Doesn’t anyone else use things like OpenSnitch to audit all outgoing connections? I block all phone homes until something breaks, then investigate.
If you are trapped on Windows for some corporate reason, there is SimpleWall.
We’re all friends here, and friends don’t let friends let apps phone home.
Can I subscribe to your newsletter? I want to hear all your other recommendations.
I second OpenSnitch. It’s the most annoying program i run, but the control it gives you over your outbound connections is so worth it from a security and privacy standpoint.
Once you start and run this you get to truly see how many different URLs are loaded when visiting just one website
I feel like lots of people here use Linux, where you don’t need to be constantly vigilant of your applications working against you…
Anyone new to these tools will be horrified at how aggressively Windows tries to violate your privacy with unnecessary data collection, phone-homes, remote calls, etc.
Linux is galaxies better in that regard. I still don’t want anything making any connections without my explicit knowledge and consent though, and there are lots of packages and applications that try to unnecessarily exfiltrate data without asking. If you aren’t using an active firewall, you are leaking.
This is cool, thanks.
Does running pi hole make this redundant, or are they solving different problems?
They still work together. Pi-hole is an excellent second line of defense, but an active firewall tells you about what is trying to make connections and asks for your consent. Block lists are great, but they aren’t impenetrable. If you want to know exactly what your device and software are doing, you should also be using an active firewall.
Thanks for that suggestion, I had a passing thought a while back I should look into something like this.
Any problems in your experience? I imagine apps will fail if you’re slow to approve the outbound connection and something times out, so I get all of that, looking more for broader issues this might cause? Specifically wondering about the docker containers I run, all the development nonsense.
Both OpenSnitch and SimpleWall block by default. You can also set a timeout so that if you don’t respond in a certain amount of time they automatically create a permanent block rule. You can also check your rules and activity at any point. If a specific application is misbehaving you can always check its rules and change them, or delete them and start over. They’re very efficient, and get less intrusive over time as you respond to prompts and create more rules.
Lulu is a good FOSS alternative for Macs. LittleSnitch is good too but proprietary (that’s where OpenSnitch got its name)
I did not know about this before, bookmarking the OpenSnitch github so I can try it out on my PC later
TIL.
Is this redundant with DNSBL?
Not necessarily. These active firewall tools are much more thorough. They tell you any time an application or service is trying to make a connection to anywhere. Block lists are helpful, but still have gaps. These let *nothing *through unless you explicitly allow it, and ask you clearly and immediately when something that doesn’t already have a rule tries.
This is misleading. For people paying for the IDE nothing changed, data sharing remains an opt-in option. For users of their free licenses data sharing was enabled by default. Still a shitty thing to do especially as it hits a lot of OSS developers but lets criticize that instead of creating memes that are misinformation.
You do add important detail, but I’d make the counterpoint that if the corporation is bullying their least privileged users today, stealing their
lunch moneyprivacy, they’re not going to stop with only them. This is testing the waters for them.Plus - it’s also messed up that they can fundamentally change the nature of the 501©(3) donated version and will likely try to claim a tax benefit as though it’s equivalent to a paid copy.
They’re doing as much of a bad thing as they think they can get away with. I don’t feel a particular duty to carefully acknowledge that in some circumstances they feel obligated to do the right thing instead. If they don’t like the “misleading” aspects of that, they’re free to just do the right thing completely.
This may be controversial, but trying to collect the data of your free users to offset the costs of the infrastructure/resources needed to support the free users is not a bad thing - especially when you give those users an option to opt-out.
You make it sound like their goal is to do bad things. That’s not true. Corporations are not good or evil, they are amoral. They don’t care if what they are doing is good or bad - it just matters if they make money.
they’re free to just do the right thing completely
What exactly would that entail?
For me, the issue isn’t as much that they are forcing the data collection (on some/free people, to be clear).
I have issues with the way they are spending their development money, that I give them for the product. I don’t care about the AI hype slop, that apparently can’t even get good results (which they outright admit in the blogpost), instead of actually making the core features of the editor better. Everyone knows at this point it’s a hype bubble that will never be usable, and they are grasping at straws.
I don’t want to pay 200$ a year only for them to add a dumb chatbot and data collection into my IDE, or make the code completion dumber and random instead of actually being deterministic. So I don’t, canceled my subscription and I’m sticking to the perpetual license while slowly switching to nvim. But I can still make fun of them about it. I have been recommending JetBrains products for most of my life, and they have disappointed me with the direction they are going, so I’ll make sure to un-recommend it.
That’s fair, but that’s just a service quality complaint. It doesn’t sound to me like you are claiming they are doing “a bad thing”, as a moral value judgement.
The right thing is to make it opt-in for everyone, simple as that. The entire controversy goes away immediately if they do. If they really believe it’s a good value proposition for their users, and want to avoid collecting data from people who didn’t actually want to give it, they should have faith that their users will agree and affirmatively check the box.
If free users are really such a drain on them, why have they been offering a free version for so long before it became a conduit to that sweet, sweet data? Because it isn’t a drain, it’s a win-win. They want people using their IDE, even for free, they don’t get money from it but they get market share, broad familiarity with their tool amongst software engineers, a larger user base that can support each other on third party sites and provide free advertising, and more.
The right thing is to make it opt-in for everyone
How is that the right thing? I’m directly challenging this claim.
All I said was that free users cost them money, so it’s reasonable for them to try to recover those costs. I never claimed that free users are a drain on them, so I won’t even respond to the rest of your comment.
Opt out means “we will be doing this, without permission, unless you tell us not to” and opt in means “if you give us permission we will do this.” Codebases can contain important and sensitive information, and sending it off to some server to be shoved into an LLM is something that should be done with care. Getting affirmative consent is the bare minimum.
I disagree about what the bare minimum is. It’s not uninformed. They tell you about it, and tell you you can opt out. I don’t really see how that would be them doing it without permission.
Why isn’t “it’s informed and you can just opt out” good enough for paid users? They could’ve developed a single system instead of two if that’s a sufficient standard of care for users’ data.
I don’t think it’s misleading, or at leas the point was not to imply that they are forcing the data collection (which they are, for free users, but it is opt-out). The point is that they are actually downright emotionally manipulating in the blogpost. The blogpost in which they announce it, at least in my opinion, is written in exactly the same tone as the picture. They are basically crying that they can’t make a good AI without stealing your private data, pleading you to turn it on.
I’ve seen a few similar posts of products announcing AI data collection, and this one was the most unsettling, hence the meme.
The mail I got makes it quite clear that you have to opt-in if you’re using a paid version:
Dear JetBrains AI user,
We are notifying you that on October 7, 2025, we will roll out an updated version of the JetBrains AI Terms of Service. The main change is in the data sharing clause. Previously we said we wouldn’t use your inputs, data, outputs, or suggestions to train AI models. This is still the case, unless you explicitly allow us to do so.
- For individuals using JetBrains IDEs with commercial licenses, free trials, free community licenses, or EAP builds who do not explicitly consent to the new data collection model – nothing changes.
- For companies that are unwilling or, for legal reasons, unable to opt in to the program – nothing changes either, and their admins remain in full control.
Important to note that the data sharing is OFF by default on all types of JetBrains IDEs licenses except for non-commercial tier until you change the settings explicitly.
For more details about the change, please read this blog post.
Other updates to the JetBrains AI Terms of Service reflect some recent changes to the JetBrains AI service. For example, JetBrains AI can now be used not only with JetBrains products, but also with selected third-party products. The service also includes a new feature that allows you to upload various content for indexing.
For the existing users, the updates will take effect on October 7, 2025. By using JetBrains AI after this date, you agree to the updated JetBrains AI Terms of Service.
Highlight by me. Personally, I don’t see a reason to be outraged. I’ve even used their AI products and they’re OK. They can take over dumb tasks or help me not having to look up documentation.
Am I missing something? Non-paid versions also have to opt-in, no?
I liked PyCharm, but its time to refresh my friendship with VIM.
Neovim + tmux
I’ve been building up my Helix setup, and its been fantastic. Got tired of constantly fighting corporate stuff
That’s exactly what I did, switching from Rider. LazyVim helped with getting a usable setup (especially LSPs are pain to setup without it), https://www.vim-hero.com/ taught me the absolute basics of navigation, and then I simply installed IdeaVIM into Rider to force myself to use it, and switched my default editor to LazyVim.
It has already been a few months, and I’m pretty used to it. I still fumble here and there, I still have to stop and think then doing more involved operations, but for the basic editing I wouldn’t go back.
The most important observation I have is that it does not make me more efficient at editting text, the fumbles and mistakes usually offset any gains I have from the many navigation/jump/repeat keys, and reaching for the mouse would be quicker, but -
It’s super fun. Learning new motions is satisfying, you can see progress, and by slowly adding a new motion, then trying to get it to your muscle memory is simply fun. And there’s always something to learn, a new motion to add or make more efficient. It’s basically gamified text editting, and if you like mastering things in the muscle memory sense, it’s awesome. I’d absolutely recommend everyone to make the switch, but not for “being a faster/more efficent at text editting” reason, because if you want that, learning every single IDE keybind will make you faster faster.
Also, it’s surprisingly comfortable not having to reach for a mouse. It has only been a few months, and I’m getting slightly annoyed whenever a program doesn’t have a hotkey for proper navigation and I have to touch my mouse, hah.
Thank you for sharing the experience, it encouraged me even more to VIM when I’ll have to work in Python.
JB is cooked
deleted by creator
Is it time to go back to the plugin-hell called Eclipse?
Not just no, but hell no.
Well if you want a real world comparison:
We migrated a project a few years ago from Eclipse to IntelliJ. Outcome:
- Complains about the IDE dropped from around 10 per day to nearly 0
- Onboarding people now takes 1h instead of a day, because IntelliJ knows how to store configuration in a project
- IntelliJ has a built in updater and nearly everything works after an update
- IDE Fuckups: 1 per week (Eclipse) -> 1 per year (IntelliJ)
- Somehow still happend? Just click “Delete caches and restart” in IntelliJ
- No sources and javadoc for a library available? Eclipse: Have fun reading bytecode; IntelliJ: Yeah I just decompiled it for you within 10s
So yeah I wouldn’t recommend going back into hell. Even VSCode and it’s forks are likely better at this point.
deleted by creator
Does this apply to Android studio?
I’m guessing not - Google probably wants the data for itself.
They can pull jetbrains-mono out of my cold dead terminal.
Emacs for the homies
