vscodium
vscodium copied to clipboard
Telemetry breakthrough since version 1.52.1
Describe the bug I've got 2 VScoduim installs. v1.51.0 behaves fairly silent, but v1.52.1, installed on a new laptop, sends telemetry despite being configured the same way as the old one.
To Reproduce Steps to reproduce the behavior:
- Close all applications, disable networking.
- Start # tcptracer-bpfcc
- Start VSCodium, open a directory, click some files.
- Enable networking
- Repeat step 3
Expected behavior Just being a text/code editor/IDE
Desktop (please complete the following information):
- OS: KUbuntu 20.04
- Architecture x64
- Version 1.52.1
Additional context
I've used my config from https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617 that has been pretty fine on v1.51.0, but now I see the following IP-addresses involved:
C 112724 Chrome_ChildIOT 4 192.168.1.4 198.41.30.195 60286 443
OK, EclipseFoundationInc - probably searching for packages... But:
C 112371 Chrome_ChildIOT 4 192.168.1.4 172.217.19.110 52482 443
Google LLC (google.com)
There are similar bugreports: https://github.com/VSCodium/vscodium/issues/364 https://github.com/VSCodium/vscodium/issues/304
As for my https://github.com/VSCodium/vscodium/issues/407 - it has been fixed for some time, but...
Thanks in advance guys!
Thanks for the heads up @megastallman. More investigation required to get to the bottom of this.
I've slightly updated https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617 my settings on the same 1.52.1 build. Google analytics disappeared.
But lts.eclipse.org
(198.41.30.195) is still here if I click on any file with non-standard extension. I can't grep neither this IP-address, nor hostname through code. But it still connects there multiple times. No idea how it gets to build result.
I've also noticed one more leak. When I click "Help -> Toggle Developer Tools" - VSCodium spawns multiple connections to Microsoft do Brasil Imp. e Com. Software e Video G (microsoft.com)(191.239.203.0)
Hi @stripedpajamas !
Finally I've found where the lts.eclipse.org
leak happens.
So, using "Help -> Toggle Developer Tools -> Network" I've noticed the connection to https://open-vsx.org/vscode/gallery/extensionquery
.
This host is:
$ host open-vsx.org
open-vsx.org has address 198.41.30.195
as I've stated before. But hostnames are different sometimes.
That query happens in vs/platform/extensionManagement/common/extensionGalleryService.ts
, queryGallery
function.
As a remedy plan, I would propose a switch somewhere in @tag:usesOnlineServices
that we can call queryGallery, Query all unknown file extensions
to disable this function. So, the problem looks fairly resolvable.
I've succeeded with a dirty rebuild, even built a more silent package for myself. Tested it. Here is what I've commented out -https://pastebin.com/2jPu7K3A
Soon will try to add this option, if I can...
@stripedpajamas , as for this part:
vscode/build/gulpfile.extensions.js:72:const getBaseUrl = out => `https://ticino.blob.core.windows.net/sourcemaps/${commit}/${out}`;
vscode/build/lib/extensions.ts:25:const sourceMappingURLBase = `https://ticino.blob.core.windows.net/sourcemaps/${commit}`;
vscode/build/lib/extensions.js:26:const sourceMappingURLBase = `https://ticino.blob.core.windows.net/sourcemaps/${commit}`;
vscode/build/gulpfile.vscode.js:94:const sourceMappingURLBase = `https://ticino.blob.core.windows.net/sourcemaps/${commit}`;
Please patch undo_telemetry.sh
script like this:
diff --git a/undo_telemetry.sh b/undo_telemetry.sh
index b5a26f9..72c371d 100755
--- a/undo_telemetry.sh
+++ b/undo_telemetry.sh
@@ -1,6 +1,7 @@
# dc.services.visualstudio.com
# vortex.data.microsoft.com
-TELEMETRY_URLS="(dc\.services\.visualstudio\.com)|(vortex\.data\.microsoft\.com)"
+# ticino.blob.core.windows.net
+TELEMETRY_URLS="(dc\.services\.visualstudio\.com)|(vortex\.data\.microsoft\.com)|(ticino\.blob\.core\.windows\.net)"
REPLACEMENT="s/$TELEMETRY_URLS/0\.0\.0\.0/g"
if [[ "$OS_NAME" == "osx" ]]; then
This replaces more necrosoft telemetry with localhost calls, when running Help -> Toggle Debugger Tools
.
But I'm looking deeper into Pandora box, and there is more to come:
C 11313 npm 4 192.168.1.3 104.16.19.35 50376 443
X 11313 node 4 192.168.1.3 104.16.19.35 50376 443
104.16.19.35
registry.npmjs.org
These connections are randomly occurring without any reason. Codium is running npm when not asked to.
More traffic from 1.54.1:
C 19795 Chrome_ChildIOT 4 192.168.1.2 185.199.108.133 49002 443 - GitHub, Inc.
C 9518 Chrome_ChildIOT 4 192.168.1.2 18.194.78.163 35038 443 - amazon
C 9518 Chrome_ChildIOT 4 192.168.1.2 3.123.248.34 48700 443 - amazon
@megastallman The last data looks like an update. But can you check your version because VSCodium doesn't have the 1.54.1
? Only VSCode does...
You're right @daiyam. 1.54.1 is the latest vscode tag. But when I cloned VSCodium repo, I didn't check any tags, thus using the latest master. So I've built the latest VSCodium version that way. For instance, my appimage file looks like VSCodium-1.54.1-1615209518.glibc2.16-x86_64.AppImage
Btw, do you have any ideas about disabling all updates and external checks completely?
Have you tried "update.mode": "none"
?
Yeah, I've got this option too. Here is my current config - https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617 Probably there is something else we've missed.
Btw, VSCodium also runs npm when I navigate its sources(js and ts files). @daiyam , do you know any options to disable that too?
Is it possible to integrate a Tor util to connect to external sources?
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment, and we'll keep it open. If you have any new additional information, please include it with your comment!
This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue, please open a new issue.
Automatic closing issues is not nice for new users/people willing to fix this. Also, how is this not a bug, if the whole point of vscodium is to be privacy friendly with this as privacy-regression ?
@matu3ba Your help will be very welcome.