Users of GitHub's command-line interface (CLI) who value privacy, beware. The Microsoft-owned code-hosting platform has quietly begun collecting pseudonymous client-side telemetry from CLI users and enabled it by default.
There was no standalone blog post or announcement of the change, just an update to GitHub's CLI documentation adding a telemetry page, release notes mentioning pseudonymous telemetry, and a burst of updates to the CLI repo over the past week folding telemetry features into the tool. GitHub's explanation for the telemetry update was straightforward: it said the data would help the team understand feature use and improve the CLI.
Oh, and AI.
"As agentic adoption of GitHub CLI grows, our team needs visibility into how features are being used in practice," the telemetry page reads. "We use this data to prioritize our work and evaluate whether features are meeting real user needs." Real users, in this case, appear to include AI agents.
It's not a bad idea, at a glance: Companies need visibility into how users are interacting with their software, and which features are worth spending more time on. With that in mind, GitHub adding this feature isn't surprising. What's less acceptable is turning telemetry on by default and not being particularly clear on what telemetry might be harvested by the CLI.
There's a lot of new code to dig through in the CLI repo with plenty of mentions of telemetry, but no solid list of data points that might be included. GitHub did not spell everything out on the telemetry page, noting instead that users can inspect what would be sent by enabling logging.
"If you want to see exactly what would be sent without actually sending it, you can enable logging," the help page reads before providing a sample of what might be in there. The sample payload includes an agent field, architecture, device ID, OS, flags, command name, invocation ID, and other metadata. Actual telemetry payloads, GitHub noted, may differ considerably.
GitHub said that telemetry data collected from CLI clients is sent to its internal analytics infrastructure, but that may still not be enough to satisfy the concerns of those who are now handing over more data to Microsoft and GitHub without much notice. Luckily, GitHub included opt-out instructions on the new Telemetry page.
Opting out can be done either through an environment variable or a configuration option in the CLI itself. For the environment variables, GitHub said exporting GH_TELEMETRY=false (or any other false-equivalent value) will work, as will setting DO_NOT_TRACK=true.
For those who would rather change it in the CLI's configuration file, issue the command gh config set telemetry disabled to toggle it off.
GitHub didn't respond to questions for this story. ®