Microsoft says it’s for debugging, not spying. Internet users have pulled out the pitchforks and are once again at odds with Microsoft regarding telemetry data, but this time around it’s because the company updated Visual Studio 2015, which is now adding secret telemetry code in the C++ binaries compiled by every developer.
The issue surfaced in May on Reddit, when a user noticed a function named “telemetry_main_invoke_trigger” added to every binary he compiled for his private projects.
The user tested and discovered this happening with Debug and Release-level binary builds, on both Windows 7 and Windows 10.
Microsoft failed to document the Visual Studio telemetry codes
What worried Reddit users was that there was no documentation for these calls, not online, and neither in the software’s built-in documentation package.
Telemetry data is a sensitive subject with Microsoft users, and in the beginning, most people considered this to be another method through which Microsoft adds telemetry calls to spy on users and the way they use their software on Windows.
Steve Carroll, one of the high-ranking managers for the Visual Studio team, was kind enough to answer’s everyone’s questions regarding this undocumented feature.
“ Our intent was benign – our desire was to build a framework that will help investigate performance problems and improve the quality of our optimizer should we get any reports of slowdowns or endemic perf problems in the field. We apologize for raising the suspicion levels even further by not including the CRT source, this was just an oversight on our part. ”
So “telemetry” wasn’t meant in the general term used in Windows 10, to gather data about users, but as an alternative debug system, meant for developers only. Carroll also explained:
“ Despite that, some of you already investigated how this mechanism works in nice detail. As you have already called out, what the code does is trigger an ETW event which, when it’s turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. We haven’t actually gone through this full exercise with any customers to date though, and we are so far relying on our established approaches to investigate and address potential problems instead. ”
This debug feature was added in Visual Studio 2015 Update 1, and also exists in Update 2, but Carroll says its team plans to remove it in Update 3 after this intense backlash.
Visual Studio 2015 users can remove these telemetry calls
Carroll also said that to remove any telemetry calls added automatically to any compiled C++ binaries, developers should add the notelemetry.obj to their linker command line.
Previously to being talked on Reddit, Russian developers also had a run-in with the telemetry call and had discussions about it on Habrahabr.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.