Absolute ignorance of telemetry issues by VSCodium team. #732
Comments
|
open-vsx.org is not a telemetry domain, it's an extension store |
|
@megastallman Any help is welcome. I recommend you to make a PR if you find something missing. For
|
|
Thanks @daiyam for reaching out! As for |
|
Addressed to @megastallman I was interested in VSCodium because I wanted Visual Studio Code's functionality without telemetry for Julia programming. They even have a great extension called "julia-vscode"... It was a great idea to visit the issues page and see issues like #623 and this one appear. The webmasters should remove promising phrases like "Telemetry is disabled.", if they are proven to be false. Thanks for your research, or otherwise I would've used VSCodium and not other alternatives like Vim, Emacs, Atom etc. Cheers |
To clarify, this does not mean that someone should or should not use VSCodium, but for me specifically that this does not get fixed (#623 was created at 31.01.2021) is unacceptable. |
It seems to be the Open VSX Registry.
There seems to be no legitimate interest to connect to open-vsx.org, There should be an opt-out option in the settings like "Ask before connecting to open-svx.org when not using the extensions functionaliy?". The default opt-out option is "Ask", the others are "Forbid" and "Allow". Or even better, just forbid out-going connections to open-svx.org, when the end-user does not use the extensions store or anything which would require to connect to the domain. If the extensions page, or whatever it's called, is active and in focus (meaning that the mouse cursor is inside the page), then allow it. Afterwards, when out of focus block it again (default). Of course, instead of writing the domain in the settings text, which could change in the future, we can just use "Open SVX Registry". Cheers |
Why on Earth would they waste time implementing that? |
Because if I would be okay with that I could just visit Microsoft's vscode repo and build it myself manually without this out-going connection? I understand, you may not agree with my views regarding privacy policies and its enforcement, and that is fine, however do you not at least agree that it is hypocritical when the website states that "telemetry is disabled" and right there it just connects to a domain from a "Extensions Registry" when I do not even expect it and want it to do it. It's like buying a smart tv which advertises privacy for its users, but then it turns out that some connections still go out. So, instead of 93 out-going connections per hour, it would, for example, have 12. When switching channels there are 0, but when it awakes from standby and you change volume, the connections are still there. So telemetry is not "disabled", it's "minimized". You know what I mean? That, in my opinion, are low standards, meaning that the sense of this project goes away and away, the more stuff like this happens and gets detected by someone. Cheers |
|
It's not telemetry, and it's not Microsoft's domain. |
|
@concaam Feel free to make any PR for the change you would like 😉 |
"it's not Microsoft's domain" That would make sense, because open-vsx.org seems to be from the Eclipse Foundation. "It's not telemetry" Please describe exactly what you define under telemetry. "In software, telemetry is used to gather data on the use and performance of applications and application components, e.g. how often certain features are used, measurements of start-up time and processing time, hardware, application crashes, and general usage statistics and/or user behavior. In some cases, very detailed data is reported like individual window metrics, counts of used features, and individual function timings. This kind of telemetry can be essential to software developers to receive data from a wide variety of endpoints that can't possibly all be tested in-house, as well as getting data on the popularity of certain features and whether they should be given priority or be considered for removal. Due to concerns about privacy since software telemetry can easily be used to profile users, telemetry in user software is often user choice, commonly presented as an opt-in feature (requiring explicit user action to enable it) or user choice during the software installation process. " - https://en.wikipedia.org/wiki/Telemetry#Software Pushed code which seems to change the "extensions gallery" url from https://marketplace.visualstudio.com/_apis/public/gallery to Cheers |
I agree, that would be helpful. As already mentioned here:
Assuming that vscode connects to that domain by default on startup when not using any extensions related, a "firewall" option switch like "Ask", "Allow" and "Forbid" idea as mentioned here:
And a straight "forbid it, until it would be required, to integrate with the Open VSX Registry" idea:
What is your opinion on these two ideas? Cheers |
|
This issue violates the project's Code of Conduct and therefore should be deleted. The issue is based on the false fact that the Open VSX Registry would be telemetry. This is not true, as stated in the first comment by @nukeop. Since both, VSCodium and the Open VSX Registry are open source, it would be easy to find out what data is being transmitted for what reason. It's not okay to imply others don't care about privacy (I would assume the opposite; why else would one be here?), nor does it add value without saying what telemetry data is collected or how privacy is violated by requesting the Open VSX Registry via HTTPS. |
|
While I agree the original post was lacking of tact, borderline rude (main reason I've not replied immediately and that we are supporting this project on our free time). I understand that some people won't like any connection to be made. This is why I've encouraged them to make any PR as they see fit. |
|
@concaam would you be willing to make a PR with the relevant changes? As @howlger already mentioned, the Open VSX Registry is not telemetry and instead just the extension store that will most likely be pinged assuming you have auto-updates for extensions enabled. But your (second?) argument against the possible telemetry with I'm pretty sure there will be some people willing to help you, if you attempt to make the changes yourself, but it would help if you listen to their arguments and respect the Code of Conduct. I support your move against any contact to MS for VSCodium but this discussion will otherwise just get stuck. |
|
I always assumed telemetry is off on VS Codium by default. Reading description I thought there was an Open PR. |
|
@pmahend1 at least for my build (1.58.0 / The initial problem was AFAIK about vscodium contacting the extension store automatically, presumably to check for updates of extensions, and a ping to a MS domain when opening the builtin devtools. |
|
@pmahend1 @Chaostheorie |
|
@daiyam Thank you for the explanation. That seems like very reasonable defaults. |
|
@daiyam thank you for reconfirming. |
|
@megastallman Do you plan to make a PR to add an option so VSCodium don't make any connection? |
|
@concaam , please check my project: https://gitlab.com/megastallman/uncoded As for @daiyam @howlger - guys, you know... Your lies about "Telemetry is disabled." don't violate the CoCk. But when someone accuses you in those lies - it does. So, I have zero to no intent to cooperate with you, at least until you stop threatening me with you CoC, thanks! |
|
@megastallman As I stated, you are free to make PR if you find you did miss something. Also being politeness won't kill you 😉 |
Describe the bug
No one cares about telemetry found, and no one is even about to accept a telemetry hostname provided in #623 (comment)
Just add ticino.blob.core.windows.net to undo_telemetry.sh. I'm waiting for 3 months, and no one even noticed this issue.
Another problem is, that many people still believe that VSCodium removes telemetry, even though - it doesn't. So, false promises. Btw, there is a line, saying "Telemetry is disabled." on vscodium.com. Why are you lying?
Telemetry options are enabled by default... Nice!
However, there is also a bunch of leaks to open-vsx.org, that are intentionally ignored by the team.
Expected behavior
I expect VSCodium NOT connecting anywhere when not asked to. Also I expect the developers to fix the issues found.
Guys, the problems don't disappear, unless they are resolved.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: