Microsoftย adds secret snooping codes intoย C++ Binaries Visual Studio 2015, when caught says it is for debugging
Microsoft has once again upset a large number of people, and this time because of the companyโs updated Visual Studio 2015, which is adding secret telemetry code in the C++ binaries compiled by every developer.
The issue surfaced in May on Reddit, when a user notice Microsoft inserting telemetry_main_invoke_trigger and telemetry_main_return_trigger into binaries as they are compiled. They have been found in both debug and release versions of the software in Windows 7 and Windows 10. There is now a busy thread on Reddit debating the company’s thinking behind including this ‘feature’.
What was bothersome for the Reddit users that the existence of the functions was not referenced in any documentation, not online, and neither in the software’s built-in documentation package.
Telemetry data is a sensitive subject with Microsoft users, and at the start, most people thought this to be another method through which Microsoft adds telemetry calls to snoop on users and the way they use their software on Windows.
Steve Carroll, one of the high-ranking managers for the Visual Studio team, was kind enough to answer’s everyone’s questions regarding this undocumented feature.
โOur intent was benign โ our desire was to build a framework that will help investigate performance problems and improve the quality of our optimizer should we get any reports of slowdowns or endemic perf problems in the field.
โWe apologize for raising the suspicion levels even further by not including the CRT source, this was just an oversight on our part. Despite that, some of you already investigated how this mechanism works in nice detail. As you have already called out, what the code does is trigger an ETW event which, when itโs turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. We havenโt actually gone through this full exercise with any customers to date though, and we are so far relying on our established approaches to investigate and address potential problems instead.โ
This debug feature was added in Visual Studio 2015 Update 1, and is currently on Update 2 as well, However, Carroll says its team plans to remove it in Update 3 after this strong backlash.
He also offered a workaround for those concerned about the telemetry feature and said that to remove any telemetry calls added automatically to any compiled C++ binaries; developers should add the notelemetry.obj to their linker command line.
Previously to being talked on Reddit, Russian developers also had a run-in with the telemetry call and had discussions about it on Habrahabr.