vscodium icon indicating copy to clipboard operation
vscodium copied to clipboard

Published 20 hours ago verified publisher icon VSCodium

Telemetry breakthrough since version 1.52.1

Open megastallman opened this issue 3 years ago • 11 comments

Describe the bug I've got 2 VScoduim installs. v1.51.0 behaves fairly silent, but v1.52.1, installed on a new laptop, sends telemetry despite being configured the same way as the old one.

To Reproduce Steps to reproduce the behavior:

  1. Close all applications, disable networking.
  2. Start # tcptracer-bpfcc
  3. Start VSCodium, open a directory, click some files.
  4. Enable networking
  5. Repeat step 3

Expected behavior Just being a text/code editor/IDE

Desktop (please complete the following information):

  • OS: KUbuntu 20.04
  • Architecture x64
  • Version 1.52.1

Additional context

I've used my config from https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617 that has been pretty fine on v1.51.0, but now I see the following IP-addresses involved:

C  112724 Chrome_ChildIOT  4  192.168.1.4      198.41.30.195    60286  443

OK, EclipseFoundationInc - probably searching for packages... But:

C  112371 Chrome_ChildIOT  4  192.168.1.4      172.217.19.110   52482  443

Google LLC (google.com)

There are similar bugreports: https://github.com/VSCodium/vscodium/issues/364 https://github.com/VSCodium/vscodium/issues/304

As for my https://github.com/VSCodium/vscodium/issues/407 - it has been fixed for some time, but...

Thanks in advance guys!

megastallman avatar Jan 31 '21 15:01 megastallman

Thanks for the heads up @megastallman. More investigation required to get to the bottom of this.

stripedpajamas avatar Feb 08 '21 17:02 stripedpajamas

I've slightly updated https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617 my settings on the same 1.52.1 build. Google analytics disappeared. But lts.eclipse.org(198.41.30.195) is still here if I click on any file with non-standard extension. I can't grep neither this IP-address, nor hostname through code. But it still connects there multiple times. No idea how it gets to build result.

I've also noticed one more leak. When I click "Help -> Toggle Developer Tools" - VSCodium spawns multiple connections to Microsoft do Brasil Imp. e Com. Software e Video G (microsoft.com)(191.239.203.0)

megastallman avatar Feb 25 '21 19:02 megastallman

Hi @stripedpajamas !

Finally I've found where the lts.eclipse.org leak happens. So, using "Help -> Toggle Developer Tools -> Network" I've noticed the connection to https://open-vsx.org/vscode/gallery/extensionquery. This host is:

$ host open-vsx.org
open-vsx.org has address 198.41.30.195

as I've stated before. But hostnames are different sometimes.

That query happens in vs/platform/extensionManagement/common/extensionGalleryService.ts, queryGallery function.

As a remedy plan, I would propose a switch somewhere in @tag:usesOnlineServices that we can call queryGallery, Query all unknown file extensions to disable this function. So, the problem looks fairly resolvable.

I've succeeded with a dirty rebuild, even built a more silent package for myself. Tested it. Here is what I've commented out -https://pastebin.com/2jPu7K3A

Soon will try to add this option, if I can...

megastallman avatar Feb 26 '21 18:02 megastallman

@stripedpajamas , as for this part:

vscode/build/gulpfile.extensions.js:72:const getBaseUrl = out => `https://ticino.blob.core.windows.net/sourcemaps/${commit}/${out}`;
vscode/build/lib/extensions.ts:25:const sourceMappingURLBase = `https://ticino.blob.core.windows.net/sourcemaps/${commit}`;
vscode/build/lib/extensions.js:26:const sourceMappingURLBase = `https://ticino.blob.core.windows.net/sourcemaps/${commit}`;
vscode/build/gulpfile.vscode.js:94:const sourceMappingURLBase = `https://ticino.blob.core.windows.net/sourcemaps/${commit}`;

Please patch undo_telemetry.sh script like this:

diff --git a/undo_telemetry.sh b/undo_telemetry.sh
index b5a26f9..72c371d 100755
--- a/undo_telemetry.sh
+++ b/undo_telemetry.sh
@@ -1,6 +1,7 @@
 # dc.services.visualstudio.com
 # vortex.data.microsoft.com
-TELEMETRY_URLS="(dc\.services\.visualstudio\.com)|(vortex\.data\.microsoft\.com)"
+# ticino.blob.core.windows.net
+TELEMETRY_URLS="(dc\.services\.visualstudio\.com)|(vortex\.data\.microsoft\.com)|(ticino\.blob\.core\.windows\.net)"
 REPLACEMENT="s/$TELEMETRY_URLS/0\.0\.0\.0/g"

 if [[ "$OS_NAME" == "osx" ]]; then

This replaces more necrosoft telemetry with localhost calls, when running Help -> Toggle Debugger Tools.

megastallman avatar Mar 07 '21 19:03 megastallman

But I'm looking deeper into Pandora box, and there is more to come:

C  11313  npm              4  192.168.1.3      104.16.19.35     50376  443
X  11313  node             4  192.168.1.3      104.16.19.35     50376  443

104.16.19.35
registry.npmjs.org

These connections are randomly occurring without any reason. Codium is running npm when not asked to.

megastallman avatar Mar 07 '21 19:03 megastallman

More traffic from 1.54.1:

C  19795 Chrome_ChildIOT  4  192.168.1.2      185.199.108.133  49002  443 - GitHub, Inc.
C  9518   Chrome_ChildIOT  4  192.168.1.2      18.194.78.163    35038  443 - amazon
C  9518   Chrome_ChildIOT  4  192.168.1.2      3.123.248.34     48700  443 - amazon

megastallman avatar Mar 08 '21 13:03 megastallman

@megastallman The last data looks like an update. But can you check your version because VSCodium doesn't have the 1.54.1? Only VSCode does...

daiyam avatar Mar 08 '21 13:03 daiyam

You're right @daiyam. 1.54.1 is the latest vscode tag. But when I cloned VSCodium repo, I didn't check any tags, thus using the latest master. So I've built the latest VSCodium version that way. For instance, my appimage file looks like VSCodium-1.54.1-1615209518.glibc2.16-x86_64.AppImage Btw, do you have any ideas about disabling all updates and external checks completely?

megastallman avatar Mar 11 '21 20:03 megastallman

Have you tried "update.mode": "none"?

daiyam avatar Mar 11 '21 21:03 daiyam

Yeah, I've got this option too. Here is my current config - https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617 Probably there is something else we've missed.

Btw, VSCodium also runs npm when I navigate its sources(js and ts files). @daiyam , do you know any options to disable that too?

megastallman avatar Mar 12 '21 08:03 megastallman

Is it possible to integrate a Tor util to connect to external sources?

sandiks avatar Dec 30 '21 14:12 sandiks

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment, and we'll keep it open. If you have any new additional information, please include it with your comment!

github-actions[bot] avatar Oct 08 '22 01:10 github-actions[bot]

This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue, please open a new issue.

github-actions[bot] avatar Nov 08 '22 01:11 github-actions[bot]

Automatic closing issues is not nice for new users/people willing to fix this. Also, how is this not a bug, if the whole point of vscodium is to be privacy friendly with this as privacy-regression ?

matu3ba avatar Nov 08 '22 08:11 matu3ba

@matu3ba Your help will be very welcome.

daiyam avatar Nov 08 '22 09:11 daiyam