[BUG] Cloud Telemetry Bypasses User Settings

[PabloVitasso]

Problem (one or two sentences)

#11600 Bug Report: Cloud Telemetry Bypasses User Settings

Severity: High

Type: Privacy / User Consent Violation

Description

The CloudTelemetryClient sends telemetry events to the cloud server regardless of the user's telemetry setting. Users who disable telemetry still have their data sent to Roo's cloud.

Introduced In

Commit bdf128a79e259b167daac16a97ef98c9f70eff32 — "Move @roo-code/cloud to the Roo-Code repo (#7503)"

Contrast with Correct Implementation

The PostHogTelemetryClient properly respects user settings:

// https://github.com/RooCodeInc/Roo-Code/blob/main/packages/telemetry/src/PostHogTelemetryClient.ts#L147-L165
public override updateTelemetryState(didUserOptIn: boolean): void {
    this.telemetryEnabled = false
    const telemetryLevel = vscode.workspace.getConfiguration("telemetry").get<string>("telemetryLevel", "all")
    const globalTelemetryEnabled = telemetryLevel === "all"
    if (globalTelemetryEnabled) {
        this.telemetryEnabled = didUserOptIn
    }
    if (this.telemetryEnabled) {
        this.client.optIn()
    } else {
        this.client.optOut()
    }
}

Impact

• Users opting out of telemetry still transmit data to Roo's cloud servers
• Violates user privacy expectations
• Inconsistent behavior between PostHog (respects setting) and Cloud (ignores setting)

Expected Behavior

CloudTelemetryClient.isTelemetryEnabled() should return true only when:

1. VS Code global telemetry is enabled
2. User has not disabled extension telemetry

Suggested Fix

Store the opt-in state and check it:

export class CloudTelemetryClient extends BaseTelemetryClient {
    private telemetryEnabled: boolean = false

    public override updateTelemetryState(didUserOptIn: boolean): void {
        const telemetryLevel = vscode.workspace.getConfiguration("telemetry").get<string>("telemetryLevel", "all")
        this.telemetryEnabled = telemetryLevel === "all" && didUserOptIn
    }

    public override isTelemetryEnabled(): boolean {
        return this.telemetryEnabled
    }
}

Status

• Bug confirmed in Roo Code (present of b0ac2f8a5d0810bdc4d8b665c4805de63ac8d5d3, 2026-02-18)

Context (who is affected and when)

Affected Component

packages/cloud/src/TelemetryClient.ts

Reproduction steps

Steps to Reproduce

1. Set telemetry to "disabled" in extension settings
2. Observe that updateTelemetryState(false) is called on all telemetry clients
3. Verify CloudTelemetryClient.isTelemetryEnabled() still returns true

Root Cause

The CloudTelemetryClient ignores the didUserOptIn parameter and always reports itself as enabled:

// https://github.com/RooCodeInc/Roo-Code/blob/main/packages/cloud/src/TelemetryClient.ts#L260-L264
public override updateTelemetryState(_didUserOptIn: boolean) {}

public override isTelemetryEnabled(): boolean {
    return true
}

Expected result

CloudTelemetryClient.isTelemetryEnabled() should return true only when: 1. VS Code global telemetry is enabled 2. User has not disabled extension telemetry

Actual result

CloudTelemetryClient.isTelemetryEnabled() ALWAYS return true ignorins user preference to privacy

Variations tried (optional)

No response

App Version

v3.49.0

API Provider (optional)

None

Model Used (optional)

No response

Roo Code Task Links (optional)

No response

Relevant logs or errors (optional)

[roomote]

I've analyzed this issue and here's my proposed implementation plan:

Problem

CloudTelemetryClient in packages/cloud/src/TelemetryClient.ts has a no-op updateTelemetryState and isTelemetryEnabled() hardcoded to return true, bypassing user telemetry preferences.

Proposed Fix

1. Update CloudTelemetryClient.updateTelemetryState() to respect both VS Code global telemetry and user opt-in, matching the pattern used by PostHogTelemetryClient:

public override updateTelemetryState(didUserOptIn: boolean): void {
    this.telemetryEnabled = false
    const vscode = importVscodeSync()
    if (vscode) {
        const telemetryLevel = vscode.workspace.getConfiguration("telemetry").get<string>("telemetryLevel", "all")
        const globalTelemetryEnabled = telemetryLevel === "all"
        if (globalTelemetryEnabled) {
            this.telemetryEnabled = didUserOptIn
        }
    }
}

Since importVscode() is async but the base class defines updateTelemetryState as sync, I'll add a synchronous importVscodeSync() helper (or use require("vscode") directly, consistent with other parts of the cloud package).

2. Remove the isTelemetryEnabled() override - the base class BaseTelemetryClient already has protected telemetryEnabled = false and isTelemetryEnabled() returns this.telemetryEnabled, which is exactly the correct default behavior (disabled until explicitly enabled).

3. Update existing tests in packages/cloud/src/__tests__/TelemetryClient.test.ts:

• Update the test "should always return true for isTelemetryEnabled" to verify it respects user settings
• Add tests for updateTelemetryState covering: user opt-in with global telemetry enabled, user opt-out, and global telemetry disabled

This approach keeps the fix minimal and consistent with the existing PostHogTelemetryClient pattern.

Please mention @roomote in a comment saying that you approve this plan, and I'll proceed with the implementation.

[PabloVitasso]

bdf128a#diff-07213d0bd8d7b5ac0131e25d781ce8e574f920a92aa99760f0e0a9b4b413c715

[PabloVitasso]

FYI - doing screenshots of this. just in case

[pwilkin]

Okay, so this should be fixed because it's a pretty serious issue - in the EU this would most likely constitute a GDPR violation.

[mrubens]

Hi, this telemetry is used to support cloud functionality and is only sent when you are connected to Roo Code Cloud. If you don't want to use Roo Code Cloud you can log out and use Roo Code by itself without sending these messages to the cloud servers. Our goal is to be transparent and support add-on functionality in the cloud while still allowing people to use the app completely locally.

[pwilkin]

@mrubens Okay, but this is still most likely a violation of GDPR unfortunately. All telemetry has to be explicitly opt-in and if you modify telemetry settings from version to version, you should have a clear warning popup notifying the user that the settings have changed and you will be sending telemetry information from this point onward and the user can logout of Roo Cloud if they don't want to consent. See eg. https://www.activemind.legal/guides/telemetry-data/

The fines are pretty nasty if the EU decides to act on it, so better be safe than sorry :)

[hannesrudolph]

If you are signed into Roo Cloud, operational data is transmitted because that is required for cloud features to function. Sync, remote execution, and related services depend on that exchange. That behavior is part of the cloud product and is agreed to when you create an account and log in. Anonymous product telemetry is a separate setting and can be disabled. Turning that off stops anonymous usage reporting, but it does not disable the data required for an active cloud session.

Nothing is hidden. The relevant code paths are public and reviewable, and we are compliant with GDPR and other applicable data protection requirements. The data processed while logged into cloud is limited to what is necessary to provide the agreed service.

[PabloVitasso]

"operational data is transmitted because that is required for cloud features to function. Sync, remote execution, and related services depend on that exchange" - how the "telemetry" equals "operational data" ? please explain