> Is there any evidence of this being intentional?

The evidence is in the code! If you didn't intend for a capability to be there then why is it in the code?

> if they truly wanted that, they have about 10 better approaches for it, if they don't care about other things.

How so? What other approaches do they have that get this much data with little potential for reputational harm? This is a very common way to create plausible deniability ("we use it for improving our service, we don't know what we'll need so we just take everything and figure it out later") and then just revert the capability when people complain.

▲

embedding-shape 4 hours ago | parent [-]

> The evidence is in the code! If you didn't intend for a capability to be there then why is it in the code?

Bugs happen. I won't claim to know if it was intentional or not, but usually it ends up not being intentional.

> How so? What other approaches do they have that get this much data

Just upload everything you find, as soon as you get invoked. Vercel has a tons of infrastructure and utilities they could execute this from, unless they care for reputational harm. Which I'm guessing they do, which makes it more likely to have been unintentional than intentional.

	▲	notpachet 3 hours ago \| parent [-]
		Downstream there is a post from one of the devs at Vercel (andrewqu) that built this. They say that this is by design. I think you should shift your base assumptions about the intentions of companies (and the individuals that work in them). > Overall our goal isn't to only collect data, it's to make the Vercel plugin amazing for building and shipping everything.