You Think the Visual Studio Code binary you use is a Free Software? Think again.

Did you download your binary of Visual Studio Code directly from the official website? If so, you’re not using a Free Software and only Microsoft knows what was added to this binary. And you should think of the worst possible.

It says “Open Source” and offers to download non open source binary packages. Very misleading.

The Microsoft Trick

I’m not a lawyer, I could be wrong or not accurate enough in my analysis (sorry!) but I’ll try nonetheless to give my understanding of the situation because the current state of licensing of Visual Studio Code tries to fool most users.

Microsoft uses here a simple but clever trick allowed by the license of the code source of Visual Studio Code: the MIT license, a permissive Free Software license.

Indeed, the MIT license is really straightforward. Do whatever you want with this software, keeps the original copyright and I’m not responsible of what could happen with this software. Ok. Except that, for the situation of Visual Studio Code, it only covers the source code, not the binary.

Unlike most of the GPL-based licenses for which both the source code and the binary built from this source code are covered by the terms of the license, using the MIT license authorizes Microsoft to make available the source code of the software, but do whatever they want with the binary of this software. And let’s be crystal-clear: 99,99% of the VSC users will never ever use directly the source code.

What a non-free license by Microsoft is

And of course Microsoft does not use purposely the MIT license for the binary of Visual Studio Code. In fact they use a fully-armed, Freedom-restricting license, the Microsoft Software License.

Lets have a look at some pieces of it. You can find the full license here: https://code.visualstudio.com/license

This license applies to the Visual Studio Code product. The source code is available under the MIT license agreement.

First sentence of the license. The difference between the license of the source code and the “product”, meaning the binary you’re going to use, is clearly stated.

Data Collection. The software may collect information about you and your use of the software, and send that to Microsoft.

Yeah right, no kidding. Big Surprise from Microsoft.

UPDATES. The software may periodically check for updates, and download and install them for you. You may obtain updates only from Microsoft or authorized sources. Microsoft may need to update your system to provide you with updates. You agree to receive these automatic updates without any additional notice. Updates may not include or support all existing software features, services, or peripheral devices.

I’ll break your installation without further notice and I don’t care what you were doing with it before, because, you know.

SCOPE OF LICENSE (…) you may not:

  • work around any technical limitations in the software;

Also known as “hacking” since… years.

  • reverse engineer, decompile or disassemble the software, or otherwise attempt to derive the source code for the software, except and to the extent required by third party licensing terms governing use of certain open source components that may be included in the software;

Because, there is no way anybody should try to know what we are doing with the binary running on your computer.

  • share, publish, rent or lease the software, or provide the software as a stand-alone offering for others to use.

I may be wrong (again I’m not a lawyer), but it seems to me they forbid you to redistribute this binary, except for the conditions mentioned in the INSTALLATION AND USE RIGHTS section (mostly for the need of your company or/and for giving demos of your products using VSC).

The following sections EXPORT RESTRICTIONS and CONSUMER RIGHTS; REGIONAL VARIATIONS include more and more restrictions about using and sharing the binary.

DISCLAIMER OF WARRANTY. The software is licensed “as-is.”

At last a term which could be identified as a term of a Free Software license. But in this case it’s of course to limit any obligation Microsoft could have towards you.

So the Microsoft software license is definitely not a Free Software license, if you were not convinced by the clever trick of dual licensing the source code and the binary.

What You Could Do

Some answers exist to use VSC in good condition. After all, the source code of VSC comes as a Free Software. So why not building it yourself? It also seems some initiatives appeared, like this repository. That could be a good start.

About the GNU/Linux distributions, packaging VSC (see here for the discussion in Debian) would be a great way to avoid people being abused by the Microsoft trick in order they use a “product” breaking almost any term of what makes a Free Software.

About Me

Carl Chenet, Free Software Indie Hacker, Founder of LinuxJobs.io, a Job board dedicated to Free and Open Source Jobs in the US.

Follow Me On Social Networks

 

 

29 thoughts on “You Think the Visual Studio Code binary you use is a Free Software? Think again.

  1. It’s their own software. The license doesn’t matter. They could put it under GPL and still distribute any binary. Those licenses do not restrict the original copyright holder.

    I really cannot see any real issue here, jus some MS bashing and FUD.

    • Of course the license matters when you distribute a software and you’re wrong, it would change everything. Using the GPL license would also legally protect the binary created from the sources of VSC and ensure you get what you’re expecting for at the binary level.

      There is a strong difference between offering the sources of a program to anyone, which is going to be interesting for 0,01% of the users of VSC, and offering a Free Software binary that will be used by 99,99% of the VSC users. Microsoft deliberately says VSC is “open source” but only targets 0,01% of the VSC users. That’s not a strong signal in favor of a Open Source-friendly new policy by Microsoft.

      • “Of course the license matters when you distribute a software and you’re wrong, it would change everything. Using the GPL license would also legally protect the binary created from the sources of VSC and ensure you get what you’re expecting for at the binary level.”

        This is only true if MS arent the sole copyright holders.

        Software licensing determines what rights non-copyright owners can do with someone else’s copyrighted code.
        You can release software under GPL, and then release the next version under a non-free license, if all contributing copyright holders agree to it.

    • Hello Martin, pardon my comment, unfortunately it’s clearly a serious issue. Saying a nonfree software nonfree is not a FUD, it’s telling the truth. But saying a nonfree software free (they say “open source”), misleads people. Thanks to free software community, corrective information like what Carl wrote prevents us from being deceived.

  2. This has been explained before why they have the different licenses, there’s a GitHub issue out there somewhere with details…this is not the big deal you’re making it…and they’re not trying to “trick” you.
    Just build it from source if you’re going to be all paranoid about it…

    • Building from sources won’t ensure you get the same binary as the one provided by Microsoft. Android apps often add spywares and trackers directly at the binary level. The projet Exodus Privacy helps to identify these deplorable practices.

      Why don’t they provide the same license for the sources and the binary? Because they add things which are not Free Software compliant, it’s obvious. If you read the article, you know they forbid you to reverse-engineer the binary in the Microsoft license. Why? If it was identical to the sources, they wouldn’t, because they would have nothing to hide. That’s not the case. No paranoia here, it’s a transparent trick.

      Lots of people understand it and many projets already provide alternative binaries for VSC, like the one cited in the conclusion.

      • Thanks for the article.

        >If you read the article, you know they forbid you to reverse-engineer the binary in the Microsoft license.

        I think that you can’t forbit reverse-engineer in France (and in Europe ?) or maybe just for military project…

  3. Great analyse and thanks a lot for sharing your research. I’m sorry in behalf of all the ignorance that can’t see the big picture here and accuse you of paranoia! Keep the hard work, heros aren’t always quickly understood.
    Regards.

    • Michael: Thanks! People let comments saying I just FUD Microsoft and I cannot publish these comments because they provide zero arguments.

      My article is far from perfect but it raises some concerns I’m ready to discuss. People are free to like Microsoft and I want to discuss with them, but providing arguments is mandatory to launch a conversation.

  4. Thank You very much for pointing this issue out. I’ve recently switched to RYF-certified hardware, flashed with Libreboot and using fully free OS (Trisquel). Since then, I’m very careful with every install beyond the OS repository. I use Atom (the downloaded binary) for code editing, and I was wondering if it should be wise to build it from source instead (I was aware that the binary could differ from a build from source). I also contemplated about giving VSC a try, but this whole free/open-source mentality of Microsoft seemed fishy. I didn’t know about this “classic” trick with the license, and it’s a very important one. I didn’t know either that the GPL takes care of it too. I always looked at MIT as a more free, careless license towards users, but this is a good example of how it can harm users. It’ll definitely be a warning sign for me in the future. Keep up the good work!

  5. Hi Carl, this is my second time commenting here. Good analysis, and I don’t know if you were there, but Trisquel forum & mailing list also discussed this[1][2] as pointed out by Mason Hock at August 1st. I agree with you, it’s misleading to present this program as free software (they say “open source”) while the binary code is nonfree. Your analysis to the EULA shows it clearly is nonfree. Thanks for pointing out https://github.com/VSCodium/vscodium, I don’t know this before. Please keep your good work on free software!

    [1] https://listas.trisquel.info/pipermail/trisquel-users/2018-August/090269.html
    [2] https://trisquel.info/en/forum/vs-code-free-software-0

  6. I have to doubt that _any_ distributions offer the red-flag binary Microsoft’s peddling on their site. Is there still an active infestation of the sort of marketers Bill Hicks was talking about, and to, at Microsoft? No doubt about that at all, who else would have them? Don’t answer that. Is this binary one of their products? I don’t doubt that either, but that (like the binary, and the people that produced it) is irrelevant. Anybody stupid enough to use this binary would be too stupid to know how to install it.

    Unless . . . what, is this the package included with WSL? That’d be both disturbing and unsurprising.

  7. Also note that one of VSCode’s main features is the C++ extension with IntelliSense. This Microsoft VSCode is only available as a pre-compiled binaries without ANY source code; it’s proprietary closed source. You cannot build this from source yourself even if you wanted to, it’s just not available.

    e.g.: ~/.vscode/extensions/ms-vscode.cpptools-0.18.1/Microsoft.VSCode.CPP.Extension.linux and Microsoft.VSCode.CPP.IntelliSense.Msvc.linux

    Having said that, I still use VSCode, but I run vscode in a jail with no access to the internet.

  8. I am confused with all this. What’s a free software? That, I want to know, because for years, I have been using this product without playing any money, yet they say it is not free. It might not be true open source. But not free? I am surprised. So I want to know what makes a software to be considered free.

    • In the context of software, “free” can mean two things: “free” as in “free beer,” and “free” as in “freedom.” The conversation here, of course, refers to the latter. This is better explained elsewhere, but that should clear the confusion a bit for now.

    • When we talk about free software, what is meant is free as in freedom, not necessarily free as in free beer. The common English terms are unfortunately identical, so free-as-in-beer is typically referred to as gratis or no-cost instead.

      Note that free software is not necessarily gratis.

  9. M$ has always been a snake always looking for it’s own profit at the cost of user freedom. Great article. I avoided VSCode from the start. Better to just use Atom.

  10. Although I agree that it’s not clear enough that the binary you download also includes proprietary code, I don’t see a problem with distributing the binary under a different license than the source code, when the license does not require you to do it. And even if it does, as is the case with the GPL licenses, you may still want to make only parts of your product open source (for commercial, legal or other reasons.) Quake’s source code, for example, was released under the GPL, while its assets were still proprietary. My opinion is that when this is the case, it should be clearly stated by having a community version and a paid one or by simply naming the products differently, as Google does with Chromium and Chrome.

  11. I think this blog and a lot of comments don’t realize that there is no evil plan behind the non free binary.
    VSCode is a Microsoft branded product. The name, logo, update channels, telemetry ect.. are just config stuff (all configurable in a .json file for when the final binary builds).
    These things are the reason why the final build is non free.

    And it’s not my opinion but the explanation of a VSCode dev, posted on VSCode github. See for yourself
    https://github.com/Microsoft/vscode/issues/60#issuecomment-161792005

    I know people love to bash M$ but come on guys … do it when there is an actual REAL thing to complain about.
    IMHO this is just crying wolf.

  12. It seems one can rebuild VSCodium locally with a bit of fiddling in the scripts and env vars by looking at its .travis.yml config file… and it runs 🙂

  13. I don’t think this is a issue. Many software projects are released in this manner. VirtualBox for instance. You can always build the software yourself. I did it only took one bash command. If you want the Microsoft “extras” you get the binary and live with the license, if your paranoid you build it yourself. Problem solved.
    You want to redistribute a binary the open source binary well the MIT license allows that, you just have to change the name.
    The open source/ closed source model is a workable business model, and when done correctly is a benefit to us all.

  14. First, surprisingly no-one mentioned this before, Microsoft has changed the title from “Open source” to “Built on open source”. Some clarification.

    Second, do you use Chrome? it uses the same pattern. The Chromium project is open source, the Google Chrome product is Google’s build. Even worse, Chrome has more code (such as Flash Player) – while Microsoft clarify exactly what they add at https://github.com/microsoft/vscode/wiki/Differences-between-the-repository-and-Visual-Studio-Code.

    The Visual Studio Code product is a trademark, has proprietary icons, links to Microsoft’s marketplace which has its own license, and uses a custom license. No problem – the MIT license allow redistribution, and even under a GPL license they could do that as stated before.

    Most of the changes are in product.json. Look at the code and compare to the one come with VSCode. it contains icon path, license link, marketplace URL, telemetry URL, updates server URL…

    And yes, some of the extensions such as the C++ extension or the remote development ones (WSL, Docker) are closed source. Microsoft explain clearly that the reason is usage of proprietary code, like code shared between VSCode and VS.

    If you don’t like that, you’re free to get your own build. There’s even VSCodium as you said, saves you the need to rebuild it yourself. (Un)Surprisingly, most of the people don’t feel the fatefulness in this action.

    Microsoft made a 360 degrees change. Don’t just blame them for nothing, please. That’s just prejudices that motivates you.

  15. I think we have a greater issue here and it is in section
    1.a of the license file that says:
    “General. You may use any number of copies of the software to develop and test your applications, including deployment within your internal corporate network.”. In this statement it mentions you only are able to deploy your developed code inside an “internal corporate network”, it means we are not permitted to use it for developing any software that will deploy on the web!!!

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *