VSCodium 1.43.0 still sends telemetry on launch #1279

New Issue

giteasync · 2025-09-10T23:51:43-05:00

giteasync commented

2025-09-10 23:51:43 -05:00

Originally created by @sneak on GitHub.

Describe the bug

Upon launch, VSCodium attempts twice to connect to vscodium.now.sh which, due to the unencrypted nature of SNI, leaks the fact that I am launching my editor to my ISP, my national military, the Zeit/Now operators, their hosting provider/upstreams, and the VSCodium devs.

I believe this is an autoupdate check, but it is still leaking an "editor launched" telemetry event inadvertently. It should perform autoupdate checks only once per week or, ideally, month, at a randomized time after launch that is at least 1 hour. (Ideally, it'd launch a consent dialog for autoupdate checks at all.)

To Reproduce

Open VSCodium
Outbound connection is made

Expected behavior

No telemetry is sent.

Screenshots

Desktop (please complete the following information):

OS: macOS
Architecture x64
Version 1.43.0

Originally created by @sneak on GitHub. **Describe the bug** Upon launch, VSCodium attempts twice to connect to `vscodium.now.sh` which, due to the unencrypted nature of SNI, leaks the fact that I am launching my editor to my ISP, my national military, the Zeit/Now operators, their hosting provider/upstreams, and the VSCodium devs. I believe this is an autoupdate check, but it is still leaking an "editor launched" telemetry event inadvertently. It should perform autoupdate checks only once per week or, ideally, month, at a randomized time after launch that is at least 1 hour. (Ideally, it'd launch a consent dialog for autoupdate checks at all.) **To Reproduce** 1. Open VSCodium 1. Outbound connection is made **Expected behavior** No telemetry is sent. **Screenshots** <img width="670" alt="Screen Shot 2020-03-16 at 17 12 00" src="https://user-images.githubusercontent.com/408977/76809887-7ea38100-67a9-11ea-831c-f44ff92e1508.png"> **Desktop (please complete the following information):** - OS: macOS - Architecture x64 - Version 1.43.0

giteasync closed this issue

2025-09-10 23:51:43 -05:00

giteasync commented

2025-09-10 23:51:44 -05:00

@stripedpajamas commented on GitHub:

This is a fair observation. Since we don't have any control over "when" the auto-update check is made, perhaps the best step forward is to disable auto-updates by default and let users know in the README that they can change that setting to their preference if they would like VSCodium to autoupdate.

What do you think about this approach @sneak ?

@stripedpajamas commented on GitHub: This is a fair observation. Since we don't have any control over "when" the auto-update check is made, perhaps the best step forward is to disable auto-updates by default and let users know in the README that they can change that setting to their preference if they would like VSCodium to autoupdate. What do you think about this approach @sneak ?

giteasync commented

2025-09-10 23:51:44 -05:00

@megastallman commented on GitHub:

Hi @sneak !
We're still losers in that game, but still need trying.
My testbed is a separate computer, running Manjaro, with VSCodium built from source.
Settings(search for "update"):

Update Mode - none[see above]
Update Show Release Notes - [ ]
Extensions Auto Check Updates - [ ]
Extensions Auto Update - [ ]

And tcpdump -i any running.
So, I see no noise at startup, but still need more tries.

I still insist on an idea to get some totally silent settings defaults...
@sneak , please keep monitoring with tcpdump, wireshark, or whatever you've got.

@megastallman commented on GitHub: Hi @sneak ! We're still losers in that game, but still need trying. My testbed is a separate computer, running Manjaro, with VSCodium built from source. Settings(search for "update"): - Update Mode - none[see above] - Update Show Release Notes - [ ] - Extensions Auto Check Updates - [ ] - Extensions Auto Update - [ ] And `tcpdump -i any` running. So, I see no noise at startup, but still need more tries. I still insist on an idea to get some totally silent settings defaults... @sneak , please keep monitoring with tcpdump, wireshark, or whatever you've got.

giteasync commented

2025-09-10 23:51:44 -05:00

@sneak commented on GitHub:

I think that disabling autoupdate is preferable. If a user installs via brew/caskroom or a distro package manager (which is probable in most cases), then updating is handled automatically by their package manager.

The marketplace and other stuff absolutely require network requests for functionality to work; that's a horse of a different color. The editor works perfectly fine forever if the autoupdate check is disabled, users will suffer no ill effects from it being disabled.

@sneak commented on GitHub: I think that disabling autoupdate is preferable. If a user installs via brew/caskroom or a distro package manager (which is probable in most cases), then updating is handled automatically by their package manager. The marketplace and other stuff absolutely require network requests for functionality to work; that's a horse of a different color. The editor works *perfectly fine forever* if the autoupdate check is disabled, users will suffer no ill effects from it being disabled.

giteasync commented

2025-09-10 23:51:44 -05:00

@stripedpajamas commented on GitHub:

Another idea is to leave in the feature but include a note in https://github.com/VSCodium/vscodium/blob/master/DOCS.md#getting-all-the-telemetry-out where other "information leaks" are mentioned.

@stripedpajamas commented on GitHub: Another idea is to leave in the feature but include a note in https://github.com/VSCodium/vscodium/blob/master/DOCS.md#getting-all-the-telemetry-out where other "information leaks" are mentioned.

giteasync commented

2025-09-10 23:51:44 -05:00

@inorick commented on GitHub:

Another option would be to remind the user after a period of time (weeks, months) to trigger a manual update check.

@inorick commented on GitHub: Another option would be to remind the user after a period of time (weeks, months) to trigger a manual update check.

giteasync commented

2025-09-10 23:51:44 -05:00

@megastallman commented on GitHub:

@sneak , please check this config.json if it helps you: https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617
Applications restarts and new folder additions are pretty silent.

@megastallman commented on GitHub: @sneak , please check this config.json if it helps you: https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617 Applications restarts and new folder additions are pretty silent.

giteasync commented

2025-09-10 23:51:44 -05:00

@megastallman commented on GitHub:

@sneak
Noway. An empty VSCodium looks silent, but as I add a directory - it just spams networking with: bc.googleusercontent.com. Probably necrosoft really needs to know everything we're doing in VSCodium.

@megastallman commented on GitHub: @sneak Noway. An empty VSCodium looks silent, but as I add a directory - it just spams networking with: `bc.googleusercontent.com`. Probably necrosoft really needs to know everything we're doing in VSCodium.

giteasync referenced this issue

2025-09-10 23:55:07 -05:00

[PR #1279] [MERGED] feat: make build more generic #1810

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: VSCodium/vscodium#1279