Tell HN: Cursor exposes side projects to your employer
I went to see my Cursor (the AI IDE) analytics and clicked a banner advertising their new company-level analytics dashboard. It now has a section “AI Edits by repository” that includes all the repositories used with Cursor, including your personal side projects. [0] I suspect they scrape the name of the repository from the list of GIT remotes, without explicit consent or notice.
If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API. This telemetry cannot be disabled and is available in a highly granular format in their API. [1]
The dashboard includes also includes information on when you were writing code. [2] The data is available in a highly granular format in their API. [3]
[0]: https://cursor.com/docs/account/teams/analytics#repository-insights [1]: https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-commit-metrics-json-paginated [2] https://cursor.com/docs/account/teams/analytics#daily-usage [3] https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-code-change-metrics-json-paginated
15 comments
[ 2.6 ms ] story [ 34.3 ms ] threadYeah... get your own personal subscription. Creating side projects on company resources could lead to ownership disputes - you could lose it to your company.
Good. As much as we are all privacy freaks, if you are using company resources to do your own side projects, it is fair that the company should have visibility to it. Otherwise, get a separate personal subscription.
Note that you should not only have a separate subscription to things like cursor for non company work, you should also have a separate laptop/machine for doing anythng non company. One of the reasons why so many companies are cracking down on remote work is due to these types of violations in addition to other things.
Stop using company hardware, software and subscriptions to do _anything_ personal.
Heck I'd often carry 2 devices if I was traveling, there's no way in hell I would use company laptops. Anything I did on my work Mac, I assumed everyone relevant at work can access into. Kandji already hands over a ton of data wrt this, and I am sure every other MDM solution does too.
You gave your consent when you got the work device and probably signed a document/stated that this was to only be used for work purposes.