Tell HN: Cursor exposes side projects to your employer
29 points
2 days ago
| 13 comments
| HN
I went to see my Cursor (the AI IDE) analytics and clicked a banner advertising their new company-level analytics dashboard. It now has a section “AI Edits by repository” that includes all the repositories used with Cursor, including your personal side projects. [0] I suspect they scrape the name of the repository from the list of GIT remotes, without explicit consent or notice.

If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API. This telemetry cannot be disabled and is available in a highly granular format in their API. [1]

The dashboard includes also includes information on when you were writing code. [2] The data is available in a highly granular format in their API. [3]

[0]: https://cursor.com/docs/account/teams/analytics#repository-insights [1]: https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-commit-metrics-json-paginated [2] https://cursor.com/docs/account/teams/analytics#daily-usage [3] https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-code-change-metrics-json-paginated

giantg2
1 day ago
[-]
"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Yeah... get your own personal subscription. Creating side projects on company resources could lead to ownership disputes - you could lose it to your company.

reply
tyleo
1 day ago
[-]
Agreed with this point. I try to separate everything possible from my company with multiple accounts. It’s annoying, sure, but you’ve got to protect yourself.
reply
giantg2
1 day ago
[-]
I won't even connect my cell phone to the company wifi. Anyone concerned about the surveillance state or big tech and privacy would likely do the same as they can be very invasive.
reply
codegeek
1 day ago
[-]
"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Good. As much as we are all privacy freaks, if you are using company resources to do your own side projects, it is fair that the company should have visibility to it. Otherwise, get a separate personal subscription.

Note that you should not only have a separate subscription to things like cursor for non company work, you should also have a separate laptop/machine for doing anythng non company. One of the reasons why so many companies are cracking down on remote work is due to these types of violations in addition to other things.

reply
suobset
12 hours ago
[-]
This is why please have a personal account and personal devices for anything that does not relate to your company or work. This is super critical.

Heck I'd often carry 2 devices if I was traveling, there's no way in hell I would use company laptops. Anything I did on my work Mac, I assumed everyone relevant at work can access into. Kandji already hands over a ton of data wrt this, and I am sure every other MDM solution does too.

You gave your consent when you got the work device and probably signed a document/stated that this was to only be used for work purposes.

reply
Iolaum
2 days ago
[-]
Am I wrong in understanding you were using the company account with the enterprise subscription while you were working on those side projects? Or were you using a different account?
reply
binsquare
1 day ago
[-]
Sounds like he was using a company account? In that case, the default is always to expect that the company will see everything including personal projects.
reply
nis0s
1 day ago
[-]
Uh, no? I don’t think that’s a thing in any JetBrains IDE, unless I am mistaken.
reply
bloppe
1 day ago
[-]
Does your employer provide you with a laptop? In that case you should assume they have access to the hard drive at least.
reply
nis0s
1 day ago
[-]
Oh, that’s a different scenario. I would never do personal work on someone else’s laptop. But I think what’s being described in this case is that if you use this IDE, even on a personal machine where your license is from another source, then your personal data is somehow exposed to others.
reply
binsquare
12 hours ago
[-]
Would we agree with this statement?: if you use a tool licensed by your company your work still belongs to the company.
reply
nis0s
6 hours ago
[-]
Maybe you’re right, in this case it’s like if a plumbing company loans out plumbers tools. You’re not necessarily allowed to use loaned tools for personal work, but in that case it’s usually due to degradation. I am not sure that applies to digital tools. It’s an interesting question.
reply
speedgoose
1 day ago
[-]
If you can’t trust your company with your side projects, you should perhaps not do side projects on your company provided computer and AI subscriptions.
reply
greekcoder
11 hours ago
[-]
If you're good to your job and your manager find out you're building a side project, they may think you prepare to leave so you might take a salary raise for not leaving. Let's take the risk and continue using company's AI accounts, they are Free!
reply
iExploder
1 day ago
[-]
Legal and HR department would like to have a word.
reply
ifh-hn
1 day ago
[-]
I find it hard to see how this isn't user error? Don't use company hardware and software... Problem solved.
reply
satvikpendem
1 day ago
[-]
Well yeah, you're using company hardware and software for personal use, of course they'd be able to see.
reply
kylehotchkiss
1 day ago
[-]
Software developers should generally have their own computers that aren't wired into company subscriptions. M-Series MacBook Air is really all most people could ever need.
reply
muzani
1 day ago
[-]
Well, they are paying for the tokens, so it's only fair. If you were on the company phone, they should see who you're calling.
reply
al_borland
1 day ago
[-]
Why are you using your company account for personal projects?
reply
bitbasher
1 day ago
[-]
Cursor didn't expose it, you did when you decided to use Cursor. You're using an editor that is owned by a company with analytics built in. You're handing over your data.

Stop using company hardware, software and subscriptions to do _anything_ personal.

reply
atrettel
1 day ago
[-]
Yes, this is the right answer. Compartmentalization is a basic principle in security. I never do anything personal on company hardware and vice versa. I keep both separate. It just makes things so much easier to manage in the long term.
reply