by Matetricks on 8/1/17, 4:41 PM with 114 comments
by eropple on 8/1/17, 7:17 PM
Like, I get working for even exploitative companies (though I won't)--economic insecurity is definitely a thing and we all gotta eat. But you can find a job that doesn't involve literally spying on the down-low. I promise you, you can.
Abandon these jerks before they bring you down with them. They've demonstrated a willingness to screw people and even if you don't really care about them screwing other people, they'll screw you too.
EDIT: Also, because it's on-topic and the post on HN seems to have gone ignored, somebody is typo-squatting `cross-env` on NPM and dumping environment variables to a Chinese server run by "HackTask", it probably deserves a signal boost: https://twitter.com/o_cee/status/892306836199800836 https://news.ycombinator.com/item?id=14901566
by dabber on 8/1/17, 6:33 PM
tl;dr for that is basically:
Kite has been collecting "anonymous" data from sublime users with the SideBarEnhancements plugin installed. This has been happening for atleast a year and the data collected included activeNonBundledPackageNames which is basically a list of packages installed via Package Control.
It seems they were intentionally unclear about who the data was sent to and did not think to remove it from the plugin after the Atom Minimap incedent because:
> the truth is we didn't remember [2]
[1] https://www.reddit.com/r/programming/comments/6qwtfz/kite_in...
[2] https://forum.sublimetext.com/t/rfc-default-package-control-...
by AdmiralAsshat on 8/1/17, 7:28 PM
You cannot fight this kind of malevolence with a finger-wag and a proposed solution that you simply inform the user next time before doing it. It will become buried inside the ToS and become ignored and commonplace. Stop it now and forever, while the spotlight is on it.
by tradesmanhelix on 8/1/17, 6:33 PM
Sorry Kite - fool us once, shame on you. Fool us twice, shame on us. There's now a 0% chance of my ever using your products or services.
by bajabaron on 8/1/17, 6:10 PM
But you can see kite's own installer uses the same ip address for its telemetry: https://github.com/kiteco/kite-installer/blob/master/ext/tel...
by ivanbakel on 8/1/17, 7:26 PM
This is a complete destruction of their narrative from last week. They'll be sorry for being caught - again - and we'll have to be on continual lookout for this kind of thing in the future. I can't wait for the floodgates to open, once major tech companies figure out that there's not enough oversight to prevent this 100% of the time: I expect more than a few projects to be bought out similarly.
by synaesthesisx on 8/1/17, 7:11 PM
by paradite on 8/1/17, 7:39 PM
I discovered tracking codes inside a browser extension back in 2013, and I doubt that it would be the last one:
https://paradite.com/2013/12/07/solved-issue-with-vglnk-all-...
(Ironically by visiting my blog post you are contributing to tracking by Google Analytics)
by spdy on 8/1/17, 9:04 PM
You just kill all credibility on the way and you will be outlawed by maintainers etc.
We may be many but at certain bottlenecks ethics is still high and with OSS we are able to just fork packages.
As companies start to exploit developers trust we have to rethink the security model inside our IDE`s and probably move to a smartphone like sandbox model.
by sergiotapia on 8/1/17, 7:06 PM
by dsl on 8/1/17, 7:16 PM
They seem to be very keen on paying addon developers to distribute their crapware.
by ekiminmo on 8/1/17, 10:39 PM
by omginternets on 8/1/17, 6:29 PM
by hd4 on 8/2/17, 2:26 PM
Like, did they not think that we wouldn't catch them in the act?
Don't try to steal from thieves.
by TaizWeb on 8/1/17, 10:28 PM
by wedowhatwedo on 8/1/17, 6:39 PM
by thrillgore on 8/2/17, 3:29 AM
by Gaelan on 8/2/17, 5:00 AM