Update: xAI updated Grok Build today and I retested. The whole-repo upload to storage (POST /v1/storage → grok-code-session-traces bucket) stopped because they set disable_codebase_upload: true server-side. That global switch is the reason it stopped, no repo left the machine whether I ran /privacy opt-in or /privacy opt-out.
/privacy opt-in/opt-out does not turn that upload back on. It only controls the trace channel, which carries session activity (~18 KB per submission), not your repository or its files. The only difference: /v1/traces returns 200 (stored) when opted in, 204 (discarded) when opted out, and the trace is still sent either way. Full A/B test: https://t.co/VNaChpd5BM. xAI says running opt-out also deletes the data already stored on their servers.
The real win now would be Elon confirming that every repo uploaded before now will get deleted
Update: xAI updated Grok Build today and I retested. The whole-repo upload to storage (POST /v1/storage → grok-code-session-traces bucket) stopped because they set disable_codebase_upload: true server-side. That global switch is the reason it stopped, no repo left the machine whether I ran /privacy opt-in or /privacy opt-out.
/privacy opt-in/opt-out does not turn that upload back on. It only controls the trace channel, which carries session activity (~18 KB per submission), not your repository or its files. The only difference: /v1/traces returns 200 (stored) when opted in, 204 (discarded) when opted out, and the trace is still sent either way. Full A/B test: https://t.co/VNaChpd5BM. xAI says running opt-out also deletes the data already stored on their servers.
The real win now would be Elon confirming that every repo uploaded before now will get deleted
I hope you — as one of the most controversial figures in this AI race — can help slow it down and rebuild trust, before it goes too far.
AI is already too good for people to feel comfortable in the driver's seat. The race looks less like progress and more like erasing humans on the way to the singularity — and we're not ready. We need a worldwide agreement on what comes next, and only people like you, @elonmusk , @DarioAmodei , @finkd , and the folks in China can pull it off.
Simple logic: if /privacy were the real control, why silently set disable_codebase_upload: true? Even with opt-in now, nothing uploads.
Second: no dev should have to run /privacy opt-out after every session just to keep their code off your servers. Leave it on GCS, or opt out daily -- really?
Please be honest.
Simple logic: if /privacy were the real control, why silently set disable_codebase_upload: true? Even with opt-in now, nothing uploads.
Second: no dev should have to run /privacy opt-out after every session just to keep their code off your servers. Leave it on GCS, or opt out daily -- really?
Please be honest.
Simple logic: if /privacy were the real control, why silently set disable_codebase_upload: true? Even with opt-in now, nothing uploads.
Second: no dev should have to run /privacy opt-out after every session just to keep their code off your servers. Leave it on GCS, or opt out daily, seriously?
@milichab@Sudhie@milichab The whole point is Grok Build was updated to globally set disable_codebase_upload: true, regardless of /privacy opt-in or opt-out. Proof: https://t.co/X8zioZX7kB
So please don't point to /privacy opt-in/opt-out. It was the silent switch-off that stopped it.
@milichab@Sudhie@milichab The whole point is Grok Build was updated to globally set disable_codebase_upload: true, regardless of /privacy opt-in or opt-out. Proof: https://t.co/X8zioZX7kB
So please don't point to /privacy opt-in/opt-out. It was the silent switch-off that stopped it.
@SpaceXAI To clarify "either state": I ran the same task twice, once with /privacy opt-in and once with opt-out. The whole-repo upload didn't fire in either run, so it's off regardless of the privacy toggle.
@SpaceXAI updated Grok Build today, and I retested:
The whole-repo upload to storage (POST /v1/storage → grok-code-session-traces bucket) is now off by default (disable_codebase_upload: true) -- so no repo left the machine in either state. It's a server-side switch with no user control though, so I hope they remove the upload path entirely in a future release.
The /privacy opt-out doesn't affect that upload. It applies to the trace channel, which carries session activity (~18 KB per submission), not your repository or its files. What it changes is only how the server handles those traces: /v1/traces returns 200 (stored) when opted in, 204 (discarded) when opted out.
Evidence: https://t.co/VNaChpd5BM
I'm cereblab, the researcher behind this.
Jul 12: found Grok Build uploaded the whole repo to xAI storage, independent of what the model read; the opt-out didn't stop it.
Jul 13: xAI turned the codebase upload off by default (server-side).
Today: retested. No repo uploads in either state. The new /privacy opt-out only flips a trace response (200 vs 204), not what's sent.
Evidence: https://t.co/RkiRbdE6TH
the mental model people have is claude, codex, gemini: they keep your repo local and only send what's in context. grok uploaded the whole private repo, including files it never opened. that's the kind of thing that needs an explicit permission prompt. did they show one? most of us would never agree to send an entire private repo to their server.