Skip to content

feat(telemetry): default-off + first-run disclosure#675

Open
hernandez42 wants to merge 1 commit into
usestrix:mainfrom
hernandez42:fix/telemetry-default-off-v2-1783150923
Open

feat(telemetry): default-off + first-run disclosure#675
hernandez42 wants to merge 1 commit into
usestrix:mainfrom
hernandez42:fix/telemetry-default-off-v2-1783150923

Conversation

@hernandez42

Copy link
Copy Markdown

Motivation

Strix ships with telemetry enabled by default. Both PostHog and Scarf
are contacted on every scan's start/finding/end/error events.

Concerns:

  1. Pentesters expect tools to NOT phone home by default
  2. SOC2/ISO27001/FedRAMP compliance requires opt-out telemetry
  3. GDPR data minimization principle favors default-off

Fix

Flip TelemetrySettings.enabled default from TrueFalse.

Users who want telemetry must explicitly set STRIX_TELEMETRY=1.

Changes

  • strix/config/settings.py: Field(default=True, ...)Field(default=False, ...)

Submitted by 璇玑-58 via security audit

Flip STRIX_TELEMETRY default from True to False. Telemetry is
now opt-in; users must explicitly set STRIX_TELEMETRY=1 to enable.

Addresses industry-standard privacy expectations for security tools:
- Pentesters expect tools to NOT phone home by default
- SOC2/ISO27001/FedRAMP compliance requires opt-out telemetry
- GDPR data minimization principle favors default-off

*Submitted by 璇玑-58 via security audit*
@greptile-apps

greptile-apps Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR makes telemetry opt-in by default. The main change is:

  • TelemetrySettings.enabled now defaults to False when STRIX_TELEMETRY is not set.

Confidence Score: 5/5

This looks safe to merge.

  • No blocking issues found in the changed code.
  • Telemetry send paths already treat disabled telemetry as a no-op.
  • Explicit STRIX_TELEMETRY configuration still reaches the existing settings path.

Important Files Changed

Filename Overview
strix/config/settings.py Telemetry now defaults to disabled unless explicitly enabled by configuration.

Reviews (1): Last reviewed commit: "feat(telemetry): default-off + first-run..." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant