Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make telemetry Data opt-in #47284

Open
furti opened this issue Apr 6, 2018 · 13 comments
Open

Make telemetry Data opt-in #47284

furti opened this issue Apr 6, 2018 · 13 comments
Assignees
Labels
under-discussion Issue is under discussion for relevance, priority, approach

Comments

@furti
Copy link

furti commented Apr 6, 2018

  • VSCode Version: 1.22.1
  • OS Version: Windows 10

Steps to Reproduce:

  1. Start VS Code 1.22.1 for the first time
  2. Now a notification pops up that tells me, that telemetry data is collected and I can opt-out

Does this issue occur when all extensions are disabled?: Yes

  1. I am not sure about this but I don't think collecting telemtry data by default will conform to the General Data Protection Regulation of the EU that becomes effective in May 2018. It would be better to disable it per default and tell the user to enable it if he want's to share data with you.

  2. When I checked the privacy policy linked in the notification popup (https://privacy.microsoft.com/en-us/privacystatement) I can't find anything about the data collected by vs code. This is a very important information. This can be a big showstopper for using vscode in some companies, wen data is sent and nobody knows what data this is.

@kieferrm
Copy link
Member

kieferrm commented Apr 19, 2018

@furti thanks for bringing this up. As you can imagine GDPR is a big deal for a company like Microsoft. All products have been working with legal counsel to achieve compliance. Our current understanding is that our notification is a correct implementation of GDPR. All of our code that sends telemetry is Open Source right here in this repo and it is annotated with which events and properties we send. Look for __GDPR__ comments in our code.

@furti
Copy link
Author

furti commented Apr 23, 2018

@kieferrm thank you for your answer. Maybe the opt-out is a correct implementation of GDPR. I'm not a lawyer 😄
But forcing people to scan your code for comments, and furthermore to learn how your code is structured and how it works, is definitely not transparent at all.

For example I did a quick search for GDPR in your code and randomly selected a file (workspaceStats.ts:342)

                          /* __GDPR__
				"workspce.tags" : {
					"${include}": [
						"${WorkspaceTags}"
					]
				}
			*/
			this.telemetryService.publicLog('workspce.tags', tags);

I don't even know what workspace tags are. So I have to invest half an hour, an hour, maybe two to fully understand what data is sent in this case. The search for GDPR found 60 occurences in your code. So I have to invest about a week to fully understand what data is sent by your application. And for the next version i will have to do the same. Maybe there is something new or something changed.

And the people who decide such things in a company mostly don't code at all. So it isn't even possible for them to understand the data sent by the application by scanning the code.

At least an human readable version of the data collected by you should be available.

@Thf772
Copy link

Thf772 commented Jun 18, 2018

Opt-out is not valid for GDPR. It is one of the reasons invoked in the massive lawsuits Microsoft and other GAFAM companies are currently facing.

@ramya-rao-a
Copy link
Contributor

ramya-rao-a commented Jul 31, 2018

With #54001, we are rolling out a feature in the next update where one can take a look at all the telemetry events and their payload in the product in real time. You can try it out in the latest Insiders or wait for the next update to the stable version.

@egamma egamma added the under-discussion Issue is under discussion for relevance, priority, approach label Sep 19, 2018
@bakman2
Copy link

bakman2 commented Mar 15, 2019

Is there an update available on this subject, or does it remain a balancing act until the EU comes knocking at the door ?

I cannot use this software in the EU as it is not GDPR compliant.

Trying to hide behind some code-comments is the very reason why GDPR was introduced.

Opt-in is the only legal way + clear and concise statements what you are collecting and people specifically agree with that or not.

It can be fixed within 1 minute, but the reluctance is very telling.

@cbluth
Copy link

cbluth commented Apr 10, 2019

For those interested in an alternative without telemetry: https://github.com/VSCodium/vscodium

@ibnesayeed
Copy link

ibnesayeed commented Jun 10, 2019

Telemetry is a big concern for many (including me), it should certainly be an opt-in feature, if at all. Not only the core product, but all the add-ons should be using some uniform guidelines and their telemetry controls should be visible in one place, all being opt-in. Currently, every add-on (including the official ones from MS) can have its own data collection going on while the user has disabled it in the core product.

By making it opt-out, MS can already collect installation and first time boot related statistics along with the stats of how often telemetry was opted out. I don't think GDPR lawyers would be happy about it, neither am I as a user.

The user base of VS Code has become so big already that even the opt-in mechanism will give MS big enough sample to learn an overall trend and reliable statistics for product enhancement, but they seem to be too greedy about collecting stats from every single source they can.

@cocowalla
Copy link

cocowalla commented May 21, 2020

At the very least I think what telemetry is collected needs to be much clearer. It's not good enough to say 'trawl through the source code!', or 'enable it first and watch as we hoover up your data!' - it should be clearly set out in the readme, or in the docs.

@ulfklose
Copy link

ulfklose commented Nov 13, 2020

Does disabling Telemetry in the settings completely opt-out from telemetry data collection?
Bildschirmfoto 2020-11-13 um 19 41 48

@autumnblazey
Copy link

autumnblazey commented Nov 27, 2021

would love to see some progress on this (it has been quite a while since any activity has happened on this issue)

@atlx
Copy link

atlx commented Jan 20, 2022

It's been 4 years already, with no progress. One would expect otherwise given the "privacy is important" claim. Is there any issues stopping this?

@Mr-Chonky
Copy link

Mr-Chonky commented May 10, 2022

It's been 4 years already, with no progress. One would expect otherwise given the "privacy is important" claim. Is there any issues stopping this?

Yea the issue is Microsoft wants to sniff your nutsack. @kieferrm suck my big fat nuts

@Mr-Chonky
Copy link

Mr-Chonky commented May 10, 2022

@kieferrm is there a contact email where we can send our data voluntarily? I'd love to personally send you my SSN, blood type, credit card #, and more. Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
under-discussion Issue is under discussion for relevance, priority, approach
Projects
None yet
Development

No branches or pull requests