Dependencies Telemetry Data is not Disabled

Base Metricscoreseverity

Type: Weakness

Status: fixed

Reporting Date: 2023.04.05

Application dependencies have their own telemetry system, which is not documented, disabled or controlled by the bloop application.


The application facilitates qdrant1, which has telemetry enabled by default. The telemetry data seem to be reasonable pseudo anonymized2 but should be disabled if the users choses to opt-out of telemetry or by default.

The usage of ONNX Runtime3 is not completely clear yet. It seems to collect telemtry on windows clients4 but only if used as a system dependency, which was not compiled from source.


Vector Search Engine


System information - general information about the system, such as CPU, RAM, and disk type. As well as the configuration of the Qdrant instance. Performance - information about timings and counters of various pieces of code.Critical error reports - information about critical errors, such as backtraces, that occurred in Qdrant. This information would allow to identify problems nobidy yet reported to us.


Telemetry data is transmitted to third parties without consent of the user or the possibility to opt out of such transmission.


  • Document possible telemetry transmission from dependencies in the privacy policy
  • Disable dependency telemetry if possible
  • Investigate telemetry data from onnxruntime

Retest Notes

The issue was promptly fixed by disabling the telemetry with PR 400.