TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

72% Positive

Analyzed from 2082 words in the discussion.

Trending Topics

#telemetry#github#cli#git#config#features#export#don#used#data

Discussion (175 Comments)Read Original on HackerNews

a2128about 3 hours ago

    Why we collect telemetry

    ...our team needs visibility into how features are being used in practice. We use this data to prioritize our work and evaluate whether features are meeting real user needs.
I'm curious why corporate development teams always feel the need to spy on their users? Is it not sufficient to employ good engineering and design practices? Git has served us well for 20+ years without detailed analytics over who exactly is using which features and commands. Would Git have been significantly better if it had collected telemetry, or would the data not have just been a distraction?
gardaaniabout 3 hours ago
It isn't only corporate development teams — open source development teams want to spy on their users, too. For instance, Homebrew: "Anonymous analytics allow us to prioritise fixes and features based on how, where and when people use Homebrew." [1]

[1] https://docs.brew.sh/Analytics

j_maffeabout 3 hours ago
> Would Git have been significantly better if it had collected telemetry, or would the data not have just been a distraction?

I'm not sure if you're implying it's obvious but it's not obvious to me that it would be unhelpful.

embedding-shapeabout 3 hours ago
> Is it not sufficient to employ good engineering and design practices?

It's not that it's insufficient, new developers, product people and designers literally don't know how to make tasteful and useful decisions without first "asking users" by experimenting on them.

Used to be you built up an intuition for your user base, but considering everyone is changing jobs every year, I guess people don't have time for that anymore, so literally every decision is "data driven" and no user is super happy or not anymore, everyone is just "OK, that's fine".

Forgeties79about 3 hours ago
This is where (surprise surprise) I respect Valve. The hardware survey is opt in and transparent. They get useful info out of it and it’s just..not scummy.

There are all sorts of best practices for getting info without vacuuming up everyone’s data in opaque ways.

salomonk_murabout 3 hours ago
They are analyzing absolutely every click you make, I can guarantee it.
embedding-shapeabout 3 hours ago
To be fair, you can be pretty sure they're heavily leveraging all their store data, in loads of ways. They probably sit on the biggest dataset of video game preferences for people in general, and I'm betting they make use of it heavily.
CMayabout 2 hours ago
If you have 3 of your developers spending 80% of their time in an area of the codebase that gets no usage and you don't see a path forward that realistically is likely to increase usage, it can be a better use of developer time to focus them elsewhere or even rethink the feature.

The problem I have with a lot of these analytics is that while there are harmless ways to use it, there is this understanding that they could be tying your unique identifier to behavioral patterns which could be used to reconstruct your identity with machine learning. It's even worse if they include timestamps.

Why not just expose exactly what telemetry is being sent when it's sent? Like add an option that makes telemetry verbose, but doesn't send it unless you enable it. That way you can evaluate it before you decide to turn it on. Whenever you do the Steam Hardware survey it'll show you what gets sent. This is the right way to do it.

ryanshrottabout 1 hour ago
> you're going to have to opt out of a lot more than this one setting

The opt-out situation for gh CLI telemetry is actually trickier than it sounds. gh runs in CI/CD pipelines and server environments where you may not want any outbound connections to github.com at all, not because of privacy but because of networking constraints. In those environments, the telemetry being on by default means your CI fails or your Bastion host can't reach GitHub at all.

Compare this to git itself, which is entirely local until you explicitly push. The trust model is different: git will never phone home unless you configure it to. gh, being a wrapper around the GitHub API, has to make those calls to function - but that's separate from whether it should also be collecting and uploading your command patterns.

ImJasonHabout 3 hours ago
Do people think that GitHub isn't already collecting and aggregating all the requests sent to their servers, which is after all the entire point of the gh CLI?

If you don't want your requests tracked, you're going to have to opt out of a lot more than this one setting.

embedding-shapeabout 4 hours ago
Love it when a PR is brief: https://github.com/cli/cli/pull/13254

> Removes the env var that gates telemetry, so it will be on by default.

ConceptJunkie41 minutes ago
Do they mean "pseudonymous" telemetry meaning "non-identifying telemetry", or do they mean "pseudoanonymous" telemetry meaning telemetry is that not really anonymous?

Those two words have almost exactly opposite meanings, and as stated, they are literally saying they are collecting identifiable data.

naikrovek1 minute ago
it means they can see all the telemetry from a single machine, but the identity of the machine is not tied to any human identity or github account. each machine appears to get its own UUID and that's how they "identify" machines.
bakiesabout 3 hours ago
So happy I deployed gitea to my homelab last month. It's got an import feature from github and honestly just faster and better uptime that github. Claude can use it just fine with tea cli and git. It's pretty much a knockoff github, but I think it's better so far.
grugdev42about 3 hours ago
Remember that thing Microsoft does?

Embrace, extend, extinguish.

The first two have been done.

I give it five years before the GH CLI is the only way to interact with GitHub repos.

Then the third will also be done, and the cycle is complete.

square_usualabout 1 hour ago
> I give it five years before the GH CLI is the only way to interact with GitHub repos.

I'll take that bet. How much are you willing to put on it?

tornikeoabout 2 hours ago
Good for GitHub. All companies need this. Some use it to improve products, some use it for less commendable goals. I know HN crowd is allergic to telemetry but if you've ever developed a software as a service, telemetry is indispensable.
xpeabout 1 hour ago
Thinking out loud: what are the best practices to vet a tools' telemetry details? The devil is in the details.

A quick summary of my Claude-assisted research at the Gist below. Top of mind is some kind of trusted intermediary service with a vested interest in striking a definable middle ground that is good enough for both sides (users and product-builders)

Gist: WIP 31 minutes in still cookin'

isoprophlexabout 1 hour ago
God forbid you talk to your users
Citizen_Lameabout 1 hour ago
All AI bros are the same.

P.S. You look like villain from Temu.

NietTim42 minutes ago
There is no such thing as "pseudoanonymous" it's not a thing it does not exist it's an oxymoron.
Datagenerator39 minutes ago
Don't confuse GIT(1) the protocol with this (keep in active memory the EEE tactics).
Advertisement
mghackerladyabout 3 hours ago
can someone explain why github has a CLI? why wouldn't you just use git?
Atreidenabout 3 hours ago
Creating PRs, reading PRs, creating/reading Issues, triggering actions, to name a few
bakiesabout 3 hours ago
PRs, and managing repos, and other things that aren't git features. You can use it to auth with GITHUB_TOKEN instead of ssh or http. Which is how my agents get access. I've switched to gitea, it's got all the same features.
chris_money202about 3 hours ago
gh is insanely powerful, especially if you let your coding agent use it. It’s one of my top tools. Gh lets you use GitHub features such as issues, pull request, reading CI pipelines, creating CI pipelines, etc. git is just for code version control.
minraws43 minutes ago
Fuck Github man, Fuck em'. I mean what even is the point. You lost the AI whatever it was, build a good product and features for developers like you tried to once.

And less social media shit, maybe adding better LFS alternative similar to huggingface and stuff.

Git isn't the popular choice in game dev because of this assets in tree hosting nonsense, why haven't we fixed it yet.

Similarly many edge cases, also finally they built stacked prs but man does it feel a under baked, and what it's like 2+ years late.

Please just improve Github, make me feel like I will be missing out if I am not on Github because of the features not because I have to be because of work.

lo1tumaabout 1 hour ago
This wouldn’t have happened with Nat Friedman.
Kim_Bruningabout 2 hours ago
dev tools and especially libraries must not have telemetry unless absolutely strictly necessary (and even then!).

* Dev tools because you need to be able to trust they don't leak while you're working. Not all sites/locations/customers/projects allow leaks, and it's easier to just blacklist anything that does leak, so you know you can trust your tools, and the same habits, justfiles, etc work everywhere.

* libraries that leak deserve a special kind of hell. You add a library to your project, and now it might be leaking without warning. If a lot of libraries decide to leak, your application is now an unmanageable sieve.

If you do need to run telemetry, make it opt in or end user only. But if you as developer don't even have control then that's the worst.

traceroute66about 3 hours ago
I suggest anyone who cares, and certainly anybody in the EU mails privacy@github.com and also opens a support ticket to let them know exactly what you think
lukewarm707about 1 hour ago
#Telemetry FUCK OFF export DOTNET_CLI_TELEMETRY_OPTOUT=1 export ASTRO_TELEMETRY_DISABLED=1 export GATSBY_TELEMETRY_DISABLED=1 export HOMEBREW_NO_ANALYTICS=1 export NEXT_TELEMETRY_DISABLED=1 export DISABLE_ZAPIER_ANALYTICS=1 export TELEMETRY_DISABLED=1 export GH_TELEMETRY=false
Kim_Bruningabout 3 hours ago
what's the last version before telemetry... will want to pin there.
herpdyderpabout 3 hours ago
According to their releases page: 2.90.0
0x3o3about 3 hours ago
just use Radicle and never look back with centralised platforms.
sammy2255about 3 hours ago
Today I learned GitHub has a CLI. I guess that's like Pornhub having a CLI
chris_money202about 3 hours ago
Gh cli is one of the most powerful tools you can give a coding agent imo
falcor84about 3 hours ago
Seeing how annoying their website interfaces are, I'd actually be open to paying for API/CLI access to porn.
embedding-shapeabout 3 hours ago
Before GitHub had a CLI, I used cURL (via zsh alises/functions) to open PRs and find what remote/branch a PR is associated with.

Today I use a Golang CLI made with ~200K LOC to do essentially the same thing. Yay, efficiency?

varispeedabout 3 hours ago
pseudoanonymous = euphemism for not anonoymous.

Regulators should wake up and fine them hard, so hard to become existential. Make an example for others not to follow.

xpeabout 1 hour ago
Being a good regulator is about solving a nearly impossible satisficing problem. You have to follow the law and achieve achieve results with a limited budget and political constraints. Given the priorities of say the FTC or state AGs or the SEC, I don't think GitHub is even a blip on their radar. Of any of the regulators I would hazard to guess that maybe the California Privacy Protection Agency is the most likely to prioritize a look, but I still doubt it.

I know lots of idealists -- I went to a public policy school. And in some areas, I am one myself. We need them; they can push for their causes.

But if you ever find yourself working as a regulator, you'll find the world is complicated and messy. Regulators that overreach often make things worse for their very causes they support.

If you haven't yet, go find some regulators that have to take companies all the way to court and win. I have know some in certain fields. Learn from them. Some would probably really enjoy getting to talk to a disinterested third-party to learn the domain. There are even ways to get involved as a sort of citizen journalist if you want.

But these sort of blanket calls for "make an example of GitHub" are probably a waste of time. I think a broader view is needed here. Think about the causal chain of problems and find a link where you have leverage. Then focus your effort on that link.

I live in the DC area, where ignorance of how the government works leads to people walking away and not taking you seriously. When tech people put comparable effort into understanding the machinery of government that they do into technology, that is awesome. There are some amazing examples of this if you look around.

There are no excuses. Tech people readily accept that they have to work around the warts of their infrastructure. (We are often lucky because we get to rebuild so much software ourselves.) But we forget what it's like to work with systems that have to resist change because they are coordination points between multiple stakeholders. The conflict is by design!

Anyhow, we have no excuse to blame the warts in our governmental system. You either fix them or work around them or both.

The world is a big broken machine. Almost no individual person is to blame. You just have to understand where to turn the wrench.

Advertisement
wild_pointerabout 3 hours ago
pseudoanonymous, meaning not anonymous? lol
mslaabout 3 hours ago
I wonder how robust they are against people sending them fake data.
raverbashingabout 2 hours ago
Do you know what doesn't collect telemetry?

the old git command in your terminal

I think I'll keep using that

greatgibabout 2 hours ago
The current century is the one of enshitification, like a cancer, now there is a whole generation of PM that it is totally ok and legitimate to update your product to add spying of your user's usage.

It might seems legit from them, but I'm quite sure that just listening to your user is enough. It is not like they lack an user base ready to interact with them or that they lack of bugs or features to work on.

In most cases, the telemetry is more a vanity metric that is rarely used. "Congratz to this team that did the flag that is the most used in the cli". But even for product decision, it is hard to extract conclusions from current usage because what you can and will do today is already dependent on the way the cli is done. A feature might not be used a lot because it is not convenient to do, or not available in a good way compared to an alternative, but usage report will not tell if it was useful or not. In the same way, when I buy a product, often there are a lot of features that I will never use, but that I'm happy to have. And I might not have bought the product, or bought another one if it was not available. But the worse would have the manufacturer remove or disable the feature because it is not used...

deathanatosabout 1 hour ago
I mean, make sense, of course. How else could they possibly know what users want? Run a bug tracker? Use their own software? Have more than one 9 of uptime? /s

Corporations can and will do every scummy thing permitted to them by law, so here we are. Until the US grows a backbone on issues of privacy, we shouldn't be surprised, I suppose. But the US won't be growing such a backbone anytime in the near future.

moi2388about 1 hour ago
Use their own software? Microsoft?!
jw_cook31 minutes ago
TL;DR:

    gh config set telemetry disabled
neobrainabout 4 hours ago
tl;dr for opt-out as per https://cli.github.com/telemetry#how-to-opt-out (any of these work individually):

export GH_TELEMETRY=false

export DO_NOT_TRACK=true

gh config set telemetry disabled

fenaerabout 4 hours ago
$ gh --version

gh version 2.90.0 (2026-04-16) https://github.com/cli/cli/releases/tag/v2.90.0

$ gh config set telemetry disabled

! warning: 'telemetry' is not a known configuration key

rethababout 3 hours ago
v2.91.0 is the one that's going to introduce it: https://github.com/cli/cli/releases/tag/v2.91.0

Also note that even though you get a warning about an unknown config key, the value is actually set so you're future-proof. Check `grep telemetry ~/.config/gh/config.yml`

nottorpabout 3 hours ago
... don't forget to recheck this info every update, restore flags that have been "accidentally" reset and set any new flags that they added for "different" telemetry
NeckBeardPrinceabout 3 hours ago
> gh config set telemetry false > ! warning: 'telemetry' is not a known configuration key

What's strange is if you check your `~/.config/gh/config.yml` it will put `telemetry: disabled` in there. But it will put anything in that `config.yml` lol.

> gh config set this-is-some-random-bullshit aww-shucks > ! warning: 'this-is-some-random-bullshit' is not a known configuration key

But in my config.yml is

this-is-some-random-bullshit: aww-shucks

djdillonabout 3 hours ago
FWIW, looks to remain disabled by default for enterprise users.