Our report seeks to answer some of our questions for seven of the most popular agentic code editors and plugins. By intercepting and analysing their network flows across a set of standardised tasks, we aim to gain insight into the behaviour, privacy implications, and telemetry patterns of these tools in real-world scenarios. Incidentally, a side-effect was running into OWASP LLM07:2025 System Prompt Leakage for three of the chosen coding agents. You can see the system prompts in the appendix.
Exactly the same happened with me. Picking up the phone and responding to email (in weeks, not hours or days) didn't lower my bills. This sort of marketing is perhaps deflection.
• Google's CRLs from the same intermediate CA (same public key) have different URLs and different content when pulled from different hosts (google.com, youtube.com).
• DigiCert has sharded according to 'assurance' class, algorithm, year and acquisition's name.
• Sectigo also has sharded according to 'assurance' class [1].
• GlobalSign has sharded by the yearly quarter presumably.
• HTTP Cache-Control maxage (or s-maxage), 'Expires' and 'Next Update' within the CRL file are not in sync.
• Some CAs other than Let's Encrypt also do not publish CRL URLs in the leaf certificates.
TLS 1.3 and ESNI (now called Encrypted Client Hello - ECH) are separate standards, although you'll see ECH only enabled in bleeding edge stacks. In fact, ECH is still in IETF draft phase [1].
It can be disabled if an organisation wishes to. I wrote about how to do this in Chrome [2,3], and will write about Firefox when I get a chance.
