[lucideer]

This doesn't suffice unfortunately. That setting has worked inconsistently, or not at all, and add far as I've seen in my own testing it never disables all telemetry. There have been issues open on GitHub about this for a long time, though it's a few months since I checked there for updates (I stopped bothering and just put it in my firewall rules; I still see blocked connections in thy log today).

I'm a very happy vscode user, but this is one antifeature does continue to bother me.

[lucideer]

> @bunderbunder I bet it's still nothing compared to the level of data collection that a typical website does these days.

I'd say the opposite. Consider that (a) you typically visit websites briefly and periodically while most vscode users have it open as long as their computer is on, and (b) Electron provides access to lot more device data than the browser sandbox. The reason websites tend to have such far-reaching and devious user-tracking methods is because they're working in such a restricted environment and have to innovate; native desktop apps have far less restrictions.

[bunderbunder]

Another big difference, though, is that VSCode's telemetry is publicly documented.

So, regardless of what they're able to collect, I know what they are collecting, and how personally identifiable it is, and I know that it's pretty tame compared to what I've seen elsewhere.

[lucideer]

Ah, that is a fair point. I hadn't looked at what they collect, I was just speculating about what they could collect if desired.

[nathantotten]

Are you sure the additional telemetry isn’t from extensions? Our extensions (Salesforce) have our own telemetry setting, but we do also respect the global VSCode setting due to this exact possibility of confusion. However, I know that there are other extensions that dont respect the global setting.

[lucideer]

I tested without extensions back when I was following the open GH issues, so that wasn't the case then.

It could be that MS fixed the issue since, and the connections I see in logs now are from extensions, but I also presume this isn't the case as my firewall rules are IP-based rather than purely app based (since the latter would kill the market browsing functionality).

[bunderbunder]

It really is annoying that they don't make it opt-in instead. They've got plenty of users; I can't imagine they need to be collecting usage statistics from everyone.

I'm curious what would happen if a moderate-size country (say, Belgium) were to pass a law saying that telemetry must be opt-in. I bet it would convince everyone to just be universal opt-in for simplicity's sake.

That said, I bet it's still nothing compared to the level of data collection that a typical website does these days.

[yuhong]

There used to be at least one issue about this, and of course it has been fixed by now: https://github.com/Microsoft/vscode/issues/16131

[nsomaru]

Can you share the firewall rules/domains to block to disable telemetry for VSCode?

[lucideer]

There's a lot of traffic that comes from VSCode, so it's sometimes hard to tell which is which—e.g. the autoupdate checker, and the "Code Helper" queries to schemastore to get JSON validation configs for the JSON files in your project, and the NPM queries for package.json

I block most of it anyway, with a couple of individual exceptions, but other than those examples mentioned above, there's also:

- dc.services.visualstudio.com (40.114.241.141, 52.169.64.244)

- vortex.data.microsoft.com (40.77.226.250, 65.55.44.109, 51.141.13.164, 51.140.40.236)

- bingsettingssearch.trafficmanager.net (13.95.93.152)

I actually have no clue what the last one there is (Bing)—I must have known at some point, but have long forgotten.

Notable exceptions allowed: marketplace.visualstudio.com (13.107.6.175, 191.238.172.191, 13.85.19.92)

[Iwan-Zotow]

> I actually have no clue what the last one there is (Bing)

workbench.settings.enableNaturalLanguageSearch