Microsoft repo installed on Raspbian

Just saw this topic on the Linux subreddit and thought it might be worth a look for people here that also run Raspberry Pi’s.

Apparently the repo causes any update operation to ping a Microsoft server, essentially allowing them to see that a Raspberry Pi exists at the IP address.

1 Like

Hello, welcome to the forum :slight_smile:

Yes, it’s happening… It is a repository, but it does not pull in any software unless you use VSCode.

To solve you may remove the “vscode.list” file from “/etc/apt/sources.list.d” if it bothers you.

Let me just…

there.

This is how web servers work. :wink:

If you use EnOS then every time you run pacman -Syu it will “ping” a mirror to check for updates.

6 Likes

A number of points I’d like to make before I go:

  • The RPF added a repository to the Raspbian sources list apparently without first informing their users or asking for their permission.
    • They did this so that installing VS Code would be easier for newbies.
  • If you have VS Code installed, that repository is going to be accessed for updates.
  • Microsoft, despite their current stance, has not always been the champion of FOSS (let alone any notion of privacy) that it might have you believe it is today.
    • Given that, some people might not want any more to do with Microsoft than is necessary - and I’ve purposefully worded it this way so no one could whip out “But Microsoft has contributed to the kernel!!11!1”
  • Any time you attempt to access a server, such as this repository, the owner of that server can and may see that a connection was attempted from your IP address.
  • I get to choose what mirrors are used when running pacman - they don’t just magically appear out of thin air unless I don’t check my mirrorlist after updating them.
  • I was laying this out there for folks to go check their own equipment.
  • I am turning off my viewing of replies to this topic.
  • Have a good one.
2 Likes

i think the issue is we don’t want microsoft knowing our machines exist. I made mine from parts on amazon so probably everyone knows which ones and how much i spent, including microsoft because they bought that info from amazon at some point

1 Like

ok look it’s Lara Spencer on Flea Market Flip i’m binge watching on every chance i get. Need some inspiration time to FLIP out!

Exactly.

1 Like

unless they are bought and paind for cha-cha-chingies

1 Like

Such people would probably rather write their code in sand on a beach during a tsunami than use VS Code, myself included.

This is the important part.

6 Likes

How easy/difficult would it have been for the devs to include a mirror to open source builds of vscode. For eg. in arch we have code package which is the open source build. People specifically wanting MS’ vscode can voluntarily install it from the aur.

I’ve never used an R Pi/Paspbian, so asking for my knowledge: Does the installer ask users if they want to include “non-free repo from a shady company” to their system or does it include the MS repo without any indication whatsoever?

I personally feel that including a repo by MS without “WARNING” the users isn’t not ethical on the dev’s part :laughing:

Edit: Thanks for informing this. I was planning to set up PiHole sometime later, and I’ll keep an eye out for the vscode repo.

I would say that the reaction is a bit over the top. After all, it is just something they did to make users lives easier IF and only IF they happen to use vscode (which implies some chance of their being aware of the possibilities) and IF and only IF they happen to expose their OWN IP (no VPN for example) and IF and only IF they happen to run the Pi on something other than (for instance) EnOS! Seems fairly lightweight as threats go, especially compared to the things ‘they’ already know (probably including address the Pi was sipped to in the first place!)

Just MHO - take it as you will :grin:

3 Likes

Honestly, they could have avoided all of this by making a quick tweet or a blog post about this. Unnecessary drama that just makes the community look bad.

3 Likes

I saw this yesterday when I was playing a bit with my DNS server. I don’t know how I feel about it. I think you should have gotten some info about it.

RPi4

I use Windows but do not know if I want it in Linux :wink:

2 Likes

I… don’t see an issue with this. But then some people refuse to use ClearLinux because it is by Intel and Intel are EVIL ™. While using a PC… and arguing you should use Intels products instead of NVIDIA. Because NVIDIA is EVIL ™ but not Intel. Suddenly.
Or refusing to use ANY distro that has ANY connection with a company, be it Fedora, Suse, Ubuntu…

…But then install Steam on their system… And so on.
If you don’t trust any companies or large organizations, why on earth do you live in an apartment, buy food, or use any kind of electronic device. It’s like people yelling about boycotting China while tweeting on their iPhones.

3 Likes

Just because you don’t see an issue, does not mean that others do not see it, or that there isn’t one. :man_shrugging:t3:

3 Likes

I prefer my Cold Harbor with a bit less Tamriel in it, Thank YOU very much. - Sir Cadwel

2 Likes

I don’t get any of it :stuck_out_tongue:

I’m from Sweden so is a bit stupid :wink:

2 Likes

It’s bad:

:confused:

2 Likes

I don’t think he knows what the word “Infiltrate” means.