New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can I disable anonymous telemetry ? #372
Comments
good point, some detection mechanism in the LAN might even flag you and you'll get a talk from the SecOps about being naughty and why you use tools which were not vetted 😄. depends how strict your env is. This is a must feature, 100% (I run with "share_crew=True" to give them even more data (all my content, since I just play with open source docs and stuff) but this needs to have an easy switch to disable. +1 |
It sends telemetry in clear text over the wire: crewAI/src/crewai/telemetry/telemetry.py Line 43 in a3abdb5
It appears crewAI is not usable if telemetry is disabled at the network layer: #254 |
I published a pypi package from my opt-out branch: https://pypi.org/project/crewai-clean/ You need to set Please test it out and leave a comment on #402 |
Hey folks, we are bringing more security to telemetry in the next version, upgrading to https and looking into adding an extra layer of encryption on top of that in the version after that. |
I'm happy to keep the |
@joaomdmoura , thanks for this library, having the opt out of telemetry would get you more folks using this for sure. This is a must have feature for our enterprise. |
João, I work in a security sensitive environment and I just cannot use Crew AI if it's going to send any data off premise. Allowing a complete OPT OUT of telemetry would gain you more users (and corporate/government adoption), and very little data loss, as I believe the largest share of developers and early adopters don't have to work with these constraints. Please take that into account. Congratulations on your awesome work, nonetheless! |
indeed |
After some experimentation, it does appear that the following will disable the telemetry. You can add this in your os.environ["OTEL_SDK_DISABLED"] = "true" To test this is working, first remove the above line from your code. Now add this to your
Run your code and observe the timeout errors spamming the console:
Now add the environment variable at the top of your script: import os
from crewai import Agent, Task, Crew, Process
from crewai_tools import SerperDevTool
os.environ["OTEL_SDK_DISABLED"] = "true" Now when your main.py is run a warning is displayed and no timeout errors are thrown:
Which I hope this line of code in opentelemetry/sdk/trace/init.py. |
It is my understanding that telemetry is currently hardwired into the system. If this is incorrect, please let me know. If there is no way to opt out/in of the system sending information or attempting to send information outside of the business network, the business I work for will have to decline using CrewAI. The nature of the telemetry information does not matter. The business I work for gets security audited, and the auditors would not accept this. I want to emphasize that I really like CrewAI so far (and will likely use it personally), but this issue needs to be addressed if you want security-focused businesses to adopt it. |
You are correct, but Telemetry can (or at least could) be disabled, by adding the following snippet: from crewai.telemetry import Telemetry
def noop(*args, **kwargs):
print("Telemetry method called and noop'd\n")
pass
for attr in dir(Telemetry):
if callable(getattr(Telemetry, attr)) and not attr.startswith("__"):
setattr(Telemetry, attr, noop) I am NOT running this in production or anywhere with confidentiality requirements and would not suggest anyone to do so. |
Hello João, Thanks for the security upgrades coming with HTTPS and the planned extra encryption layer. In secure environments, users will likely disable telemetry anyway, even without an explicit option. By not offering this out of the box, it might actually push some users to avoid the library entirely for security reasons. I think having an option to disable telemetry would build more trust and transparency. It would acknowledge the security needs of users and could help more people feel comfortable using the library. Thanks for considering this! |
@dezoito @joaomdmoura |
Yes, I confirm that most mid market or enterprise companies won't be able to use crewAI if telemetry can't be disabled (either because it violates their security policy or either because their network policy won't allow them at all!) |
CrewAI it's cool stuff , but I think default send anonymous telemetry it's not good idea , because some company have network security policy , can we disable anonymous telemetry with option args ?
The text was updated successfully, but these errors were encountered: