GitHub CLI Now Collects Telemetry by Default — Here Is What You Are Sending
GitHub quietly began collecting pseudonymous telemetry data from CLI users by default. Developers who use the GitHub CLI tool for their daily workflows are now sending usage data to GitHub — and many do not know it. The opt-out exists, but finding it requires reading the documentation.
What's Actually Happening
GitHub's CLI tool (gh) updated to collect pseudonymous usage telemetry by default. This includes information about which commands are run, command success or failure rates, and basic environment information. GitHub says the data is used to improve the product — standard justification for analytics collection.
Pseudonymous means the data is not directly tied to your GitHub username, but it is tied to a persistent identifier for your CLI installation. Over time, that identifier creates a behavior profile that could be de-anonymized with additional context.
Why It Matters
Developer tools are trusted infrastructure. When you run gh commands, you might be interacting with private repositories, proprietary code, or sensitive internal tooling. Even pseudonymous telemetry about command patterns can reveal information about workflows, repository structures, and development practices that developers consider private.
The default-on choice is the core issue. Privacy researchers consistently argue that data collection should be opt-in, not opt-out — especially for professional tools used in corporate and sensitive environments. GitHub chose the opposite. This follows a pattern: large platforms increasingly default to data collection and require active effort to opt out. Related: device-level privacy vulnerabilities show why developer tool privacy matters more than ever.
My Take
This is a trust problem, not a privacy catastrophe. GitHub's stated purpose — improving the CLI — is legitimate. But the implementation choice reveals something about how Microsoft (which owns GitHub) thinks about developer data: it is an asset to be collected by default, not something to be earned through opt-in consent.
For individual developers, the practical risk is low. For enterprises with strict data governance requirements, this is a policy violation waiting to happen. Corporate security teams should be aware of what their developers' CLI tools are sending.
Frequently Asked Questions
How do I opt out of GitHub CLI telemetry? Run: gh config set telemetry disabled — this disables telemetry for your CLI installation.
What data is being collected? Command usage patterns, success/failure rates, and environment info — pseudonymously tied to your CLI installation.
Does this affect GitHub Actions or web usage? No — this is specific to the gh CLI tool, not the GitHub web interface or Actions.
Related Articles
- Apple Patched the Bug Cops Used to Extract Deleted iPhone Messages
- 75% of Google's New Code Is Now AI-Generated