Describe the bug
Upon launch, VSCodium attempts twice to connect to vscodium.now.sh which, due to the unencrypted nature of SNI, leaks the fact that I am launching my editor to my ISP, my national military, the Zeit/Now operators, their hosting provider/upstreams, and the VSCodium devs.
I believe this is an autoupdate check, but it is still leaking an "editor launched" telemetry event inadvertently. It should perform autoupdate checks only once per week or, ideally, month, at a randomized time after launch that is at least 1 hour. (Ideally, it'd launch a consent dialog for autoupdate checks at all.)
To Reproduce
Expected behavior
No telemetry is sent.
Screenshots

Desktop (please complete the following information):
This is a fair observation. Since we don't have any control over "when" the auto-update check is made, perhaps the best step forward is to disable auto-updates by default and let users know in the README that they can change that setting to their preference if they would like VSCodium to autoupdate.
What do you think about this approach @sneak ?
Another idea is to leave in the feature but include a note in https://github.com/VSCodium/vscodium/blob/master/DOCS.md#getting-all-the-telemetry-out where other "information leaks" are mentioned.
I think that disabling autoupdate is preferable. If a user installs via brew/caskroom or a distro package manager (which is probable in most cases), then updating is handled automatically by their package manager.
The marketplace and other stuff absolutely require network requests for functionality to work; that's a horse of a different color. The editor works perfectly fine forever if the autoupdate check is disabled, users will suffer no ill effects from it being disabled.
Another option would be to remind the user after a period of time (weeks, months) to trigger a manual update check.
Hi @sneak !
We're still losers in that game, but still need trying.
My testbed is a separate computer, running Manjaro, with VSCodium built from source.
Settings(search for "update"):
And tcpdump -i any running.
So, I see no noise at startup, but still need more tries.
I still insist on an idea to get some totally silent settings defaults...
@sneak , please keep monitoring with tcpdump, wireshark, or whatever you've got.
@sneak
Noway. An empty VSCodium looks silent, but as I add a directory - it just spams networking with: bc.googleusercontent.com. Probably necrosoft really needs to know everything we're doing in VSCodium.
@sneak , please check this config.json if it helps you: https://github.com/VSCodium/vscodium/issues/407#issuecomment-678683617
Applications restarts and new folder additions are pretty silent.
Most helpful comment
I think that disabling autoupdate is preferable. If a user installs via brew/caskroom or a distro package manager (which is probable in most cases), then updating is handled automatically by their package manager.
The marketplace and other stuff absolutely require network requests for functionality to work; that's a horse of a different color. The editor works perfectly fine forever if the autoupdate check is disabled, users will suffer no ill effects from it being disabled.