Implement privacy mode

[haraldrudell]

There should be a configurable privacy flag preventing Visual Studio Code from making any outbound connections similar to macOS firewall stealth mode. This would be useful to prevent someone with access to github operations data or an administrator of github accounts from tracking you.

Visual Studio Code immediately on launch makes various outbound tcp connections over https to Microsoft Corporation

Some Visual Studio Code out-of-the-box behavior has been seen to contact github every 3 minutes

• VSCode Version: 1.16.0
• OS Version: Linux

[kieferrm]

@haraldrudell here is some information that gets you close, but not all the way there.

• update.channel if set to none, we don't contact our update servers
• telemetry.enableCrashReporter if set to false, we don't upload any crash data
• telemetry.enableTelemetry if set to false, we don't send any telemetry data
• git.autofetch and git.autorefresh if set to false, we don't talk to the configured remote anymore without you requesting it explicitly

What you currently can not prevent from happening is that we contact the extension market place to see if there are newer versions of the extensions you have installed.

Also, as extensions have access to the full node API, they can make outbound requests without us being able to control it.

[haraldrudell]

I am on Linux, so I launched vscode with specific group like sg codegroup /usr/share/code/code
in a launch copy placed at ~/.local/share/applications/code-grouped.desktop. Then the magic is:

iptables --insert OUTPUT --match owner --gid-owner $(getent group codegroup | cut --delimiter=: --field=3) --jump DROP
iptables --insert OUTPUT --match limit --limit 6/min --jump LOG --log-prefix "ipt-codegroup-output "

Thank you for your suggestions, though anything that does not block by default would not be safe. When I can bring myself to trust Docker, then I might use that.

[costela]

@haraldrudell I realize this isn't for everyone, but being on linux, you might be interested in flatpak as a more general solution. With it you can put vscode inside its own container and just explicitly allow it access to certain resources (like network or certain folders). Probably not enough security for applications hellbent on breaking out of containment and wreaking havok, but probably enough for apps that are simply too "chatty". There's even a somewhat "official" packages here, and #7112 for a real official package, but both approaches seem to use a "share-all" approach, so if you use those, remember to revoke access to network and/or filesystem before running.

Snap would also be an alternative in the same spirit (#5458), but I haven't looked into the details enough to be able to recommend it.

[kieferrm]

Some additions to #34503 (comment). For VS Code core we made sure that all functions that make calls to the outside can be configured in settings as described in the FAQ. There is still the issue that extensions may implement their own outbound connections and not allow to configure those.