Analytics Privacy

Block non-essential analytics, telemetry, experiments, error reporting, and sharing traffic from AI coding agents without pretending cloud inference is local.

Last updated May 9, 2026

Security Telemetry

Scope: this guide is about non-essential analytics and control-plane calls. If an agent uses a cloud model, your prompt and code context still go to that model provider. Blocking telemetry is not the same thing as self-hosting inference.

1. Threat model

AI coding tools have at least two different network paths: model traffic and product telemetry. Model traffic is the request that makes the agent useful. Product telemetry is the extra layer: analytics, A/B tests, feature gates, update checks, crash reports, surveys, shared sessions, remote model catalogs, and extension metrics.

The practical target is not "make cloud tools private." The target is narrower and testable: allow the model endpoint you intentionally use, then deny everything else unless you deliberately opted into it.

Traffic class	Examples	Default stance
Model API	`api.anthropic.com`, `api.openai.com`, local Ollama/ds4 endpoint	Allow only the endpoint you chose
Telemetry	Statsig, Segment, PostHog, Application Insights, Copilot telemetry	Disable and block
Error reporting	Sentry, Datadog, HockeyApp	Disable and block for sensitive work
Experiments	GrowthBook, Microsoft TAS, feature-flag services	Block unless you accept feature churn
Sharing/update helpers	Session sharing, auto-update, remote model fetch, LSP downloads	Disable in hardened profiles

2. App-level switches

Start with documented switches. They are not sufficient by themselves, but they reduce noise and make your intent explicit.

Claude Code

{
  "env": {
    "CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC": "1",
    "DISABLE_AUTOUPDATER": "1",
    "DISABLE_TELEMETRY": "1",
    "DISABLE_ERROR_REPORTING": "1",
    "DISABLE_FEEDBACK_COMMAND": "1",
    "CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY": "1",
    "CLAUDE_CODE_SUBPROCESS_ENV_SCRUB": "1"
  },
  "skipWebFetchPreflight": true
}

CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC is the broad opt-out. Keep the explicit variables because they document the policy. Purge cached telemetry too:

rm -rf ~/.claude/telemetry/

OpenAI Codex

[analytics]
enabled = false

[otel]
exporter = "none"
metrics_exporter = "none"
trace_exporter = "none"
log_user_prompt = false

Repeat this block inside local profiles. Codex supports profile-scoped overrides, so do not rely on a single global default for every launcher.

VS Code, Copilot, Continue, OpenCode, Pi

{
  "telemetry.telemetryLevel": "off"
}

# Continue CLI
export CONTINUE_TELEMETRY_ENABLED=0

# OpenCode hardened startup
export OPENCODE_DISABLE_AUTOUPDATE=1
export OPENCODE_DISABLE_MODELS_FETCH=1
export OPENCODE_DISABLE_LSP_DOWNLOAD=1
export OPENCODE_DISABLE_DEFAULT_PLUGINS=1

# Pi local/offline profile
export PI_OFFLINE=1
export PI_SKIP_VERSION_CHECK=1

VS Code's core telemetry setting does not automatically control every extension. GitHub Copilot also has account/org training settings; local telemetry blocking does not replace those account-level choices. The local Pi package scan found offline/version-check controls, not a dedicated PI_TELEMETRY switch.

3. Domains to block

Use this as a denylist seed for Pi-hole, NextDNS, Little Snitch, LuLu, pf, or an agent firewall. Prefer exact hostnames where your tool supports them. Broad base domains can affect unrelated apps.

# Claude Code
statsig.anthropic.com
statsig.com
o1158394.ingest.us.sentry.io
sentry.io
cdn.growthbook.io
analytics.segment.com
datadoghq.com

# GitHub Copilot / Microsoft
copilot-telemetry.githubusercontent.com
collector.github.com
default.exp-tas.com
exp-tas.com
mobile.events.data.microsoft.com
vortex.data.microsoft.com
dc.services.visualstudio.com
applicationinsights.azure.com
rink.hockeyapp.net

# Cursor / Cline / Continue
posthog.com
us.posthog.com
us.i.posthog.com
app.posthog.com
data.cline.bot
metrics.cursor.sh

# Amazon Q
client-telemetry.us-east-1.amazonaws.com
telemetry.aws-language-servers.us-east-1.amazonaws.com
cognito-identity.us-east-1.amazonaws.com
eu-west-1.prod.pr.analytics.console.aws.a2z.com
prod.pa.cdn.uis.awsstatic.com
prod.assets.shortbread.aws.dev
prod.tools.shortbread.aws.dev
prod.log.shortbread.aws.dev

Policy shape: a blocklist is useful, but an allowlist is cleaner for high-sensitivity work: allow the one model endpoint you chose, then deny everything else from the agent process.

4. What not to block

Do not mix required model endpoints into the telemetry blocklist unless your goal is to disable the tool.

Tool	Usually required	Why
Claude Code	`api.anthropic.com`	Model API for normal cloud usage
Codex	`api.openai.com`	OpenAI model API
Copilot	`copilot-proxy.githubusercontent.com`	Copilot completion/chat proxy
Cursor	`api2.cursor.sh`, `api3.cursor.sh`, `api4.cursor.sh`	Cursor backend and model routing
Local profiles	`127.0.0.1`, LAN Ollama/ds4 endpoint	Local inference path

5. Firewall and sandbox controls

App switches are the first layer. Network policy is the layer that catches undocumented calls, regressions after updates, and tools that do not expose a first-party telemetry switch.

DNS: Pi-hole, NextDNS, hosts file, router DNS blocklist.
Per-app firewall: Little Snitch or LuLu on macOS, nftables/iptables on Linux.
Launcher policy: run agents through bondage and a named sandbox profile.
Agent firewall: use a proxy-style filter when you need payload inspection and DLP, not just hostname blocking.

Keep credentials out of the agent's readable filesystem whenever possible. At minimum, deny reads to these paths in hardened profiles:

~/.aws/
~/.ssh/
~/.gnupg/
~/.kube/
~/.azure/
~/.config/gcloud/
~/.docker/config.json
~/.npmrc
~/.pypirc

6. Verification

Do not trust a privacy toggle because a checkbox exists. Verify egress after every major agent update.

# See established TCP connections from common agent runtimes
lsof -nP -iTCP -sTCP:ESTABLISHED | grep -Ei 'claude|codex|opencode|node|code|cursor|pi'

# Check that Claude telemetry cache is gone
test ! -d ~/.claude/telemetry && echo "no cached telemetry"

Then check your DNS/firewall logs for blocked domains. A clean hardened run should show model API traffic you intentionally allowed and denied telemetry/control-plane attempts you expected.

7. Local-only mode

If the code cannot leave the machine or LAN, use local inference instead of trying to make a cloud provider behave like one.

agent -> local profile -> 127.0.0.1 or LAN model endpoint -> no cloud model API

Continue.dev with Ollama, Ollama, llama.cpp, and ds4 profiles are the practical path. Still disable extension telemetry and remote model catalog fetches; "local model" does not automatically mean "zero product analytics."

8. Checklist

Set app-level telemetry and error-reporting opt-outs.
Disable sharing, auto-update, remote model fetch, and LSP downloads in hardened profiles.
Block telemetry domains at DNS or firewall level.
Allow only the model endpoint you actually use.
Purge local telemetry caches where the tool queues events.
Deny filesystem reads to credential directories.
Re-check egress after every agent update.