Skip to content

Unexpected Telemetry Enablement in Non-Interactive Environments (comfy-cli==1.10.2) #462

Closed
Closed
Unexpected Telemetry Enablement in Non-Interactive Environments (comfy-cli==1.10.2)#462
Labels
bugSomething isn't working
@Eldan-Talis

Description

@Eldan-Talis
Eldan-Talis
opened on May 21, 2026

Hello Comfy team,

We identified telemetry/privacy behavior in comfy-cli==1.10.2 related to CI/CD, Docker, subprocess, or other non-interactive execution environments.
The primary concern is automatic telemetry enablement without an explicit consent prompt:

if not sys.stdin.isatty() or not sys.stdout.isatty():
    _session_only_tracking = True
    if user_id is None:
        user_id = str(uuid.uuid4())
        config_manager.set(constants.CONFIG_KEY_USER_ID, user_id)
    return

This behavior appears to:

enable tracking automatically in non-TTY environments
generate and persist a stable cross-session UUID
send telemetry events to PostHog (https://t.comfy.org/)
enable IP-derived geolocation enrichment
We also observed execution-related metadata captured through:

filter_command_kwargs(dict(locals()))

including values such as:

workflow file paths
host/port
timeout settings
verbose/json flags
execution metadata

Recommendations:

clearly document telemetry behavior in non-interactive environments
consider explicit opt-in semantics for non-TTY execution
review whether stable identifiers should persist before consent
evaluate additional redaction coverage for execution metadata
We’re sharing this as a transparency and privacy concern for review.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions