[Feature Request] Disable telemetry option

[pove]

A lot of post calls are made to https://app.posthog.com/batch/

Is it possible to have an option to disable this telemetry?

I really bought the "offline-only" thing... :)

[helloanoop]

Hey @pove

Yes, I will add this support to disable telemetry. Just give me a couple of days time.

A lot of post calls are made to https://app.posthog.com/batch/

Can you share a screenshot. There is only 1 call that gets made when you open the app. The only info that gets shared here is the OS family name (Win/Mac/OS)

You can audit the code here

With Bruno, the only intent was to have an anonymous visit counter. No other information is shared. No usage analytics, micro-interactions, crash logs. Nothing. Knowing that Bruno is having an impact motivates me to push more.

I really bought the "offline-only" thing... :)

By offline-only, I meant to it empasize the fact that there will never be an online sync or cloud sync for api collections(the thing that most popular gui clients of the past have attempted to do)

[pove]

I have posthog blocked, so I see the calls. Perhaps is 4 retries of only one call?

[helloanoop]

An Open Letter to the Community,

I worked very hard to build this app. Its not just a postman/insomnia alternative. Its an evolution. Cloning is easy, coming up with something special takes enormous effort. I spent months thinking from first principles on how to design the bru language that can elegantly store on file whats shown on the UI.

And I am giving away it for free. Under MIT. And continue to spend all-nighters making Bruno awesome for you all. Here is Bruno's long term vision

I am reminded of the Joker meme from Dark knight

Almost every app (web/mobile) that you use tracks insane amount of telemetry to keep you hooked. People are fine with that. Because its all a part of the plan. But when an open-source app tracks a visit counter, people lose their minds.

I hope many of you won't disable the visit count telemetry once that option is present. I hope I am allowed to see and relish the value that Bruno is creating for the developer ecosystem.

I hope I have your trust.

Best, Anoop

[helloanoop]

I have posthog blocked, so I see the calls. Perhaps is 4 retries of only one call?

The retries are happening because the server could not be reached. This is implemented by posthog's library. If the call was successful, you wouldn't see 4 calls. You would just see 1.

The telemetry visit count is triggered only once when you open the app, and when the app remains open only 1 call is made in a day

[azzamsa]

An additional approach to determine the number of users utilizing Bruno is to encourage users to express their gratitude by leaving a 'thank you' comment on a GitHub issue or a designated website.

[helloanoop]

@azzamsa That's a great suggestion: I created a Github Discussion thread for the same:

[arnaduga]

I do understand the need of statistics etc... but what makes Bruno different from the others is the "privacy" approach. So letting the user decide is for me the good approach.

Plus, in certain companies (like banks, etc), having an option to disable this collect is mandatory (or the application maybe not be allowed at all....)

[helloanoop]

I am working on this. Option to disable telemetry will be available in the upcoming release.

[helloanoop]

This is a pretty nuanced topic. Would love to discuss this in the upcoming community call.

The term Telemetry covers a very wide spectrum - From an anonymous visit counter to a full blown pixel level tracking.

All that Bruno collects is an anonymous visit counter. There is nothing else that is tracked. NO usage analytics of features / crash logs / micro interactions gets tracked.

Currently, Bruno is only me working full-time, and the plan is to expand the team in the future as we build different dev products. In case you haven't read it - I discuss Bruno's long term plans here: https://www.usebruno.com/blog/bootstrapping

I request the community to step into my shoes and think from my vantage point. Lets say - you quit your day job, said no to vc money and bootstrapped a business. Majority of the code and project is free and you are trying commercialize it via some paid addons. As an entrepreneur, its very hard to be in the blind and have no visibility into how many people use Bruno everyday.

I request you to to seriously do the above thought exercise. You would see how absurd it is (as an entrepreneur) to have no insight at all whatsover into how many users are using your product.

I need more time to take a call on this. I'll dedicate some time in our upcoming community call to discuss this issue.

[helloanoop]

Not addressing any specific person here, above and below notes are some of my thoughts in General on Telemetry in Opensource projects.

Ok, lets do another thought experiment. I am sure many folks in Bruno's Community work for Product Companies. Do you think you/your company should know how many users use the product that is being built?

The telemetry question would never appear if it was a closed product. Many of us are perfectly fine with paid products (Ex: say IntelliJ / MacOS / Micrsosft Office) having telemetry. We even don't care about how much of telemetry is being tracked.

But in case of opensource projects, we have this expectation that "It MUST never have telemetry at all". I can understand and agree that libraries (like npm modules / frameworks) should not do it. But when you enter the realm of Desktop Apps, its reasonable to have minimal telemetry (like a visit counter) - especially when the people who steward the project are transparent and open about it.

This is not a final stance. Thank you for understanding.

[helloanoop]

@Pessiun I deleted some older comments that were not related to the telemetry discussion.

[helloanoop]

Ok. I agree. With all the love Bruno has, I don't want my telemetry stance to come in the way of what we as a project stand for (in terms of freedom and data privacy)

Will merge the Telemetry Opt-Out feature once the PR is ready.

[amervitz]

Just a thought, you could get a gauge of usage through an in-app update mechanism that users click to check if there is a new version, and to download and install. That becomes a pretty deliberate action that users take which invokes a callback for you to measure user counts with, much like someone going to a website to view content and being able to intrinsically measure activity from their web requests, in this case they'd be hitting an API you can provide useful functionality with and use to measure usage.

[a-n-d-r]

I've checked the code, now we have 3 types of events:

start (OS family, Bruno version): https://github.com/usebruno/bruno/blob/9b382fa0911536a0bfa27ae0d8a67007cc1364f7/packages/bruno-app/src/providers/App/useTelemetry.js#L60

golden-edition-modal-opened (OS family): https://github.com/usebruno/bruno/blob/9b382fa0911536a0bfa27ae0d8a67007cc1364f7/packages/bruno-app/src/components/Sidebar/GoldenEdition/index.js#L69

golden-edition-buy-clicked (OS family): https://github.com/usebruno/bruno/blob/9b382fa0911536a0bfa27ae0d8a67007cc1364f7/packages/bruno-app/src/components/Sidebar/GoldenEdition/index.js#L81

As a developer myself, I understand why this data is needed and I'm fine with it, but it would be nice if users could know what data is being collected without reading the source code, and have an option to opt out in the settings.

Btw, thank you for this awesome project, Anoop! Bruno is our rescue after the Postman/Insomnia rug pull :)

[merc1er]

Yes, I will add this support to disable telemetry. Just give me a couple of days time.

@helloanoop is this still planned? 🙏🏻

If so, would a community pull request adding this option in the settings/preferences be accepted?

[bjesus]

seems like transparency is a big concern. it wasn't clear when installing Bruno that it's going to have telemetry built-in; in fact, it gave the impression that it will never. it was therefore not a great surprise to open the dev tools and see the posthog requests, and then to come here and understand that almost a year later, it's still impossible to opt-out of telemetry.

generally speaking, even just tracking a counter of users, considering that it means sending my IP address to a third-party, could be considered a violation of GDPR. Bruno needs to let users know that it's sharing their IP address with a third-party vendor.

please by no mean take this as an attack against Bruno - it's great, it's open source, and we all love it. but i feel like this could be handled a tiny bit better.

[badwulfy]

First of all, thank you for your hard work on this open-source tool—it's incredibly useful and well-designed. However, as a developer who deeply values user privacy, I wanted to bring to your attention a crucial point regarding GDPR compliance for European users.

It seems Bruno collects and send to PostHog several types of data, including the operating system used, language, UUID, IP address, and more. All these data can be used to identify and generate a "fingerprint" of a user, which can't be done in EU without user consent.

According to the GDPR, consent must be:

• Freely given: Users must have a real choice without facing negative consequences for refusal.
• Specific: Consent should be for a single, clearly defined purpose.
• Informed: Users must know what data is collected, for what purpose, to which third parties it is sent and how long it will be kept.
• Unambiguous: Consent must be given through a clear affirmative action, not by default or inaction.

In my company, I’m constantly advocating against unnecessary data collection and for obtaining explicit consent, though it's not always an easy battle. That’s why I urge you to implement a clear consent mechanism for European users to align with GDPR requirements.

Thank you for considering this, and I hope you continue to make Bruno a tool that respects user privacy as much as it respects usability.

Best regards.

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

bruno connects currently also to fonts.gstatic.com leaking to big mofo googol ( this was closed as duplicate but no one speaks about it here https://github.com/usebruno/bruno/issues/1668)

[maxisam]

I feel like it is a simple solution. Just make this as a paid feature. You can count your back balance to find out how many users and use Telemetry for free users.

$20 for 2 years. if users work for banks, they sure have money for it.

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

other dumb ideas?

[maxisam]

other dumb ideas?

I guess paying for other people's work seem really dumb. Poor @helloanoop, I wish you luck. I think as long as you disclose it in the doc, I have no problem with the data collecting.

[bjesus]

It has nothing to do with paying. The point is that the current situation is illegal, and your suggestion is just as a illegal.

[maxisam]

@bjesus good point, totally ignore EU. I guess the only way is blocking EU totally for OSS version and remove telemetry for the paid version.

I can totally see why the author needs this. This is the only way to prove his software is useful and get his career/sponsorship so he can feed his family one day.

There are just too many good OSS died because people / business keeps milking them. I hope this doesn't end up like core-js, faker.js or Moq. There are just too many cases like this.

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

please let the dev talk instead of presuming things in his behalf.

it's nowhere specified dev wants to monetize on data gathering.

google connection is not even deliberate but part of the electron, most likely ---- this could be disabled from electron flags

also bruno claims to be offline which is false advertising at this point: https://github.com/usebruno/bruno/discussions/269

current telemetry claims that is only for visits tracking, nothing else: https://github.com/usebruno/bruno/blob/main/packages/bruno-app/src/providers/App/useTelemetry.js --- this should be opt in to align with gdpr

dev even said work is in progress. monetization should/could be for extra features not data gathering. i hope everyone agrees with that

[MeikPiepmeyer]

@helloanoop I stumbled into this issue, let me give some background information.

First, I'm an Open Source maintainer in my spare time, and thus I highly appriciate your energy and time spending on this project. Your way to build a free tool like this while getting the money needed via the Golden Edition is a great thing, it's a pleasure to use Bruno and see the project grow.

I'm working for a EU company and planning to use Bruno company-wide - we will start with the Open Source edition but my plan is to either get a Golden Edition for each user or donate regularly if the plain version fits for us. In short: I will encourage to let the project get something back from our usage, money wise. There is one big problem: Without an opt-out of the telemetry, I'm stuck and not allowed to use Bruno because of the legal topic. Beside my personal mind (your attitude and the purpose of the telemetry are legit to me), there are two possibilities I currently see: Either you (or the community) add an opt-out and I am willing to get the project a) more users and b) hopefully money in form of either licence pay or donations or I have to search another tool.

I'm writing this to show that a simple "opt-out = less money" is not true in every case and the hopefully get an opt-out soon to be able to support and simply use Bruno as a user.