FRESH

Hacker News

Home

GitHub CLI now collects pseudoanonymous telemetry

438 points by ingve

by a2128

38 subcomments

```
    Why we collect telemetry

    ...our team needs visibility into how features are being used in practice. We use this data to prioritize our work and evaluate whether features are meeting real user needs.
```
I'm curious why corporate development teams always feel the need to spy on their users? Is it not sufficient to employ good engineering and design practices? Git has served us well for 20+ years without detailed analytics over who exactly is using which features and commands. Would Git have been significantly better if it had collected telemetry, or would the data not have just been a distraction?

by ryanshrott

2 subcomments

> you're going to have to opt out of a lot more than this one setting
The opt-out situation for gh CLI telemetry is actually trickier than it sounds. gh runs in CI/CD pipelines and server environments where you may not want any outbound connections to github.com at all, not because of privacy but because of networking constraints. In those environments, the telemetry being on by default means your CI fails or your Bastion host can't reach GitHub at all.
Compare this to git itself, which is entirely local until you explicitly push. The trust model is different: git will never phone home unless you configure it to. gh, being a wrapper around the GitHub API, has to make those calls to function - but that's separate from whether it should also be collecting and uploading your command patterns.

by CMay

1 subcomments

If you have 3 of your developers spending 80% of their time in an area of the codebase that gets no usage and you don't see a path forward that realistically is likely to increase usage, it can be a better use of developer time to focus them elsewhere or even rethink the feature.
The problem I have with a lot of these analytics is that while there are harmless ways to use it, there is this understanding that they could be tying your unique identifier to behavioral patterns which could be used to reconstruct your identity with machine learning. It's even worse if they include timestamps.
Why not just expose exactly what telemetry is being sent when it's sent? Like add an option that makes telemetry verbose, but doesn't send it unless you enable it. That way you can evaluate it before you decide to turn it on. Whenever you do the Steam Hardware survey it'll show you what gets sent. This is the right way to do it.

by embedding-shape

1 subcomments

Love it when a PR is brief: https://github.com/cli/cli/pull/13254
> Removes the env var that gates telemetry, so it will be on by default.

by bakies

1 subcomments

So happy I deployed gitea to my homelab last month. It's got an import feature from github and honestly just faster and better uptime that github. Claude can use it just fine with tea cli and git. It's pretty much a knockoff github, but I think it's better so far.

by ImJasonH

2 subcomments

Do people think that GitHub isn't already collecting and aggregating all the requests sent to their servers, which is after all the entire point of the gh CLI?
If you don't want your requests tracked, you're going to have to opt out of a lot more than this one setting.

by raxxorraxor

0 subcomment

I would very much recommend Gitea here. It is just a better GitHub. Can be integrated in corpo networks just fine, you can have ci/deployment pipeline you completely control.
Sure, if you want your repos to be public, you need a host. But honestly they aren't too pricey for offering code, even if prices are currently very high.

by ConceptJunkie

2 subcomments

Do they mean "pseudonymous" telemetry meaning "non-identifying telemetry", or do they mean "pseudoanonymous" telemetry meaning telemetry is that not really anonymous?
Those two words have almost exactly opposite meanings, and as stated, they are literally saying they are collecting identifiable data.

by mrt181

0 subcomment

We need actual usage data. Meanwhile users use frontends on top of gh-cli to not be bothered using gh-cli

by grugdev42

3 subcomments

Remember that thing Microsoft does?
Embrace, extend, extinguish.
The first two have been done.
I give it five years before the GH CLI is the only way to interact with GitHub repos.
Then the third will also be done, and the cycle is complete.

by ZetsuBouKyo

0 subcomment

One day, I hope to see servers walking around with cameras, recording customers' reactions to the food for the chefs' feedback.

by goosejuice

0 subcomment

This should be opt-in. Force their employees to opt-in if they want. That's plenty of data to make informed decisions.

by mghackerlady

6 subcomments

can someone explain why github has a CLI? why wouldn't you just use git?

by brown9-2

0 subcomment

What’s confusing about this is that every gh command is just a wrapper around their API.

by layer8

0 subcomment

*pseudonymous
The article doesn’t use the word “pseudoanonymous”, only “pseudonymous”.

by tornikeo

4 subcomments

Good for GitHub. All companies need this. Some use it to improve products, some use it for less commendable goals. I know HN crowd is allergic to telemetry but if you've ever developed a software as a service, telemetry is indispensable.

by azalemeth

0 subcomment

One thing I noticed is that github's "clone" drop down menu used to include instructions on how to do so via git git (i.e. `git clone /path/to/repo`). Now there are only instructions provided by default for `gh`, their client.
I can't help but guess if these are related.

by ptx

0 subcomment

Well, that validates my decision not to install it. Of course Microsoft will eventually abuse any trust you place in them and any access you give them. They always do. Don't let Microsoft run code on your machine and don't give them your data.

by Kim_Bruning

0 subcomment

dev tools and especially libraries must not have telemetry unless absolutely strictly necessary (and even then!).
* Dev tools because you need to be able to trust they don't leak while you're working. Not all sites/locations/customers/projects allow leaks, and it's easier to just blacklist anything that does leak, so you know you can trust your tools, and the same habits, justfiles, etc work everywhere.
* libraries that leak deserve a special kind of hell. You add a library to your project, and now it might be leaking without warning. If a lot of libraries decide to leak, your application is now an unmanageable sieve.
If you do need to run telemetry, make it opt in or end user only. But if you as developer don't even have control then that's the worst.

by delf

0 subcomment

Creator of GitSocial here, check it out if you'd like to have better control of your data and be protected from such things: https://github.com/gitsocial-org/gitsocial

by Kim_Bruning

1 subcomments

what's the last version before telemetry... will want to pin there.

by traceroute66

1 subcomments

I suggest anyone who cares, and certainly anybody in the EU mails privacy@github.com and also opens a support ticket to let them know exactly what you think

0 subcomment

by lukewarm707

1 subcomments

#Telemetry FUCK OFF export DOTNET_CLI_TELEMETRY_OPTOUT=1 export ASTRO_TELEMETRY_DISABLED=1 export GATSBY_TELEMETRY_DISABLED=1 export HOMEBREW_NO_ANALYTICS=1 export NEXT_TELEMETRY_DISABLED=1 export DISABLE_ZAPIER_ANALYTICS=1 export TELEMETRY_DISABLED=1 export GH_TELEMETRY=false

by minraws

0 subcomment

Fuck Github man, Fuck em'. I mean what even is the point. You lost the AI whatever it was, build a good product and features for developers like you tried to once.
And less social media shit, maybe adding better LFS alternative similar to huggingface and stuff.
Git isn't the popular choice in game dev because of this assets in tree hosting nonsense, why haven't we fixed it yet.
Similarly many edge cases, also finally they built stacked prs but man does it feel a under baked, and what it's like 2+ years late.
Please just improve Github, make me feel like I will be missing out if I am not on Github because of the features not because I have to be because of work.

by natas

0 subcomment

Soon there will be ads on Github, you'll see.

by lo1tuma

0 subcomment

This wouldn’t have happened with Nat Friedman.

by NietTim

0 subcomment

There is no such thing as "pseudoanonymous" it's not a thing it does not exist it's an oxymoron.

by sureglymop

0 subcomment

Why does github need a CLI? Some people just seem to want to make their own lives harder...

by Datagenerator

0 subcomment

Don't confuse GIT(1) the protocol with this (keep in active memory the EEE tactics).

by 0x3o3

0 subcomment

just use Radicle and never look back with centralised platforms.

by sammy2255

3 subcomments

Today I learned GitHub has a CLI. I guess that's like Pornhub having a CLI

by Henchman21

0 subcomment

Doesn't the github cli only utilize their API? As in, the tool is useless without that API? So couldn't they analyze the API instead?

by shevy-java

1 subcomments

Microsoft really wants people to stop using GitHub.
Hopfully the codeberg people can improve their UI - the UI is the single reason I still use github (and filing issues is super-simple). I could never handle gitlab because I hate their UI.
Note that GitHub is in the news in the last some months, negatively. I think we are seeing first wear-and-tear signs. If people are smart, this would be a time where real competition to Microsoft GitHub could work. GitHub without users would be dead. Microsoft seems unable to care - they sold their soul to AI. It is make-it-or-break-it for them now.

by msla

0 subcomment

I wonder how robust they are against people sending them fake data.

by slackfan

0 subcomment

pseudoanonymous means not anonymous. /thread

by m3kw9

0 subcomment

aka, you "anonymous" code will now be trained on our next coding models.

by greatgib

0 subcomment

The current century is the one of enshitification, like a cancer, now there is a whole generation of PM that it is totally ok and legitimate to update your product to add spying of your user's usage.
It might seems legit from them, but I'm quite sure that just listening to your user is enough. It is not like they lack an user base ready to interact with them or that they lack of bugs or features to work on.
In most cases, the telemetry is more a vanity metric that is rarely used. "Congratz to this team that did the flag that is the most used in the cli". But even for product decision, it is hard to extract conclusions from current usage because what you can and will do today is already dependent on the way the cli is done. A feature might not be used a lot because it is not convenient to do, or not available in a good way compared to an alternative, but usage report will not tell if it was useful or not. In the same way, when I buy a product, often there are a lot of features that I will never use, but that I'm happy to have. And I might not have bought the product, or bought another one if it was not available. But the worse would have the manufacturer remove or disable the feature because it is not used...

by raverbashing

0 subcomment

Do you know what doesn't collect telemetry?
the old git command in your terminal
I think I'll keep using that

by wild_pointer

1 subcomments

pseudoanonymous, meaning not anonymous? lol

by varispeed

1 subcomments

pseudoanonymous = euphemism for not anonoymous.
Regulators should wake up and fine them hard, so hard to become existential. Make an example for others not to follow.

by jimmypk

0 subcomment

[dead]

by alex1sa

0 subcomment

[dead]

by deathanatos

1 subcomments

I mean, make sense, of course. How else could they possibly know what users want? Run a bug tracker? Use their own software? Have more than one 9 of uptime? /s
Corporations can and will do every scummy thing permitted to them by law, so here we are. Until the US grows a backbone on issues of privacy, we shouldn't be surprised, I suppose. But the US won't be growing such a backbone anytime in the near future.

by neobrain

4 subcomments

tl;dr for opt-out as per https://cli.github.com/telemetry#how-to-opt-out (any of these work individually):
export GH_TELEMETRY=false
export DO_NOT_TRACK=true
gh config set telemetry disabled (starting from version 2.91.0, which this announcement refers to)

by TranspectiveDev

0 subcomment

[dead]

by jw_cook

0 subcomment

TL;DR:
```
    gh config set telemetry disabled
```

by bugrasan

0 subcomment

doesn't this need to be opt-in according to EU GDPR?

by tpsvca

0 subcomment

[flagged]

by djdillon

0 subcomment

FWIW, looks to remain disabled by default for enterprise users.