Tell HN: Cursor exposes side projects to your employer

23 points by throwawaybbbbbb 17 hours ago

I went to see my Cursor (the AI IDE) analytics and clicked a banner advertising their new company-level analytics dashboard. It now has a section “AI Edits by repository” that includes all the repositories used with Cursor, including your personal side projects. [0] I suspect they scrape the name of the repository from the list of GIT remotes, without explicit consent or notice.

If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API. This telemetry cannot be disabled and is available in a highly granular format in their API. [1]

The dashboard includes also includes information on when you were writing code. [2] The data is available in a highly granular format in their API. [3]

[0]: https://cursor.com/docs/account/teams/analytics#repository-insights [1]: https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-commit-metrics-json-paginated [2] https://cursor.com/docs/account/teams/analytics#daily-usage [3] https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-code-change-metrics-json-paginated

bitbasher 9 hours ago

Cursor didn't expose it, you did when you decided to use Cursor. You're using an editor that is owned by a company with analytics built in. You're handing over your data.

Stop using company hardware, software and subscriptions to do _anything_ personal.

  • atrettel 9 hours ago

    Yes, this is the right answer. Compartmentalization is a basic principle in security. I never do anything personal on company hardware and vice versa. I keep both separate. It just makes things so much easier to manage in the long term.

giantg2 14 hours ago

"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Yeah... get your own personal subscription. Creating side projects on company resources could lead to ownership disputes - you could lose it to your company.

  • tyleo 13 hours ago

    Agreed with this point. I try to separate everything possible from my company with multiple accounts. It’s annoying, sure, but you’ve got to protect yourself.

    • giantg2 9 hours ago

      I won't even connect my cell phone to the company wifi. Anyone concerned about the surveillance state or big tech and privacy would likely do the same as they can be very invasive.

Iolaum 17 hours ago

Am I wrong in understanding you were using the company account with the enterprise subscription while you were working on those side projects? Or were you using a different account?

  • binsquare 14 hours ago

    Sounds like he was using a company account? In that case, the default is always to expect that the company will see everything including personal projects.

    • nis0s 14 hours ago

      Uh, no? I don’t think that’s a thing in any JetBrains IDE, unless I am mistaken.

      • bloppe 12 hours ago

        Does your employer provide you with a laptop? In that case you should assume they have access to the hard drive at least.

        • nis0s 11 hours ago

          Oh, that’s a different scenario. I would never do personal work on someone else’s laptop. But I think what’s being described in this case is that if you use this IDE, even on a personal machine where your license is from another source, then your personal data is somehow exposed to others.

codegeek 10 hours ago

"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Good. As much as we are all privacy freaks, if you are using company resources to do your own side projects, it is fair that the company should have visibility to it. Otherwise, get a separate personal subscription.

Note that you should not only have a separate subscription to things like cursor for non company work, you should also have a separate laptop/machine for doing anythng non company. One of the reasons why so many companies are cracking down on remote work is due to these types of violations in addition to other things.

speedgoose 16 hours ago

If you can’t trust your company with your side projects, you should perhaps not do side projects on your company provided computer and AI subscriptions.

kylehotchkiss 4 hours ago

Software developers should generally have their own computers that aren't wired into company subscriptions. M-Series MacBook Air is really all most people could ever need.

muzani 11 hours ago

Well, they are paying for the tokens, so it's only fair. If you were on the company phone, they should see who you're calling.

iExploder 6 hours ago

Legal and HR department would like to have a word.

al_borland 9 hours ago

Why are you using your company account for personal projects?