> VSCode telemetry can be fully disabled.

Well, how do you know that? How do you verify, that all telemetry is really turned off, without being able to reproduce the build? How many people truly turn it off after install? How do you know whether there are any other unwanted parts in the software you just installed? What about the next update? Do you want to run a package sniffer after each update, over the course of a month or so, checking all traffic in detail, to be sure that it only ever communicates to the outside world, when there was a justified purpose?

You are giving away sovereignty of your own device/machine.

> Who cares? Most users don’t need a reproducible build of software they want to use, they need working software.

It it this kind of mentality that is the problem. Your "who cares" is not going to fly, because it leads right into the abyss of surveillance and spyware. "who cares" is the basis for not being informed about ones tech choices. The basis for not being aware of issues regarding privacy. At a properly managed software making company it would also result in you being told, that it is part of your job to care. To answer the question, if there was any question: I care. Informed people care. People with ideals care.

The issue with not caring is also, that organizations will draw the wrong conclusions. They might impose rules, which force me to use some tool I do not want to use, simply because "everyone is OK with it", while those people all don't even care. If they don't care, they should not get a say in the matter and should not be a decision basis or a point of reasoning for making a decision. This is how the collective uninformedness and carelessness results in bad decisions. Basically the majority drags down the minority, for the worse of all of us.

> Calling people “useds” isn’t going to help your case.

Well, that is what we are, when we allow ourselves to be spied on. They use us and our data to drive data mining, profiling and ultimately profits. Besides, I wouldn't throw it into faces in 1-on-1 conversations, for the sake of a constructive conversation, even if it is the truth, because it runs the risk of the other person (a) not even understanding what it means, (b) thinking they misheard and replace with "users", and (c) risking them to be offended and turning deaf.

How do you verify that VSCodium has no hidden telemetry or other spyware features? Do you simply trust the anonymous people behind it?

If you build it yourself, how do you verify that there is no spyware and no new spyware is added on every update? Do you have the energy to read every single new commit?

I am not using VS Codium myself (nor VS Code), but if I was using it, then yes, I would trust those people more than MS. For 2 reasons: MS people are working for MS, so at some point in their lives they must have made the decision, that working for MS is acceptable, with all the history MS has. The second reason is, that MS people built in the telemetry in the first place, and for a reason, so they have no incentive to remove or disable it, while others might.

A having a reproducible build means, that the hidden telemetry would need to be hidden in the publicly available code. Whereas telemetry in VS Code can be bundled in and no one would ever see that code, except for MS. If I was using it, I might actually, in a motivated night, look at the code and try to grasp the general picture of where goes what. Or perhaps see the diff between VS Code code and VS Codium code, to see, whether they added anything and from where they removed things.