Some users do not want any outgoing network requests from VS Code unless they specifically invoke features that require online access. To support this offline mode, we have added new settings to turn off features such as automatic extension update checking, querying settings for A/B experiments, and fetching of online data for auto-completions.
Below is the complete list of settings to control VS Code features that make network requests:
They are different products, different teams, different target markets - I've been using VSCode since it was first released, and they haven't done any anything scummy in that time, or given me any reason to distrust them or their motives. All they've done is provide a great product that I love.
The VSCode team is responsive on GitHub, and are driving development based on the feedback and telemetry they receive. I really am a staunch privacy advocate, but I'm not dogmatic about it - telemetry has it's place.
It can also easily be disabled if you don't want to send it.
This doesn't suffice unfortunately. That setting has worked inconsistently, or not at all, and add far as I've seen in my own testing it never disables all telemetry. There have been issues open on GitHub about this for a long time, though it's a few months since I checked there for updates (I stopped bothering and just put it in my firewall rules; I still see blocked connections in thy log today).
I'm a very happy vscode user, but this is one antifeature does continue to bother me.
> @bunderbunder I bet it's still nothing compared to the level of data collection that a typical website does these days.
I'd say the opposite. Consider that (a) you typically visit websites briefly and periodically while most vscode users have it open as long as their computer is on, and (b) Electron provides access to lot more device data than the browser sandbox. The reason websites tend to have such far-reaching and devious user-tracking methods is because they're working in such a restricted environment and have to innovate; native desktop apps have far less restrictions.
Another big difference, though, is that VSCode's telemetry is publicly documented.
So, regardless of what they're able to collect, I know what they are collecting, and how personally identifiable it is, and I know that it's pretty tame compared to what I've seen elsewhere.
Are you sure the additional telemetry isn’t from extensions? Our extensions (Salesforce) have our own telemetry setting, but we do also respect the global VSCode setting due to this exact possibility of confusion. However, I know that there are other extensions that dont respect the global setting.
I tested without extensions back when I was following the open GH issues, so that wasn't the case then.
It could be that MS fixed the issue since, and the connections I see in logs now are from extensions, but I also presume this isn't the case as my firewall rules are IP-based rather than purely app based (since the latter would kill the market browsing functionality).
It really is annoying that they don't make it opt-in instead. They've got plenty of users; I can't imagine they need to be collecting usage statistics from everyone.
I'm curious what would happen if a moderate-size country (say, Belgium) were to pass a law saying that telemetry must be opt-in. I bet it would convince everyone to just be universal opt-in for simplicity's sake.
That said, I bet it's still nothing compared to the level of data collection that a typical website does these days.
There's a lot of traffic that comes from VSCode, so it's sometimes hard to tell which is which—e.g. the autoupdate checker, and the "Code Helper" queries to schemastore to get JSON validation configs for the JSON files in your project, and the NPM queries for package.json
I block most of it anyway, with a couple of individual exceptions, but other than those examples mentioned above, there's also:
It is only without express user consent for those who enter into contracts without reading them. Assuming you aren't one of those people then you consented.
What do you mean? Just to see what you were talking about, I downloaded VSCode from their official website, installed and started it. At no point was I (to their credit) presented with a "contract".
OTOH, there was (again, to their credit), a notification when I started the software about how to disable telemetry.
No. GDPR requires that users must be able to use the service after opting out of data collection (except if the data collection is required for rendering the service to the user). A EULA, in contrast, must be accepted, otherwise the service may not be used.