It's not unique for GitLab to integrate with other services
Of course it isn't. But what is unique - or should be - is a software product advertising itself as fully self-hostable to depend on an external service.
Also, even for GitLab all other integrations are Opt-In.
Also, all other integrations are server-side. In this case, the user's browser talks directly to Microsoft, and that make it a direct infringement of user privacy.
but it's imperative that these services comply with GDPR and privacy standards. Thankfully (and not surprisingly), VSCode services like this promise compliance to these standards (see relevant docs).
First of all, there are serious doubts whether this assessment is correct. Microsoft's federal privacy officers have recently ruled that they consider Microsoft's privacy statements as incorrect and incomplete, and thus relaying data to Microsoft cloud products is not legally possible under GDPR: https://datenschutzkonferenz-online.de/media/dskb/2022_24_11_festlegung_MS365_zusammenfassung.pdf
Secondly, the integration as it stands makes GitLab itself not GDPR-compliant, because if you pass on data, you need to get consent from the user, and you (or rather, I, as the one hosting GitLab) need a GDPR-compliant contract with Microsoft about this data processing, which is impossible to get in this scenario and, most imprtantly, I had to randomly discover this situation myself, and GitLab developers did not notify me that self-hosting GitLab now requires a contract with Microsoft.
In conclusion: Just never let the user's browser talk to third-party servers, even less without consent. ANd if you think the server must do so, make it opt-in. Period.
The new Web IDE based on VS Code infringes on user privacy (and probably other rights).
COncerning the privacy topic, it connects, without any special user interaction, to Microsoft servers.
I honestly would not have expected that, in a free software product that claims to be designed for self-hosting.
@Natureshadow But the app can work with any ActivityPub server anyway
No. The app is a WebView wrapper for the BookWyrm web interface.
The BookWyrm app on F-Droid (https://f-droid.org/packages/nl.privacydragon.bookwyrm/) promotes (and requires) non-free network services, namely BookWyrm itself.
BookWyrm is non-free software, licensed the "Anti-Capitalist Software License" which limits usage based on who the user is, which is a direct violation of basic software freedoms and contradicts all of teh Open Source Definition by OSI, the free software definition by FSF and FSFE, and DFSG.
Please add the anti-feature flag to the meta-data.