ME News reports that on April 20 (UTC+8), according to monitoring by Beating, users discovered a privacy toggle malfunction in the open-source AI client Cherry Studio. GitHub user Yuerchu posted packet capture screenshots in Issue #14387 showing that even after disabling “Send anonymous error reports and usage statistics,” the client continued sending requests to analytics.cherry-ai.com. Cherry Studio, led by Chinese developer kangfenmao, supports aggregation of multiple large models and local knowledge bases, and is among the most widely used open-source AI desktop clients in China. The client reports three types of events: each AI conversation, each application launch, and each update check. Only the conversation event respects the user’s setting; the other two bypass the toggle entirely. Each request includes a unique device ID along with system information, CPU architecture, and application version—effectively enabling long-term tracking of the device. Code review reveals that when this reporting mechanism was first introduced in February 2026, the toggle functioned correctly. However, on March 22, maintainer kangfenmao modified the code, removing the toggle check and appending additional device information to the request headers. This change was included in versions v1.8.3, v1.8.4, v1.9.0, and v1.9.1, and remained active for a month. kangfenmao acknowledged the issue in the issue thread, explaining that different events used separate logic for checking the toggle setting, so requests for application launches and update checks were not blocked even when the setting was disabled. Sensitive data such as chat content, user inputs, files, and API keys do not traverse this channel. A fix via PR #14390 has been merged, unifying all three events under a single toggle. There is an even earlier layer to this issue. Community members digging through older code discovered that when the analytics feature was first added in February 2025, an upgrade script was simultaneously embedded: any user upgrading from an older version would have their “Anonymous Statistics” toggle automatically re-enabled. Since then, the analytics backend has transitioned from Google Analytics to PostHog and Sentry, and finally to the self-hosted analytics.cherry-ai.com—but this auto-enabling code was never removed. This means that any user who installed Cherry Studio before February 2025 and later upgraded—even if they had manually disabled the toggle—would have it automatically re-enabled during the upgrade process and would need to manually disable it again after upgrading. (Source: BlockBeats)
Cherry Studio Privacy Switch Found Ineffective; Device Information Still Sent
KuCoinFlashShare
Summary
AI and crypto news broke on April 20 (UTC+8) when MetaEra reported that Cherry Studio, an open-source AI client, continued sending device data even after users disabled the privacy toggle. GitHub user Yuerchu shared packet captures showing ongoing requests to analytics.cherry-ai.com. Developer kangfenmao confirmed the issue arose from inconsistent toggle logic across event types; a fix has since been merged to unify the toggle behavior for all events. Meanwhile, an upgrade script from February 2025 re-enabled analytics for existing users, overriding their previous settings. Inflation data and regulatory scrutiny remain key concerns for the sector.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.