Hacker News new | past | comments | ask | show | jobs | submit login
VSCode deprecates Enable Telemetry, auto-enrolls you in Telemetry?
388 points by tmpfile on Oct 9, 2021 | hide | past | favorite | 181 comments
VSCode has deprecated "Enable Telemetry" and now auto-enrolls you into their new Telemetry option even if you've disabled all the previous telemetry settings.

Screenshot https://imgur.com/a/nxvH8cW

The changes apply to the most recent version of vscode (version 1.61.0 released Oct 7).




Hi all, I work on the VS Code team. This came up the other day in stand up and the initial plan was to deprecate and eventually remove the old setting. Several of us pushed back and said while we may deprecate the setting in favor of something else, the old setting should always be respected due to the sensitivity around telemetry.

If there's any confusion around this messaging it's because this discussion literally happened 2 days ago. I'll reopen https://github.com/microsoft/vscode/issues/134660 to make sure we clear up confusion.


Just some feedback from the field: I work with some high-security networks, and the perception from those Microsoft customers is that whatever "good" that has come from Microsoft improving security in general has been completely undermined by the pervasive telemetry.

Windows 10 alone has something like 200 individual settings for disabling its various forms of telemetry. Office adds several dozen more. Dotnet itself has telemetry, then PowerShell on top of that. VS Code and Visual Studio both send telemetry.

On and on, and on... and then some more, and on... and ON and ON and...

There's just no end to it.

As administrators, it's like playing whack-a-mole against a thousand moles that are breeding exponentially.

We don't want to play this game any more.


Noted. I can't speak for anything other than VS Code but we have the toggle in product which is all you need to change to turn it off for the core, extensions may have their own setting or share the core toggle, but we often can't control that.

There's also the very detailed page on the website detailing this as well as how to see all telemetry events that are sent in real time in the output panel and even how to print out a report of all events that get sent with their classification (code --telemetry).


I'd like to express the same sentiment against all-pervasive telemetry in a far less civil way but dont want this comment deleted.

I really wish I could use stronger language though....


This


If you're interested in collecting feedback and passing it on, the other criticism I have in this area is that Microsoft's privacy policies are incomprehensible. Everything seems to refer to the same huge document in the first instance and that document seems to depend by reference on numerous supporting documents. Even figuring out which supporting documents might be relevant seems to require understanding ambiguous terminology about whether any given application or service fits into various categories.

Personally, I'm not interested in messing around with that kind of nonsense. I don't want to engage a lawyer just to find out if I can safely run some software and in the modern world where we're dealing with things like personal data and sensitive business information (including code and clients' proprietary information used to write it) an organisation with Microsoft's recent track record on privacy isn't going to get the benefit of the doubt.


With all this backlash on telemetry, is it worth it? What are you actually getting from it beside ruining the progress MS has made with the dev community? Trust is hard to earn and takes seconds to lose.

Remove it. Then champion removing it from the rest of MS’s products. If you must spy to learn your market, you should not be in that market.

I still hold onto a Sublime Text license waiting for the day MS shows it’s true purpose of making VS code free. Has this day come?


Telemetry is like bureaucracy. Once you have one it's extremely difficult to get rid of it.


[flagged]


Please don't flame people like this on HN. Regardless of how strongly you dislike or disagree with $BigCo, we want HN to be a place where people with inside knowledge can speak freely about what they know, without being attacked for it. It would be a bad outcome for HN to disincentivize this. Past explanations of this point: https://hn.algolia.com/?query=disincent%20by:dang&dateRange=....

https://news.ycombinator.com/newsguidelines.html

Edit: you've been posting a ton of unsubstantive and flamebait comments, most if not all of which are on this same theme, and you've been doing it for a long time. We ban accounts that do that sort of thing, so please don't do it any more. (No, we don't care about $BigCo. We care about keeping discussion here out of the shallow-flamewar end of the pool.)

Edit 2: I just noticed https://news.ycombinator.com/item?id=28814819 - appreciated.


This comment isn't constructive at all. Keep it on topic and don't blame the messenger.


Sorry, I take it back, but I don't have access to the delete button.


You can’t delete comments once they have been replied to. Just take the feedback into account for next time, I guess.


The reason is that Microsoft as a company is all-in on "data-driven" everything. They're trying to get their customers to adopt this approach too (and mostly succeeding, our company execs are constantly going on about it). Disabling telemetry breaks this so they make it as difficult as possible. Because that's where they're planning to have their major value-add.

I really hate it too. But it seems so be so heavily anchored in their strategy that I don't expect them to lighten up about it.


It makes sense as selling cloud and data analytics solution is the new hottie for today's corporation world.


It's high time OSs try and implement something akin to what DoNotTrack was intended to do in web browsers. Of course it will have the same adoption issues faced by DNT, but if first-party apps (like VSCode, DotNet, and PowerShell under Windows) honored a centralized setting it would make life so much easier.


Well, for Windows there is https://www.oo-software.com/en/shutup10 to help manage telemetry and other settings, though the OS resets certain user choices after updates.

Though, if possible, consider using GNU/Linux whenever possible - distros like Debian have historically had little controversies around them, even package popularity metrics are presented as a choice to you during install time: https://popcon.debian.org/

Certain other distros like Ubuntu have a bit more controversy surrounding them, for example, the snaps package mechanism which takes away the user's control over updates by default, though that's more of a security hole and a stability risk, rather than aggressive telemetry related (unless it's introduced by the package creators, a la Audacity's plans that were later rolled back https://github.com/audacity/audacity/pull/835).

Of course, if you truly care about your privacy and open software, you might as well use a fully GNU distribution, such as Trisquel, though there are factors like hardware compatibility and software availability which could pose challenges in such cases: https://trisquel.info/


This almost exists.

Windows comes in many flavours. The most "just stop it, okay?" version is the Long Term Servicing Channel (LTSC).

It's like the Windows you used to like, back in the XP days. No Xbox gaming bar or Minecraft. Minimal (no?) telemetry. No forced updates every 6 months that break things randomly.

In my line of work we used it a lot for things like virtual desktop fleets with thousands or even tens of thousands of instances Why? Because the "normal" builds would every now and then just 'decide' to force update themselves despite our best efforts to stop that. All at once. On an ephemeral environment, where the machines would reset on boot, and then try to apply the forced update again. And again, over and over...

Some Microsoft manager wanted their KPIs met, so they just.. rammed something through. Fuck everyone running a VDI fleet, a billboard, a kiosk, a test environment, or anything that needs any kind of stability at all. Big man at Microsoft needs a bonus for that new Tesla!

This was common practice in our line of business. LTSC or failure, those are the options.

Meanwhile, Microsoft, whenever they turned up to a customer site, would just keep harping on about how LTSC is not intended for users, how it's "bad", and how the six-monthly releases provide Enhanced Experiences(tm) or whatever. They would stop just short of calling us unprofessional in front of our customers. Just.

It was the most absurd thing to watch happen. The disconnect between Microsoft and their customers is almost comical now...


LTSC as of 2019 also includes telemetry now. You get the same choice as on regular Windows: all telemetry or just the basics


Like what I heard from a colleague:

"If I've been called here, I can safely assume whatever's been done's been done wrong, otherwise I would not've been called here, cause I'm definitely not the cheapest option"


No, but they're selling remote wipe to large enterprise customers on worker's device's, spying on workers privacy and selling that info to management, adding DRM to excel spreadsheets - but they just can't figure out how to have multiple customers editing the same document without losing data.


I've worked on a place where somehow Teams managed to f@ck double clicking on an excel spreadsheet. Across organizations. On a sensitive critical infrastructure planning document.


"we sell you 4 different communications and productivity enhancement software products, none of those are really any good but guess what, we managed to upsell your organization into purchasing this crap "


"and look, your competitors purchased this and they're using it (they weren't), so you need it too for compatibility reasons"


As devs dont often hear feedback - you guys are doing a great job on VSCode. There are some key issues that Code overcame compared to other IDEs, which is why so many teams use it. One of those is forced telemetry (others are pricing, integration, and memory / resources footprint).

Please continue to push back against moves towards forced telemetry. Some of us work in sensitive environments, others wish for privacy. For those of us that work in sensitive environments we could simply firewall the program to stop talk back, but that will likely break many other things. Currently we have a level of trust that strikes a good balance between over the top strict security and permissive security where there are few issues because Code is trusted from a trusted domain. Forcing telemetry is likely to have Cybersecurity teams flag the app at an enterprise level and start to introduce headaches as they start to try and curb information leak.


Really appreciate the open responsiveness. I think most people on this site know the position you are in. Dont be put off by irritated people, it's easy to underestimate how much of waking life some people spend dealing with frustrations with specific bits of software.


So we should keep a copy of the old installer around?


Why would you need to do that given what I said?


Presumably so someone installing for the first time can install an older version where they can set the toggle before upgrading to when the toggle is removed?


Maybe there's a misunderstanding. The old toggle is deprecated, but the plan is that you will always be able to use it. The new toggle is just a different setting and can still be used there on newer versions ("telemetry.telemetryLevel": "off").


And how do both toggles combine? Is this the implemented truth table?

  telemetryLevel  newTelemetryLevel  result
  off             off                no telemetry sent
  on              off                telemetry sent
  off             on                 telemetry sent
  on              on                 telemetry sent


It used the most restrictive setting. [1]

> @john-aws It does respect your prior settings. If you disabled telemetry before it will still be disabled even though telemetryLevel is set to "on" by default. We always take the most restrictive of the two settings. You can confirm this by setting Log level to trace and seeing no telemetry is flowing in the output channel. The old setting will never be completely removed to prevent enablement of people who previously disabled telemetry but it is deprecated so we recommend setting this new setting to "off" and removing the older settings from your settings.json

So the truth table would look like this :

  telemetryLevel  newTelemetryLevel  result
  off             off                no telemetry sent
  on              off                no telemetry sent
  off             on                 no telemetry sent
  on              on                 telemetry sent
The new telemetry level can be set to Off, Error, On.

The actual code is on github[2] and looks like this :

   const newConfig = configurationService.getValue<TelemetryConfiguration>(TELEMETRY_SETTING_ID);
   const oldConfig = configurationService.getValue(TELEMETRY_OLD_SETTING_ID);
  
   // Check old config for disablement
   if (oldConfig !== undefined && oldConfig === false) {
    return TelemetryLevel.NONE;
   }
  
   switch (newConfig ?? TelemetryConfiguration.ON) {
    case TelemetryConfiguration.ON:
     return TelemetryLevel.USAGE;
    case TelemetryConfiguration.ERROR:
     return TelemetryLevel.ERROR;
    case TelemetryConfiguration.OFF:
     return TelemetryLevel.NONE;
   }
[1] https://github.com/microsoft/vscode/issues/134660#issuecomme...

[2] https://github.com/microsoft/vscode/blob/be75065e817ebd7b625...


https://github.com/microsoft/vscode/blob/be75065e817ebd7b625...

If either are 'off', it's sending no data. The new one also allows you to only send error logs, so the truth table would be more complex.


Yes. Those get harder to find every day unless you know exactly where to look. I also wouldn't put it past them retroactively patching builds to cover them up.


Microsoft has really been pushing the telemetry lately. Edge phones home far more than any other browser. Windows itself has no way to fully disable data collection (only the option to send "basic" or "full" data, including which websites you visit--oof). If you use Pro and you are enough of a power user to feel comfortable editing registry settings, that's what is now required to turn telemetry off, and even then it's hard to know you did it correctly. And this type of tracking is pervasive across the entire Microsoft ecosystem, including within Xbox, Minecraft, Teams, and now VSCode. It's disappointing to say the least.


> and even then it's hard to know you did it correctly

At that point, why not copy what people do with android? Just run a dummy "vpn" on your system that null-routes traffic going to microsoft-controlled domains or IP blocks. By no means a perfect solution for sure, but a really good one in practice.

You have remember to clear the telemetry cache and reconnect your system to microsoft to get updates from time to time.


If Windows 10 can't phone home, it thinks the network is disconnected and tries to fix the problem by restarting the network stack every ~10 minutes.


I'm sure that if not Windows 11, some version further in the future will interpret an inability to phone home as a network disconnect, and warn the user that they are out of compliance with their license agreement and their OS will stop working in 24 hours.


Could you provide a source for that? Couldn't find anything on Google about that


search for wlan autoconfig


> including which websites you visit

Are they crazy? How is this legal?


It is not, but that never stops large corporations :)


What if you set your location to France?


Sounds like something that could be fixed with a software tool, like uBlock for browsers.


As someone who's worked on multiple power-user GUIs professionally, telemetry can be genuinely useful for improving the product. You can discover features that are never used and should be removed so attention can be focused elsewhere, and others that are used frequently and deserve more attention, and others that users may frequently have trouble with and should be fixed or improved.

I'm not saying this justifies dark patterns, and I have no firsthand knowledge of whether Microsoft is exclusively using this data for legitimate purposes. If it were me I'd enable it by default but make it clear and easy to disable for those who care. That said: I don't think the knee-jerk assumption that this is a wholly evil thing is justified.


It's not knee-jerk. This is the same company putting ads in the start menu and trying to force Windows users to log in to microsoft.com on boot. And I guarantee you, the PMs who pushed for those 'features' genuinely believed they were improving my user experience too.


It can be, but when you're a company like Microsoft you've poisoned the well with anyone who cares about these things. I have no confidence whatsoever that MS has purely good, product-improving/research-based intentions with VSCode telemetry.

As for this change, I've seen it myself, and I think it's just poor design, nothing evil. They are just refactoring telemetry control and fucked up with porting over existing preferences because it's not a 1:1 thing.


> make it clear and easy to disable for those who care

Exactly. Telemetry can be a useful like you said and should be clear to users when they are being opted into it. Especially if someone has disabled all telemetry, they should be prompted to enable it or configure it with the new settings. If you silently re-enable it on their device when they already went thru the trouble of disabling it (and not expecting the settings to change day-to-day), you'll get some knee-jerk assumptions and reactions, whether your intentions where noble or not.


> make it clear and easy to disable for those who care

No. Make it clear and easy to ENable for those who care.


Telemetry of settings usage would tell that there are no users who care to enable it.


Sure, they should have had a pop-up telling people about the change and making clear the option to opt-out. That would have been better. But seeing some of the responses here you'd think Microsoft had started streaming a video feed of your entire desktop with no way to disable it.


But seeing some of the responses here you'd think Microsoft had started streaming a video feed of your entire desktop with no way to disable it.

I once asked, seriously, whether there was any guarantee that enabling telemetry in a Microsoft developer product would not result in sending code we were working on back to Microsoft, inadvertently or otherwise. No-one could give me a clear confirmation that it would not. The responses were about 20% "we trust Microsoft, they'd obviously never do this" and about 80% silent downvotes.

If my business could be facing considerable damages for violating confidentiality agreements if something like that ever happened and sensitive information did leak, that's just not a convincing response. Microsoft have been pushing mandatory telemetry, mandatory and automatically deployed user-hostile updates and radical changes in data usage like GitHub Copilot. You'd have to be crazy to give them any benefit of the doubt in this area now. If they want phone-home on and they promise they're not going to take anything they shouldn't, we want to see the technical measures and legally actionable documentation to back that up.


Definitely. Settings that have the perception of "streaming a video feed of your entire desktop" should be treated with more care.


> You can discover features that are never used and should be removed so attention can be focused elsewhere

That rests on some very specific assumptions; consider that, statistically, the "restore" feature of backup software is almost never used.


But when it is used they'll have telemetry on errors that occur during the restore process. So hopefully the next person doesn't have to deal with the same issues that the first did.


I believe the GP's point was that if you follow the "remove anything that users rarely use in telemetry data" philosophy then you end up removing the restore feature of the backup software, defeating the entire purpose of backup software in the first place.

In other words, just because a feature is used rarely doesn't mean it isn't important to keep around. So much of what's wrong with software these days can be attributed to this "A/B test everything, the data never lies" approach to design.


Precisely; frequency of use is not the same as importance, and confluating them is dangerous when you use it to justify cutting features.


Just like Android telling me "you haven't used these apps in a while, let's remove them" while the apps are of the use-once-a-year or emergency kind of software.


> So much of what's wrong with software these days can be attributed to this "A/B test everything, the data never lies" approach to design.

Design by focus group where the focus group is the users who left telemetry on/unblocked.


We were talking about use stats, not crash reporting (which, yes, is more defensible).


Telemetry that is not opt-in is not legal, that is the end of it. No amount of justification will change it and no justification should even be present, because spying on people is always wrong unless it is with consent (which is given freely and not as part of some wishy-washy dark pattern corporatism).


I strongly disagree with the opinion that telemetry should be enabled by default. I feel that it should be the opposite.


Source: https://code.visualstudio.com/updates/v1_61#_telemetry-setti...

You are not enrolled into the auto telemetry yet, the deprecated options are still respected for now. The new telemtry has the levels of on, crash and off. Useful if I want not to contribute my device info, but still help them with issues with the software itself.


> for now

Looks like it should be "forever" according to this comment:

https://github.com/microsoft/vscode/issues/134660#issuecomme...

But telemetry is one of those things that you can never trust a company about once it's in. Especially a company with a history of both mandatory telemetry and "oops didn't mean to ;)" telemetry-related setting resets.


Microsoft tries to make you think it’s not, but VSCode is proprietary if you download the official builds. Don’t use it!

The Vscodium project [0] exists and provides builds directly from the source.

This version has none of the user-hostile behavior! It also makes you realize Microsoft’s new round of EEE overreach when you see that the maintainers have to provide the extensions through their own repository and the default C# debugger doesn’t work for licensing reasons (everything else works perfectly).

Don’t trust Microsoft. Use the code they give you (which is generally fine), not their proprietary products (which are generally very much not fine).

[0]: https://vscodium.com


Don’t trust Microsoft extends to GitHub as well. Same company and same issues. GitHub probably has even more of developer mindshare and should get equal outrage as this. At least VS Code is open source.


Incredibly smart move from MS to buy github.


Never rely on GitHub features, like issues, wiki or actions.

While the repo itself cannot lock you in, theses can.


Certainly is neo-EEE as developer "influencers" claim M$ has turned a new leaf


This kills me because I use and love GitHub. I’ve tried Gitlab a few times and we do use it at my day job, but I keep coming back to GitHub for personal use.


GitLab is fine and well-integrated, but it can be heavy and slow. There are alternatives. Sourcehut, Gitea, Codeberg (runs Gitea), GNU Savannah, or just plain cgit. It isn't a binary choice.

I think GitHub might actually be best suited for personal projects. Projects aimed at others is now making contributors accept GitHub's proprietary ToS, vendor lock-in, and whatever experimental ways they plan to scan and profit from your code by offering it for "free".


Sadly the main thing I use vscode for doesn't work in vscodium, so it's completely useless to me: remote projects. Without that I may as well just go back to sublime, which is lighter and faster.


I assume that means it is missing the tight integration with wsl which is my primary use case.


… or the other way around. It works fine-ish, better than using Windows directly in any case, for me at least.


It's not just WSL. There is "remote-ssh" for vscodium either.


What does this do? Or better What is the use case? I never really worked with VSC other than the basics and I rarely connect to servers to edit files or sourcecode


I use "Remote - SSH" to develop on a VM. I try to keep the amount of software I run on my laptop to a minimum to keep it cooler and quieter. I have a VM on my workstation PC at home, which has a much better CPU than my laptop. The VM runs vscode backend, while the laptop runs vscode frontend, slack and a web browser.


Okay, I get this, guess I would just ssh -x for that purpose, but that assumes a full Linux environment.

Keeping a laptop cool and quite while running slack and vscodium is a task in itself. I guess I would create a CI Pipeline and just commit via git


vscode remote ssh mode is a much better experience than x forwarding. Like, it's not even close. It is hands down the best remote editing experience I've ever used in any kind of editor or ide, and running anything electron through remote X11 is basically like trying to kill a flea with a tractor.


So the Linux is forcing you to use proprietary version of SW? That's wild.


For reference, "EEE", especially in the context of Microsoft, stands for "Embrace, Extend, and Extinguish|Exterminate".

Link: https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...

From Wikipedia:

>"Embrace, extend, and extinguish" (EEE),[1] also known as "embrace, extend, and exterminate",[2] is a phrase that the U.S. Department of Justice found[3] that was used internally by Microsoft[4] to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences in order to strongly disadvantage its competitors.


everything else works perfectly

Isn't it also the case that pylance doesn't work and has some form of DRM to prevent it from being used with the open source version? I'm not saying that as a reason not to use the open source version, just wondering if Microsoft has already rounded the corner on that second "E" in EEE.


Yes, the official VSCode binaries from Microsoft come with a binary blob to implement DRM. From the documentation (https://github.com/microsoft/vscode/wiki/Differences-between...): "The distribution includes a native node module that allows the extension to use a "handshake" to adhere to the license by ensuring it is being used from Visual Studio Code"


How is building proprietary plugins for the editor they themselves created and maintain at all part of EEE? Unless it's someway to extinguish LSP, which they also created?


"strategic product strategy businesses feature decision" as literally said by their PM.


Why don't you use an editor which has nothing to do with Microsoft? "generally fine" is not a good reason to be involved with a predatory company.


Because it’s hard to beat the ecosystem around VSCode. VSCode extensions take it from an OK text editor to an almost-emacs replacement.


Funny thing, I waited a little and then added some new, great emacs implementations of everything people were saying was so great about VSCode.


Yeah, lsp-mode for Emacs exists because Microsoft created LSP for VS Code, so I'm glad VS Code was created even though I'll never use it.

(I installed VS Code to see what the fuss was about and the first thing I wanted to do was hide the tabs because tabs are a useless eyesore in a text editor. But when I searched for a way to hide them, I read that it wasn't possible. Madness. I'll never understand how tech enthusiasts can enjoy using software that provides them with so little control.)


It's cool they use the same source so it's always the current version. I always assume projects like these aren't current or are several versions behind.


And the Microsoft extensions, like for C++, fetch and run big binary analyzer daemons that do all the work behind the scenes. Use clangd and its extension instead.


Looks like they don't ship Apple Silicon builds, unfortunately.


Ha, I considered mentioning it. Here are the Apple Silicon builds: https://github.com/tibeer/vscodium/releases

They’re still working on making them official.


Or just disable telemetry and be done with it.


This is your first day on earth? You sound like you have no experience how these tech companies grow and consume everything in their path. "Just disable it"... Sure. :)


Reminder that Sublime Text is constantly being improved and might be worth a look if you haven't tried it in a while ~ https://www.sublimetext.com/


A big reason why I don't buy sublime despite buying other products I don't use much is that it is not open source. That is a big one for me because even if I wanted to inspect for telemetry or other things, I'm not trusted to do so.


Purchase it if that bugs you. Not everything is freeware.


How is purchasing going to make it open-source?


Unless the "it" there is Sublime HQ Pty Ltd. That'd get you the source.


The original comment was changed. Originally author was saying they hate the reminder in Sublime. In that case purchase a licease. The comment now says they want open source only.


indeed. sigh. i'll have to start quoting comments to retain context. it adds noise tho =/


On Mac, Panic’s Nova is starting to look pretty good. A native editor with a profit model of “you use it, you pay for it” is more attractive by the day.


Does sublime support editing remote projects over ssh?


Not well, that's the only time I use vscode (for everything else I use sublime or Pycharm if it's Python). I wanted to find a link for you to include in this post but searching "sublimetext ssh" etc didn't even bring up anything definitive, which kinda tells you how not great it is.

One option if it's just like 1 file at a time is to use WinSCP with Sublime as your default editor and just open the file, edit, close, but again, obviously not great.


Have you considered sshfs?

I haven't used it in years but I recall it mostly working.


That's not good enough, no remote debugging and shell integration. VSCode makes you feel like you're on the remote system locally.


> VSCode makes you feel like you're on the remote system locally.

In fact, you are. It runs the plugins on the remote system. Which, while nice for UX, made me upgrade my blog's droplet from 1GB to 2GB memory ($5/month -> $10/month). But I figured it's worth it because it lowers the barrier of entry to writing, and anything to make the process of writing as painless as possible is worth it (and I'm still publishing once/week so I guess it's paying off)....


But it mounts the remote fs as local. You should be able to debug locally and do whatever in the shell at it is a local mount, no?


Or Atom, which is free/open source: https://atom.io


Serious question: Why does Atom still exist? On the front page they advertise something called "Atom Teletype" which seems like a ripoff of VS Live Share (or was it the other way around?)

Why aren't the Atom people working on VSC instead?


> Why aren't the Atom people working on VSC instead?

https://github.com/atom/atom/graphs/contributors

Looks like the original contributors have mostly moved on to other projects, and activity is significantly diminished, but it's an open source project and they've not gone out of their way to block the community from continuing.


Because more than one editor based off of Electron can exist and something doesn’t have to cease just because the sheep moved to the next field.

Why does Visual Studio still exist?

Why does Sublime Text still exist?

Why does Notepad++ still exist?


The question was asked because Atom doesn’t seem to see much development effort anymore, while the rest of the things you mentioned do.


So we should rid it from existence? Or is this a suggestion to delete the repository?

Does Atom exist if you never need it again or the project is never maintained?


I don't think we should get rid of Atom or anything like that, the point of my question is why the Atom contributors chose to not move on to VSC and continue to maintain Atom to the point of launching competing cloud options like Teletype. It's weird because both ventures are ultimately owned by Microsoft so it's confusing why they're paying two sets of developers to compete against each other.


Atom/GitHub wasn’t owned by Microsoft when Visual Studio Code gained traction. I’m guessing that the maintainers had no interest in giving Microsoft more help in reducing Atom to an unmaintained status and promoting Visual Studio Code for free. If the maintainers work for Microsoft now, I highly doubt it was ever a choice to move on. Teletype was probably in progress as well pre-acquisition, as that sort of feature came much much later in Visual Studio Codes development.


I wish. Has bugs that make it unusable. (ie: read whole project depth tree on window open)


I still use Atom as my daily driver. There are bugs, yes. Some are more annoying than others (looking at you, TypeScript plugin). But I enjoy the app's experience more than VSCode. I wish I had time to contribute to it, because it's still a solid editor, and I hope it lives on a lot longer. Also surprised there hasn't been a popular hard fork of it yet since the acquisition of GitHub.


Vim and Emacs are open source, actively maintained, very capable programming editors.


but ultimately owned by the same company as VSCode


I thought Atom development was stopped? Guess I was mistaken.


What is this telemetry? My OS, computer model, IP, and VSCode version? Why is this so bad in comparison to any other web application or many other apps these days? I know many are up in arms about it, but what exactly is the hidden danger here? More ads about computer studs sold via a the meager Bing ads market?


The problem is other people treating other people's hardware as their playground.

We've gone too long without a reckoning as software authors in this regard. You are not entitled to do whatever you wish with someone else's hardware because of a click through. Those that continue to do so will be (in my case) blacklisted from running on my network.


The user entitle software when they install it & give privileges. The issue has to be solved upstream. Instead of blaming software vendors, we have to build the systems to take back control.


Software that disregards the users wishes when you run it used to be called malware. An install is not an entitlement to do whatever you want. Software vendors are the ones writing this malware so why should they not be blamed.


for some, simply not allowing me to opt-out without using other mechanisms (some sort of internal firewall etc) is enough. It's my computer, my network, and I get to say precisely how it is used; and that includes telemetry.

There are other threats and reasons, that others more versed in this can explain, but that is the one I can speak to.


> simply not allowing me to opt-out ...

But let's note that this is not the case here. You can still opt out. If they are just resetting your old settings silently, however, then this is not a nice move and it will annoy exactly the people that care.


> they are just resetting your old settings silently

That kind of behavior bis frowned upon in this establishment


>It's my computer, my network, and I get to say precisely how it is used

That is only realistic on linux. Everything else us just something you've rented.

Besides, you can always go for independent vscode clone. I don't know how good it is as i haven't tried it myself. I just know it exists.


Linux may be the only kernel (and general class of operating systems) that is capable of robust transparency and control, but that doesn't mean that it isn't a common ideal among more general computer users. The argument I hear most frequently is that users are fairly oblivious to one or more of these points:

- That data is collected

- That you or your device can be identified from data

- That data does not have an expiration

- How the data is used (eg: multi-use, for troubleshooting, for marketing)

There are multiple ways to democratize knowledge, but most ideal is having companies just be upfront and teaching engineers why it's important to stress building notifications and/or levers for these kinds of capabilities.


A lot of the people who care this much also use Linux, so this is somewhat of a moot point.


It doesn't matter. What matters - if these reports are true - is how they treat their users with these dark patterns. You just don't treat other people like that, it's just basic human decency.


And also there’s a legitimate slippery slope here. “Come on, this data they are sending is not sensitive” may apply today, but after you’ve opted in, now your job is perpetually keeping track of what new information they send in the future to make sure your assessment is still true. If there is a big off switch, the only thing we have to pay attention to is whether or not they are honoring that off switch.


> My OS, computer model, IP, and VSCode version?

Right now, maybe. Or maybe more. Are you happy agreeing to it without being told? Being auto-enrolled without being told? What about if they add more later and don't feel the need to tell you as you didn't make the effort to opt out so must be happy with the tracking?

> Why is this so bad in comparison to any other web application or many other apps these days?

Because others do it doesn't make it right. People rail against web properties using what is seen as overly invasive telemetry/fingerprinting/profiling dark patterns too.

> but what exactly is the hidden danger here?

More information stored about you in more places, from whence it can leak further or dubious authorities can demand it be released, is a common fear in such cases for privacy campaigners and campaigners in general within the reach of certain governments.

(if people downvoting would like to let me know why, I'd be genuinely interested to know your counter point(s), otherwise I'm just going to assume that what I have said is true and you don't like it)


https://vscodium.com/


unfortunately, as I discovered with a recent fresh Manjaro install, VSCodium cannot access the standard MS extension repo, which makes it next to worthless as a production tool because no one is uploading anything to their own repo. I can't work without my tools, and I can't be arsed to manually install and build and update every extension and its dependencies that I rely on.


Sure you can use vscodium with the official marketplace. I use that for over a year now without issues.

https://github.com/VSCodium/vscodium/blob/master/DOCS.md#how...


Of course, that's against the Microsoft licensing agreement. The VS Extension marketplace is only licensed for use with Visual Studio and Visual Studio Code (as are all of the good Microsoft extensions: Pylance, the Remote Pack, Codespaces, etc).

The top of the log file for the remote extension always says this:

"

*

* Visual Studio Code Server

*

* Reminder: You may only use this software with Visual Studio family products,

* as described in the license https://aka.ms/vscode-remote/license

*

"


What do you mean by “no one is uploading anything to their own repo”? Everything I’ve wanted (exception: dotnet debugger) is on https://open-vsx.org/.


if you don't trust microsoft with telemetry, you shouldn't trust extensions written by random people either


A perfect encapsulation of why these privacy complaints are next to worthless. You don't trust Microsoft with telemetry but your package.json pulls in 30 packages from completely random Internet strangers who published something that looked cool on GitHub.

There's no coherent threat model here. There are a million different ways to shoot yourself in the foot and compromise your codebase before we even begin to consider what Microsoft can do with the knowledge of what buttons you press sometimes.


A bit disingenuous I think; people are concerned about security when worrying about random packages, but privacy with Microsoft.

MS have a history of being hostile to open source, but have been able to launder their image somewhat.


They were 'attempting' to launder their image.


Privacy and security are the same thing. When one is compromised so is the other. Any untrusted code that runs on your machine has the implicit capability of exfiltrating information that would rip apart your privacy.


> There's no coherent threat model here.

My threat model is Microsoft selling bogus "productivity enhancement" features to customers, pushing duplicated features, collecting data on costumers to acquire business sensitive information, and using marketshare as leverage to strangle better products.


Known-bad is worse than unknown, surely?


So, recapping vs code:

* They implemented proprietary sync protocols

* They obfuscate how 'settings' are saved - no, the settings.json is not what the editor uses and they hide stuff in the internal sqlite db they use

* Capping open versions of the product

* And finally, inserting proprietary "licensed" stuff and code that purposefully breaks if you're not licensed


Then they'll use your code to train an AI to replace you.


Lot's of extensions - the ones that Microsoft decided were 'strategic' - purposefuly stops working magically when you're using the "open" vscodium version.


The goal of stuff like this is to wear you down into accepting all default parameters. Then, slowly ratchet up the invasiveness.


Microsoft microsofting. By which I mean making confusing UX choices that no user would want, with bad presets, and that get misinterpreted in the comment-o-sphere as dark patterns infringing on our freedoms.

They're transforming the control of telemetry to a different option. The problem is that the new option doesn't default to being based on your old telemetry opt-out value, it just defaults to "on" as if you just downloaded VSC. And this leads people to reading all kinds of evil intent into it.

But it's probably not. We've all worked on big complicated products at big, slow companies, right? This is just bad design.


"bad at design":

Either their engineers are incompetent, and accidentally chose the evil thing, or they intentionally planned it to happen this way.


Check out https://vscodium.com

https://github.com/VSCodium/vscodium

Builds of VS Code with telemetry stripped out


Looks identical, runs the same plugins just without the telemetry. The perfect solution.


Except for the remote extensions, Pylance, and Live Share, IIRC. Which are pretty important to a lot of people's use of VSCode.


The one extension I use the most is the remote access via ssh, and that's not available on vscodium last time I checked. Only reason I'm still on VSCode.


You can download the extension as a file from the vscode marketplace and install it in Codium. The remote containers extension requires the latest Codium but it work now.


Thanks!


ok it installed but more might be needed to make it work..

haven't tried this yet: https://github.com/VSCodium/vscodium/blob/master/DOCS.md#pro...


sshfs? Then the solve is outside the editor.


That's my workaround, but it's less convenient.


I don't find it to be a workaround. The remote development stuff loads a bunch of projects and processes onto the remote host. I have some pretty small VMs that I run some older production servers in. Which is my principal use case for remote development.

Connecting to them this way brings them to their knees. That and seeing a host of new high memory processes doesn't give me warm fuzzies about the security risks on important remote systems.


Pretty much why I'm using sshfs and not the VSCode remote.

And Atom over sshfs, and crawling the whole project before showing a window is a deal breaker for me


While it can run the same extensions, some have to be requested to be added to the code-oss repository, as there are some things that I noticed aren't there, and the path recommended to those in this situation is to ask for them to be added on an as-desired basis.


Still respects the old settings. Easy to confirm by checking network traffic.


Microsoft thank you. You brought us the LSP and as thus every editor has the same capabilities as your spyware anti pattern. No need to use Vscode anyway.


Can this be removed, given that it has been proven false? Do you guys do that?


How is this in any way false? I just updated to the latest stable release and it turned telemetry back on, despite my old settings being off. Same as the original screenshot.


They do. E-mail: hn@ycombinator.com


Where was it proven false?


https://github.com/microsoft/vscode/issues/134660#issuecomme...

Test if for yourself if you must.

I tested with Wireshark. It does respect your previous setting if it is more restrictive.


Just use Emacs or Vim/NeoVim, they will never do that.


Use vscodium unless you need specific MS features. Alternatively inspect your outgoing traffic and block the telemetry sources.

vscode will still try sending data to those servers but won’t be able to reach them. Little overhead.


This is MS, of course they'll do this kind of thing.


I have not trusted M$ since the mid 90s when I first installed Slackware Linux (after using OS/2 2.0 for a year or 2).

I was using Vscodium occasionally and despite it being very easy to use, I'm going to uninstall it now and just focus on emacs and neovim. I do not even trust vscodium since the original codebase comes from tainted origins.


And it's uninstalled. Back to Atom.


The vscode team needs to start treating msft as a threat as well


So from bad to worse if true. Do you have evidence or a link to this?


Screenshot https://imgur.com/a/nxvH8cW


Yea, it's real, you have screenshot in description and PRs https://github.com/microsoft/vscode/pulls?q=is%3Apr+telemetr...


End of the day you're getting in bed with Microsoft. No matter ho open-source/friendly it seems.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: