Sublime Forum

RFC: Default Package Control Channel and Package Telemetry

#82

Hi, anaconda author here. Anaconda (or any other ST package published by me) is community driven, I have no reasons to need any kind of telemetry or whatever as is the community who drives the development of the package.

Thanks.

1 Like

#83

I agree thatā€™s a security problem.

With Pycharm, I likely would not be installing plugins - Jetbrains designed Pycharm to be batteries included and plugins are mostly secondary. By comparison, Sublime Text is designed around the expectation that plugins will be installed; Sublime Text without a plugin system is uninteresting to me as a developer.

0 Likes

#84

I really do appreciate the care and attention that @FichteFoll has put into maintenance. Secondly, I want to also state that I really appreciate the tool that you (@wbond) have built. And please do not take my critical remarks to indicate that in any way I feel like Sublime Text is a shitty product - I love and promote ST.

The problem is that every community sourced editor is becoming a liability, and admittedly, thatā€™s an arms race - but I donā€™t think itā€™s something anyone can escape or ignore. If Iā€™m constantly having to tweak or maintain something, I generally find a way to automate or replace that thing. Everyoneā€™s pain tolerance is different; for me, for toolsā€¦ itā€™s incredibly low because my productivity and output is directly tied to my toolset.

For the past 5 years that Iā€™ve been using Sublime Text, I have.

These are great guidelines, but the thing is that Iā€™m trusting you (i.e. the author/s of Sublime Text) as the provider of the software which runs the plugin code to ā€œget it rightā€. And if thereā€™s too much onus on me to maintain the tool Iā€™m using, Iā€™m just going to look for a new one. I donā€™t want to spend time developing (or maintaining) tools.

0 Likes

#85

@damnwidget : Thank you, Sir, for being such a good samaritan. I really appreciate all the hours, sweat you have put into making Anaconda. It is indeed a beautiful product. You have worked long and hard without expecting back anything back from the community. Such an awesome gesture.

Thank you once again.

0 Likes

#86

While itā€™s up to the user to be aware of what is being installed, there needs to be some way of letting users know what is going on.

  • Soā€¦ if I go out and grab a package from just anywhere and install it, shame on me if it does something I donā€™t like.
  • For a centralized distribution channel, I believe it would be a benefit if it was known before hand that the package used any external connections (for whatever purpose). So maybe the process of registering/submitting a tool to the Package Control Channel should require a disclosure of any ā€œexternalā€ data connections.
  • If it is discovered that a package violates the above disclosure, it should be banned from the distribution channel.

I think the above would address the issue of having packages where the sole purpose is to communicate with some external service (for whatever reason).

One thing that might be helpful is if ST (and maybe the package control plugin) would provide a ā€œversion check/upgrade noticeā€ api that plugin developers could use. That way ST could itself do some control of what information is sent/received. The user should be able to turn on/off the check as desired.

As already has been stated, the problem is when the communication with some external entity is covert and ā€œoutsideā€ what the user might expect.

As a user, I donā€™t mind a plugin doing the version check/upgrade notice type of things, but if I discover plugin doing a covert back channel of data collecting, I would end up removing that plugin.

0 Likes

#87

I was using Kite plugin in Sublime Text 3 to get auto-completion and their docs follow the cursor feature but facing crashes by the editor so I uninstalled that plugin from Sublime Text 3 & installed that plugin in VSCode to see what happens. In VSCode the editor itself is not crashing but the plugin was not working as expected like in Sublime Text 3 :slight_smile:

Then I found this thread discussion here.

After un-installation of plugin from Sublime Text 3, couple of days ago Iā€™ve received an email :email: from Kite team, like this:

Hi,
You are receiving this email because you used Kite with Sublime Text 3 between February 17 and March 11. During this time period, there was an error in Kiteā€™s Sublime package that caused Sublime to freeze intermittently. This issue has since been fixed and Kite now works properly in Sublime again.

If you uninstalled Kiteā€™s Sublime package, you can easily reinstall it from Kiteā€™s plugin manager. If youā€™ve uninstalled Kite but want to try it again, please visit our download page.

Going forward, we will ensure that the use cases that caused this freeze are QAā€™ed properly. We apologize sincerely for the inconvenience and appreciate your patience and support.

If you have any questions, please feel free to reply to this email.

Sincerely,
The Kite Team

So, I replied with my questions :thinking: in my mind about the plugin as follows:

Dear The Kite Team,
First of all thanks for fixing the issue in Sublime Text.
I have few questions in mind please consider to answer:

1. One thing is how do you understand that editor is crashing while coding ?
2. Do you still have tracker in you plugin code ?
3. There is thread in Sublime Text forums that Kite is collecting data/tracking from other plugins as well like SideBarEnhancements and in case of Atom editor , itā€™s Minimap . Do you have data collection/tracking from other plugins as well ( other plugins means plugins in editors like Sublime Text , Atom & Visual Studio Code ) ? Which plugins are they ?
4. Do you collect source code files to analyse/train auto-completion model for Kite ? Since again one of the thread in in Sublime Text forums posted you have policy that collect source code/source code files of users. What about this ?

I asked to answer these questions to the Kite team with also submitting bugs for Kite plugin in VSCode & the bug I reported via email along with screenshot:

When this issue is encountered, I tried to use Kite in Visual Studio Code at this time no crashes were observed. But only two things were problematic.

1. First problem is when we hover a function or user-defined function, the " Docs " link which opens Kite itself to show docs by opening window itself. Then to the right side of " Docs ", there is another link called " Def " but this is not clickable (so can not jump to method definition) and shows the command of on click in hover tool box. I have sent image of this first problem in the attachment below please check it out for better understanding.

2. Second problem is about the great feature ā€™ Docs are following cursor ā€™ is not working when clicked on method name even in predefined library functions ( like functions in OpenCV library such as cv2.imshow() ).

These two problems above that occurred in Visual Studio Code those does not exist in case of Sublime Text .
Please work on these issues as soon as possible & fix them.
Also check out the image in attachment ( Kite_issue.png ) below for first issue that I mentioned for Visual Studio Code .

I also asked for feature request in the end of email.

BUT today, 5 days have passed still does not received any reply from Kite teamā€¦

So in conclusion from now I will NOT use this plugin since if you (Kite team) do not answer questions of your users; why you say If you have any questions, please feel free to reply to this email., then itā€™s very suspicious that youā€™re either collecting some serious information like source code, files or whateverā€¦
Yes you have the privacy page of Kite but you should answer if someone is asking questions about your productā€¦ :anger::slightly_frowning_face:

Anyway, guys be careful when you use plugins like Kite who can even collect data from other plugins as we know already, even though they may say they are not going to do collectionā€¦

Thanks

1 Like

#88

Iā€™m relatively new to technology, and it gives me a lot of confidence to know that there is a community concerned about the integrity of our rights. :slightly_smiling_face:

0 Likes