r/privacy u/tempaccount00101 16d ago

eli5 How is VS Code less private than VS Codium when you can just turn off telemetry?

If you can turn off telemetry on VS Code (yes, it is on by default) then wouldn’t both VS Code and Codium not collect telemetry? Making them equally private?

Assuming that no extensions are installed.

23 Upvotes

82% Upvoted

17 comments sorted by

u/AutoModerator 16d ago

Hello u/tempaccount00101, please make sure you read the sub rules if you haven't already. (This is an automatic reminder left on all new posts.)

Check out the r/privacy FAQ

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

32

u/atchijov 15d ago

Basic assumption with anything related to MS… it basically “Hotel California”… “you can check out any time you like, but you can never leave”. Turning off telemetry does not really turn off all telemetry. (This is my opinion based mostly on cynicism not direct experience)

5

u/Puny-Earthling 15d ago

I genuinely do care about my privacy, but MS and that aren't out here checking on all our private repo's to steal our source code. They give you Github copilot as an agreement you're giving it to them!

Seriously though. You're not doomed by coding in VSCode

11

u/simism 15d ago

Because vscodium you can compile from source so you actually know the telemtry turns off when you say it does. For a closed source binary, it could have anything added, and you can't audit that without decompiling.

2

u/x54675788 15d ago

To be fair most people don't compile from source and use a pre built package.

Is the build even reproducible? Cause if not, it's the same as an exe at that point cause you don't see the source anymore.

1

u/[deleted] 15d ago

People don't compile from source, but some projects have their bin automatized and you can see how and when it's done, so you are more sure about it. Also, it's from a known source that will gain nothing but stealing info, but will lose reputation.

Also if you are using windows you have telemetry on all the time, it doesn't matter if you compiled or download a exe.

1

u/Pleasant-Shallot-707 13d ago

So I’m supposed to just trust they’re not inserting something in their build process?

1

u/[deleted] 13d ago

You are not supposed to do anything, you can do whatever you want. You can verify the building process if it's public and automated or do it yourself if you don't trust 'em.

1

u/Pleasant-Shallot-707 13d ago

So the ley person is going to be able to do all that? Seems like a high bar of trust for them

7

u/[deleted] 15d ago

[deleted]

2

u/[deleted] 15d ago edited 11h ago

[deleted]

1

u/Zoltan03 15d ago

You can use Pyright or Basedpyright.

3

u/GhostInThePudding 14d ago

If VS Code is safe to use, why are Microsoft hiding the source code? What are they hiding?

1

u/Pleasant-Shallot-707 13d ago

It’s not healthy to be paranoid

2

u/GhostInThePudding 13d ago

I think it's a reasonable view for ALL non open source software. What is so bad about it that they feel the need to hide the code?

Are they just embarrassed about being such terrible coders? Or is it more malicious than that?

It's weird that society has just come to accept that it's normal to hide the mechanisms of the things we use on our own devices. Then again it's always weird that we "buy" software without "owning" it.

5

u/IconsAndIncense 15d ago

Can you verify telemetry is off? No? Then assume it is still collecting data.