an entirely different discussion, whose root-cause is much deeper than opt-in vs. opt-out.
Also, regarding scrubbing: A stack-trace and error message is far from private identifying information. No harm done in sharing it.
If I select a git command from a GUI, that's an explicit request by the user.
>app updater, package manager
If something legitimately requires background network activity, and security updates might qualify, it should go in Crontab. The system should have exactly one package manager, and apps should not re-implement their own.
If I turn it on, I'll remember I turned it on.
Otherwise, on the network, git fetch and telemetrics to github will be indistinguishable (except if you start doing opaque data pattern analysis). There's also no automatic correlation on the network.
On the machine itself, the closes you could get is something like Little Snitch, which still won't be able to help at all, as permitting Atom to speak to Github on port 443 will permit everything while disallowing will block everything, and it's also designed to be a manually populated whitelist, rather than a constant authorization system.
> If something legitimately requires background network activity, and security updates might qualify, it should go in Crontab. The system should have exactly one package manager, and apps should not re-implement their own.
First of all, eww. Nothing is worse than updates running on a crontab, causing shit to break because it updated automatically.
Also, welcome to 2018. Everything outside Linux bundle their own updater, and on Linux, flatpak and other newfangled things bypass most package managers (even with dnf's flatpak integration, it's still not going through any yum repos).
Yep. So does Google Chrome, Apple macOS, Apple iOS, Canonical Ubuntu, and an uncountable number of programs, apps, and websites.
But VSCode is a Microsoft product, so it gives us an opportunity to do some serious pearl clutching and collectively lose our shit.
You get a little banner at the bottom of the start page on first run and a button to go straight to the preferences option.
Neither is VSCode. How is Firefox morally superior than VSCode in this regard then?
Sure seems that way. Never had any prompts about it.
Look for the comment here that says
https://imgur.com/a/wii2zVT is what everybody gets when starting VSCode for the first time.
(It’s the 2nd highest top level comment at the moment.)
Every time I install anything I check through all the preferences / settings options and opt out of any of these things. There's been few cases where I just leave it all on.
I'm one of those (probably tiny minority) who inspect the binaries of closed-source applications before using them, and will reject those containing networking-related functionality if the application should have no reason to do so.
In the context of Electron apps, no emacs is in the running.
You can see it all in Wireshark, there’s a ton of it.
Do toolbar searches return results from Office and OneDrive? Do you use either? Do you have all of your Office documents and OneDrive files downloaded locally?
You're free to attach your name to the bell if you want for whatever reason. Only landlords are now not allowed to attach your name to the doorbell by default in Austria, and apparently they weren't allowed to do so since 1980 but it's only being enforced now.
wtf. So it's like whack-a-mole.
Secondly, is there anyone out there that has a solid emacs step by step guide that might be able to replicate the functionality of vscode? I haven't had time to look at it but I think the time has come where I can't put it off any longer.
What do you mean?