Make it clear that dynamic workspace recommendations (based on repository URL) work via hashes

[letmaik]

With 1.20.0 you now get extension recommendations based on the git remote URL of your repository.
When I first saw this, I immediately asked myself: "What? How? Are they sending repository URLs to some VS Code server?". Crawling the code I understood that the URL is hashed, so there is no privacy problem. I couldn't find a setting where I could disable the behaviour of VS Code sending such information, which added to my initial fear! :)

How can this be improved?

[ramya-rao-a]

@letmaik Thanks for the feedback!

We hash the git remote urls using sha1 algorithm in the crypto module. These hashed urls and extension usage is logged in our telemetry which is then used to create a lookup table that feeds the extension recommendations system

We already have a setting telemetry.enableTelemetry that controls what information is sent from the product. See How to disable telemetry reporting.

If there is more feedback like yours, we may add a page to our blogs to address how we do recommendations in general.

[MrToph]

Yes, there is more feedback like his. I was also curious if and what you're tracking. Good to know that you can turn it off.

[kieferrm]

See also #43471.

[freedom-police]

Even with hashing, the recommendation system is capable of connecting developers working on a repository with the extensions installed. This increased sharing of information is not clearly communicated.
Therefore, any information collected before pro-active recommendation fetching could be disabled should be deleted from the lookup table.

[kieferrm]

Our FAQ describe our approach to telemetry and explain to users how to manage any kind of access to online services. They also describe the recommendation system. On first use, users are guided to our FAQ through a notification. There is no data that we could delete resulting from this scenario. We only keep the computed associations between remote hashes and extensions.