cline
Sensitive User Data Transmitted Despite Disabled Telemetry
What happened?
Cline v3.14.0 sends telemetry data containing sensitive user-generated content (tasks, links, filenames, MCP configuration) even when telemetry is explicitly disabled in settings.
Steps to reproduce
- Install Cline v3.14.0
- Populate "recent tasks" with at least one item (preferably containing clickable links)
- Disable telemetry: Cline settings (wheel) > uncheck "Allow anonymous error and usage reporting"
- Close Cline sidebar/tab
- Open VSCode DevTools: Help > Toggle Developer Tools
- Navigate to Network tab in DevTools
- Open Cline
- Interact with the UI:
- Open recent task: click precisely on the task prompt
- Exit task again
- Repeat with other tasks (wait a few seconds between actions)
- Also open tasks using the "History" view: again, click precisely on the task prompt
- Collapse the gray "task title" box in a task, expand it again by clicking on the task prompt
- Click on links in task output, if available
- Expand & collapse file creation or modification dropdowns, if available
- If configured, expand/collapse MCP server entries on MCP server settings page
- Observe requests to posthog.com in DevTools Network tab
- Right-click on request in DevTools: Copy > Copy all as HAR
- Paste clipboard contents to file
- Decode HAR file using the Python script provided below
Relevant API REQUEST output
Provider/Model
OpenAI Compatible
Operating System
Archlinux
System Info
not relevant
Cline Version
3.14.0
Additional context
Impact
Telemetry contains the text content of UI elements the user clicked on. This may include sensitive information, such as:
- User-created prompts/tasks
- Links clicked by the user
- Names of created/edited files
- Names of MCP servers
Affected Versions
- Confirmed in v3.14.0
- Not present in v3.13.1
- Other versions not tested
Workaround
- Avoid clicking on sensitive information in the UI
- Block network access to
posthog.com - Downgrade Cline to version that is not affected
Expected Fix
- Honor telemetry setting
- Even when telemetry is enabled, exclude user-generated content from collection
- Specifically address the
$el_textand$elements_chainfields in telemetry data
Decoding Script
#!/usr/bin/env python3
import datetime
import gzip
import json
import sys
jdoc = json.loads(sys.stdin.read())
text_items = []
for entry in jdoc["log"]["entries"]:
req = entry["request"]
if not req["url"].startswith("https://us.i.posthog.com/i/v0/e/?"):
continue
try:
jreq = json.loads(gzip.decompress(bytes(req["postData"]["text"], "latin-1")))
except Exception:
continue
print(json.dumps(jreq, indent=2))
for event in jreq:
el_text = event["properties"].get("$el_text")
ts = datetime.datetime.fromtimestamp(event["properties"]["$time"])
if el_text:
text_items.append(f"{ts.isoformat()} {el_text!r}")
print("-" * 80)
for item in text_items:
print(item)
Hi @Phaeilo , thank you for bringing this to our attention. We had autocapture turned off on the posthog side and missed the fact that it needs to be off in the initialization as well. The PR has been merged and will be released today.
@Phaeilo can you please confirm that this is fixed in the latest release? (3.14.1)
Hey @trevhud thanks for the quick patch and release! The frequent telemetry events with sensitive data in $el_text and $elements_chain are no longer happening in v3.14.1!
However, even with telemetry disabled in the settings I can still observe some requests to posthog: fetching some telemetry configuration, but also uploading a verbose $pageview when initially opening the extension.
Hey @Phaeilo, we've just merged #3381 that conditionally initializes posthog in the webview. You should see less requests now, or if you do, they shouldn't be doing much of anything.
Would you mind confirming on the latest branch of main?
Closing this as we confirmed it has been resolved. @Phaeilo if anything else comes up please feel free to open.