1. 65
  1.  

  2. 16

    If you try to build it yourself, their build script also appears to download and inject additional code into the built artifact from marketplace.visualstudio.com during the build. I opened one two three issues.

    1. 11

      My guess is that these practices that disrespect or completely ignore users privacy, like requiring an internet connection (whether to build or just to use a piece of software - even the OS itself) are so deeply baked into Microsoft’s mental culture now there’s no going back. It’s just a given now that they assume they are entitled to grab and record whatever information they want from your machine just in order to use their software.

      It’s not just Microsoft, many companies seem to be jumping on the same or similar bandwagon.

      1. 6

        The same thing happens when you try compiling coreclr (called from here), there’s no way to properly bootstrap it. (And of course, there’s some “telemetry” in there as well, enabled by default during the build, before you have a chance to turn it off.)

        1. 7

          The same thing happens when you try compiling coreclr

          Wow, now I wonder whether this pattern happens in other Microsoft “open source” projects.

          And you gotta love this comment:

          # curl has HTTPS CA trust-issues less often than wget, so lets try that first.

      2. 8

        If he says he disabled telemetry, maybe this is a feature that isn’t telemetry? Maybe search is “designed” to search on the web and you have to find a different toggle.

        I’m not defending their practice here. Just pointing out, that these are common patterns:

        • people look for global switches
        • software changes and new features have their own switches
        1. 8

          It tries to connect to Bing , so this could be about this integration https://code.visualstudio.com/blogs/2018/04/25/bing-settings-search

          1. 11

            What are the odds that VS Code doesn’t respect telemetry settings in nightly builds? I mean, the entire point of nightly builds is for testing, of which telemetry is potentially of particular value. If I wanted to minimise my exposure to telemetry, I wouldn’t be running nightly test builds in the first place, precisely because I’d expect it might not respect the normal telemetry settings (among several other reasons).

            EDIT: I vaguely recall a similar post re: someone being outraged at Mozilla collecting telemetry from their Nightly builds which are published precisely for testing.

            1. 3

              If the setting exists, it should be respected. I am willing to test software and submit bug reports when I observe breakage, but I am not willing to send back an unfiltered data stream.

            2. 9

              I suspect a bug. Never ascribe to malice what can be more easily explained by incompetence.

              1. 3

                While OP does not make it clear anywhere, it only applies to searching in settings.

                Background: https://code.visualstudio.com/blogs/2018/04/25/bing-settings-search

                Disable with "workbench.settings.enableNaturalLanguageSearch": false.

                1. 0

                  While OP does not make it clear anywhere, it only applies to searching in settings.

                  Maybe. Maybe not. How do you know for sure, have you checked? And if you have, how do you know it will always be that way?

                  Personally I see no reason to trust this company at their word about anything given their long history of ignoring user’s privacy, and ignoring privacy settings, and immediately closing privacy related issues.