Skip to content

Top Best Ask Show New Jobs

VSCode deprecates Enable Telemetry, auto-enrolls you in Telemetry?

388 pointstmpfile4y ago181 comments

VSCode has deprecated "Enable Telemetry" and now auto-enrolls you into their new Telemetry option even if you've disabled all the previous telemetry settings.

Screenshot https://imgur.com/a/nxvH8cW

The changes apply to the most recent version of vscode (version 1.61.0 released Oct 7).

181 comments

105 comments · 23 top-level

solarkraft4y ago· 18 in thread

Microsoft tries to make you think it’s not, but VSCode is proprietary if you download the official builds. Don’t use it!

The Vscodium project [0] exists and provides builds directly from the source.

This version has none of the user-hostile behavior! It also makes you realize Microsoft’s new round of EEE overreach when you see that the maintainers have to provide the extensions through their own repository and the default C# debugger doesn’t work for licensing reasons (everything else works perfectly).

Don’t trust Microsoft. Use the code they give you (which is generally fine), not their proprietary products (which are generally very much not fine).

[0]: https://vscodium.com

Don’t trust Microsoft extends to GitHub as well. Same company and same issues. GitHub probably has even more of developer mindshare and should get equal outrage as this. At least VS Code is open source.

Incredibly smart move from MS to buy github.

speg4y ago

This kills me because I use and love GitHub. I’ve tried Gitlab a few times and we do use it at my day job, but I keep coming back to GitHub for personal use.

stormbrew4y ago

Sadly the main thing I use vscode for doesn't work in vscodium, so it's completely useless to me: remote projects. Without that I may as well just go back to sublime, which is lighter and faster.

rPlayer65544y ago

I assume that means it is missing the tight integration with wsl which is my primary use case.

For reference, "EEE", especially in the context of Microsoft, stands for "Embrace, Extend, and Extinguish|Exterminate".

Link: https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...

From Wikipedia:

>"Embrace, extend, and extinguish" (EEE),[1] also known as "embrace, extend, and exterminate",[2] is a phrase that the U.S. Department of Justice found[3] that was used internally by Microsoft[4] to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences in order to strongly disadvantage its competitors.

foob4y ago

everything else works perfectly

Isn't it also the case that pylance doesn't work and has some form of DRM to prevent it from being used with the open source version? I'm not saying that as a reason not to use the open source version, just wondering if Microsoft has already rounded the corner on that second "E" in EEE.

smitop4y ago

Yes, the official VSCode binaries from Microsoft come with a binary blob to implement DRM. From the documentation (https://github.com/microsoft/vscode/wiki/Differences-between...): "The distribution includes a native node module that allows the extension to use a "handshake" to adhere to the license by ensuring it is being used from Visual Studio Code"

Master_Odin4y ago

How is building proprietary plugins for the editor they themselves created and maintain at all part of EEE? Unless it's someway to extinguish LSP, which they also created?

siproprio4y ago

"strategic product strategy businesses feature decision" as literally said by their PM.

wumpus4y ago

Why don't you use an editor which has nothing to do with Microsoft? "generally fine" is not a good reason to be involved with a predatory company.

d3nj4l4y ago

Because it’s hard to beat the ecosystem around VSCode. VSCode extensions take it from an OK text editor to an almost-emacs replacement.

tmpfileOP4y ago

It's cool they use the same source so it's always the current version. I always assume projects like these aren't current or are several versions behind.

And the Microsoft extensions, like for C++, fetch and run big binary analyzer daemons that do all the work behind the scenes. Use clangd and its extension instead.

homulilly4y ago

Looks like they don't ship Apple Silicon builds, unfortunately.

solarkraft4y ago

Ha, I considered mentioning it. Here are the Apple Silicon builds: https://github.com/tibeer/vscodium/releases

They’re still working on making them official.

thiht4y ago

Or just disable telemetry and be done with it.

This is your first day on earth? You sound like you have no experience how these tech companies grow and consume everything in their path. "Just disable it"... Sure. :)

username914y ago· 12 in thread

Reminder that Sublime Text is constantly being improved and might be worth a look if you haven't tried it in a while ~ https://www.sublimetext.com/

0des4y ago

A big reason why I don't buy sublime despite buying other products I don't use much is that it is not open source. That is a big one for me because even if I wanted to inspect for telemetry or other things, I'm not trusted to do so.

ipaddr4y ago

Purchase it if that bugs you. Not everything is freeware.

kstrauser4y ago

On Mac, Panic’s Nova is starting to look pretty good. A native editor with a profit model of “you use it, you pay for it” is more attractive by the day.

loosetypes4y ago

Does sublime support editing remote projects over ssh?

RheingoldRiver4y ago

Not well, that's the only time I use vscode (for everything else I use sublime or Pycharm if it's Python). I wanted to find a link for you to include in this post but searching "sublimetext ssh" etc didn't even bring up anything definitive, which kinda tells you how not great it is.

One option if it's just like 1 file at a time is to use WinSCP with Sublime as your default editor and just open the file, edit, close, but again, obviously not great.

Or Atom, which is free/open source: https://atom.io

Serious question: Why does Atom still exist? On the front page they advertise something called "Atom Teletype" which seems like a ripoff of VS Live Share (or was it the other way around?)

Why aren't the Atom people working on VSC instead?

edoceo4y ago

I wish. Has bugs that make it unusable. (ie: read whole project depth tree on window open)

I still use Atom as my daily driver. There are bugs, yes. Some are more annoying than others (looking at you, TypeScript plugin). But I enjoy the app's experience more than VSCode. I wish I had time to contribute to it, because it's still a solid editor, and I hope it lives on a lot longer. Also surprised there hasn't been a popular hard fork of it yet since the acquisition of GitHub.

Vim and Emacs are open source, actively maintained, very capable programming editors.

but ultimately owned by the same company as VSCode

gizdan4y ago

I thought Atom development was stopped? Guess I was mistaken.

Tyriar4y ago· 11 in thread

Hi all, I work on the VS Code team. This came up the other day in stand up and the initial plan was to deprecate and eventually remove the old setting. Several of us pushed back and said while we may deprecate the setting in favor of something else, the old setting should always be respected due to the sensitivity around telemetry.

If there's any confusion around this messaging it's because this discussion literally happened 2 days ago. I'll reopen https://github.com/microsoft/vscode/issues/134660 to make sure we clear up confusion.

jiggawatts4y ago

Just some feedback from the field: I work with some high-security networks, and the perception from those Microsoft customers is that whatever "good" that has come from Microsoft improving security in general has been completely undermined by the pervasive telemetry.

Windows 10 alone has something like 200 individual settings for disabling its various forms of telemetry. Office adds several dozen more. Dotnet itself has telemetry, then PowerShell on top of that. VS Code and Visual Studio both send telemetry.

On and on, and on... and then some more, and on... and ON and ON and...

There's just no end to it.

As administrators, it's like playing whack-a-mole against a thousand moles that are breeding exponentially.

We don't want to play this game any more.

Tyriar4y ago

Noted. I can't speak for anything other than VS Code but we have the toggle in product which is all you need to change to turn it off for the core, extensions may have their own setting or share the core toggle, but we often can't control that.

There's also the very detailed page on the website detailing this as well as how to see all telemetry events that are sent in real time in the output panel and even how to print out a report of all events that get sent with their classification (code --telemetry).

GekkePrutser4y ago

The reason is that Microsoft as a company is all-in on "data-driven" everything. They're trying to get their customers to adopt this approach too (and mostly succeeding, our company execs are constantly going on about it). Disabling telemetry breaks this so they make it as difficult as possible. Because that's where they're planning to have their major value-add.

I really hate it too. But it seems so be so heavily anchored in their strategy that I don't expect them to lighten up about it.

It's high time OSs try and implement something akin to what DoNotTrack was intended to do in web browsers. Of course it will have the same adoption issues faced by DNT, but if first-party apps (like VSCode, DotNet, and PowerShell under Windows) honored a centralized setting it would make life so much easier.

siproprio4y ago

Like what I heard from a colleague:

"If I've been called here, I can safely assume whatever's been done's been done wrong, otherwise I would not've been called here, cause I'm definitely not the cheapest option"

siproprio4y ago

No, but they're selling remote wipe to large enterprise customers on worker's device's, spying on workers privacy and selling that info to management, adding DRM to excel spreadsheets - but they just can't figure out how to have multiple customers editing the same document without losing data.

As devs dont often hear feedback - you guys are doing a great job on VSCode. There are some key issues that Code overcame compared to other IDEs, which is why so many teams use it. One of those is forced telemetry (others are pricing, integration, and memory / resources footprint).

Please continue to push back against moves towards forced telemetry. Some of us work in sensitive environments, others wish for privacy. For those of us that work in sensitive environments we could simply firewall the program to stop talk back, but that will likely break many other things. Currently we have a level of trust that strikes a good balance between over the top strict security and permissive security where there are few issues because Code is trusted from a trusted domain. Forcing telemetry is likely to have Cybersecurity teams flag the app at an enterprise level and start to introduce headaches as they start to try and curb information leak.

bloqs4y ago

Really appreciate the open responsiveness. I think most people on this site know the position you are in. Dont be put off by irritated people, it's easy to underestimate how much of waking life some people spend dealing with frustrations with specific bits of software.

artificialLimbs4y ago

So we should keep a copy of the old installer around?

Tyriar4y ago

Why would you need to do that given what I said?

siproprio4y ago

Yes. Those get harder to find every day unless you know exactly where to look. I also wouldn't put it past them retroactively patching builds to cover them up.

brundolf4y ago· 9 in thread

As someone who's worked on multiple power-user GUIs professionally, telemetry can be genuinely useful for improving the product. You can discover features that are never used and should be removed so attention can be focused elsewhere, and others that are used frequently and deserve more attention, and others that users may frequently have trouble with and should be fixed or improved.

I'm not saying this justifies dark patterns, and I have no firsthand knowledge of whether Microsoft is exclusively using this data for legitimate purposes. If it were me I'd enable it by default but make it clear and easy to disable for those who care. That said: I don't think the knee-jerk assumption that this is a wholly evil thing is justified.

It's not knee-jerk. This is the same company putting ads in the start menu and trying to force Windows users to log in to microsoft.com on boot. And I guarantee you, the PMs who pushed for those 'features' genuinely believed they were improving my user experience too.

It can be, but when you're a company like Microsoft you've poisoned the well with anyone who cares about these things. I have no confidence whatsoever that MS has purely good, product-improving/research-based intentions with VSCode telemetry.

As for this change, I've seen it myself, and I think it's just poor design, nothing evil. They are just refactoring telemetry control and fucked up with porting over existing preferences because it's not a 1:1 thing.

tmpfileOP4y ago

> make it clear and easy to disable for those who care

Exactly. Telemetry can be a useful like you said and should be clear to users when they are being opted into it. Especially if someone has disabled all telemetry, they should be prompted to enable it or configure it with the new settings. If you silently re-enable it on their device when they already went thru the trouble of disabling it (and not expecting the settings to change day-to-day), you'll get some knee-jerk assumptions and reactions, whether your intentions where noble or not.

> make it clear and easy to disable for those who care

No. Make it clear and easy to ENable for those who care.

Sure, they should have had a pop-up telling people about the change and making clear the option to opt-out. That would have been better. But seeing some of the responses here you'd think Microsoft had started streaming a video feed of your entire desktop with no way to disable it.

yjftsjthsd-h4y ago

> You can discover features that are never used and should be removed so attention can be focused elsewhere

That rests on some very specific assumptions; consider that, statistically, the "restore" feature of backup software is almost never used.

But when it is used they'll have telemetry on errors that occur during the restore process. So hopefully the next person doesn't have to deal with the same issues that the first did.

Telemetry that is not opt-in is not legal, that is the end of it. No amount of justification will change it and no justification should even be present, because spying on people is always wrong unless it is with consent (which is given freely and not as part of some wishy-washy dark pattern corporatism).

I strongly disagree with the opinion that telemetry should be enabled by default. I feel that it should be the opposite.

azinman24y ago· 8 in thread

What is this telemetry? My OS, computer model, IP, and VSCode version? Why is this so bad in comparison to any other web application or many other apps these days? I know many are up in arms about it, but what exactly is the hidden danger here? More ads about computer studs sold via a the meager Bing ads market?

The problem is other people treating other people's hardware as their playground.

We've gone too long without a reckoning as software authors in this regard. You are not entitled to do whatever you wish with someone else's hardware because of a click through. Those that continue to do so will be (in my case) blacklisted from running on my network.

shukantpal4y ago

The user entitle software when they install it & give privileges. The issue has to be solved upstream. Instead of blaming software vendors, we have to build the systems to take back control.

neurobashing4y ago

for some, simply not allowing me to opt-out without using other mechanisms (some sort of internal firewall etc) is enough. It's my computer, my network, and I get to say precisely how it is used; and that includes telemetry.

There are other threats and reasons, that others more versed in this can explain, but that is the one I can speak to.

d_tr4y ago

> simply not allowing me to opt-out ...

But let's note that this is not the case here. You can still opt out. If they are just resetting your old settings silently, however, then this is not a nice move and it will annoy exactly the people that care.

sto_hristo4y ago

>It's my computer, my network, and I get to say precisely how it is used

That is only realistic on linux. Everything else us just something you've rented.

Besides, you can always go for independent vscode clone. I don't know how good it is as i haven't tried it myself. I just know it exists.

hdjjhhvvhga4y ago

It doesn't matter. What matters - if these reports are true - is how they treat their users with these dark patterns. You just don't treat other people like that, it's just basic human decency.

hamburglar4y ago

And also there’s a legitimate slippery slope here. “Come on, this data they are sending is not sensitive” may apply today, but after you’ve opted in, now your job is perpetually keeping track of what new information they send in the future to make sure your assessment is still true. If there is a big off switch, the only thing we have to pay attention to is whether or not they are honoring that off switch.

dspillett4y ago

> My OS, computer model, IP, and VSCode version?

Right now, maybe. Or maybe more. Are you happy agreeing to it without being told? Being auto-enrolled without being told? What about if they add more later and don't feel the need to tell you as you didn't make the effort to opt out so must be happy with the tracking?

> Why is this so bad in comparison to any other web application or many other apps these days?

Because others do it doesn't make it right. People rail against web properties using what is seen as overly invasive telemetry/fingerprinting/profiling dark patterns too.

> but what exactly is the hidden danger here?

More information stored about you in more places, from whence it can leak further or dubious authorities can demand it be released, is a common fear in such cases for privacy campaigners and campaigners in general within the reach of certain governments.

(if people downvoting would like to let me know why, I'd be genuinely interested to know your counter point(s), otherwise I'm just going to assume that what I have said is true and you don't like it)

seabass4y ago· 6 in thread

Microsoft has really been pushing the telemetry lately. Edge phones home far more than any other browser. Windows itself has no way to fully disable data collection (only the option to send "basic" or "full" data, including which websites you visit--oof). If you use Pro and you are enough of a power user to feel comfortable editing registry settings, that's what is now required to turn telemetry off, and even then it's hard to know you did it correctly. And this type of tracking is pervasive across the entire Microsoft ecosystem, including within Xbox, Minecraft, Teams, and now VSCode. It's disappointing to say the least.

hda24y ago

> and even then it's hard to know you did it correctly

At that point, why not copy what people do with android? Just run a dummy "vpn" on your system that null-routes traffic going to microsoft-controlled domains or IP blocks. By no means a perfect solution for sure, but a really good one in practice.

You have remember to clear the telemetry cache and reconnect your system to microsoft to get updates from time to time.

If Windows 10 can't phone home, it thinks the network is disconnected and tries to fix the problem by restarting the network stack every ~10 minutes.

nextaccountic4y ago

> including which websites you visit

Are they crazy? How is this legal?

It is not, but that never stops large corporations :)

What if you set your location to France?

Sounds like something that could be fixed with a software tool, like uBlock for browsers.

pluc4y ago· 4 in thread

https://vscodium.com/

unfortunately, as I discovered with a recent fresh Manjaro install, VSCodium cannot access the standard MS extension repo, which makes it next to worthless as a production tool because no one is uploading anything to their own repo. I can't work without my tools, and I can't be arsed to manually install and build and update every extension and its dependencies that I rely on.

oh_boy4y ago

Sure you can use vscodium with the official marketplace. I use that for over a year now without issues.

https://github.com/VSCodium/vscodium/blob/master/DOCS.md#how...

solarkraft4y ago

What do you mean by “no one is uploading anything to their own repo”? Everything I’ve wanted (exception: dotnet debugger) is on https://open-vsx.org/.

kova124y ago

if you don't trust microsoft with telemetry, you shouldn't trust extensions written by random people either

omreaderhn4y ago· 4 in thread

Check out https://vscodium.com

https://github.com/VSCodium/vscodium

Builds of VS Code with telemetry stripped out

PaulKeeble4y ago

Looks identical, runs the same plugins just without the telemetry. The perfect solution.

easton4y ago

Except for the remote extensions, Pylance, and Live Share, IIRC. Which are pretty important to a lot of people's use of VSCode.

generalizations4y ago

The one extension I use the most is the remote access via ssh, and that's not available on vscodium last time I checked. Only reason I'm still on VSCode.

0des4y ago

While it can run the same extensions, some have to be requested to be added to the code-oss repository, as there are some things that I noticed aren't there, and the path recommended to those in this situation is to ask for them to be added on an as-desired basis.

IshKebab4y ago· 4 in thread

Can this be removed, given that it has been proven false? Do you guys do that?

Cabal4y ago

How is this in any way false? I just updated to the latest stable release and it turned telemetry back on, despite my old settings being off. Same as the original screenshot.

hu34y ago

They do. E-mail: hn@ycombinator.com

yjftsjthsd-h4y ago

Where was it proven false?

hu34y ago

https://github.com/microsoft/vscode/issues/134660#issuecomme...

Test if for yourself if you must.

I tested with Wireshark. It does respect your previous setting if it is more restrictive.

siproprio4y ago· 2 in thread

So, recapping vs code:

* They implemented proprietary sync protocols

* They obfuscate how 'settings' are saved - no, the settings.json is not what the editor uses and they hide stuff in the internal sqlite db they use

* Capping open versions of the product

* And finally, inserting proprietary "licensed" stuff and code that purposefully breaks if you're not licensed

siproprio4y ago

Then they'll use your code to train an AI to replace you.

siproprio4y ago

Lot's of extensions - the ones that Microsoft decided were 'strategic' - purposefuly stops working magically when you're using the "open" vscodium version.

rvz4y ago· 2 in thread

So from bad to worse if true. Do you have evidence or a link to this?

tmpfileOP4y ago

Screenshot https://imgur.com/a/nxvH8cW

agilob4y ago

Yea, it's real, you have screenshot in description and PRs https://github.com/microsoft/vscode/pulls?q=is%3Apr+telemetr...

FastEatSlow4y ago· 1 in thread

Source: https://code.visualstudio.com/updates/v1_61#_telemetry-setti...

You are not enrolled into the auto telemetry yet, the deprecated options are still respected for now. The new telemtry has the levels of on, crash and off. Useful if I want not to contribute my device info, but still help them with issues with the software itself.

anonymousab4y ago

> for now

Looks like it should be "forever" according to this comment:

https://github.com/microsoft/vscode/issues/134660#issuecomme...

But telemetry is one of those things that you can never trust a company about once it's in. Especially a company with a history of both mandatory telemetry and "oops didn't mean to ;)" telemetry-related setting resets.

chadlavi4y ago· 1 in thread

Microsoft microsofting. By which I mean making confusing UX choices that no user would want, with bad presets, and that get misinterpreted in the comment-o-sphere as dark patterns infringing on our freedoms.

They're transforming the control of telemetry to a different option. The problem is that the new option doesn't default to being based on your old telemetry opt-out value, it just defaults to "on" as if you just downloaded VSC. And this leads people to reading all kinds of evil intent into it.

But it's probably not. We've all worked on big complicated products at big, slow companies, right? This is just bad design.

siproprio4y ago

"bad at design":

Either their engineers are incompetent, and accidentally chose the evil thing, or they intentionally planned it to happen this way.

fartcannon4y ago

The goal of stuff like this is to wear you down into accepting all default parameters. Then, slowly ratchet up the invasiveness.

Still respects the old settings. Easy to confirm by checking network traffic.

jeff420694y ago

Microsoft thank you. You brought us the LSP and as thus every editor has the same capabilities as your spyware anti pattern. No need to use Vscode anyway.

xvilka4y ago

Just use Emacs or Vim/NeoVim, they will never do that.

lfaoro4y ago

Use vscodium unless you need specific MS features. Alternatively inspect your outgoing traffic and block the telemetry sources.

vscode will still try sending data to those servers but won’t be able to reach them. Little overhead.

coliveira4y ago

This is MS, of course they'll do this kind of thing.

b9be520d932864y ago

I have not trusted M$ since the mid 90s when I first installed Slackware Linux (after using OS/2 2.0 for a year or 2).

I was using Vscodium occasionally and despite it being very easy to use, I'm going to uninstall it now and just focus on emacs and neovim. I do not even trust vscodium since the original codebase comes from tainted origins.

nottaylorswift4y ago

And it's uninstalled. Back to Atom.

siproprio4y ago

The vscode team needs to start treating msft as a threat as well

TruthWillHurt4y ago

End of the day you're getting in bed with Microsoft. No matter ho open-source/friendly it seems.

j / k navigate · click thread line to collapse