Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Tell HN: Cursor exposes side projects to your employer
32 points by throwawaybbbbbb 3 days ago | 22 comments

I went to see my Cursor (the AI IDE) analytics and clicked a banner advertising their new company-level analytics dashboard. It now has a section “AI Edits by repository” that includes all the repositories used with Cursor, including your personal side projects. [0] I suspect they scrape the name of the repository from the list of GIT remotes, without explicit consent or notice.

If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API. This telemetry cannot be disabled and is available in a highly granular format in their API. [1]

The dashboard includes also includes information on when you were writing code. [2] The data is available in a highly granular format in their API. [3]

[0]: https://cursor.com/docs/account/teams/analytics#repository-insights [1]: https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-commit-metrics-json-paginated [2] https://cursor.com/docs/account/teams/analytics#daily-usage [3] https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-code-change-metrics-json-paginated

giantg2 3 days ago | parent | next [-]

"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Yeah... get your own personal subscription. Creating side projects on company resources could lead to ownership disputes - you could lose it to your company.

tyleo 3 days ago | parent [-]

Agreed with this point. I try to separate everything possible from my company with multiple accounts. It’s annoying, sure, but you’ve got to protect yourself.

giantg2 3 days ago | parent [-]

I won't even connect my cell phone to the company wifi. Anyone concerned about the surveillance state or big tech and privacy would likely do the same as they can be very invasive.

suobset 2 days ago | parent | prev | next [-]

This is why please have a personal account and personal devices for anything that does not relate to your company or work. This is super critical.

Heck I'd often carry 2 devices if I was traveling, there's no way in hell I would use company laptops. Anything I did on my work Mac, I assumed everyone relevant at work can access into. Kandji already hands over a ton of data wrt this, and I am sure every other MDM solution does too.

You gave your consent when you got the work device and probably signed a document/stated that this was to only be used for work purposes.

codegeek 3 days ago | parent | prev | next [-]

"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Good. As much as we are all privacy freaks, if you are using company resources to do your own side projects, it is fair that the company should have visibility to it. Otherwise, get a separate personal subscription.

Note that you should not only have a separate subscription to things like cursor for non company work, you should also have a separate laptop/machine for doing anythng non company. One of the reasons why so many companies are cracking down on remote work is due to these types of violations in addition to other things.

Iolaum 3 days ago | parent | prev | next [-]

Am I wrong in understanding you were using the company account with the enterprise subscription while you were working on those side projects? Or were you using a different account?

binsquare 3 days ago | parent [-]

Sounds like he was using a company account? In that case, the default is always to expect that the company will see everything including personal projects.

nis0s 3 days ago | parent [-]

Uh, no? I don’t think that’s a thing in any JetBrains IDE, unless I am mistaken.

bloppe 3 days ago | parent [-]

Does your employer provide you with a laptop? In that case you should assume they have access to the hard drive at least.

nis0s 3 days ago | parent [-]

Oh, that’s a different scenario. I would never do personal work on someone else’s laptop. But I think what’s being described in this case is that if you use this IDE, even on a personal machine where your license is from another source, then your personal data is somehow exposed to others.

binsquare 2 days ago | parent [-]

Would we agree with this statement?: if you use a tool licensed by your company your work still belongs to the company.

nis0s a day ago | parent [-]

Maybe you’re right, in this case it’s like if a plumbing company loans out plumbers tools. You’re not necessarily allowed to use loaned tools for personal work, but in that case it’s usually due to degradation. I am not sure that applies to digital tools. It’s an interesting question.

speedgoose 3 days ago | parent | prev | next [-]

If you can’t trust your company with your side projects, you should perhaps not do side projects on your company provided computer and AI subscriptions.

iExploder 3 days ago | parent | prev | next [-]

Legal and HR department would like to have a word.

greekcoder 2 days ago | parent | prev | next [-]

If you're good to your job and your manager find out you're building a side project, they may think you prepare to leave so you might take a salary raise for not leaving. Let's take the risk and continue using company's AI accounts, they are Free!

ifh-hn 2 days ago | parent | prev | next [-]

I find it hard to see how this isn't user error? Don't use company hardware and software... Problem solved.

muzani 3 days ago | parent | prev | next [-]

Well, they are paying for the tokens, so it's only fair. If you were on the company phone, they should see who you're calling.

kylehotchkiss 3 days ago | parent | prev | next [-]

Software developers should generally have their own computers that aren't wired into company subscriptions. M-Series MacBook Air is really all most people could ever need.

satvikpendem 2 days ago | parent | prev | next [-]

Well yeah, you're using company hardware and software for personal use, of course they'd be able to see.

al_borland 3 days ago | parent | prev | next [-]

Why are you using your company account for personal projects?

bitbasher 3 days ago | parent | prev [-]

Cursor didn't expose it, you did when you decided to use Cursor. You're using an editor that is owned by a company with analytics built in. You're handing over your data.

Stop using company hardware, software and subscriptions to do _anything_ personal.

atrettel 3 days ago | parent [-]

Yes, this is the right answer. Compartmentalization is a basic principle in security. I never do anything personal on company hardware and vice versa. I keep both separate. It just makes things so much easier to manage in the long term.