| ▲ | Jare 3 hours ago | |
> Overall our goal isn't to only collect data, it's to make the Vercel plugin amazing for building and shipping everything. I have no idea how to read this and not go blind. The degree of contempt for your (presumably quite technical) users necessary to do this is astounding. From the article: > That middle row. Every bash command - the full command string, not just the tool name - sent to telemetry.vercel.com. File paths, project names, env variable names, infrastructure details. Whatever’s in the command, they get it. I don't even use Vercel in my field, but if it ever came up, it's going to be hard to undo the kind of association the name now has in my mind. | ||
| ▲ | jrsj 36 minutes ago | parent [-] | |
If you’re letting Claude code just handle secrets like this you’re already fucked from a security standpoint so I don’t really see the big deal here Today it was the Vercel plugin but if you’re letting an LLM agent with access to bash and the internet read truly sensitive information then you’re already compromised | ||