Visual Studio 2015 C++ compiler's hidden codes make calls to Microsoft's telemetry services

May 2023 · 3 minute read

When using technology, users somehow take off their virtual clothes and reveal more than they would normally do. Apps need to access private information such as the content of your emails or your contact list in order to deliver the best possible user experience. Unfortunately, many users are not even aware of the amount and type of information that companies such as Microsoft collect on them, since very few read terms and conditions before using a particular service.

A service like Cortana constantly gathers information about you, but the good news is that you can edit permissions. Even your Windows 10 computer camera may be spying on you without you even being aware.  If you want to limit the data various apps and services collect, we suggest you check out these Windows 10 privacy apps and choose the one that best suits your needs.

As if this wasn’t enough, Microsoft is now caught in the middle of another privacy scandal. This time, the leading role is taken by the company’s Visual Studio 2015 C++ Compiler, in which users have discovered two hidden codes that add telemetry function calls to binaries as they are compiled: telemetry_main_invoke_trigger and telemetry_main_return_trigger.

Coder became extremely angry after they detected the codes, especially because Microsoft didn’t mention anything about their existence in its documentation. Steve Carroll, Development Manager for the Visual C++ team, claims that the telemetry function is entirely innocent, and users have nothing to worry about.

Our intent was benign – our desire was to build a framework that will help investigate performance problems and improve the quality of our optimizer should we get any reports of slowdowns or endemic perf problems in the field.
We apologize for raising the suspicion levels even further by not including the CRT source, this was just an oversight on our part. Despite that, some of you already investigated how this mechanism works in nice detail. As you have already called out, what the code does is trigger an ETW event which, when it’s turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. We haven’t actually gone through this full exercise with any customers to date though, and we are so far relying on our established approaches to investigate and address potential problems instead.

Microsoft promises to remove these events in Update 3 and also offers a solution for users to disable telemetry function calls in the current Visual Studio 2015 C++ compiler version. To disable this dependency, you can add notelemetry.obj to your linker command line.

What’s your take on this event? Do you think this was only a slip from Microsoft, or is there more to it than meets the eye?

RELATED STORIES YOU NEED TO CHECK OUT:

ncG1vNJzZmivmaOxsMPSq5ypp6Kpe6S7zGitoqullrluv9Oum6KnXWd9coGMn6ynm6SevK95056jnqWVqb%2B6ecKao6Vn