Friday, April 26, 2019

Microsoft Visual Studio Code phones home

I have used VS Code since it was released, but I cannot remember seeing an information or getting a question about collecting my usage data for behavioural analysis. Whatever honest might be the intentions, a poor execution will ruin the trust of the developer in their software vendor. You should not have to worry about your tools spying on you.

The team behind VS Code has tried to address the transparency problem, but it appears, that people at Microsoft do not understand well, what "opt-in" means and how to make clear, what information is being collected and sent back.

You can disable the telemetry performed by VS Code by entering these entries in your user settings:

{
  "telemetry.enableCrashReporter": false,
  "telemetry.enableTelemetry": false
} 
See one of the posts about it and the official documentation.

The current behaviour is most likely not compliant with GDPR in EU. There is no clear way to contact the data controller and to find out who are data processors. You would have to open an issue at GitHub about it.

Collected data identify your machine my MAC address, which leads to personal identification, when completed with other parts. If you want leave telemetry enabled, you should better analyse all collected content.

It is not obvious, what are the collected data. You can enable verbose logging and study traces in telemetryService.publicLog.

If you want to use VS Code without MS branding, without the telemetry and released under a FOSS (MIT) license, there is a project to provide automated builds of installation packages - VS Codium.

If you want toi switch to VS Codium from VS Code you can use an extension to transfer user settings among multiple installations of VS Code. It can be useful for VS Code users too.