New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Microsoft vscode from raspberry pi os lite #43
Comments
Do I need to wipe the pi and install a different OS? |
I have done the following. What else do I need to do?
|
Just delete the additional entries in the sources - now that the version number has passed that particular value it won't be added again. |
And maybe give people a chance to answer? |
And maybe give people the option to install it instead of forcing it onto people? I dont care if you dont care about your privacy but some people do and its already too late when people have run an apt update. |
Have you read the other comments here? Do you see the constructive dialogue that some users manage? The ones actually doing something useful to achieve their goal? Be more like them, and stop knocking on an open door. |
Unconstructive comments will be deleted. |
Throw a |
@XECDesign No, Unless im wrong, on the next update of this package. The repository will be re-added. If @sabotagebeats only remove the file. The only thing this user is "set" ATM is to allow the re-installation of the microsoft repo as soon as postinst will be run agan.
This is line only check if file exist, If not, the repository is re-added everytime the user run On the current state of the code. The file must remain. After deleting the unwanted repo. The user can use
The hacky way to do would be to do For more security and confidence, I would also recommend doing I begin to understand why people feel that this update is forced on them and sneaky. I can't believe that no one in your team have flagged that would be a sensitive update and extra care would have to be taking.... knowing how much Linux people love to hate M$ since 1991 . |
Also the title is :
and I don't see it as solved. Is it a won't fix ? |
@pelwell I think this is false
The function will be executed on every update in the future, and as stated earlier, if the user delete the file.
Will add it agan. |
The version comparison line is checking if the existing version is older than "20210125", and only running add_ms_repo if it is. Once you have gone past that version it won't try again. |
I tested it and you are right. I have read lt-nl backward I guess, My bad. |
We are actively reviewing the distribution mechanism, having received a number of helpful suggestions, but there is at least a simple way to opt out. |
what about the fact that you are potentially violating the GDPR law in europe? as i already commented on the PR #51 (comment) there is a GDPR problem here. to sum this up: you are risking law problems for you and your users in europe and you are losing your communities trust just to spare a small subset of your users this commands:
it is nothing about ideology it's about law. by installing the repo without an active consens of the user you are simply acting against this law as each
it has to be opt-in and not opt-out.
as i wrote above you see the command it needs to install vscode. we are talking about software development. if the persons which will use vscode are confused by going to the shell and enter the required commands to install or answer a simple y/n dialog, maybe they should not develop at all? at least admit that it's about money and a deal you have with microsoft. if you want to help them simply add a shortcut to the deskop which starts a script which is doing running the command for them but installing a third party for all of your users is simply wrong. you don't really remove hurdles in fact your are build up a very big hurdle for all people in europe who want to use this OS legally. for a small subset of persons which want to use vscode you make it easier and make it more difficult for everyone in else europe. yes most of the people simply don't care if it is legal or not until they get sued. a associate of a customer of mine had to pay 5000eur just because of a GDPR violation (one person company). with opt-out instad of opt-in you will require a privacypolicy which the user has to accept before they can download the image. in that policy you are required to inform the user that their ip is sent to mircosoft. i really don't understand this reaction of you (the company who creates the raspberry OS): you are really losing your communities trust, your force close discussions, ... |
The decision to add the repo came from people who are more familiar with GDPR than I am, so I'll trust their judgement. |
If you believe we're mishandling personal data in any way, I wouldn't discourage anybody from protecting their rights: |
I don't believe YOU are, but you are enabling m$ collecting data on users of other devices and OSs without asking those users first (especially non-GUI users as VSCode is a GUI app). |
I've reviewed the data, ala tcpdump, sent back and forth and there is no cookie exchange. There is a user agent which is complete standard. There is also an etag which is very different than a cookie. |
So Microsoft, who has a massive database, can't then associate the log of
the hit to packages.microsoft.com, find out which users of m$ stuff are now
using RPi stuff? Or is that naive?
…On Wed, Feb 10, 2021 at 5:35 PM Mike Perry ***@***.***> wrote:
I've reviewed the data, ala tcpdump, sent back and forth and there is no
cookie exchange. There is a user agent which is complete standard. There is
also an etag which is very different than a cookie.
Of course the service owner will have logs of each hit. When you visit a
website they have that log whether or not you click the accept cookies
button.
So I guess I don't know where the line is drawn as far as data collection
and GDPR. As far as I can tell they have service logs only.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#43 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEZTUHPDVPZY7AWXQLZJIMLS6MC4NANCNFSM4XDPEUTA>
.
--
Thanks
Kevin Shumaker
Personal Tech Support <https://kevinshumaker.wixsite.com/thethirdlevel>
N38° 19' 56.52"
W85° 45' 8.56"
Semper Gumby
“Don't tell people how to do things. Tell them what to do and let them
surprise you with their results.” - G.S. Patton, Gen. USA
Ethics are what we do when no one else is looking.
Quis custodiet ipsos custodes?
“There is no end to the good you can do if you don’t care who
gets the credit.” - C Powell
You know we're sitting on four million pounds of fuel, one nuclear weapon
and a thing that has 270,000 moving parts built by the lowest bidder. Makes
you feel good, doesn't it?
|
They can as anyone could. Without the cookie they would not be able to target the individual assets as accurately and in some cases not at all. |
it is not about cookies it is about personal data, where the ip counts towards personal data:
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en if some university mirror gets my ip where the chance is high that they don't aggregate the personal data, well, simply does not matter but microsoft is doing telemetry and is quite aggressive with their data collection. so no i don't want them to get my ip. so yes i still think it is a GDPR violation. if i connect to a webpage, i know that i share my ip, if i install debian i know that the debian mirrors get my ip but no i don't assume that if i install linux my ip gets to microsoft. |
And I don't see Debian, or RedHat, or Ubuntu or other linux Distros asking m$ to put their package update sites into the base m$ installs for any reason. Maybe, RPiFoundation is going to get reciprocity, to know where and how many m$ installs there are? Not necessarily cookied, but just the hits from IP Addresses would tell them much... Where m$ can and does aggregate and correlate all their data, users, installs, locations, and now can get other systems. |
I apologize in advance if this response exacerbates this discussion. I feel that this is now a closed issue and not the correct medium to discuss this further. This will be my last update to this thread. An IP address alone without other identifiers (such as cookies) is considered to be psuedo-anonymized, and does not qualify as personal identifying information under GDPR. This is classified as essential data to be stored for the health and safety of the servers that are being accessed. Assuming that they are used for the purpose of security and maintenance. See also recital 49 of GDPR: You can't expect a website to purge you server logs just because you clicked no to the server cookies. Honestly, I don't even think that APT would know how to store and pass the cookies back and forth. I do not believe there is a violation here. I for one am not actually in favor of adding this repo by default, but for different reasons. Regardless, I do not feel this is a rights or privacy violation and will just remove the repository on the servers that I do not want it on. There are more important causes for me to allocate my time to. I also do not believe a positive outcome will be had by discussing it further here. I think that @XECDesign has heard the communities response and they are discussing internally what to do next. If you just want to argue. I love to argue. Send me an email and we discuss. It is pretty boring sometimes being stuck inside. Lots of snow here in New England. Reddit is a good place to argue too. |
I think you hit the nail on the head, but the argument from others is that they can combine that IP with other information they've collected. You may have accepted some EULA that lets them track you while signing up for some other MS service like Azure or Github, or maybe while installing something you don't even remember. Now they can run those IPs by the HTTP access logs and determine who's who. This way they'd know that you're probably running Raspberry Pi OS and when you're active and that may contribute to an overall profile they may or may or may not have. Maybe someone might say, "okay I don't care if they track me on github, but I don't want them also knowing what else I'm doing". At least, that's my best effort to steel-man the argument. Then there's also the hypothetical possibility that they're logging and cross-referencing everything, without checking who has opted in or out. Or maybe they're sharing those logs with other partners which have data they can cross-reference. If something like that's happening, they could be a violating some laws. I am sure that they have lawyers which they have to run everything by. And yes, we've been keeping an eye on all the feedback, forum, reddit posts, youtube videos and so on, but there are things to sort out internally become we can make a final decision. |
This discussion is ridiculous. Since the early days of linux it is my favorite os. A lot of discussions between linux lovers and ms enthusiasts have been read by me. |
Any decision taken at raspberry foundation ? |
@BitBistro-code
It's true that Microsoft has every right to keep a record of just my IP address making a connection to some of their servers. I can't expect a website to purge their sever logs if I opt out of their cookie policy, but I can expect them to NOT put in their homepage a 1-pixel transparent png hosted on the server of some completely unrelated company so that the completely unrelated company can keep a record of my IP visiting that homepage. |
Hello
I have headless pi and do not want vscode or any Microsoft products.
How can I remove it?
Thanks
The text was updated successfully, but these errors were encountered: