Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Yikes. Visual Studio spellchecker sends your document unencrypted over the Internet
http://samnewman.io/blog/2016/05/30/want-to-spell-check-read-the-fine-print/Wow... that's not cool
But then, at the top of the description, I found this message greeting me:
So to be clear, this is saying that any text opened in Visual Studio Code with this extension loaded would be send in plain text to some service I've never heard of. The mind boggles at how terrible this is as an idea for an editor designed for source code editing.
...
My first reaction was "Surely I've misunderstood something, right?". So I enabled the extension and opened up a non-sensitive file, one of my in-progress blog posts. I then downloaded wireshark to take a look. It took a while to sift it out - it's been a LONG time since I used wireshark (so long ago that back then it had still been called Ethereal), and there is a rather large amount of traffic generated from my machine for things like Sonos and Dropbox and the like, but eventually I tracked down what was being sent. Sure enough I could see all the text being sent, unencrypted, over HTTP to the 'After The Deadline' service. So, at least the documentation was accurate, and that this absolutely insane thing was happening.
Notice: This extension uses the teacher node module which calls the After The Deadline service to check for spelling and grammatical errors. Document text is sent to the service over unencrypted HTTP. Do not use this extension with sensitive or private documents.
So to be clear, this is saying that any text opened in Visual Studio Code with this extension loaded would be send in plain text to some service I've never heard of. The mind boggles at how terrible this is as an idea for an editor designed for source code editing.
...
My first reaction was "Surely I've misunderstood something, right?". So I enabled the extension and opened up a non-sensitive file, one of my in-progress blog posts. I then downloaded wireshark to take a look. It took a while to sift it out - it's been a LONG time since I used wireshark (so long ago that back then it had still been called Ethereal), and there is a rather large amount of traffic generated from my machine for things like Sonos and Dropbox and the like, but eventually I tracked down what was being sent. Sure enough I could see all the text being sent, unencrypted, over HTTP to the 'After The Deadline' service. So, at least the documentation was accurate, and that this absolutely insane thing was happening.
