Skip to main content

Telemetry

The Mesmer CLI has three different types of telemetry:

  1. Automatic update checks, which run asynchronously on every invocation
  2. Analaytics pings, which run asynchronously on every invocation
  3. HTTP request headers, which indicate CLI version and platform.

Telemetry, for the most part, is opt-out. However, if the CLI sees that you've set environment variables disabling the telemetry for other programs (like HOMEBREW_NO_ANALYTICS=1, for instance), the CLI will disable its own telemetry to follow suit. We use the list of environment variabes from toptout---checking the configuration for the Angular CLI, Azure CLI, Homebrew, Gatsby, the Google Cloud SDK, and many more. The Mesmer CLI also respects Console Do Not Track.

Disabling Telemetry#

You can disable telemetry by running mesmer util telemetry disable.

If you run mesmer util telemetry disable, your preferences will persist forever---telemetry will stay disabled across separate invocations and CLI updates. This preference is per-user, stored in a file in the current user's home directory.

Note that the CLI will still include its version and platform in the headers of any HTTP requests it makes.

Telemetry Data#

We'd like to be completely transparent about the data we collect from the CLI. For each type of telemetry, here's what we see:

HTTP Headers#

When issuing HTTP requests to Mesmer services (and to services like TestRail, which may be out of Mesmer's control), we include information about the current CLI version and platform in HTTP headers:

  • User-Agent will contain the current version, like Mesmer CLI v0.0.0
  • X-Mesmer-CLI-Platform will contain the platform your CLI executable is built for (MacOS, Windows, or Linux)
  • X-Mesmer-CLI-Commit will contain the hash of the commit your CLI executable was built from.

Automatic update checks#

Here, we don't gather any data. The automatic update mechanism simply fetches the release manifest of the latest version, and compares it against its own version information.

Usage Statistics#

If you have telemetry enabled, every time you run a command we will send a small amount of usage data to Google Analytics. This data contains the following:

  • A unique user identifier, stored in your configuration directory
  • The current subcommand, like test results or crawl history
  • Whether the CLI is running interactively, or as a part of a script
  • The IDs of your current Mesmer tenant and project, if set
  • Your OS platform and version, like Ubuntu 20.04.2
  • The CLI's version number, and the commit hash of the source from which it was built

This data will NEVER contain authentication tokens or any personally identifiable information.

If you like, you can check this yourself: running mesmer util telemetry example will generate an analytics ping for your system and display it, without sending it to Google Analytics.

If you disable telemetry with mesmer util telemetry disable, the file containing your unique user identifier is deleted. If you choose to enable telemetry again in the future, that data will not be associated with the same user identifier.

Sidecar builds#

When you use the Mesmer Sidecar to test your app, we send some of the APK's badging metadata to Google Analytics. This may include:

  • Application label (the user-visible name of your app)
  • Package name (like com.example.mypackage)
  • Version code (like 1114442)
  • Version name (like 1.0)
  • Platform build version name
  • Whether or not the APK has the debuggable flag set
  • Its minimum SDK version
  • Its SDK target version

How to check this for yourself#

You also don't have to trust this documentation---you can run the CLI through a HTTPS proxy (like mitmproxy) with the HTTPS_PROXY and MESMER_HTTP_ACCEPT_CERTIFICATE environment variables, and inspect the traffic for yourself. This will let you see every bit of information that's being sent.