Hey there! Another PM on Visual Studio Live Share here. Security is absolutely something we are designing for. Microsoft will not be collecting data on the code. The code is not stored or uploaded in the cloud in any way. Rather, it is just a connection that is established between you and the teammate you are sharing with.
That FAQ seems fairly vague - what I'm looking for is simply how connections are established - can I simply point the thing at another copy of VSCode running in my LAN? Or do I have to involve Microsoft servers on the internet for session setup? Is the connection directly between us or via an MS server? What encryption is performed and where? Can a Microsoft employee or someone who compromises them theorically gain access to my code simply by accessing my coworkers account and connecting to my session?
PM from MS here. Authentication and authorization is managed by a cloud service but your code is not persisted in the cloud. The service optimizes for the most high perf connection possible via an encrypted channel with the cloud being one option. We intend to allow customers to lock down their invite links as well as they so choose.
First off, pretty cool stuff. MS is definitely killing it on the editor front lately.
Going to throw in another +1 here for being able to self-host the connection resolution. Without that I don't think I'll ever be able to make use of this.
I realize it's a large ask but if you're serious about driving adoption of VSCode, MSVC and other MS tech I think that would be a huge boon to a lot of your users.
Seems pretty easy to verify where the traffic is going with Wireshark once it comes out. Given how easy it would be for anyone to check that (especially in a product targeted at developers, who are likely to know how to use network diagnostic tools), it seems rather pointless to lie about where the traffic goes.
There's more details in the FAQ here: https://code.visualstudio.com/docs/supporting/live-share-faq