Add telemetry opt-out for PostHog analytics #415
Description
PostHog autocapture is running from first launch in both the desktop and web app with no consent prompt, no opt-out toggle in settings, and no mention of it during onboarding. I get why product analytics matters for a developing application, no shade intended. But for a project that positions itself as local-first and private by design, silently phoning home doesn’t quite match up. There’s also a real compliance consideration here. UK GDPR/PECR, EU GDPR, Brazil’s LGPD and US state laws like CCPA all have requirements around consent for non-essential tracking, and Rowboat has a global user base via the GitHub releases.
The fix should be straightforward. There are no explicit .capture() calls or feature flags in the codebase, it’s purely autocapture. A simple toggle in settings hooked up to posthog.opt_out_capturing() with a brief note during onboarding would sort it. Building from source already sidesteps this since PostHog silently fails without the API keys, but that’s not obvious to anyone going straight for the installers.