10 interesting stories served every morning and every evening.
After almost twenty years on the platform, EFF is logging off of X. This isn’t a decision we made lightly, but it might be overdue. The math hasn’t worked out for a while now.
We posted to Twitter (now known as X) five to ten times a day in 2018. Those tweets garnered somewhere between 50 and 100 million impressions per month. By 2024, our 2,500 X posts generated around 2 million impressions each month. Last year, our 1,500 posts earned roughly 13 million impressions for the entire year. To put it bluntly, an X post today receives less than 3% of the views a single tweet delivered seven years ago.
When Elon Musk acquired Twitter in October 2022, EFF was clear about what needed fixing.
* Greater user control: Giving users and third-party developers the means to control the user experience through filters and
Twitter was never a utopia. We’ve criticized the platform for about as long as it’s been around. Still, Twitter did deserve recognition from time to time for vociferously fighting for its users’ rights. That changed. Musk fired the entire human rights team and laid off staffers in countries where the company previously fought off censorship demands from repressive regimes. Many users left. Today we’re joining them.
Yes. And we understand why that looks contradictory. Let us explain.
EFF exists to protect people’s digital rights. Not just the people who already value our work, have opted out of surveillance, or have already migrated to the fediverse. The people who need us most are often the ones most embedded in the walled gardens of the mainstream platforms and subjected to their corporate surveillance.
Young people, people of color, queer folks, activists, and organizers use Instagram, TikTok, and Facebook every day. These platforms host mutual aid networks and serve as hubs for political organizing, cultural expression, and community care. Just deleting the apps isn’t always a realistic or accessible option, and neither is pushing every user to the fediverse when there are circumstances like:
* You own a small business that depends on Instagram for customers.
* Your abortion fund uses TikTok to spread crucial information.
* You’re isolated and rely on online spaces to connect with your community.
Our presence on Facebook, Instagram, YouTube, and TikTok is not an endorsement. We’ve spent years exposing how these platforms suppress marginalized voices, enable invasive behavioral advertising, and flag posts about abortion as dangerous. We’ve also taken action in court, in legislatures, and through direct engagement with their staff to push them to change poor policies and practices.
We stay because the people on those platforms deserve access to information, too. We stay because some of our most-read posts are the ones criticizing the very platform we’re posting on. We stay because the fewer steps between you and the resources you need to protect yourself, the better.
When you go online, your rights should go with you. X is no longer where the fight is happening. The platform Musk took over was imperfect but impactful. What exists today is something else: diminished, and increasingly de minimis.
EFF takes on big fights, and we win. We do that by putting our time, skills, and our members’ support where they will effect the most change. Right now, that means Bluesky, Mastodon, LinkedIn, Instagram, TikTok, Facebook, YouTube, and eff.org. We hope you follow us there and keep supporting the work we do. Our work protecting digital rights is needed more than ever before, and we’re here to help you take back control.
...
Read the original on www.eff.org »
• 3 min read • more posts View on • 3 min read • more posts View on
The worst part about the MacOS window management situation is the inability to instantly switch spaces, and that Apple has continuously ignored requests to disable the nauseating switching animation. Sure, it’s not that long, but I switch spaces often enough to the point where it becomes very noticeable and drives me insane.
I believe to have found the best solution to instant space switching!
But before I show you, of course, other people share the same sentiment. I claim that none of the surveyed contemporary solutions, except for what I bring up at the end of this article, suffice for what I want:
This is always the default answer to this question online, and I’m sick of it! It doesn’t even solve the problem, but rather replaces it with an equally useless fade-in animation. It also has the side effect of activating the prefers-reduced-motion media query on web browsers.
Install the yabai tiling window manager and use its instant space switcher.
And to be fair, it works pretty well. There are only two problems: for one, yabai does this by binary patching a part of the operating system. This is only possible by disabling System Integrity Protection at your own discretion. For the second, installing yabai forces you to learn and use it as your tiling window manager1. I personally use PaperWM.spoon as my window manager. Both of which are incompatible when installed together.
Use a third-party virtual space manager facade, hiding and showing windows as needed when switching spaces.
Some popular options are FlashSpace and AeroSpace virtual workspaces. I actually offer no criticism other than that they are not native to MacOS, and feel unnecessary given that all we want to do is disable an animation.
Pay for a license for BetterTouchTool. Enable “Move Right Space (Without Animation)” and “Move Left Space (Without Animation)”.
Without further ado, I managed to find InstantSpaceSwitcher by jurplel on GitHub. It is a simple menu bar application that achieves instant space switching while offering none of the aforementioned drawbacks.
InstantSpaceSwitcher does not require disabling Security Integration Protection; it works by simulating a trackpad swipe with a large amount of velocity. It additionally allows you to instantly jump to a space number. The last thing it provides is a command line interface.
The installation instructions are not listed on the README, so they are:
$ git clone https://github.com/jurplel/InstantSpaceSwitcher
$ cd InstantSpaceSwitcher
$ ./build.sh
InstantSpaceSwitcher should now be available as a native application.
After running the above, the command line interface is available at:
$ .build/release/ISSCli –help
Usage: .build/release/ISSCli [left|right|index
Did I mention that the repository literally has one star on GitHub (me)? I want more people to discover InstantSpaceSwitcher and consider it trustworthy; hence, please consider giving it a star if you find it helpful.
↑ Scroll to top ↑
...
Read the original on arhan.sh »
Thank you for reading! Letters from Leo is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Before you read on: Pope Leo XIV has asked Americans to contact their members of Congress and demand an end to the war in Iran. Answer the pope’s call in one click at standwithpopeleo.com, an app we built to make it as easy as possible.
[UPDATE at 4:33 PM EDT: Letters from Leo can now independently confirm The Free Press report that the meeting took place — and that some Vatican officials were so alarmed by the Pentagon’s tactics that they shelved plans for Pope Leo XIV to visit the United States later this year.
Other officials in the Vatican saw the Pentagon’s reference to an Avignon papacy as a threat to use military force against the Holy See.]
In January, behind closed doors at the Pentagon, Under Secretary of War for Policy Elbridge Colby summoned Cardinal Christophe Pierre — Pope Leo XIV’s then-ambassador to the United States — and delivered a lecture.
America, Colby and his colleagues told the cardinal, has the military power to do whatever it wants in the world. The Catholic Church had better take its side.
As tempers rose, an unidentified U. S. official reached for a fourteenth-century weapon and invoked the Avignon Papacy, the period when the French Crown used military force to bend the bishop of Rome to its will.
That scene, broken this week by Mattia Ferraresi in an extraordinary piece of journalism for The Free Press, may be the most remarkable moment in the long and knotted history of the American republic’s relationship with the Catholic Church.
There is no public record of any Vatican official ever taking a meeting at the Pentagon, and certainly none of a senior U. S. official threatening the Vicar of Christ on Earth with the prospect of an American Babylonian Captivity.
The reporting also confirms — with fresh sources and new color — what I first reported in February: that the Vatican declined the Trump-Vance White House’s invitation to host Pope Leo XIV for America’s 250th anniversary in 2026.
Ferraresi obtained accounts from Vatican and U. S. officials briefed on the Pentagon meeting. According to his sources, Colby’s team picked apart the pope’s January state-of-the-world address line by line and read it as a hostile message aimed directly at the administration.
What enraged them most was Leo’s declaration that “a diplomacy that promotes dialogue and seeks consensus among all parties is being replaced by a diplomacy based on force.”
The Pentagon read that sentence as a frontal challenge to the so-called “Donroe Doctrine” — Trump’s update of Monroe, asserting unchallenged American dominion over the Western Hemisphere.
The cardinal sat through the lecture in silence. The Holy See has not, since that day, given an inch.
Ferraresi’s reporting also adds vital color to the collapse of the 250th anniversary visit. JD Vance personally extended the invitation in May 2025, just two weeks after Leo’s election in the conclave.
According to a senior Vatican official quoted in the piece, the Holy See initially considered the request, then postponed it indefinitely because of foreign policy disagreements, the rising opposition of American bishops to the Trump-Vance mass deportation regime, and a refusal to become a partisan trophy in the 2026 midterms.
“The administration tried every possible way to have the Pope in the U. S. in 2026,” one Vatican official told The Free Press.
Instead, on July 4, 2026, the first American pope will travel to Lampedusa, the Italian island where North African migrants wash ashore by the thousands. Robert Francis Prevost is too deliberate a man to have chosen that date by accident.
The Pentagon meeting also clarifies the moral intensity of Leo’s public posture over the last six weeks.
After Colby’s lecture, the pope did not retreat into Vatican diplomacy. He pressed harder.
...
Read the original on www.thelettersfromleo.com »
I’d like to tell the story of job I just completed for a customer, so that I can make a point about how I feel Microsoft and other large technology companies are actively hostile to their users.
I received a call from my neighbour asking if I would be willing to help her husband with an issue he’d been having with his laptop. As the proud new owner of my own IT services company, I of course agreed to take a look.
I spoke with my neighbour’s husband, and immediately saw that he was not tech literate. I learned to identify the type while doing IT work for my previous employer. This made understanding his problem difficult, but through conversation we did manage to come to an understanding about what the real issue was that he was experiencing.
What he was seeing was that he was no longer receiving email in Outlook, and that there was an error message claiming he had ‘run out of available storage’, or some other similar nonsense. He is a very light email user, and he knows it. He was confused as to why he’d run out of storage. I was confused as well, at first.
Through investigation I discovered that the Outlook email service uses Onedrive for storage of all messages and attachments. He had 5 GB of available storage, the amount that is given with his free account. This had yet to explain why he was seeing that error message, there was no way he had consumed 5 GB of storage with just his email use.
Unsurprisingly, his Onedrive storage wasn’t filled by his email, it was filled by the personal files from his Windows 11 desktop. Did he configure Windows to save those files to his Onedrive directory, instead of his local home directory? Of course not, that was done by default. Did he even know that this was happening? Also, no. He had no idea this was happening until he saw that error message, which oh-so-helpfully offered to ‘solve’ his problem by offering him a subscription to additional paid storage capacity on the account.
He did manage to loosely understand what was happening, enough at least to start deleting files from his computer to try and make the error message go away. I was never able to confirm with him, but I suspect that he deleted files (including family photos) for which he had no other backup.
I will be blunt, this infuriates me. This wasn’t the first time I’ve seen this. I saw it many times while working for my previous employer. Microsoft has intentionally broken a fundamental assumption about how files are stored on a computer running Windows. They do this without asking the user, and without adequately explaining what they have done. Microsoft is very obviously employing dark patterns in order to goad its users into paying for Onedrive storage.
I’m a computer nerd, and if you are reading this you probably are as well. We can change that setting ourselves without much thought, and we probably have backups of our important data in case recovery is necessary. I will tell you that many people are extremely utilitarian about their computer use. They use their computers only to the degree that they must to serve their other interests in life. They also trust that their property, the device that cost them hundreds of dollars isn’t trying to cheat them like some back-alley con artist.
This isn’t a game. My customer isn’t a number on a spreadsheet, merely an increment towards reaching some useless KPI. He deleted family photos to try and get that error message to go away, so that he could just receive emails again. He may not understand what happened, but he’s not stupid. He suspected that this was a scam to get him to pay for something he didn’t need, he just didn’t understand how the scam worked.
First and foremost, I performed a complete backup of his data. I took everything that I could find locally on the machine, as well as everything from the Onedrive account, including the Trash. It wasn’t much, only a few gigabytes, which I transferred to a separate USB drive.
I carefully transferred all files out of the Onedrive directory structure and back into his home folder. The Windows file explorer did not make this easy or intuitive.
I proceeded to delete everything from the Onedrive account, through the web interface. I did notice that deleting files merely moved them into the Trash, which was still being counted towards total storage usage. I assumed this was yet another subtle dark pattern.
I alluded to changing settings as a way to solve this. The approach we often took at my previous employer was to simply disable Onedrive in the Windows startup list. That could have worked in this case but I had a better idea. Remove Onedrive entirely.
I have muscle memory at this point for how to do it, if you were wondering this is the procedure I used:
Open an admin Terminal and load up the Chris Titus’ winutil.
This entirely removes the Onedrive application from Windows, including all integrations into other programs, such as the file explorer.
I then proceeded to delete everything from the Onedrive account, including the Trash. The error messages finally went away in Outlook and he was able to recieve email messages again.
I may be preaching to the choir, but regardless I want to use this post as my opportunity to make these points in my own way. Microsoft is actively hostile towards its users.They have become a basket-case of an organisation, where chasing irrelevant KPI’s has become more important than product quality, or even baseline respect for their users.The exact same can be said, to varying degrees, to every other large consumer-tech company.
I see this as the result of bad incentive structures. A toxic game theory that has been allowed to play out over many years without proper scrutiny. The lefty in me might think that this is a manifestation of Late Capitalism. If so then it feels like we’re about 30 seconds away from midnight.
I think a lot about the possible ways to tweak said incentive structures, to build a choice architecture that can prevent even the first step in the process that led to this.
Days like today, when I’m thinking about the real actual ways that this nonsense impacts real actual people, I can’t ignore the humans in this loop. People need to actually take responsibility for their choices, not just turn their brain off when the number looks right in the spreadsheet.
If you enjoyed this post, let me know! Email me at mail@lzon.ca, or reach out through one of my social accounts linked on the homepage.
...
Read the original on lzon.ca »
Top Laptops for use with FreeBSD
Each laptop is scored based on an aggregate of:
how many laptop components are detected, where each fully auto-detected component adds a point
whether devices have degraded functionality, reducing the score by 0.5-1.5 based on severity and how important it is to the laptop experience (wi-fi/graphics weighted more)
user-provided comments about test results, and how involved setup is for that device
...
Read the original on freebsdfoundation.github.io »
I’ve been working on Pizza Legacy, an open-source reimplementation of the 1994 DOS game . The game has a close-zoom street view of the cities, and when you scroll around it you can see a steady stream of cars driving through the streets. Maybe 20 or 30 tiny sprites at a time, but they navigate the road network, queue behind each other at intersections, and generally look like a living city. Yes, it was a bit buggy because sometimes they would drive through each other, but it was good enough to just give some sense of life to the map. All that on a 25 MHz 386 CPU.
The first thing I implemented in 2010 when I started this project was that close zoom level, but it took 14 years before I finally had the cars driving around on it, in a way that I was happy about; I had multiple attempts over the years but every time I ran into problems I got stuck building an overly complicated system that was hard to reason about and no fun to work on.
One attempt in 2017 involved each tile keeping track of which positions were occupied, and every car had to ask the grid for permission before moving, reserving and freeing slots as it went. It basically turned into a shared locking system just to move a few pixels, with cars and tiles constantly trying to stay in sync.
All the while I had this nagging thought in the back of my mind: the original ran this on a 25 MHz CPU, so why were my versions always so complicated?
Finally I went to the assembly (which I had spent many years slowly understanding better and documenting) to figure out what the original was doing, with the help of LLMs which were (a couple of years ago) this new and exciting technology that could better understand assembly than I could.
Now that I finally have it working I can see where I went wrong: I went into it with a brain full of modern concepts: scene graphs, path finding, collision detection, and of course plenty of CPU to run it all!
First, let’s look at what a city actually looks like:
As you can see there are two-lane roads, T-junctions, intersections, and corners. In maps are made up out of a grid of 160 by 120 tiles, where each tile is one of the tiles from landsym.vga:
The original landsym.vga file with added borders between tiles and text to indicate the row and column offset. Byte 0x54 means column 5, row 4 (roof tile of a depot).
Back to the traffic; the key insight that makes it possible to run this system on such a slow CPU: cars don’t need to know where they’re going. Each road tile type carries its own direction. Road tile 0x16 is the bottom part of a horizontal road, meaning that cars can only drive from left to right on these roads. Similarly road tile 0x06 is just for right to left traffic, then 0x26 and 0x36 are the same but for vertical traffic.
This means the city is basically just a bunch of one-way roads, once a car knows which tile it sits on, it can keep going.
Corners work the same way, 0x56
(CORNER_SW in my enum) is the corner that allows the car to either keep going west, or turn south. When a car hits a corner it flips a coin, 50% chance of going straight on, 50% chance of taking the turn. The maps have been designed in such a way that the roads always make sense, which means that next to the CORNER_SW there is another tile that is either a south to north traffic (so we have to go south) or it’s another edge tile that allows either a turn or straight on.
There is one extra rule to keep traffic looking natural, if you just took a left turn the next corner forces you straight-on; no two consecutive left turns.
Valid directions per tile type indicated with arrows.
Cars move one pixel per frame. Each tick the main loop checks if a car is blocked, and if not, increments or decrements its screen coordinate by one depending on direction. East adds 1 to X. North subtracts 1 from Y.
There’s a second progress counter, counting down from 16 to 1. When it hits zero it resets to 16 and the game runs the tile-boundary logic: look up the next tile, decide the new direction, update the sprite frame (to visually turn the car in the new direction). Since each tile is 16 pixels wide and tall, this runs exactly once per tile crossed. The per-pixel move happens every tick; the heavier tile logic runs only 1/16th as often.
When a car first spawns, progress is set to a random value between 1 and 16. That staggers all the cars so their tile-boundary checks don’t all land on the same frame, spreading the work out evenly.
Unlike my various attempts at fancy collision detection, the original uses a straightforward pairwise check: for each car, walk the whole car list and ask “would these two overlap next tick?” If yes, set a wait counter of 10 ticks on the blocked car and move on to the next car.
But the collision detection code is written to bail out as fast as possible. The very first thing it does is extract the other car’s direction; because roads are one-way, east and west never share a road, so an east car and a west car can never collide. That pair returns immediately, no coordinate reads at all. Same for east and south, west and north, and so on.
With say 25 cars in a typical city view there are 625 pairwise calls per frame. About half of those return in just a few CPU instructions on the direction check alone. Most of the rest fail the lane check (same-direction cars have to be on the same road, which is one equality comparison). The pairs that actually reach any coordinate arithmetic are usually single digits.
When a car does get blocked, the 10-tick wait creates natural traffic jams: cars bunch up, the front one eventually finds the way clear, the queue drains. There are some bugs in the system (especially when you let it run for a while and there are lot of intersections) but given that the point of this is not to run an accurate driving simulation but just show some movement on the screen, it works perfectly well and very efficiently. The collision detection system has some quirks; some combinations are never checked (e.g. eastbound car never intersects with a southbound car) that might be the reason behind some buginess.
When you enter the close-zoom view, the game scans all 132 tiles in the viewport (12 columns by 11 rows), and for each road tile it rolls against the district’s traffic density to decide whether to spawn a car there, so higher-traffic districts are busier. Corner tiles are excluded from spawn points, so cars only appear on straight road tiles.
Cars that drive off the edge of the screen are respawned as a new (random) color car facing the other direction, on the tile going the other direction. This means that the game doesn’t have to worry about respawning cars other than just every time one car drives of going east it spawns a new car below going west, etc.
Pay attention to the cars driving off the map at the edges, notice they are replaced by cars driving the opposite direction.
When you scroll, the newly exposed strip of tiles gets the same treatment of having a chance of having cars spawned on them.
Looking back at my failed attempts, I was designing for problems that the original just didn’t consider. Cars don’t need pathfinding because the map tells them where they can go. Collision detection was cheap because the early-exit logic makes most pairs basically free. There’s no velocity or physics because 1 pixel per tick is enough to look convincing. When you’re about to hit something just pause for 10 ticks, and when you have to make a turn you just travel half the width of the tile and then make your turn, works on every tile in any direction.
I reimplemented it following the assembly pretty closely, so just a couple of switch statements with different routing options per tile type, you can see the decide_desired_direction method in Car.cpp.
...
Read the original on pizzalegacy.nl »
Your AI chatbot sessions and cloud-stored photos might get more expensive if other states follow Maine’s lead. Lawmakers there just advanced the nation’s first statewide moratorium on large data centers, citing concerns that the AI boom is pushing electricity costs even higher in a state already suffering America’s priciest power bills.
The Democratic-controlled legislature advanced bill LD 307, temporarily blocking permits for any new data center requiring more than 20 megawatts. The measure runs until November 2027, buying time for a new Data Center Coordination Council to study how these facilities strain Maine’s aging electrical grid.
Gov. Janet Mills supports the pause while developers scramble for exemptions.
The bill gained traction after residents in Wiscasset and Lewiston successfully opposed data center proposals over water usage and safety concerns. Projects now in limbo include facilities planned for:
* Jay (at an old paper mill site)
“Taking this pause now is going to be crucial,” Rep. Christopher Kessler said, according to Maine Public Radio, reflecting growing legislative concern about grid capacity. Developer Tony McDonald disagrees, calling the proposed restrictions “disastrous” and claiming his team got “caught in this dragnet.”
The Pine Tree State isn’t alone in pumping the brakes. Counties in Michigan and Indiana have imposed their own local pauses on data center development, while cities from Denver to Detroit weigh restrictions as hyperscale facilities chase cheap land and reliable power.
The timing reflects broader anxiety about AI’s infrastructure appetite. Data centers now consume roughly 4% of U. S. electricity, with projections suggesting that figure could double by 2030. For Mainers already paying some of the nation’s highest residential rates, that mathematical reality hits differently than Silicon Valley’s endless optimization rhetoric.
Maine’s move represents what economist Anirban Basu called a “canary in the coal mine” for state-level resistance to Big Tech’s energy demands. Whether that precedent spreads depends on how aggressively other governors follow Maine’s lead—and whether your favorite AI services start charging accordingly.
...
Read the original on www.gadgetreview.com »
Transform your old laptop into a powerful always-online server. Based in Amsterdam, we aim to provide professional colocation services in the US and across European datacenters in partnership with Hetzner.
Most VPS providers give you severely limited compute resources at premium prices. You even share these resources with other customers without knowing!
Your old laptop packs more CPU power, RAM, and storage than their entry-level offerings - and with us, you’ll pay just €7/month for professional hosting. Why settle for a restricted virtual slice when you can have your own laptop running dedicated just to you, 24/7 in a professional datacenter?
In addition, you cut-down on e-waste and help save the planet!
Every laptop gets its own static, fully routable IPv4 address for maximum accessibility.
Professional datacenter hosting with guaranteed uptime and monitoring, to be powered by Hetzner’s infrastructure.
Free KVM-over-IP access to your laptop - just like having it right next to you.
We offer free assistance for your initial setup and ensure you get your choice of server software up and running. A Kubernetes cluster, Proxmox or a niche CI/CD solution? No problem!
Fill out our application form and we’ll contact you within 2 working days.
We’ll send you a prepaid shipping box - just pack your laptop and drop it at your nearest collection point. Please note that we are still figuring out the specifics of logistics.
Our team connects your laptop and sends you a link to access your machine via KVM. If you need further assistance, we’re just an email away!
Access your laptop server from anywhere, anytime.
Click here to signup with your details and we’ll contact you within 2 working days to discuss your setup.
How much does it cost?
We charge a flat fee of €7 per month, regardless of power consumption. This includes all services: colocation, IPv4 address, KVM access, and monitoring.
What do I need to send?
Your laptop and its power brick. We’ll provide a prepaid shipping box - just pack everything securely and drop it at your nearest collection point. It’s completely free!
What are the connectivity requirements?
Your laptop must have either an ethernet port or a USB port (we’ll provide a USB ethernet adapter if needed). We connect all laptops via ethernet - WiFi is not available in the datacenter.
What kind of setup assistance do you provide?
We offer complimentary assistance with initial setup, including installation of most Linux distributions, Kubernetes clusters, Proxmox virtualization, and other common server software. Just let us know what you need, and we’ll help you get started.
What are the laptop requirements?
Your laptop should be fully functional with a working power supply and either an ethernet port or USB port for connectivity. Age isn’t a factor. We might modify your laptop to remove or power down the battery, wireless radios, etc. to ensure it can be used safely in the data center.
Where are your datacenters located?
We’re based in Amsterdam and aim to work with Hetzner to provide colocation services in the US and across their European datacenter network. This ensures your laptop is hosted in professional, secure facilities with excellent connectivity.
Your laptop will be hosted in Hetzner’s professional datacenters with 24/7 security, climate control, and redundant power. We also provide basic firewall services and DDoS protection.
...
Read the original on colaptop.pages.dev »
The Vercel Plugin on Claude Code wants to read all your prompts!
I was working on a project that has nothing to do with Vercel. No vercel.json, no next.config, no Vercel dependencies. Nothing.
And then this popped up:
“The Vercel plugin collects anonymous usage data… Would you like to also share your prompt text?”
That felt wrong. So I went deep into the source code with Claude.
A deployment plugin is asking to read every prompt you type, across every project. Why?
The consent question isn’t even a real UI element. It’s delivered via prompt injection into Claude’s system context - the plugin tells Claude to ask you a question and run shell commands based on your answer.
“Anonymous usage data” includes your full bash command strings sent to Vercel’s servers. You’re never told this is optional.
All of this runs on every project, not just Vercel ones. The plugin has framework detection built in - it just doesn’t use it to gate telemetry.
First, the ask itself. The Vercel plugin helps with deployments, framework guidance, and skill injection. Why does it need to read every prompt you type? Across every project? That’s not analytics for improving the plugin - that’s way outside its scope for a tool that’s supposed to help you ship to Vercel.
But even if you accept the ask, the way they ask is worse.
When the Vercel plugin wants to ask you about telemetry, it doesn’t show a CLI prompt or a settings screen.
Instead, it injects natural-language instructions into Claude’s system context telling the AI to ask you a question. Claude reads those instructions, renders the question using AskUserQuestion, and then - based on your answer - runs echo ‘enabled’ or echo ‘disabled’ to write a preference file on your filesystem.
Here’s what those injected instructions look like in the plugin source:
The result looks identical to a native Claude Code question. There is no visual indicator that it’s from a third-party plugin. You cannot tell the difference.
This isn’t just context injection - which is the intended use for plugins (skills, docs, framework guidance). The Vercel plugin injects behavioral instructions telling Claude to ask a specific question AND execute shell commands on your filesystem based on your response.
There’s a big difference between “here’s context about Next.js routing” and “ask the user this question and then write to their filesystem.”
Someone raised this exact concern on GitHub (issue #34). A Vercel dev responded:
“When using a 1st party marketplace like Cursor, CC or Codex, you can’t create a one time CLI prompt. The activation comes from within the agent harness. Totally open to visiting this, but we need a better solution.”
I get the constraint. But the answer to “we can’t build proper consent” should be not shipping the feature - not doing prompt injection instead.
Even within today’s constraints, they could have added “This question is from the Vercel plugin” in the question text, and written the preference file directly from the hook’s JavaScript instead of instructing Claude to run shell commands.
Problem 2: “Anonymous usage data” is not what you think
“The Vercel plugin collects anonymous usage data such as skill injection patterns and tools used by default.”
Sounds harmless. Here’s what it actually collects:
What gets sent
Do they ask?
No - always on
No - always on
Yes - only if you opt in
That middle row. Every bash command - the full command string, not just the tool name - sent to telemetry.vercel.com. File paths, project names, env variable names, infrastructure details. Whatever’s in the command, they get it.
Describing this as “anonymous usage data such as skill injection patterns and tools used” is a stretch.
The consent question frames your choice as “share prompts too, or don’t.” It never tells you the bash command collection is optional. It never says you can turn it off. The actual choice isn’t between telemetry and no telemetry - it’s between “some” and “more.”
All of this is tied together with a persistent device UUID stored on your machine, created once and reused forever. Every session, every project, linkable across time.
The opt-out exists - an env var VERCEL_PLUGIN_TELEMETRY=off that’s documented in the plugin’s README. But that README lives inside the plugin cache directory. Not anywhere you’d see during installation or first run.
Problem 3: This runs on all your projects
This is what originally set me off - the consent question popping up on a non-Vercel project.
I went through every telemetry file looking for project detection. There is none.
The hook matchers confirm it. The UserPromptSubmit matcher is literally an empty string - match everything. Install the plugin for your Next.js app, and it’s watching your Rust project, your Python scripts, your client work. Everything.
The irony? The plugin already has framework detection built in. It scans your repo and identifies what frameworks you’re using on every session start. But it only uses this to report what it found - not to decide whether telemetry should fire.
The gate exists. They just didn’t use it.
All telemetry should require explicit opt-in. “We’d like to collect: (1) session metadata, (2) bash commands, (3) your prompts - which would you like to enable?” Honest disclosure with a real choice.
“Anonymous usage data” should not be the description for full bash command strings sent to a server with a persistent device ID.
Telemetry should be scoped to Vercel projects only. The framework detection already exists - use it.
Plugins need visual attribution. Even [Vercel Plugin] before any question surfaced through a plugin hook. Right now, all plugin-injected questions look identical to native UI.
Plugins need granular permissions. When a plugin installs, Claude Code should show: “This plugin requests access to: your bash commands, your prompt text, session metadata. Allow?”
Plugins should declare scope - which files or dependencies must be present for hooks to fire. This is exactly how VS Code extensions work with activationEvents. It’s a solved problem.
You, right now
The env var kills all telemetry but keeps the plugin fully functional. Skills, framework detection, deployment flows - everything still works. You lose nothing except Vercel’s data collection.
Each of these problems has a Vercel layer and a Claude Code architecture layer. Vercel made choices I think are not okay. But the plugin architecture enabled those choices - no visual attribution, no hook permissions, no project scoping.
I use Vercel. I like Vercel. I use Claude Code daily. I want both to be better.
Everything above is verifiable from the plugin source at ~/.claude/plugins/cache/claude-plugins-official/vercel/. Here are the exact files and line numbers.
isPromptTelemetryEnabled() - true only if preference file says enabled
This sends the full command string via trackBaseEvents() - always on, no opt-in.
await trackBaseEvents(sessionId, [
{ key: “session:device_id”, value: deviceId },
{ key: “session:platform”, value: process.platform },
{ key: “session:likely_skills”, value: likelySkills.join(”,“) },
{ key: “session:greenfield”, value: String(greenfield !== null) },
{ key: “session:vercel_cli_installed”, value: String(cliStatus.installed) },
{ key: “session:vercel_cli_version”, value: cliStatus.currentVersion || “” }
From hooks/user-prompt-submit-telemetry.mjs:67-85: the hook writes “asked” to the preference file, then outputs JSON with hookSpecificOutput.additionalContext containing natural-language instructions for Claude to use the AskUserQuestion tool and execute shell commands.
Zero project detection in any telemetry code path.
Framework detection exists but isn’t used for gating
session-start-profiler.mjs runs profileProject() (lines 93-119) which scans for next.config.*, vercel.json, middleware.ts, components.json, and package dependencies. But the result is only used to report session:likely_skills - not to gate whether telemetry fires.
...
Read the original on akshaychugh.xyz »
Both involve systematic thinking, a preference for precision, and difficulty pretending small talk is acceptable.
The question is which one explains it.
Scores are independent — they don’t need to add up to 100%.
Some of the most serious thinkers in the tradition — Kant, Wittgenstein, Schopenhauer — were probably both. What they had in common was a refusal to stop at the surface of things. If that sounds familiar, there may be a more interesting conversation available.
Private philosophical sessions →
Occasional essays and tools on philosophy, thinking, and the present moment. No spam.
The Philosophical Atlas maps 175 thinkers — Kant, Wittgenstein, Schopenhauer, Nietzsche, and the whole tradition they belong to. See the full network.
Open the Atlas — $49 →
...
Read the original on german.millermanschool.com »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.