alt Hacker NewsGitHub CLI now collects pseudoanonymous telemetry
Comments
If you have 3 of your developers spending 80% of their time in an area of the codebase that gets no usage and you don't see a path forward that realistically is likely to increase usage, it can be a better use of developer time to focus them elsewhere or even rethink the feature.
The problem I have with a lot of these analytics is that while there are harmless ways to use it, there is this understanding that they could be tying your unique identifier to behavioral patterns which could be used to reconstruct your identity with machine learning. It's even worse if they include timestamps.
Why not just expose exactly what telemetry is being sent when it's sent? Like add an option that makes telemetry verbose, but doesn't send it unless you enable it. That way you can evaluate it before you decide to turn it on. Whenever you do the Steam Hardware survey it'll show you what gets sent. This is the right way to do it.
> you're going to have to opt out of a lot more than this one setting
The opt-out situation for gh CLI telemetry is actually trickier than it sounds. gh runs in CI/CD pipelines and server environments where you may not want any outbound connections to github.com at all, not because of privacy but because of networking constraints. In those environments, the telemetry being on by default means your CI fails or your Bastion host can't reach GitHub at all.
Compare this to git itself, which is entirely local until you explicitly push. The trust model is different: git will never phone home unless you configure it to. gh, being a wrapper around the GitHub API, has to make those calls to function - but that's separate from whether it should also be collecting and uploading your command patterns.
Love it when a PR is brief: https://github.com/cli/cli/pull/13254
> Removes the env var that gates telemetry, so it will be on by default.
Do people think that GitHub isn't already collecting and aggregating all the requests sent to their servers, which is after all the entire point of the gh CLI?
If you don't want your requests tracked, you're going to have to opt out of a lot more than this one setting.
So happy I deployed gitea to my homelab last month. It's got an import feature from github and honestly just faster and better uptime that github. Claude can use it just fine with tea cli and git. It's pretty much a knockoff github, but I think it's better so far.
Good for GitHub. All companies need this. Some use it to improve products, some use it for less commendable goals. I know HN crowd is allergic to telemetry but if you've ever developed a software as a service, telemetry is indispensable.
Do they mean "pseudonymous" telemetry meaning "non-identifying telemetry", or do they mean "pseudoanonymous" telemetry meaning telemetry is that not really anonymous?
Those two words have almost exactly opposite meanings, and as stated, they are literally saying they are collecting identifiable data.
Remember that thing Microsoft does?
Embrace, extend, extinguish.
The first two have been done.
I give it five years before the GH CLI is the only way to interact with GitHub repos.
Then the third will also be done, and the cycle is complete.
I built a small link shortener and faced this exact decision. I track click counts, top country, and top referrer — nothing else. No fingerprinting, no user profiles, no persistent identifiers. The data gets attached to a link, not to a person.
The line I drew: if deleting the short link removes all the data, it's analytics. If deleting the link leaves a profile somewhere, it's surveillance.
GitHub CLI is the opposite case — the data follows the user, not the artifact they created. That's the part that feels off.
*pseudonymous
The article doesn’t use the word “pseudoanonymous”, only “pseudonymous”.
Well, that validates my decision not to install it. Of course Microsoft will eventually abuse any trust you place in them and any access you give them. They always do. Don't let Microsoft run code on your machine and don't give them your data.
can someone explain why github has a CLI? why wouldn't you just use git?
This should be opt-in. Force their employees to opt-in if they want. That's plenty of data to make informed decisions.
Creator of GitSocial here, check it out if you'd like to have better control of your data and be protected from such things: https://github.com/gitsocial-org/gitsocial
Soon there will be ads on Github, you'll see.
#Telemetry FUCK OFF export DOTNET_CLI_TELEMETRY_OPTOUT=1 export ASTRO_TELEMETRY_DISABLED=1 export GATSBY_TELEMETRY_DISABLED=1 export HOMEBREW_NO_ANALYTICS=1 export NEXT_TELEMETRY_DISABLED=1 export DISABLE_ZAPIER_ANALYTICS=1 export TELEMETRY_DISABLED=1 export GH_TELEMETRY=false
Fuck Github man, Fuck em'. I mean what even is the point. You lost the AI whatever it was, build a good product and features for developers like you tried to once.
And less social media shit, maybe adding better LFS alternative similar to huggingface and stuff.
Git isn't the popular choice in game dev because of this assets in tree hosting nonsense, why haven't we fixed it yet.
Similarly many edge cases, also finally they built stacked prs but man does it feel a under baked, and what it's like 2+ years late.
Please just improve Github, make me feel like I will be missing out if I am not on Github because of the features not because I have to be because of work.
I suggest anyone who cares, and certainly anybody in the EU mails [email protected] and also opens a support ticket to let them know exactly what you think
Why does github need a CLI? Some people just seem to want to make their own lives harder...
dev tools and especially libraries must not have telemetry unless absolutely strictly necessary (and even then!).
* Dev tools because you need to be able to trust they don't leak while you're working. Not all sites/locations/customers/projects allow leaks, and it's easier to just blacklist anything that does leak, so you know you can trust your tools, and the same habits, justfiles, etc work everywhere.
* libraries that leak deserve a special kind of hell. You add a library to your project, and now it might be leaking without warning. If a lot of libraries decide to leak, your application is now an unmanageable sieve.
If you do need to run telemetry, make it opt in or end user only. But if you as developer don't even have control then that's the worst.
This wouldn’t have happened with Nat Friedman.
what's the last version before telemetry... will want to pin there.
There is no such thing as "pseudoanonymous" it's not a thing it does not exist it's an oxymoron.
Microsoft really wants people to stop using GitHub.
Hopfully the codeberg people can improve their UI - the UI is the single reason I still use github (and filing issues is super-simple). I could never handle gitlab because I hate their UI.
Note that GitHub is in the news in the last some months, negatively. I think we are seeing first wear-and-tear signs. If people are smart, this would be a time where real competition to Microsoft GitHub could work. GitHub without users would be dead. Microsoft seems unable to care - they sold their soul to AI. It is make-it-or-break-it for them now.
Don't confuse GIT(1) the protocol with this (keep in active memory the EEE tactics).
just use Radicle and never look back with centralised platforms.
pseudoanonymous means not anonymous. /thread
Today I learned GitHub has a CLI. I guess that's like Pornhub having a CLI
aka, you "anonymous" code will now be trained on our next coding models.
Do you know what doesn't collect telemetry?
the old git command in your terminal
I think I'll keep using that
I wonder how robust they are against people sending them fake data.
The current century is the one of enshitification, like a cancer, now there is a whole generation of PM that it is totally ok and legitimate to update your product to add spying of your user's usage.
It might seems legit from them, but I'm quite sure that just listening to your user is enough. It is not like they lack an user base ready to interact with them or that they lack of bugs or features to work on.
In most cases, the telemetry is more a vanity metric that is rarely used. "Congratz to this team that did the flag that is the most used in the cli". But even for product decision, it is hard to extract conclusions from current usage because what you can and will do today is already dependent on the way the cli is done. A feature might not be used a lot because it is not convenient to do, or not available in a good way compared to an alternative, but usage report will not tell if it was useful or not. In the same way, when I buy a product, often there are a lot of features that I will never use, but that I'm happy to have. And I might not have bought the product, or bought another one if it was not available. But the worse would have the manufacturer remove or disable the feature because it is not used...
pseudoanonymous = euphemism for not anonoymous.
Regulators should wake up and fine them hard, so hard to become existential. Make an example for others not to follow.
[dead]
I mean, make sense, of course. How else could they possibly know what users want? Run a bug tracker? Use their own software? Have more than one 9 of uptime? /s
Corporations can and will do every scummy thing permitted to them by law, so here we are. Until the US grows a backbone on issues of privacy, we shouldn't be surprised, I suppose. But the US won't be growing such a backbone anytime in the near future.
[dead]
tl;dr for opt-out as per https://cli.github.com/telemetry#how-to-opt-out (any of these work individually):
export GH_TELEMETRY=false
export DO_NOT_TRACK=true
gh config set telemetry disabled (starting from version 2.91.0, which this announcement refers to)
TL;DR:
gh config set telemetry disabled[dead]
FWIW, looks to remain disabled by default for enterprise users.