[HN Gopher] Xcode constantly phones home
___________________________________________________________________
Xcode constantly phones home
Author : MaysonL
Score : 80 points
Date : 2025-03-01 20:03 UTC (2 hours ago)
(HTM) web link (lapcatsoftware.com)
(TXT) w3m dump (lapcatsoftware.com)
| cratermoon wrote:
| Now do Visual Studio. Give Visual Studio Code a spin, too, if you
| have time.
| gjsman-1000 wrote:
| Now do almost any modern video game, particularly those with
| Denuvo, if you have time.
| nazgulsenpai wrote:
| You mean the ones you launch from Steam?
| gjsman-1000 wrote:
| Now consider how much phoning home Steam is doing...
| Rohansi wrote:
| Steam does its own thing but many games also collect their
| own analytics as you play.
| 1over137 wrote:
| Or almost any modern software period. Everyone is in love
| with data gather and analytics.
| ryandrake wrote:
| As long as it is only done with the user's consent, and the
| analytics can be turned off by the user, I don't see a
| problem. But if it's forced and/or done without consent,
| then it's a problem no matter if you're Apple, Microsoft,
| Steam, Epic, or any other company.
| pakyr wrote:
| Just run VSCodium[0]. Unfortunately there's no Xcode
| equivalent, of course.
|
| [0]https://vscodium.com/
| koito17 wrote:
| I wouldn't call VSCodium an equivalent[0].
| Please note that some Visual Studio Code extensions have
| licenses that restrict their use to the official Visual
| Studio Code builds and therefore do not work with VSCodium.
| ... In some cases, ... [workarounds] won't help
| because the extension is hard-coded to only work with the
| official Visual Studio Code product.
|
| Notably absent are all of the remote debugging extensions and
| Copilot. This would be a deal-breaker for many.
|
| [0] https://github.com/VSCodium/vscodium/blob/master/docs/ind
| ex....
| Rohansi wrote:
| Everything collects analytics these days. However, VS Code
| let's you opt out of telemetry and I doubt it slows down builds
| like Xcode is doing.
| LeoPanthera wrote:
| Previously: https://news.ycombinator.com/item?id=43168589
|
| Although the title was not changed, if you don't read the actual
| post, it's misleading.
|
| It makes connections to Apple when you launch it, and when you
| open project files.
|
| It also makes connections when you build, although that is to be
| expected, since signing is required for uploading builds to the
| store.
|
| It does not "constantly" phone home.
| ryandrake wrote:
| None of these are "expected." It shouldn't have to connect to
| Apple when you launch it. The installed executable is all that
| is necessary to run the thing. It -can- launch without a
| network connection, therefore it should not initiate a
| connection without the user's consent. It's none of Apple's
| business when I launch Xcode. Same for opening a project. A
| compiler does not require online assets just to open a project
| file. It's none of Apple's business what project I'm opening
| and when I do it. It should not need to make a connection to
| Apple when it builds either, only when it is signing (assuming
| the signing cannot be done on device).
|
| As a user, I wouldn't expect any of this kind of telemetry, at
| least out of the box without opting in to it.
| Boldened15 wrote:
| Headline buries the lede imo, should be "Xcode slows down builds
| by constantly phoning home". Given the walled garden nature of
| Apple and the app review process it's not really surprising that
| Xcode would be full of forced telemetry
|
| Also not the worst thing for Apple to measure average build times
| or whether developers are discovering some new feature they
| added, that can be actually helpful for improving the product.
| pjerem wrote:
| > Also not the worst thing for Apple to measure average build
| times or whether developers are discovering some new feature
| they added, that can be actually helpful for improving the
| product.
|
| That have always been the point of telemetry. The issue is when
| it's hidden and /or the collected data is misused.
| 3eb7988a1663 wrote:
| Or even used at all. Feels like a lot of telemetry is getting
| collected simply because it can. "What if there is value we
| could unlock?!" Never mind that all decisions will be made on
| a manager's gut instinct.
| threeseed wrote:
| I have worked at plenty of places where analytics data is
| used to drive decision making.
|
| And surely we can all agree that a data driven approach is
| better than gut instinct.
| bayindirh wrote:
| > And surely we can all agree that a data driven approach
| is better than gut instinct.
|
| Then when people do the right thing, or have a good
| instinct about what to do next, we call them leaders (if
| they succeed), and praise them. Like Steve Jobs.
|
| If the same people fail, even with the data on their
| side, we kick them down, set on fire and parade them for
| their failure.
| layer8 wrote:
| A data-driven approach can optimize for the wrong thing,
| usually because of statistical fallacies or because it is
| disregarding context. In that case, gut instinct may
| yield more desirable results. Telemetry also isn't a
| replacement for end-user field studies.
| tomnipotent wrote:
| > A data-driven approach can optimize for the wrong thing
|
| So does firing from the hip, so what? And I'd wager
| firing from the hip has a higher failure rate. At least
| by using data I have an actual argument for my position,
| other than "but muh feelings!" My CEO doesn't give two
| shit about how I "felt" the project would go, and I can't
| imagine how poorly that discussion will go when we meed
| to review what happened.
|
| At the end of the day the companies that are succeeding
| and growing are using data to inform their decisions.
| threeseed wrote:
| a) There is no correlation between a walled garden and
| telemetry. I use plenty of open source software that asks for
| analytics and crash reports. In fact I take it as a positive
| sign as it means they are committed to making a better product.
|
| b) In this case the provisioning profiles are essential to the
| build process so it makes sense for Apple to check for updates
| as you are building.
| lapcat wrote:
| > Also not the worst thing for Apple to measure average build
| times
|
| There's no evidence that Apple is measuring average build
| times. As the screenshot in the article shows, gather
| provisioning inputs is actually one of the earliest build
| phases. Moreover, build time is not a useful measure, because
| it depends crucially on the number of source files, the
| programming languages, clean vs. incremental builds, run script
| build phases, and various other factors that vary almost
| infinitely from project to project.
|
| The article does not even claim that the connections are
| telemetry. Gather provisioning inputs is without a doubt
| exactly what it says it is. Nonetheless, it's not necessary for
| Xcode gather provisioning inputs on every build, especially not
| for non-archive builds, and a side effect of doing it on every
| build is that Apple receives personally identifiable data about
| developers and their everyday activities, regardless of whether
| that was Apple's intention.
|
| There appears to be a common assumption that every privacy
| violation has to be intentional, some kind of conspiracy, but
| that's not true. A lot of privacy violations are just
| thoughtlessness or incompetence. But that doesn't excuse them.
| worik wrote:
| > Or perhaps Apple believes that developers are subhuman...
|
| From my three years of experience as a developer of iOS
| applications, this is the root cause.
|
| How the mighty have fallen
| ChrisArchitect wrote:
| Discussion: https://news.ycombinator.com/item?id=43168589
| exiguus wrote:
| Basically everything is phoning home this days. Also vscode,
| chrome, brave, Thunderbird, Firefox. Also JIRA and Outlook or
| Teams is crazy about that. Just run "tcpdump -i any port 53" and
| you can monitor it. Or use mitproxy to get detailed req and res.
| Personally I use a dns block list like
| https://github.com/hagezi/dns-blocklists with dnmasq or dnsdist.
| Works great :)
| EatFlamingDeath wrote:
| I sincerely don't understand how devs that use macOS put up with
| this crap. I remember getting a Macbook M1 from the company I
| used to work for and the battery life was amazing, but as soon as
| I needed to install Xcode I just gave up. It's unbelievably bad,
| fuck that.
| ChrisMarshallNY wrote:
| Dupe: https://news.ycombinator.com/item?id=43168589 (Couple of
| days ago -58 comments)
___________________________________________________________________
(page generated 2025-03-01 23:00 UTC)