VSCodium – An Open Source Visual Studio Code Without Trackers

There&#x27;s already a comment here, and I&#x27;ve also personally experienced just from talking with others offline, that a lot of people <i>don&#x27;t even know</i> VSCode had telemetry, despite it mentioned several times in the product itself and its documentation. They (and remember, these people are supposedly <i>developers</i>) either ignored it, or just didn&#x27;t read the docs.<p>I guess a big WARNING banner might scare users away, but it&#x27;s still a bit disturbing to see such a lax attitude towards tools which developers use to work with a software company&#x27;s most valuable assets. A lot of people, developers included, don&#x27;t really read EULAs, and it&#x27;s the same reason (traditional) spyware could thrive: no doubt they all specify in their license agreements the fact that they all collect information, but approximately no one reads those.<p>Put it another way, would you want your compiler or other parts of your toolchain sending information about all the source files it processed? I wouldn&#x27;t consider myself particularly paranoid when it comes to security, maybe even looser than the average on HN, and even then I wouldn&#x27;t use such tools. I wonder how many companies have already banned their use...

Is this needed? You can disable telemetry from the settings: <a href="https:&#x2F;&#x2F;code.visualstudio.com&#x2F;docs&#x2F;supporting&#x2F;FAQ#_how-to-disable-telemetry-reporting" rel="nofollow">https:&#x2F;&#x2F;code.visualstudio.com&#x2F;docs&#x2F;supporting&#x2F;FAQ#_how-to-di...</a>

I suspect the tracking in VSCode is mainly used to improve the product. It&#x27;s probably in my best interest, and the interest of the community as a whole to leave tracking on. I mean, I get it, HN is usually a more skeptical and security-focused crowd. At the same time, it&#x27;s likely MS will just take that information and tailor their bugfixes and features to the things I need most, so by all means I want them to have it.

The process for making this yourself is basically as simple as:<p>git clone<p>gulp build<p>Consider doing that before running binaries from more or less unknown sources.<p>I don’t remember the exact gulp command off hand, but if you check the gulpfile there are myriad build configs for full minified packaged builds.

Discussion from 3 days ago: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=19619956" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=19619956</a>

This is great.<p>I think I would be okay with companies like Microsoft collecting data on me if they make it more clear what data they are collecting, what they’re using the data for, having the ability to disable data collection (defaulted to disable preferably), and being able to download and have a guid to understand my own data.<p>As a dev myself I know all of that is difficult and sounds ridiculous, but I really do think we have a right to the data collected on us and on our behavior. Transparency, ownership, and access, that’s all I ask.

I had no idea VS Code even had tracking..<p>Does anyone know what exactly is being tracked?

I derive immense value from MSFT&#x27;s VSCode. I don&#x27;t think the telemetry in VSCode is similar to cookie tracking by Facebook et al. Frankly, I do not understand the fiscal benefit the Microsoft from VSCode, but I&#x27;d like to continue supporting Microsoft&#x27;s version, as the telemetry from an IDE don&#x27;t seem to be all encompassing privacy wise, like web tracking

Meh. I just set the environment variable in my dotfiles which opts me out of telemetry. I can&#x27;t recall a case where MS would outright lie about stuff like this. I.e. with Win 10 they flat out tell you you can&#x27;t disable all telemetry, and in the case of VSCode they&#x27;re targeting a real hard-ass demographic, so I trust them to not track me when I told them not to. I also don&#x27;t use VSCode very often, though.

Would&#x27;ve been good if it detailed what its tracking. I assume its update notifications and usage telemetry, which is fine by me.

This is nice and all but, from my perspective, the biggest issue with VSCode isn&#x27;t the telemetry but the battery drain. Even though I prefer VSCode to Sublime the negative effect on battery life, particularly for sizeable projects, forced me back to Sublime for most use cases.

If you are concerned with privacy and use <i>any</i> Microsoft products (you&#x27;re already making a mistake by doing so in the first place but) I would recommend, by default, blocking all Internet access to&#x2F;from the host (edit: <i>by default</i>; make exceptions as needed, obviously).<p>I&#x27;ve got one Windows machine here, just so I can run one specific client that I have to use for an internally-hosted application. That machine doesn&#x27;t have a default route, just a single static route that lets it communicate with the (internal) things it needs to and, just for good measure, there are firewall rules (on the router connected to my upstream) that block any traffic to&#x2F;from this machine and the Internet. (Sadly, I would not be surprised to learn that it can &quot;fallback&quot; to using DNS queries or some such to report back to the mothership.)<p>I think we&#x27;ll eventually get to the point where, in general, devices <i>won&#x27;t</i> have a default route. It might take a while, though -- currently, way too many people are still completely okay with every device and application they use spying on them and reporting back on what they do.<p>So-called &quot;default deny&quot; firewall policies for incoming traffic are pretty common nowadays. I can&#x27;t wait for &quot;default deny&quot; policies for outbound traffic to become standard as well.

Is there any difference between this and the version in Arch&#x27;s community repo?[0] Obviously VSCodium appears to target more distros.<p>From my experience <i>code</i> (Arch) is entirely debranded, so I can&#x27;t imagine telemetry was left in.<p>[0] <a href="https:&#x2F;&#x2F;www.archlinux.org&#x2F;packages&#x2F;community&#x2F;x86_64&#x2F;code&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.archlinux.org&#x2F;packages&#x2F;community&#x2F;x86_64&#x2F;code&#x2F;</a>

Everyone is focusing on telemetry being turned off by default, but I think the real benefit of VSCodium is that it doesn’t force you to agree to the non-free license <a href="https:&#x2F;&#x2F;code.visualstudio.com&#x2F;License&#x2F;" rel="nofollow">https:&#x2F;&#x2F;code.visualstudio.com&#x2F;License&#x2F;</a> that comes with standard VS Code (which is different from the MIT license in the repo, <a href="https:&#x2F;&#x2F;github.com&#x2F;Microsoft&#x2F;vscode&#x2F;blob&#x2F;master&#x2F;LICENSE.txt" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Microsoft&#x2F;vscode&#x2F;blob&#x2F;master&#x2F;LICENSE.txt</a>). See the issue <a href="https:&#x2F;&#x2F;github.com&#x2F;Microsoft&#x2F;vscode&#x2F;issues&#x2F;17996" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Microsoft&#x2F;vscode&#x2F;issues&#x2F;17996</a> for discussion of the problems with that license.

Some developers are a funny bunch, always chasing after the next cool thing: either a language, an editor, a stack or a methodology. I’ve watched the RoR hype, the Agile frenzy, the Sublime Text popularity, the Angular and React mania... The truth of the matter is that while a developer needs to keep up with new tech, often “new” doesn’t mean better, just different. Choosing the right tools for the job at hand from all the available ones, not just the “cool” ones, is an often missed quality of a good developer.

VSCode seems rather monolithic. Skimming it briefly, there seems code which might be usefully repackaged as npm packages for service elsewhere. (I didn&#x27;t check whether npm packages exist providing similar functionality.)<p>This can certainly be the right call for a project. But maybe it&#x27;s an untapped opportunity for the broader community?<p>Has anyone looked at running a tracking fork, say mechanically massaging vscode into a monorepo?<p>As I explore opportunities for coding inside VR, having a more integrated ecosystem for creating IDEs would be nice.

Hmmm. Do I trust Microsoft or some unknown person on the internet?

The fossmint.com website is full with advertisement, social links and an annoying popup. Somehow funny to visit there to avoid trackers...

Are you allowed to use .NET Core debugging with VSCodium?<p><a href="https:&#x2F;&#x2F;github.com&#x2F;dotnet&#x2F;core&#x2F;issues&#x2F;505" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;dotnet&#x2F;core&#x2F;issues&#x2F;505</a>

I shall still prefer to go with the usual editors like sublime, vim. At the very least I can be certain that vim is not reading the files I am editing.

Isn&#x27;t the use of the vscode store extensions proprietary?

this is great. we could make it a proper fork and get rid of the constant nagging of notifications wanting to manage your git repo, install plugins, etc...

I do not trust Facebook with my personal data on their site, but I would absolutely trust them to turn off arbitrary telemetry data if in fact it said it was &#x27;off&#x27;.<p>I just don&#x27;t think there&#x27;s a big evil conflict of interest or whatever for this stuff to get slippery.<p>No yet anyhow.

Are we still on with the FUD about telemetry?<p>It doesn&#x27;t help anybody except probably the one guy who &#x27;Showed Microsoft&#x27;.<p>Telemetry helps improve products and opt-out means the product company will miss out on the behavior of power users thereby not being able to optimize their software for their usage.

This is awesome, it&#x27;s a lot faster than VSCode. I can now use a low end machine to code finally haha. No need for 12GB Ram notebooks anymore.