Feature hasn't been suggested before.
Related: #7982, #459
Describe the enhancement you want to request
Default sharing behavior raises privacy and informed consent concerns
The current default ("share": "manual") allows any user to upload their full session — including file contents, terminal output, and environment context — to external servers (opncd.ai) with a single /share command, without any confirmation dialog or informed consent step.
While /unshare does delete session data from the remote server, several concerns remain:
-
Informed consent: Users are not warned before upload about what data is being shared, where it is stored, for how long, and who has access. This conflicts with fundamental data protection principles (GDPR Art. 5 — transparency, CCPA, and most privacy frameworks).
-
Incidental data exposure: Coding sessions routinely capture sensitive data — .env files, credentials, personal information in test data, proprietary algorithms. Users may not realize that a shared session includes all of this context, not just their prompt.
-
No confirmation before upload: There is no consent dialog before /share executes. A single accidental invocation exfiltrates the entire session. Privacy-respecting UX requires explicit confirmation for irreversible data transfers.
-
No data retention policy: Sessions shared to opncd.ai are stored indefinitely on Cloudflare infrastructure (R2 + Durable Objects) with no automatic expiration. There is no privacy policy (opncd.ai/privacy → 404), no terms of service (opncd.ai/terms → 404), and no documentation on who can access stored sessions or whether they are used for any secondary purpose. The only written statement is a single line in the docs: "data persists until you unshare."
-
Privacy by default: The principle of privacy by default (GDPR Art. 25) requires that the most privacy-protective configuration applies without manual action. Sharing should be opt-in ("disabled" by default), not opt-out.
Recommendations (ordered by implementation effort):
- Change the default to
"disabled" — one-line change, immediate impact, aligns with privacy-by-default
- Add a confirmation dialog to
/share — display what will be uploaded and to which endpoint before proceeding
- Publish a privacy policy and terms of service for
opncd.ai — document data retention, access controls, jurisdiction, and secondary use
- Add automatic expiration — shared sessions should have a configurable TTL with a reasonable default (e.g. 30 days)
The "share": "disabled" config workaround exists today, but defaults matter — most users never change configuration files, and organizations cannot rely on per-user configuration for data protection compliance.
Feature hasn't been suggested before.
Related: #7982, #459
Describe the enhancement you want to request
Default sharing behavior raises privacy and informed consent concerns
The current default (
"share": "manual") allows any user to upload their full session — including file contents, terminal output, and environment context — to external servers (opncd.ai) with a single/sharecommand, without any confirmation dialog or informed consent step.While
/unsharedoes delete session data from the remote server, several concerns remain:Informed consent: Users are not warned before upload about what data is being shared, where it is stored, for how long, and who has access. This conflicts with fundamental data protection principles (GDPR Art. 5 — transparency, CCPA, and most privacy frameworks).
Incidental data exposure: Coding sessions routinely capture sensitive data —
.envfiles, credentials, personal information in test data, proprietary algorithms. Users may not realize that a shared session includes all of this context, not just their prompt.No confirmation before upload: There is no consent dialog before
/shareexecutes. A single accidental invocation exfiltrates the entire session. Privacy-respecting UX requires explicit confirmation for irreversible data transfers.No data retention policy: Sessions shared to
opncd.aiare stored indefinitely on Cloudflare infrastructure (R2 + Durable Objects) with no automatic expiration. There is no privacy policy (opncd.ai/privacy→ 404), no terms of service (opncd.ai/terms→ 404), and no documentation on who can access stored sessions or whether they are used for any secondary purpose. The only written statement is a single line in the docs: "data persists until you unshare."Privacy by default: The principle of privacy by default (GDPR Art. 25) requires that the most privacy-protective configuration applies without manual action. Sharing should be opt-in (
"disabled"by default), not opt-out.Recommendations (ordered by implementation effort):
"disabled"— one-line change, immediate impact, aligns with privacy-by-default/share— display what will be uploaded and to which endpoint before proceedingopncd.ai— document data retention, access controls, jurisdiction, and secondary useThe
"share": "disabled"config workaround exists today, but defaults matter — most users never change configuration files, and organizations cannot rely on per-user configuration for data protection compliance.