GitHub's Quiet Telemetry Switch: CLI Users Auto-Enrolled in Data Tracking Amid Copilot Chaos

GitHub's command-line tool just flipped the script on user privacy. All users now feed pseudonymous telemetry data to Microsoft servers -- by default, no questions asked. The Microsoft-owned platform rolled out the change in recent CLI updates, slipping it into release notes and a new documentation page without fanfare. Developers firing up commands suddenly contribute to GitHub's analytics, helping the team 'understand feature use' and track how AI agents wield the tool. The Register first flagged the shift on April 22, 2026, noting the lack of a standalone announcement.

It's not the first time GitHub has stirred privacy pots this month. Just days earlier, the company halted new sign-ups for Copilot Pro, Pro+, and Student plans, citing runaway agentic workloads that torch compute budgets. 'Agentic workflows have fundamentally changed Copilot's compute demands,' GitHub VP of product Joe Binder explained in a blog post. Long sessions and parallel subagents gobble tokens faster than flat-rate subscriptions can handle, forcing tighter limits on sessions and weekly usage. Pro+ users get over five times the quota of Pro, but hit the wall and you're locked out until reset -- CLI sessions now warn as you approach the edge.

Back to the CLI telemetry. Data flows client-side: architecture details, OS version, command invocations, even agent flags. A sample payload glimpsed via logging shows device IDs and metadata zipping to internal endpoints. 'Actual payloads may differ considerably,' the docs warn. GitHub justifies it bluntly: 'As agentic adoption of GitHub CLI grows, our team needs visibility into how features are being used in practice.' Fair enough for product tweaks. But default-on? That's where eyes narrow.

Opting out exists. Punch . Or export , or . Simple. Yet buried in a fresh Telemetry page at cli.github.com/telemetry. Enable logging first if you want a peek: , then tail or env vars. No server-side toggle, though. And GitHub didn't respond to The Register's queries.

This lands amid broader Copilot turbulence. Individual plans face token caps, Opus models yanked from lineups -- 4.5 and 4.6 gone from Pro+, 4.7 hanging on briefly with a 7.5x premium multiplier. Existing subs can bail for refunds by May 20. CLI ties in directly: Copilot CLI demands a Copilot plan, with org admins flipping the policy switch. Agents in terminals now burn premium requests fast; docs urge sparingly on tools like . The Register detailed the signup freeze, quoting Binder on infrastructure strain.

Developers aren't silent. X posts lit up post-Register story. '@Unfilteredledgr' called out the v2.91.0 drop: no announcement, just release notes. '@SebbyCorp' shared a quick video disabling it. Hacker News threads hit 176 comments, debating telemetry's worth versus privacy hits. One user griped payloads evade easy scrutiny without debug hacks.

CLI's no side project. Millions rely on for repo ops, PRs, issues -- now laced with Copilot agents for terminal AI. Install via brew or downloads, auth with GitHub, trust dirs for file access. Permissions prompt per tool: approve , , or go for all-in trusted spots. But telemetry? That's always on until you say stop.

Privacy hawks see patterns. GitHub's March policy tweak let Copilot train on Free/Pro data unless opted out -- Business/Enterprise spared. Now CLI joins the fray, feeding 'pseudoanonymous' bits amid agent boom. Compute crunches force token billing hints; individuals squeezed while enterprises pay premium. Binder: 'Without further action, service quality degrades for everyone.' Translation: AI's hunger outpaces pricing.

So what now? Check your CLI: . If 'enabled', flip it. Scrutinize Copilot quotas via in sessions. Alternatives bubble -- open-source CLIs, self-hosted agents. GitHub CLI stays powerhouse. But defaults matter. Quiet changes erode trust, especially when data flows to Redmond. Developers build the future. They deserve say in who watches.