VSCode deprecates Enable Telemetry, auto-enrolls you in Telemetry?

388 points | by tmpfile 17 days ago


  • Tyriar 17 days ago
    Hi all, I work on the VS Code team. This came up the other day in stand up and the initial plan was to deprecate and eventually remove the old setting. Several of us pushed back and said while we may deprecate the setting in favor of something else, the old setting should always be respected due to the sensitivity around telemetry.

    If there's any confusion around this messaging it's because this discussion literally happened 2 days ago. I'll reopen https://github.com/microsoft/vscode/issues/134660 to make sure we clear up confusion.

    • jiggawatts 17 days ago
      Just some feedback from the field: I work with some high-security networks, and the perception from those Microsoft customers is that whatever "good" that has come from Microsoft improving security in general has been completely undermined by the pervasive telemetry.

      Windows 10 alone has something like 200 individual settings for disabling its various forms of telemetry. Office adds several dozen more. Dotnet itself has telemetry, then PowerShell on top of that. VS Code and Visual Studio both send telemetry.

      On and on, and on... and then some more, and on... and ON and ON and...

      There's just no end to it.

      As administrators, it's like playing whack-a-mole against a thousand moles that are breeding exponentially.

      We don't want to play this game any more.

      • Tyriar 17 days ago
        Noted. I can't speak for anything other than VS Code but we have the toggle in product which is all you need to change to turn it off for the core, extensions may have their own setting or share the core toggle, but we often can't control that.

        There's also the very detailed page on the website detailing this as well as how to see all telemetry events that are sent in real time in the output panel and even how to print out a report of all events that get sent with their classification (code --telemetry).

        • lazyeye 16 days ago
          I'd like to express the same sentiment against all-pervasive telemetry in a far less civil way but dont want this comment deleted.

          I really wish I could use stronger language though....

        • Silhouette 16 days ago
          If you're interested in collecting feedback and passing it on, the other criticism I have in this area is that Microsoft's privacy policies are incomprehensible. Everything seems to refer to the same huge document in the first instance and that document seems to depend by reference on numerous supporting documents. Even figuring out which supporting documents might be relevant seems to require understanding ambiguous terminology about whether any given application or service fits into various categories.

          Personally, I'm not interested in messing around with that kind of nonsense. I don't want to engage a lawyer just to find out if I can safely run some software and in the modern world where we're dealing with things like personal data and sensitive business information (including code and clients' proprietary information used to write it) an organisation with Microsoft's recent track record on privacy isn't going to get the benefit of the doubt.

          • tekknik 15 days ago
            With all this backlash on telemetry, is it worth it? What are you actually getting from it beside ruining the progress MS has made with the dev community? Trust is hard to earn and takes seconds to lose.

            Remove it. Then champion removing it from the rest of MS’s products. If you must spy to learn your market, you should not be in that market.

            I still hold onto a Sublime Text license waiting for the day MS shows it’s true purpose of making VS code free. Has this day come?

            • markus_zhang 15 days ago
              Telemetry is like bureaucracy. Once you have one it's extremely difficult to get rid of it.
            • siproprio 17 days ago
              "I only speak for my product" Well, I speak from a customer perspective: MS is unethical.
              • dang 16 days ago
                Please don't flame people like this on HN. Regardless of how strongly you dislike or disagree with $BigCo, we want HN to be a place where people with inside knowledge can speak freely about what they know, without being attacked for it. It would be a bad outcome for HN to disincentivize this. Past explanations of this point: https://hn.algolia.com/?query=disincent%20by:dang&dateRange=....


                Edit: you've been posting a ton of unsubstantive and flamebait comments, most if not all of which are on this same theme, and you've been doing it for a long time. We ban accounts that do that sort of thing, so please don't do it any more. (No, we don't care about $BigCo. We care about keeping discussion here out of the shallow-flamewar end of the pool.)

                Edit 2: I just noticed https://news.ycombinator.com/item?id=28814819 - appreciated.

                • selfup 17 days ago
                  This comment isn't constructive at all. Keep it on topic and don't blame the messenger.
                  • siproprio 17 days ago
                    Sorry, I take it back, but I don't have access to the delete button.
                    • saagarjha 17 days ago
                      You can’t delete comments once they have been replied to. Just take the feedback into account for next time, I guess.
              • GekkePrutser 16 days ago
                The reason is that Microsoft as a company is all-in on "data-driven" everything. They're trying to get their customers to adopt this approach too (and mostly succeeding, our company execs are constantly going on about it). Disabling telemetry breaks this so they make it as difficult as possible. Because that's where they're planning to have their major value-add.

                I really hate it too. But it seems so be so heavily anchored in their strategy that I don't expect them to lighten up about it.

                • markus_zhang 15 days ago
                  It makes sense as selling cloud and data analytics solution is the new hottie for today's corporation world.
                • siproprio 17 days ago
                  Like what I heard from a colleague:

                  "If I've been called here, I can safely assume whatever's been done's been done wrong, otherwise I would not've been called here, cause I'm definitely not the cheapest option"

                  • lou1306 16 days ago
                    It's high time OSs try and implement something akin to what DoNotTrack was intended to do in web browsers. Of course it will have the same adoption issues faced by DNT, but if first-party apps (like VSCode, DotNet, and PowerShell under Windows) honored a centralized setting it would make life so much easier.
                    • KronisLV 16 days ago
                      Well, for Windows there is https://www.oo-software.com/en/shutup10 to help manage telemetry and other settings, though the OS resets certain user choices after updates.

                      Though, if possible, consider using GNU/Linux whenever possible - distros like Debian have historically had little controversies around them, even package popularity metrics are presented as a choice to you during install time: https://popcon.debian.org/

                      Certain other distros like Ubuntu have a bit more controversy surrounding them, for example, the snaps package mechanism which takes away the user's control over updates by default, though that's more of a security hole and a stability risk, rather than aggressive telemetry related (unless it's introduced by the package creators, a la Audacity's plans that were later rolled back https://github.com/audacity/audacity/pull/835).

                      Of course, if you truly care about your privacy and open software, you might as well use a fully GNU distribution, such as Trisquel, though there are factors like hardware compatibility and software availability which could pose challenges in such cases: https://trisquel.info/

                      • jiggawatts 16 days ago
                        This almost exists.

                        Windows comes in many flavours. The most "just stop it, okay?" version is the Long Term Servicing Channel (LTSC).

                        It's like the Windows you used to like, back in the XP days. No Xbox gaming bar or Minecraft. Minimal (no?) telemetry. No forced updates every 6 months that break things randomly.

                        In my line of work we used it a lot for things like virtual desktop fleets with thousands or even tens of thousands of instances Why? Because the "normal" builds would every now and then just 'decide' to force update themselves despite our best efforts to stop that. All at once. On an ephemeral environment, where the machines would reset on boot, and then try to apply the forced update again. And again, over and over...

                        Some Microsoft manager wanted their KPIs met, so they just.. rammed something through. Fuck everyone running a VDI fleet, a billboard, a kiosk, a test environment, or anything that needs any kind of stability at all. Big man at Microsoft needs a bonus for that new Tesla!

                        This was common practice in our line of business. LTSC or failure, those are the options.

                        Meanwhile, Microsoft, whenever they turned up to a customer site, would just keep harping on about how LTSC is not intended for users, how it's "bad", and how the six-monthly releases provide Enhanced Experiences(tm) or whatever. They would stop just short of calling us unprofessional in front of our customers. Just.

                        It was the most absurd thing to watch happen. The disconnect between Microsoft and their customers is almost comical now...

                        • GekkePrutser 16 days ago
                          LTSC as of 2019 also includes telemetry now. You get the same choice as on regular Windows: all telemetry or just the basics
                      • siproprio 17 days ago
                        No, but they're selling remote wipe to large enterprise customers on worker's device's, spying on workers privacy and selling that info to management, adding DRM to excel spreadsheets - but they just can't figure out how to have multiple customers editing the same document without losing data.
                        • siproprio 17 days ago
                          I've worked on a place where somehow Teams managed to f@ck double clicking on an excel spreadsheet. Across organizations. On a sensitive critical infrastructure planning document.
                          • siproprio 17 days ago
                            "we sell you 4 different communications and productivity enhancement software products, none of those are really any good but guess what, we managed to upsell your organization into purchasing this crap "
                            • siproprio 17 days ago
                              "and look, your competitors purchased this and they're using it (they weren't), so you need it too for compatibility reasons"
                      • anakaine 17 days ago
                        As devs dont often hear feedback - you guys are doing a great job on VSCode. There are some key issues that Code overcame compared to other IDEs, which is why so many teams use it. One of those is forced telemetry (others are pricing, integration, and memory / resources footprint).

                        Please continue to push back against moves towards forced telemetry. Some of us work in sensitive environments, others wish for privacy. For those of us that work in sensitive environments we could simply firewall the program to stop talk back, but that will likely break many other things. Currently we have a level of trust that strikes a good balance between over the top strict security and permissive security where there are few issues because Code is trusted from a trusted domain. Forcing telemetry is likely to have Cybersecurity teams flag the app at an enterprise level and start to introduce headaches as they start to try and curb information leak.

                        • bloqs 15 days ago
                          Really appreciate the open responsiveness. I think most people on this site know the position you are in. Dont be put off by irritated people, it's easy to underestimate how much of waking life some people spend dealing with frustrations with specific bits of software.
                          • artificialLimbs 17 days ago
                            So we should keep a copy of the old installer around?
                            • Tyriar 17 days ago
                              Why would you need to do that given what I said?
                              • mejari 17 days ago
                                Presumably so someone installing for the first time can install an older version where they can set the toggle before upgrading to when the toggle is removed?
                                • Tyriar 17 days ago
                                  Maybe there's a misunderstanding. The old toggle is deprecated, but the plan is that you will always be able to use it. The new toggle is just a different setting and can still be used there on newer versions ("telemetry.telemetryLevel": "off").
                                  • tremon 17 days ago
                                    And how do both toggles combine? Is this the implemented truth table?

                                      telemetryLevel  newTelemetryLevel  result
                                      off             off                no telemetry sent
                                      on              off                telemetry sent
                                      off             on                 telemetry sent
                                      on              on                 telemetry sent
                                    • rnotaro 17 days ago
                                      It used the most restrictive setting. [1]

                                      > @john-aws It does respect your prior settings. If you disabled telemetry before it will still be disabled even though telemetryLevel is set to "on" by default. We always take the most restrictive of the two settings. You can confirm this by setting Log level to trace and seeing no telemetry is flowing in the output channel. The old setting will never be completely removed to prevent enablement of people who previously disabled telemetry but it is deprecated so we recommend setting this new setting to "off" and removing the older settings from your settings.json

                                      So the truth table would look like this :

                                        telemetryLevel  newTelemetryLevel  result
                                        off             off                no telemetry sent
                                        on              off                no telemetry sent
                                        off             on                 no telemetry sent
                                        on              on                 telemetry sent
                                      The new telemetry level can be set to Off, Error, On.

                                      The actual code is on github[2] and looks like this :

                                         const newConfig = configurationService.getValue<TelemetryConfiguration>(TELEMETRY_SETTING_ID);
                                         const oldConfig = configurationService.getValue(TELEMETRY_OLD_SETTING_ID);
                                         // Check old config for disablement
                                         if (oldConfig !== undefined && oldConfig === false) {
                                          return TelemetryLevel.NONE;
                                         switch (newConfig ?? TelemetryConfiguration.ON) {
                                          case TelemetryConfiguration.ON:
                                           return TelemetryLevel.USAGE;
                                          case TelemetryConfiguration.ERROR:
                                           return TelemetryLevel.ERROR;
                                          case TelemetryConfiguration.OFF:
                                           return TelemetryLevel.NONE;
                                      [1] https://github.com/microsoft/vscode/issues/134660#issuecomme...

                                      [2] https://github.com/microsoft/vscode/blob/be75065e817ebd7b625...

                                      • judge2020 17 days ago

                                        If either are 'off', it's sending no data. The new one also allows you to only send error logs, so the truth table would be more complex.

                                • siproprio 17 days ago
                                  Yes. Those get harder to find every day unless you know exactly where to look. I also wouldn't put it past them retroactively patching builds to cover them up.
                                • throwawaymanbot 17 days ago
                                  Why the dick move though? Any insight? M$ keeps saying it’s no longer like this but does stuff like this…
                                • seabass 17 days ago
                                  Microsoft has really been pushing the telemetry lately. Edge phones home far more than any other browser. Windows itself has no way to fully disable data collection (only the option to send "basic" or "full" data, including which websites you visit--oof). If you use Pro and you are enough of a power user to feel comfortable editing registry settings, that's what is now required to turn telemetry off, and even then it's hard to know you did it correctly. And this type of tracking is pervasive across the entire Microsoft ecosystem, including within Xbox, Minecraft, Teams, and now VSCode. It's disappointing to say the least.
                                  • nextaccountic 15 days ago
                                    > including which websites you visit

                                    Are they crazy? How is this legal?

                                    • krageon 15 days ago
                                      It is not, but that never stops large corporations :)
                                    • hda2 17 days ago
                                      > and even then it's hard to know you did it correctly

                                      At that point, why not copy what people do with android? Just run a dummy "vpn" on your system that null-routes traffic going to microsoft-controlled domains or IP blocks. By no means a perfect solution for sure, but a really good one in practice.

                                      You have remember to clear the telemetry cache and reconnect your system to microsoft to get updates from time to time.

                                      • RachelF 17 days ago
                                        If Windows 10 can't phone home, it thinks the network is disconnected and tries to fix the problem by restarting the network stack every ~10 minutes.
                                        • bitwize 16 days ago
                                          I'm sure that if not Windows 11, some version further in the future will interpret an inability to phone home as a network disconnect, and warn the user that they are out of compliance with their license agreement and their OS will stop working in 24 hours.
                                          • wazzaps 16 days ago
                                            Could you provide a source for that? Couldn't find anything on Google about that
                                            • RachelF 16 days ago
                                              search for wlan autoconfig
                                        • atatatat 17 days ago
                                          What if you set your location to France?
                                          • visarga 17 days ago
                                            Sounds like something that could be fixed with a software tool, like uBlock for browsers.
                                          • brundolf 17 days ago
                                            As someone who's worked on multiple power-user GUIs professionally, telemetry can be genuinely useful for improving the product. You can discover features that are never used and should be removed so attention can be focused elsewhere, and others that are used frequently and deserve more attention, and others that users may frequently have trouble with and should be fixed or improved.

                                            I'm not saying this justifies dark patterns, and I have no firsthand knowledge of whether Microsoft is exclusively using this data for legitimate purposes. If it were me I'd enable it by default but make it clear and easy to disable for those who care. That said: I don't think the knee-jerk assumption that this is a wholly evil thing is justified.

                                            • ineptech 17 days ago
                                              It's not knee-jerk. This is the same company putting ads in the start menu and trying to force Windows users to log in to microsoft.com on boot. And I guarantee you, the PMs who pushed for those 'features' genuinely believed they were improving my user experience too.
                                              • chadlavi 17 days ago
                                                It can be, but when you're a company like Microsoft you've poisoned the well with anyone who cares about these things. I have no confidence whatsoever that MS has purely good, product-improving/research-based intentions with VSCode telemetry.

                                                As for this change, I've seen it myself, and I think it's just poor design, nothing evil. They are just refactoring telemetry control and fucked up with porting over existing preferences because it's not a 1:1 thing.

                                                • tmpfile 17 days ago
                                                  > make it clear and easy to disable for those who care

                                                  Exactly. Telemetry can be a useful like you said and should be clear to users when they are being opted into it. Especially if someone has disabled all telemetry, they should be prompted to enable it or configure it with the new settings. If you silently re-enable it on their device when they already went thru the trouble of disabling it (and not expecting the settings to change day-to-day), you'll get some knee-jerk assumptions and reactions, whether your intentions where noble or not.

                                                  • capdeck 17 days ago
                                                    > make it clear and easy to disable for those who care

                                                    No. Make it clear and easy to ENable for those who care.

                                                    • NullPrefix 16 days ago
                                                      Telemetry of settings usage would tell that there are no users who care to enable it.
                                                    • brundolf 17 days ago
                                                      Sure, they should have had a pop-up telling people about the change and making clear the option to opt-out. That would have been better. But seeing some of the responses here you'd think Microsoft had started streaming a video feed of your entire desktop with no way to disable it.
                                                      • Silhouette 16 days ago
                                                        But seeing some of the responses here you'd think Microsoft had started streaming a video feed of your entire desktop with no way to disable it.

                                                        I once asked, seriously, whether there was any guarantee that enabling telemetry in a Microsoft developer product would not result in sending code we were working on back to Microsoft, inadvertently or otherwise. No-one could give me a clear confirmation that it would not. The responses were about 20% "we trust Microsoft, they'd obviously never do this" and about 80% silent downvotes.

                                                        If my business could be facing considerable damages for violating confidentiality agreements if something like that ever happened and sensitive information did leak, that's just not a convincing response. Microsoft have been pushing mandatory telemetry, mandatory and automatically deployed user-hostile updates and radical changes in data usage like GitHub Copilot. You'd have to be crazy to give them any benefit of the doubt in this area now. If they want phone-home on and they promise they're not going to take anything they shouldn't, we want to see the technical measures and legally actionable documentation to back that up.

                                                        • tmpfile 17 days ago
                                                          Definitely. Settings that have the perception of "streaming a video feed of your entire desktop" should be treated with more care.
                                                      • yjftsjthsd-h 17 days ago
                                                        > You can discover features that are never used and should be removed so attention can be focused elsewhere

                                                        That rests on some very specific assumptions; consider that, statistically, the "restore" feature of backup software is almost never used.

                                                        • fbrchps 17 days ago
                                                          But when it is used they'll have telemetry on errors that occur during the restore process. So hopefully the next person doesn't have to deal with the same issues that the first did.
                                                          • chongli 17 days ago
                                                            I believe the GP's point was that if you follow the "remove anything that users rarely use in telemetry data" philosophy then you end up removing the restore feature of the backup software, defeating the entire purpose of backup software in the first place.

                                                            In other words, just because a feature is used rarely doesn't mean it isn't important to keep around. So much of what's wrong with software these days can be attributed to this "A/B test everything, the data never lies" approach to design.

                                                            • yjftsjthsd-h 17 days ago
                                                              Precisely; frequency of use is not the same as importance, and confluating them is dangerous when you use it to justify cutting features.
                                                              • pronik 16 days ago
                                                                Just like Android telling me "you haven't used these apps in a while, let's remove them" while the apps are of the use-once-a-year or emergency kind of software.
                                                              • AlexandrB 17 days ago
                                                                > So much of what's wrong with software these days can be attributed to this "A/B test everything, the data never lies" approach to design.

                                                                Design by focus group where the focus group is the users who left telemetry on/unblocked.

                                                              • yjftsjthsd-h 17 days ago
                                                                We were talking about use stats, not crash reporting (which, yes, is more defensible).
                                                            • Crontab 17 days ago
                                                              I strongly disagree with the opinion that telemetry should be enabled by default. I feel that it should be the opposite.
                                                              • krageon 15 days ago
                                                                Telemetry that is not opt-in is not legal, that is the end of it. No amount of justification will change it and no justification should even be present, because spying on people is always wrong unless it is with consent (which is given freely and not as part of some wishy-washy dark pattern corporatism).
                                                              • FastEatSlow 17 days ago
                                                                Source: https://code.visualstudio.com/updates/v1_61#_telemetry-setti...

                                                                You are not enrolled into the auto telemetry yet, the deprecated options are still respected for now. The new telemtry has the levels of on, crash and off. Useful if I want not to contribute my device info, but still help them with issues with the software itself.

                                                              • solarkraft 17 days ago
                                                                Microsoft tries to make you think it’s not, but VSCode is proprietary if you download the official builds. Don’t use it!

                                                                The Vscodium project [0] exists and provides builds directly from the source.

                                                                This version has none of the user-hostile behavior! It also makes you realize Microsoft’s new round of EEE overreach when you see that the maintainers have to provide the extensions through their own repository and the default C# debugger doesn’t work for licensing reasons (everything else works perfectly).

                                                                Don’t trust Microsoft. Use the code they give you (which is generally fine), not their proprietary products (which are generally very much not fine).

                                                                [0]: https://vscodium.com

                                                                • toastal 16 days ago
                                                                  Don’t trust Microsoft extends to GitHub as well. Same company and same issues. GitHub probably has even more of developer mindshare and should get equal outrage as this. At least VS Code is open source.
                                                                  • number6 16 days ago
                                                                    Incredibly smart move from MS to buy github.
                                                                    • malka 16 days ago
                                                                      Never rely on GitHub features, like issues, wiki or actions.

                                                                      While the repo itself cannot lock you in, theses can.

                                                                      • toastal 16 days ago
                                                                        Certainly is neo-EEE as developer "influencers" claim M$ has turned a new leaf
                                                                      • speg 16 days ago
                                                                        This kills me because I use and love GitHub. I’ve tried Gitlab a few times and we do use it at my day job, but I keep coming back to GitHub for personal use.
                                                                        • toastal 16 days ago
                                                                          GitLab is fine and well-integrated, but it can be heavy and slow. There are alternatives. Sourcehut, Gitea, Codeberg (runs Gitea), GNU Savannah, or just plain cgit. It isn't a binary choice.

                                                                          I think GitHub might actually be best suited for personal projects. Projects aimed at others is now making contributors accept GitHub's proprietary ToS, vendor lock-in, and whatever experimental ways they plan to scan and profit from your code by offering it for "free".

                                                                      • stormbrew 17 days ago
                                                                        Sadly the main thing I use vscode for doesn't work in vscodium, so it's completely useless to me: remote projects. Without that I may as well just go back to sublime, which is lighter and faster.
                                                                        • rPlayer6554 16 days ago
                                                                          I assume that means it is missing the tight integration with wsl which is my primary use case.
                                                                          • 5e92cb50239222b 16 days ago
                                                                            … or the other way around. It works fine-ish, better than using Windows directly in any case, for me at least.
                                                                            • alexeiz 16 days ago
                                                                              It's not just WSL. There is "remote-ssh" for vscodium either.
                                                                              • number6 16 days ago
                                                                                What does this do? Or better What is the use case? I never really worked with VSC other than the basics and I rarely connect to servers to edit files or sourcecode
                                                                                • kdmytro 16 days ago
                                                                                  I use "Remote - SSH" to develop on a VM. I try to keep the amount of software I run on my laptop to a minimum to keep it cooler and quieter. I have a VM on my workstation PC at home, which has a much better CPU than my laptop. The VM runs vscode backend, while the laptop runs vscode frontend, slack and a web browser.
                                                                                  • number6 16 days ago
                                                                                    Okay, I get this, guess I would just ssh -x for that purpose, but that assumes a full Linux environment.

                                                                                    Keeping a laptop cool and quite while running slack and vscodium is a task in itself. I guess I would create a CI Pipeline and just commit via git

                                                                                    • stormbrew 15 days ago
                                                                                      vscode remote ssh mode is a much better experience than x forwarding. Like, it's not even close. It is hands down the best remote editing experience I've ever used in any kind of editor or ide, and running anything electron through remote X11 is basically like trying to kill a flea with a tractor.
                                                                              • jmiskovic 13 days ago
                                                                                So the Linux is forcing you to use proprietary version of SW? That's wild.
                                                                            • Jugurtha 16 days ago
                                                                              For reference, "EEE", especially in the context of Microsoft, stands for "Embrace, Extend, and Extinguish|Exterminate".

                                                                              Link: https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...

                                                                              From Wikipedia:

                                                                              >"Embrace, extend, and extinguish" (EEE),[1] also known as "embrace, extend, and exterminate",[2] is a phrase that the U.S. Department of Justice found[3] that was used internally by Microsoft[4] to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences in order to strongly disadvantage its competitors.

                                                                              • foob 17 days ago
                                                                                everything else works perfectly

                                                                                Isn't it also the case that pylance doesn't work and has some form of DRM to prevent it from being used with the open source version? I'm not saying that as a reason not to use the open source version, just wondering if Microsoft has already rounded the corner on that second "E" in EEE.

                                                                                • smitop 17 days ago
                                                                                  Yes, the official VSCode binaries from Microsoft come with a binary blob to implement DRM. From the documentation (https://github.com/microsoft/vscode/wiki/Differences-between...): "The distribution includes a native node module that allows the extension to use a "handshake" to adhere to the license by ensuring it is being used from Visual Studio Code"
                                                                                  • Master_Odin 16 days ago
                                                                                    How is building proprietary plugins for the editor they themselves created and maintain at all part of EEE? Unless it's someway to extinguish LSP, which they also created?
                                                                                    • siproprio 17 days ago
                                                                                      "strategic product strategy businesses feature decision" as literally said by their PM.
                                                                                    • wumpus 17 days ago
                                                                                      Why don't you use an editor which has nothing to do with Microsoft? "generally fine" is not a good reason to be involved with a predatory company.
                                                                                      • d3nj4l 17 days ago
                                                                                        Because it’s hard to beat the ecosystem around VSCode. VSCode extensions take it from an OK text editor to an almost-emacs replacement.
                                                                                        • wumpus 16 days ago
                                                                                          Funny thing, I waited a little and then added some new, great emacs implementations of everything people were saying was so great about VSCode.
                                                                                          • subsection1h 16 days ago
                                                                                            Yeah, lsp-mode for Emacs exists because Microsoft created LSP for VS Code, so I'm glad VS Code was created even though I'll never use it.

                                                                                            (I installed VS Code to see what the fuss was about and the first thing I wanted to do was hide the tabs because tabs are a useless eyesore in a text editor. But when I searched for a way to hide them, I read that it wasn't possible. Madness. I'll never understand how tech enthusiasts can enjoy using software that provides them with so little control.)

                                                                                      • tmpfile 17 days ago
                                                                                        It's cool they use the same source so it's always the current version. I always assume projects like these aren't current or are several versions behind.
                                                                                        • BearOso 17 days ago
                                                                                          And the Microsoft extensions, like for C++, fetch and run big binary analyzer daemons that do all the work behind the scenes. Use clangd and its extension instead.
                                                                                          • homulilly 17 days ago
                                                                                            Looks like they don't ship Apple Silicon builds, unfortunately.
                                                                                          • thiht 16 days ago
                                                                                            Or just disable telemetry and be done with it.
                                                                                            • peakaboo 16 days ago
                                                                                              This is your first day on earth? You sound like you have no experience how these tech companies grow and consume everything in their path. "Just disable it"... Sure. :)
                                                                                          • username91 17 days ago
                                                                                            Reminder that Sublime Text is constantly being improved and might be worth a look if you haven't tried it in a while ~ https://www.sublimetext.com/
                                                                                            • 0des 17 days ago
                                                                                              A big reason why I don't buy sublime despite buying other products I don't use much is that it is not open source. That is a big one for me because even if I wanted to inspect for telemetry or other things, I'm not trusted to do so.
                                                                                              • ipaddr 17 days ago
                                                                                                Purchase it if that bugs you. Not everything is freeware.
                                                                                                • hu3 17 days ago
                                                                                                  How is purchasing going to make it open-source?
                                                                                                  • oliwarner 17 days ago
                                                                                                    Unless the "it" there is Sublime HQ Pty Ltd. That'd get you the source.
                                                                                                    • ipaddr 16 days ago
                                                                                                      The original comment was changed. Originally author was saying they hate the reminder in Sublime. In that case purchase a licease. The comment now says they want open source only.
                                                                                                      • hu3 16 days ago
                                                                                                        indeed. sigh. i'll have to start quoting comments to retain context. it adds noise tho =/
                                                                                              • kstrauser 17 days ago
                                                                                                On Mac, Panic’s Nova is starting to look pretty good. A native editor with a profit model of “you use it, you pay for it” is more attractive by the day.
                                                                                                • loosetypes 17 days ago
                                                                                                  Does sublime support editing remote projects over ssh?
                                                                                                  • RheingoldRiver 17 days ago
                                                                                                    Not well, that's the only time I use vscode (for everything else I use sublime or Pycharm if it's Python). I wanted to find a link for you to include in this post but searching "sublimetext ssh" etc didn't even bring up anything definitive, which kinda tells you how not great it is.

                                                                                                    One option if it's just like 1 file at a time is to use WinSCP with Sublime as your default editor and just open the file, edit, close, but again, obviously not great.

                                                                                                    • yourad_io 17 days ago
                                                                                                      Have you considered sshfs?

                                                                                                      I haven't used it in years but I recall it mostly working.

                                                                                                      • visarga 17 days ago
                                                                                                        That's not good enough, no remote debugging and shell integration. VSCode makes you feel like you're on the remote system locally.
                                                                                                        • RheingoldRiver 16 days ago
                                                                                                          > VSCode makes you feel like you're on the remote system locally.

                                                                                                          In fact, you are. It runs the plugins on the remote system. Which, while nice for UX, made me upgrade my blog's droplet from 1GB to 2GB memory ($5/month -> $10/month). But I figured it's worth it because it lowers the barrier of entry to writing, and anything to make the process of writing as painless as possible is worth it (and I'm still publishing once/week so I guess it's paying off)....

                                                                                                          • yourad_io 16 days ago
                                                                                                            But it mounts the remote fs as local. You should be able to debug locally and do whatever in the shell at it is a local mount, no?
                                                                                                    • smoldesu 17 days ago
                                                                                                      Or Atom, which is free/open source: https://atom.io
                                                                                                      • nexuist 17 days ago
                                                                                                        Serious question: Why does Atom still exist? On the front page they advertise something called "Atom Teletype" which seems like a ripoff of VS Live Share (or was it the other way around?)

                                                                                                        Why aren't the Atom people working on VSC instead?

                                                                                                        • Macha 17 days ago
                                                                                                          > Why aren't the Atom people working on VSC instead?


                                                                                                          Looks like the original contributors have mostly moved on to other projects, and activity is significantly diminished, but it's an open source project and they've not gone out of their way to block the community from continuing.

                                                                                                          • yepthatsreality 17 days ago
                                                                                                            Because more than one editor based off of Electron can exist and something doesn’t have to cease just because the sheep moved to the next field.

                                                                                                            Why does Visual Studio still exist?

                                                                                                            Why does Sublime Text still exist?

                                                                                                            Why does Notepad++ still exist?

                                                                                                            • saagarjha 17 days ago
                                                                                                              The question was asked because Atom doesn’t seem to see much development effort anymore, while the rest of the things you mentioned do.
                                                                                                              • yepthatsreality 16 days ago
                                                                                                                So we should rid it from existence? Or is this a suggestion to delete the repository?

                                                                                                                Does Atom exist if you never need it again or the project is never maintained?

                                                                                                                • nexuist 16 days ago
                                                                                                                  I don't think we should get rid of Atom or anything like that, the point of my question is why the Atom contributors chose to not move on to VSC and continue to maintain Atom to the point of launching competing cloud options like Teletype. It's weird because both ventures are ultimately owned by Microsoft so it's confusing why they're paying two sets of developers to compete against each other.
                                                                                                                  • yepthatsreality 15 days ago
                                                                                                                    Atom/GitHub wasn’t owned by Microsoft when Visual Studio Code gained traction. I’m guessing that the maintainers had no interest in giving Microsoft more help in reducing Atom to an unmaintained status and promoting Visual Studio Code for free. If the maintainers work for Microsoft now, I highly doubt it was ever a choice to move on. Teletype was probably in progress as well pre-acquisition, as that sort of feature came much much later in Visual Studio Codes development.
                                                                                                          • edoceo 17 days ago
                                                                                                            I wish. Has bugs that make it unusable. (ie: read whole project depth tree on window open)
                                                                                                            • andrew_ 17 days ago
                                                                                                              I still use Atom as my daily driver. There are bugs, yes. Some are more annoying than others (looking at you, TypeScript plugin). But I enjoy the app's experience more than VSCode. I wish I had time to contribute to it, because it's still a solid editor, and I hope it lives on a lot longer. Also surprised there hasn't been a popular hard fork of it yet since the acquisition of GitHub.
                                                                                                              • bitwize 16 days ago
                                                                                                                Vim and Emacs are open source, actively maintained, very capable programming editors.
                                                                                                                • blibble 17 days ago
                                                                                                                  but ultimately owned by the same company as VSCode
                                                                                                                  • gizdan 17 days ago
                                                                                                                    I thought Atom development was stopped? Guess I was mistaken.
                                                                                                                • azinman2 17 days ago
                                                                                                                  What is this telemetry? My OS, computer model, IP, and VSCode version? Why is this so bad in comparison to any other web application or many other apps these days? I know many are up in arms about it, but what exactly is the hidden danger here? More ads about computer studs sold via a the meager Bing ads market?
                                                                                                                  • salawat 17 days ago
                                                                                                                    The problem is other people treating other people's hardware as their playground.

                                                                                                                    We've gone too long without a reckoning as software authors in this regard. You are not entitled to do whatever you wish with someone else's hardware because of a click through. Those that continue to do so will be (in my case) blacklisted from running on my network.

                                                                                                                    • shukantpal 17 days ago
                                                                                                                      The user entitle software when they install it & give privileges. The issue has to be solved upstream. Instead of blaming software vendors, we have to build the systems to take back control.
                                                                                                                      • account42 15 days ago
                                                                                                                        Software that disregards the users wishes when you run it used to be called malware. An install is not an entitlement to do whatever you want. Software vendors are the ones writing this malware so why should they not be blamed.
                                                                                                                    • neurobashing 17 days ago
                                                                                                                      for some, simply not allowing me to opt-out without using other mechanisms (some sort of internal firewall etc) is enough. It's my computer, my network, and I get to say precisely how it is used; and that includes telemetry.

                                                                                                                      There are other threats and reasons, that others more versed in this can explain, but that is the one I can speak to.

                                                                                                                      • d_tr 17 days ago
                                                                                                                        > simply not allowing me to opt-out ...

                                                                                                                        But let's note that this is not the case here. You can still opt out. If they are just resetting your old settings silently, however, then this is not a nice move and it will annoy exactly the people that care.

                                                                                                                        • edoceo 17 days ago
                                                                                                                          > they are just resetting your old settings silently

                                                                                                                          That kind of behavior bis frowned upon in this establishment

                                                                                                                      • sto_hristo 17 days ago
                                                                                                                        >It's my computer, my network, and I get to say precisely how it is used

                                                                                                                        That is only realistic on linux. Everything else us just something you've rented.

                                                                                                                        Besides, you can always go for independent vscode clone. I don't know how good it is as i haven't tried it myself. I just know it exists.

                                                                                                                        • kodah 17 days ago
                                                                                                                          Linux may be the only kernel (and general class of operating systems) that is capable of robust transparency and control, but that doesn't mean that it isn't a common ideal among more general computer users. The argument I hear most frequently is that users are fairly oblivious to one or more of these points:

                                                                                                                          - That data is collected

                                                                                                                          - That you or your device can be identified from data

                                                                                                                          - That data does not have an expiration

                                                                                                                          - How the data is used (eg: multi-use, for troubleshooting, for marketing)

                                                                                                                          There are multiple ways to democratize knowledge, but most ideal is having companies just be upfront and teaching engineers why it's important to stress building notifications and/or levers for these kinds of capabilities.

                                                                                                                          • trutannus 17 days ago
                                                                                                                            A lot of the people who care this much also use Linux, so this is somewhat of a moot point.
                                                                                                                        • hdjjhhvvhga 17 days ago
                                                                                                                          It doesn't matter. What matters - if these reports are true - is how they treat their users with these dark patterns. You just don't treat other people like that, it's just basic human decency.
                                                                                                                          • hamburglar 17 days ago
                                                                                                                            And also there’s a legitimate slippery slope here. “Come on, this data they are sending is not sensitive” may apply today, but after you’ve opted in, now your job is perpetually keeping track of what new information they send in the future to make sure your assessment is still true. If there is a big off switch, the only thing we have to pay attention to is whether or not they are honoring that off switch.
                                                                                                                          • dspillett 17 days ago
                                                                                                                            > My OS, computer model, IP, and VSCode version?

                                                                                                                            Right now, maybe. Or maybe more. Are you happy agreeing to it without being told? Being auto-enrolled without being told? What about if they add more later and don't feel the need to tell you as you didn't make the effort to opt out so must be happy with the tracking?

                                                                                                                            > Why is this so bad in comparison to any other web application or many other apps these days?

                                                                                                                            Because others do it doesn't make it right. People rail against web properties using what is seen as overly invasive telemetry/fingerprinting/profiling dark patterns too.

                                                                                                                            > but what exactly is the hidden danger here?

                                                                                                                            More information stored about you in more places, from whence it can leak further or dubious authorities can demand it be released, is a common fear in such cases for privacy campaigners and campaigners in general within the reach of certain governments.

                                                                                                                            (if people downvoting would like to let me know why, I'd be genuinely interested to know your counter point(s), otherwise I'm just going to assume that what I have said is true and you don't like it)

                                                                                                                          • pluc 17 days ago
                                                                                                                            • jarcane 17 days ago
                                                                                                                              unfortunately, as I discovered with a recent fresh Manjaro install, VSCodium cannot access the standard MS extension repo, which makes it next to worthless as a production tool because no one is uploading anything to their own repo. I can't work without my tools, and I can't be arsed to manually install and build and update every extension and its dependencies that I rely on.
                                                                                                                              • oh_boy 17 days ago
                                                                                                                                Sure you can use vscodium with the official marketplace. I use that for over a year now without issues.


                                                                                                                                • easton 17 days ago
                                                                                                                                  Of course, that's against the Microsoft licensing agreement. The VS Extension marketplace is only licensed for use with Visual Studio and Visual Studio Code (as are all of the good Microsoft extensions: Pylance, the Remote Pack, Codespaces, etc).

                                                                                                                                  The top of the log file for the remote extension always says this:



                                                                                                                                  * Visual Studio Code Server


                                                                                                                                  * Reminder: You may only use this software with Visual Studio family products,

                                                                                                                                  * as described in the license https://aka.ms/vscode-remote/license



                                                                                                                                • solarkraft 17 days ago
                                                                                                                                  What do you mean by “no one is uploading anything to their own repo”? Everything I’ve wanted (exception: dotnet debugger) is on https://open-vsx.org/.
                                                                                                                                  • kova12 17 days ago
                                                                                                                                    if you don't trust microsoft with telemetry, you shouldn't trust extensions written by random people either
                                                                                                                                    • nexuist 17 days ago
                                                                                                                                      A perfect encapsulation of why these privacy complaints are next to worthless. You don't trust Microsoft with telemetry but your package.json pulls in 30 packages from completely random Internet strangers who published something that looked cool on GitHub.

                                                                                                                                      There's no coherent threat model here. There are a million different ways to shoot yourself in the foot and compromise your codebase before we even begin to consider what Microsoft can do with the knowledge of what buttons you press sometimes.

                                                                                                                                      • Sanguinaire 17 days ago
                                                                                                                                        A bit disingenuous I think; people are concerned about security when worrying about random packages, but privacy with Microsoft.

                                                                                                                                        MS have a history of being hostile to open source, but have been able to launder their image somewhat.

                                                                                                                                        • siproprio 17 days ago
                                                                                                                                          They were 'attempting' to launder their image.
                                                                                                                                          • nexuist 17 days ago
                                                                                                                                            Privacy and security are the same thing. When one is compromised so is the other. Any untrusted code that runs on your machine has the implicit capability of exfiltrating information that would rip apart your privacy.
                                                                                                                                          • siproprio 17 days ago
                                                                                                                                            > There's no coherent threat model here.

                                                                                                                                            My threat model is Microsoft selling bogus "productivity enhancement" features to customers, pushing duplicated features, collecting data on costumers to acquire business sensitive information, and using marketshare as leverage to strangle better products.

                                                                                                                                          • yjftsjthsd-h 17 days ago
                                                                                                                                            Known-bad is worse than unknown, surely?
                                                                                                                                      • siproprio 17 days ago
                                                                                                                                        So, recapping vs code:

                                                                                                                                        * They implemented proprietary sync protocols

                                                                                                                                        * They obfuscate how 'settings' are saved - no, the settings.json is not what the editor uses and they hide stuff in the internal sqlite db they use

                                                                                                                                        * Capping open versions of the product

                                                                                                                                        * And finally, inserting proprietary "licensed" stuff and code that purposefully breaks if you're not licensed

                                                                                                                                        • siproprio 17 days ago
                                                                                                                                          Then they'll use your code to train an AI to replace you.
                                                                                                                                          • siproprio 17 days ago
                                                                                                                                            Lot's of extensions - the ones that Microsoft decided were 'strategic' - purposefuly stops working magically when you're using the "open" vscodium version.
                                                                                                                                        • fartcannon 17 days ago
                                                                                                                                          The goal of stuff like this is to wear you down into accepting all default parameters. Then, slowly ratchet up the invasiveness.
                                                                                                                                          • chadlavi 17 days ago
                                                                                                                                            Microsoft microsofting. By which I mean making confusing UX choices that no user would want, with bad presets, and that get misinterpreted in the comment-o-sphere as dark patterns infringing on our freedoms.

                                                                                                                                            They're transforming the control of telemetry to a different option. The problem is that the new option doesn't default to being based on your old telemetry opt-out value, it just defaults to "on" as if you just downloaded VSC. And this leads people to reading all kinds of evil intent into it.

                                                                                                                                            But it's probably not. We've all worked on big complicated products at big, slow companies, right? This is just bad design.

                                                                                                                                            • siproprio 17 days ago
                                                                                                                                              "bad at design":

                                                                                                                                              Either their engineers are incompetent, and accidentally chose the evil thing, or they intentionally planned it to happen this way.

                                                                                                                                            • omreaderhn 17 days ago
                                                                                                                                              Check out https://vscodium.com


                                                                                                                                              Builds of VS Code with telemetry stripped out

                                                                                                                                              • PaulKeeble 17 days ago
                                                                                                                                                Looks identical, runs the same plugins just without the telemetry. The perfect solution.
                                                                                                                                                • easton 17 days ago
                                                                                                                                                  Except for the remote extensions, Pylance, and Live Share, IIRC. Which are pretty important to a lot of people's use of VSCode.
                                                                                                                                                  • generalizations 17 days ago
                                                                                                                                                    The one extension I use the most is the remote access via ssh, and that's not available on vscodium last time I checked. Only reason I'm still on VSCode.
                                                                                                                                                    • weikju 17 days ago
                                                                                                                                                      You can download the extension as a file from the vscode marketplace and install it in Codium. The remote containers extension requires the latest Codium but it work now.
                                                                                                                                                    • edoceo 17 days ago
                                                                                                                                                      sshfs? Then the solve is outside the editor.
                                                                                                                                                      • generalizations 17 days ago
                                                                                                                                                        That's my workaround, but it's less convenient.
                                                                                                                                                        • BackBlast 17 days ago
                                                                                                                                                          I don't find it to be a workaround. The remote development stuff loads a bunch of projects and processes onto the remote host. I have some pretty small VMs that I run some older production servers in. Which is my principal use case for remote development.

                                                                                                                                                          Connecting to them this way brings them to their knees. That and seeing a host of new high memory processes doesn't give me warm fuzzies about the security risks on important remote systems.

                                                                                                                                                          • edoceo 17 days ago
                                                                                                                                                            Pretty much why I'm using sshfs and not the VSCode remote.

                                                                                                                                                            And Atom over sshfs, and crawling the whole project before showing a window is a deal breaker for me

                                                                                                                                                    • 0des 17 days ago
                                                                                                                                                      While it can run the same extensions, some have to be requested to be added to the code-oss repository, as there are some things that I noticed aren't there, and the path recommended to those in this situation is to ask for them to be added on an as-desired basis.
                                                                                                                                                  • tyrfing 17 days ago
                                                                                                                                                    Still respects the old settings. Easy to confirm by checking network traffic.
                                                                                                                                                    • jeff42069 17 days ago
                                                                                                                                                      Microsoft thank you. You brought us the LSP and as thus every editor has the same capabilities as your spyware anti pattern. No need to use Vscode anyway.
                                                                                                                                                      • lfaoro 16 days ago
                                                                                                                                                        Use vscodium unless you need specific MS features. Alternatively inspect your outgoing traffic and block the telemetry sources.

                                                                                                                                                        vscode will still try sending data to those servers but won’t be able to reach them. Little overhead.

                                                                                                                                                        • xvilka 17 days ago
                                                                                                                                                          Just use Emacs or Vim/NeoVim, they will never do that.
                                                                                                                                                          • b9be520d93286 17 days ago
                                                                                                                                                            I have not trusted M$ since the mid 90s when I first installed Slackware Linux (after using OS/2 2.0 for a year or 2).

                                                                                                                                                            I was using Vscodium occasionally and despite it being very easy to use, I'm going to uninstall it now and just focus on emacs and neovim. I do not even trust vscodium since the original codebase comes from tainted origins.

                                                                                                                                                            • IshKebab 17 days ago
                                                                                                                                                              Can this be removed, given that it has been proven false? Do you guys do that?
                                                                                                                                                              • Cabal 16 days ago
                                                                                                                                                                How is this in any way false? I just updated to the latest stable release and it turned telemetry back on, despite my old settings being off. Same as the original screenshot.
                                                                                                                                                                • hu3 17 days ago
                                                                                                                                                                  They do. E-mail: hn@ycombinator.com
                                                                                                                                                                  • yjftsjthsd-h 17 days ago
                                                                                                                                                                    Where was it proven false?
                                                                                                                                                                • coliveira 17 days ago
                                                                                                                                                                  This is MS, of course they'll do this kind of thing.
                                                                                                                                                                  • nottaylorswift 16 days ago
                                                                                                                                                                    And it's uninstalled. Back to Atom.
                                                                                                                                                                    • siproprio 17 days ago
                                                                                                                                                                      Microsoft: dishonest by default™
                                                                                                                                                                      • siproprio 17 days ago
                                                                                                                                                                        The vscode team needs to start treating msft as a threat as well
                                                                                                                                                                        • rvz 17 days ago
                                                                                                                                                                          So from bad to worse if true. Do you have evidence or a link to this?
                                                                                                                                                                        • TruthWillHurt 17 days ago
                                                                                                                                                                          End of the day you're getting in bed with Microsoft. No matter ho open-source/friendly it seems.