unfortunately, as I discovered with a recent fresh Manjaro install, VSCodium cannot access the standard MS extension repo, which makes it next to worthless as a production tool because no one is uploading anything to their own repo. I can't work without my tools, and I can't be arsed to manually install and build and update every extension and its dependencies that I rely on.
Of course, that's against the Microsoft licensing agreement. The VS Extension marketplace is only licensed for use with Visual Studio and Visual Studio Code (as are all of the good Microsoft extensions: Pylance, the Remote Pack, Codespaces, etc).
The top of the log file for the remote extension always says this:
"
*
* Visual Studio Code Server
*
* Reminder: You may only use this software with Visual Studio family products,
A perfect encapsulation of why these privacy complaints are next to worthless. You don't trust Microsoft with telemetry but your package.json pulls in 30 packages from completely random Internet strangers who published something that looked cool on GitHub.
There's no coherent threat model here. There are a million different ways to shoot yourself in the foot and compromise your codebase before we even begin to consider what Microsoft can do with the knowledge of what buttons you press sometimes.
Privacy and security are the same thing. When one is compromised so is the other. Any untrusted code that runs on your machine has the implicit capability of exfiltrating information that would rip apart your privacy.
My threat model is Microsoft selling bogus "productivity enhancement" features to customers, pushing duplicated features, collecting data on costumers to acquire business sensitive information, and using marketshare as leverage to strangle better products.
