sleepy/mid_model_research
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
51123212c461e3d17b23bde848617b148bfb2139
mid_model_research/forgecode/feedback/frontier/privacy-security-concerns.md
T
sleepy 51123212c4 Initial commit: coding harness feedback analysis 
Harnesses under analysis:
- opencode (Go-based coding agent)
- pi (minimal terminal coding harness by Mario Zechner)
- hermes (Nous Research agent)
- forgecode (AI pair programmer with sub-agents)

Each harness folder contains:
- repo/: Source code from respective repositories
- feedback/localllm/: Community feedback for local/smaller models
- feedback/frontier/: Community feedback for frontier models

Research focus: Tool handling, skills systems, prompt engineering,
context management, and best practices for smaller/local models.
2026-04-09 15:13:45 +02:00

98 lines
3.3 KiB
Markdown
Raw Blame History

# ForgeCode Privacy & Security Concerns - Feedback Report
**Topic:** Data collection, telemetry, privacy
**Source References:** GitHub Issue #1318, Discussion #2545, DEV Community, Reddit
**Date Compiled:** April 9, 2026
---
## Overview
Despite ForgeCode's claim that "Your code never leaves your computer," there are significant community concerns about telemetry and data collection practices.
---
## Documented Privacy Issues
### GitHub Issue #1318
**Status:** Referenced as "red flag" by community members
**Reported Concerns:**
- Default telemetry collects:
- Git user emails
- SSH directory scans
- Conversation data sent externally
### GitHub Discussion #2545
**Title:** "Clarity about data collected that involves code"
**Key Points:**
- Privacy policy mentions collecting commands
- Data can be stored and transferred in many ways
- ForgeCode Services (optional) may process data differently than local CLI mode
**Distinction:**
- **Local CLI mode:** Claims to run entirely on local machine
- **ForgeCode Services:** Optional features that provide additional capabilities, may process data externally
---
## Mitigation
### Disable Tracking
```bash
FORGE_TRACKER=false # Disables all tracking
```
### ForgeCode Services Clarification
From Discussion #2545:
> "ForgeCode Services are optional features that provide additional capabilities beyond the purely local CLI experience. If a user chooses to enable those services, some data relevant to those features may be processed by the service."
---
## Community Sentiment
### Reddit r/ClaudeCode
> "Specifically for Forgecodedev, I haven't used it yet since they are not transparent about user data which is a red flag to me."
### DEV Community (Liran Baba)
- Mentions telemetry concerns in comparison article
- Notes the FORGE_TRACKER=false mitigation
---
## Benchmark Controversy Connection
Some users connect privacy concerns to benchmark results:
> "I am concerned about their proprietary layer, which I believe is a big part of what moved their bench scores from ~25% to ~81%. Currently it is free to use but may change in the future."
**Note:** ForgeCode Services (proprietary layer) was used for benchmark evaluations, which differs from purely local CLI mode.
---
## Transparency Issues
1. **Telemetry defaults:** Enabled by default, must explicitly disable
2. **Data scope:** SSH directory scanning not clearly documented upfront
3. **ForgeCode Services:** Connection between services and benchmark results not immediately obvious
4. **Proprietary layer:** Some components not open source
---
## Recommendations for Privacy-Conscious Users
1. **Set FORGE_TRACKER=false** before using
2. **Avoid ForgeCode Services** if local-only operation is required
3. **Audit code:** Harness is open source (Apache 2.0), can be inspected
4. **Use own API keys:** Don't rely on any bundled/free tier that might require data sharing
---
## Source References
1. **GitHub Discussion:** https://github.com/antinomyhq/forgecode/discussions/2545
2. **GitHub Issue #1318:** Referenced in multiple community discussions
3. **DEV Community:** https://dev.to/liran_baba/forgecode-vs-claude-code-which-ai-coding-agent-actually-wins-36c
4. **Reddit r/ClaudeCode:** https://www.reddit.com/r/ClaudeCode/comments/1royhni/someone_is_using_forgecodedev/
Reference in New Issue View Git Blame Copy Permalink