Privacy
PostSharp attaches a stable, long-lived identifier (ClientId) to every telemetry submission. The value is UserSettings.DeviceId — a GUID generated once and persisted in the per-user registry (HKCU\...\Feedback\DeviceId) — and it is sent on all outbound channels:
- Compiler CEIP / usage metrics —
Core/PostSharp.Compiler.Hosting/Program.cs:1052
- Visual Studio usage metrics —
UserInterface/PostSharp.Settings/Ceip/MetricsUtilities.cs:40
- Exception / performance reports —
Core/PostSharp.Compiler.Settings/User/ExceptionPackager.cs:279
Generation/persistence: Core/PostSharp.Compiler.Settings/User/UserSettings.cs:456-461.
Impact
Because the same identifier is reused indefinitely and across otherwise-independent channels, all of a user's submissions — usage metrics, IDE metrics, and exception reports — can be correlated into a single per-device profile spanning sessions and machine reboots. Each channel is individually intended to be effectively anonymous (counts, environment data, scrubbed stack traces), but the shared stable ClientId undermines that by acting as a persistent pseudonymous identifier. Exception reports already carry an InvariantHash for de-duplication, so the ClientId is not strictly required there.
The identifier is user-resettable from the CEIP options UI (ResetDeviceId), but it is otherwise permanent and on whenever any reporting channel is active.
Suggested remediations
- Rotate the identifier periodically (e.g. per session or on a time window) rather than keeping it permanent.
- Make the identifier per-channel (add different salt, per channel), to prevent cross-channel correlation.
-- Claude for Gael
Privacy
PostSharp attaches a stable, long-lived identifier (
ClientId) to every telemetry submission. The value isUserSettings.DeviceId— a GUID generated once and persisted in the per-user registry (HKCU\...\Feedback\DeviceId) — and it is sent on all outbound channels:Core/PostSharp.Compiler.Hosting/Program.cs:1052UserInterface/PostSharp.Settings/Ceip/MetricsUtilities.cs:40Core/PostSharp.Compiler.Settings/User/ExceptionPackager.cs:279Generation/persistence:
Core/PostSharp.Compiler.Settings/User/UserSettings.cs:456-461.Impact
Because the same identifier is reused indefinitely and across otherwise-independent channels, all of a user's submissions — usage metrics, IDE metrics, and exception reports — can be correlated into a single per-device profile spanning sessions and machine reboots. Each channel is individually intended to be effectively anonymous (counts, environment data, scrubbed stack traces), but the shared stable
ClientIdundermines that by acting as a persistent pseudonymous identifier. Exception reports already carry anInvariantHashfor de-duplication, so theClientIdis not strictly required there.The identifier is user-resettable from the CEIP options UI (
ResetDeviceId), but it is otherwise permanent and on whenever any reporting channel is active.Suggested remediations
-- Claude for Gael