FAQ about Code With Me security
For the general questions, refer to regular FAQ.
Code With Me is a powerful tool that gives you an ability to collaboratively work on your code. With that ability comes responsibility to keep your code and level of access secure. The following are questions that might arise when you give access to your computer in a Code With Me session.
Your project data is going through JetBrains' servers end-to-end encrypted. The end-to-end encryption is secure only when a host and a guest verify that the security code matches on both ends. Otherwise, the end-to-end encryption is susceptible to MitM.
Local IP addresses, project name, and username are shared without encryption as they are used for letting JetBrains establish a session between a host and a guest. When initiating a new Code With Me session, the host communicates with JetBrains server over TLS1.2+.
Code With Me communicates through an open source distributed protocol created by JetBrains and uses TLS 1.3 for end-to-end encryption.
If you don't want your data to go via JetBrains servers, you can configure the on-premises servers.
JetBrains accesses local IP addresses, project name, and username. JetBrains doesn't access information related to project contents such as sources, project files, config files, because this information is flowing through its servers end-to-end encrypted.
JetBrains doesn't inspect or collect any data on the code that is shared during the Code With Me sessions because the information is flowing through the JetBrains servers end-to-end encrypted.
No, the shared code resides on the host's machine and is not uploaded to or stored in the cloud or the guests’ computers.
Both the host and guests can collect and store locally log files that include detailed information about the session such as user names, remote addresses with which the connection was established, caret movements, typed symbols, invoked actions, parts of file contents, files opened, file paths, and so on.
There are no restrictions in accessing different parts of the host’s project, executing code, or working in the terminal tool window during an active session if the host gives permissions.
If you work in a local network, you can bypass proxy restrictions by using a private on-premises server.
As an alternative, you can add the following urls to the allowed list:
https://code-with-me.jetbrains.com
https://download.jetbrains.com
https://download-cf.jetbrains.com
wss://codewithme-relay-1.europe-north1-gke.intellij.net
wss://codewithme-relay-2.europe-north1-gke.intellij.net
wss://codewithme-relay-1.us-east1-gke.intellij.net
wss://codewithme-relay-2.us-east1-gke.intellij.net
wss://codewithme-relay-1.asia-northeast1-gke.intellij.net
wss://codewithme-relay-2.asia-northeast1-gke.intellij.net
wss://codewithme-relay-1.southamerica-east1-gke.intellij.net
wss://codewithme-relay-2.southamerica-east1-gke.intellij.net
wss://codewithme-relay-1.asia-south1-gke.intellij.net
wss://codewithme-relay-2.asia-south1-gke.intellij.net
Share an invitation link to the Code With Me session only with people you trust. Do not accept guests you don't know or you are not sure about to the session. Do not hardcode any sensitive information inside your code such as passwords, usernames, and so on. The level of access you grant in your session should match the level of trust you have for your guests.
A host creates an invitation link for the Code With Me session and sends it out to guests. When a guest accepts a link with the security code that matches on both ends, the host confirms the access to the Code With Me session. Only after the confirmation the guest is able to join the session.
As a host, you can control what guests can see and have access to during the session. You can remove guests even after they have accessed the session. You can hide certain files from the access and control the access to the terminal on your computer.
When you create an invitation link, you can configure all of the guest permissions before you send out the invitation link. For more information, refer to the permissions section.
Code With Me provides a hide files feature that allows some parts of the IDE to hide these files for specific guests (for example, the IDE will not indicate or show these files). This feature can be used regardless of the level of guest access. However, this is provided for convenience rather than as a guaranteed restriction, and does not eliminate access possibilities connected with a guest’s use of command line interface functionality.
Yes, even if permissions are configured for all of the guests before the session, the host can change permissions for individual guests during the Code With Me session.
Yes, a host can hide certain files from accessing and change permissions for individual guests restricting access during the Code With Me session.
Hosts can set aside files using the "hide" function, so they are not easily accessed or found by standard means of access. Each guest collects their own log, but no other storage functionality is provided by Code With Me, although you should be aware that third-party applications can be used to record coding sessions and data.
The audio and video calls are not end-to-end encrypted.
Only a host and the accepted guests have access to audio and video during the Code With Me session.
No, Code With Me doesn't save any video or audio calls and doesn't keep any chat records after the session is finished.
Each guest has to wait for the host approval before they can join the Code With Me session.
Hosts are provided with a security code for each guest; however, the host remains responsible for verifying the identity of the guests.
The Code With Me client, along with the settings chosen, persists on each guest's machine.
Host and Guest exchange Code With Me session information via API endpoints at https://code-with-me.jetbrains.com
After that, the Guest and Host are trying to connect in the following ways until one succeeds:
Host opens the first available TCP port in 5990-65536 range and waits for the Guest to connect (direct connection);
Host and Guests listen to a random UDP port and try to establish a peer-to-peer connection (p2p connection).
See UDP_hole_punching for a general description.
That's the same method any VoIP client uses (such as Skype, Slack, Google Meet, and so on)
As the last resort, Host and Guest try to communicate via JetBrains-provided relays.
Voice and Video calls are going via a different route. The Video/Voice chat support is provided by Jitsi video conferencing technology.
Host and Guest are trying to establish a peer-to-peer connection.
If it's failed, they'll try to use TURN servers provided by third-party.
Traffic for both p2p and TURN server connection is end-to-end encrypted.
For calls with more than 2 people, Video/Voice traffic goes via JetBrains-provided servers.
Thanks for your feedback!