HN

Need help?
<- Back
GitHub CLI now collects pseudoanonymous telemetry

GitHub CLI now collects pseudoanonymous telemetry

ingve

Comments (175)

  • a2128
    Why we collect telemetry ...our team needs visibility into how features are being used in practice. We use this data to prioritize our work and evaluate whether features are meeting real user needs. I'm curious why corporate development teams always feel the need to spy on their users? Is it not sufficient to employ good engineering and design practices? Git has served us well for 20+ years without detailed analytics over who exactly is using which features and commands. Would Git have been significantly better if it had collected telemetry, or would the data not have just been a distraction?
  • CMay
    If you have 3 of your developers spending 80% of their time in an area of the codebase that gets no usage and you don't see a path forward that realistically is likely to increase usage, it can be a better use of developer time to focus them elsewhere or even rethink the feature.The problem I have with a lot of these analytics is that while there are harmless ways to use it, there is this understanding that they could be tying your unique identifier to behavioral patterns which could be used to reconstruct your identity with machine learning. It's even worse if they include timestamps.Why not just expose exactly what telemetry is being sent when it's sent? Like add an option that makes telemetry verbose, but doesn't send it unless you enable it. That way you can evaluate it before you decide to turn it on. Whenever you do the Steam Hardware survey it'll show you what gets sent. This is the right way to do it.
  • ryanshrott
    > you're going to have to opt out of a lot more than this one settingThe opt-out situation for gh CLI telemetry is actually trickier than it sounds. gh runs in CI/CD pipelines and server environments where you may not want any outbound connections to github.com at all, not because of privacy but because of networking constraints. In those environments, the telemetry being on by default means your CI fails or your Bastion host can't reach GitHub at all.Compare this to git itself, which is entirely local until you explicitly push. The trust model is different: git will never phone home unless you configure it to. gh, being a wrapper around the GitHub API, has to make those calls to function - but that's separate from whether it should also be collecting and uploading your command patterns.
  • ImJasonH
    Do people think that GitHub isn't already collecting and aggregating all the requests sent to their servers, which is after all the entire point of the gh CLI?If you don't want your requests tracked, you're going to have to opt out of a lot more than this one setting.
  • embedding-shape
    Love it when a PR is brief: https://github.com/cli/cli/pull/13254> Removes the env var that gates telemetry, so it will be on by default.
  • ConceptJunkie
    Do they mean "pseudonymous" telemetry meaning "non-identifying telemetry", or do they mean "pseudoanonymous" telemetry meaning telemetry is that not really anonymous?Those two words have almost exactly opposite meanings, and as stated, they are literally saying they are collecting identifiable data.
  • bakies
    So happy I deployed gitea to my homelab last month. It's got an import feature from github and honestly just faster and better uptime that github. Claude can use it just fine with tea cli and git. It's pretty much a knockoff github, but I think it's better so far.
  • grugdev42
    Remember that thing Microsoft does?Embrace, extend, extinguish.The first two have been done.I give it five years before the GH CLI is the only way to interact with GitHub repos.Then the third will also be done, and the cycle is complete.
  • tornikeo
    Good for GitHub. All companies need this. Some use it to improve products, some use it for less commendable goals. I know HN crowd is allergic to telemetry but if you've ever developed a software as a service, telemetry is indispensable.
  • NietTim
    There is no such thing as "pseudoanonymous" it's not a thing it does not exist it's an oxymoron.
  • Datagenerator
    Don't confuse GIT(1) the protocol with this (keep in active memory the EEE tactics).
  • mghackerlady
    can someone explain why github has a CLI? why wouldn't you just use git?
  • minraws
    Fuck Github man, Fuck em'. I mean what even is the point. You lost the AI whatever it was, build a good product and features for developers like you tried to once.And less social media shit, maybe adding better LFS alternative similar to huggingface and stuff.Git isn't the popular choice in game dev because of this assets in tree hosting nonsense, why haven't we fixed it yet.Similarly many edge cases, also finally they built stacked prs but man does it feel a under baked, and what it's like 2+ years late.Please just improve Github, make me feel like I will be missing out if I am not on Github because of the features not because I have to be because of work.
  • lo1tuma
    This wouldn’t have happened with Nat Friedman.
  • delf
    Creator of GitSocial here, check it out if you'd like to have better control of your data and be protected from such things: https://github.com/gitsocial-org/gitsocial
  • Kim_Bruning
    dev tools and especially libraries must not have telemetry unless absolutely strictly necessary (and even then!).* Dev tools because you need to be able to trust they don't leak while you're working. Not all sites/locations/customers/projects allow leaks, and it's easier to just blacklist anything that does leak, so you know you can trust your tools, and the same habits, justfiles, etc work everywhere.* libraries that leak deserve a special kind of hell. You add a library to your project, and now it might be leaking without warning. If a lot of libraries decide to leak, your application is now an unmanageable sieve.If you do need to run telemetry, make it opt in or end user only. But if you as developer don't even have control then that's the worst.
  • traceroute66
    I suggest anyone who cares, and certainly anybody in the EU mails privacy@github.com and also opens a support ticket to let them know exactly what you think
  • lukewarm707
    #Telemetry FUCK OFF export DOTNET_CLI_TELEMETRY_OPTOUT=1 export ASTRO_TELEMETRY_DISABLED=1 export GATSBY_TELEMETRY_DISABLED=1 export HOMEBREW_NO_ANALYTICS=1 export NEXT_TELEMETRY_DISABLED=1 export DISABLE_ZAPIER_ANALYTICS=1 export TELEMETRY_DISABLED=1 export GH_TELEMETRY=false
  • Kim_Bruning
    what's the last version before telemetry... will want to pin there.
  • 0x3o3
    just use Radicle and never look back with centralised platforms.
  • sammy2255
    Today I learned GitHub has a CLI. I guess that's like Pornhub having a CLI
  • varispeed
    pseudoanonymous = euphemism for not anonoymous.Regulators should wake up and fine them hard, so hard to become existential. Make an example for others not to follow.
  • wild_pointer
    pseudoanonymous, meaning not anonymous? lol
  • msla
    I wonder how robust they are against people sending them fake data.
  • raverbashing
    Do you know what doesn't collect telemetry?the old git command in your terminalI think I'll keep using that
  • greatgib
    The current century is the one of enshitification, like a cancer, now there is a whole generation of PM that it is totally ok and legitimate to update your product to add spying of your user's usage.It might seems legit from them, but I'm quite sure that just listening to your user is enough. It is not like they lack an user base ready to interact with them or that they lack of bugs or features to work on.In most cases, the telemetry is more a vanity metric that is rarely used. "Congratz to this team that did the flag that is the most used in the cli". But even for product decision, it is hard to extract conclusions from current usage because what you can and will do today is already dependent on the way the cli is done. A feature might not be used a lot because it is not convenient to do, or not available in a good way compared to an alternative, but usage report will not tell if it was useful or not. In the same way, when I buy a product, often there are a lot of features that I will never use, but that I'm happy to have. And I might not have bought the product, or bought another one if it was not available. But the worse would have the manufacturer remove or disable the feature because it is not used...
  • jimmypk
    [dead]
  • deathanatos
    I mean, make sense, of course. How else could they possibly know what users want? Run a bug tracker? Use their own software? Have more than one 9 of uptime? /sCorporations can and will do every scummy thing permitted to them by law, so here we are. Until the US grows a backbone on issues of privacy, we shouldn't be surprised, I suppose. But the US won't be growing such a backbone anytime in the near future.
  • alex1sa
    [dead]
  • jw_cook
    TL;DR: gh config set telemetry disabled
  • neobrain
    tl;dr for opt-out as per https://cli.github.com/telemetry#how-to-opt-out (any of these work individually):export GH_TELEMETRY=falseexport DO_NOT_TRACK=truegh config set telemetry disabled (starting from version 2.91.0, which this announcement refers to)
  • bugrasan
    [dead]
  • djdillon
    FWIW, looks to remain disabled by default for enterprise users.