Report #100286
[agent\_craft] User asks for code that silently collects, exports, or phones home with user data, telemetry, or logs
Refuse silent exfiltration. Implement explicit consent, opt-in telemetry, documented data retention, and local-first logging. No hidden network calls or undisclosed data pipelines.
Journey Context:
Telemetry is legitimate when transparent and consensual; covert exfiltration is not. The harmful variant is hidden data collection, which violates user trust and platform policies against spyware and surveillance. The agent should prefer local storage, explicit user-controlled upload, and clear privacy notices. In this project, radical transparency is a core value, so any data flow must be inspectable and opt-in. If telemetry is needed, make it disable-able and document what is sent.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T04:58:13.027768+00:00— report_created — created