Provide mechanisms that prevent abuse
phaumer opened this issue · 5 comments
We are using Telemetry for several years now it always worked fantastic. We have a couple of hundred VS Code users per day and we never reached the limit for the free analytics account that it uses.
In the last days however, there were massive amounts of traffic being generated by a single machineid. Seventy million requests with gigabytes of data submitted. Now we are getting charged for the analysis service. We submitted a ticket against support and they told us that they do not see any sign of abuse. Perhaps not, but as it comes from a single user and that user would have to open tens of thousands of files and performs thousands of operations in each to reach that amount of traffic.
Here are some things that could be useful
- Ability to ban a machineid
- Setting limits of data that can be submitted by a machine id per day (will add that to our client now, but the server should enforce it)
- The readme of this repo tells developers to put their telemetry key out there in the open, ready for a hacker to reverse engineer and submit data against it. We need ways to prevent abuse such as with a private key that is registered for the extension (in the marketplace perhaps) that ensures that the data actually comes from that extension. That would also require that extensions can be code-signed to avoid people from modifying it.
The client isn't the right place for much of this as we're bound by what the ingestion pipeline allows. All these client-side enforcements are easily circumvented given that the server doesn't enforce them.
CC @isidorn for any possible ideas
No good ideas on top of mind right now.
I suggest we keep this issue open to gather more feedback and see if there are other incidents like this.
If a single machineid produces 1000 times more events than then next highest one wouldn't that be a good indicator to block that ip? I think you are doing this with the marketplace when people repeatably try downloading the same extension.
If a single machineid produces 1000 times more events than then next highest one wouldn't that be a good indicator to block that ip? I think you are doing this with the marketplace when people repeatably try downloading the same extension.
We don't control the ingestion service; you'll have to make this feature request against Azure and their Log Analytics product. The VS Code client does nothing to throttle the marketplace, that's the marketplace service itself as the client has no idea what the data stream levels are relative to others.
microsoft/ApplicationInsights-JS#281 is actively looking into securing the instrumentation key further.
You may be also interested in https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations for data filtering on the ingestion side.
Unfortunately there is nothing that the client side code can do here. Closing as inactionable