Using Copilot even as a mere coding assistance is insane, if no other reason than you're sending all your code to Microsoft, and you also let them monitor your work habits in uncomfortably intimate details.
this post was submitted on 26 Jun 2025
396 points (98.3% liked)
Programmer Humor
36796 readers
242 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
I'm using Copilot to help with bash scripting when I get stuck with the script. I'm aware they'll be able to see all of my scripts but: • I'm willing to share all of my scripts with anyone who wants them, so I'm OK with it, if MS can see them. They're all FOSS literally and figuratively. • Copilot is incredibly helpful with scripts, much more helpful than the 10 year old kid named ChatGPT. When I ask Copilot to explain a certain part of the script, it explains it in an understandable way, unlike quite a few other AIs.
Oh no, anyways.
Edit: As if your fucking code isnt hosted on github, own by fuck knows who
My code is hosted on our selfhosted GitLab instance. How many companies host their code on GitHub? I’m seriously asking…
Like, a lot, also vast majority of open source projects are on github.
Lots of startups. At least that's been my experience. Github org with private repos
Does GitHub offer some sort of contract or agreement for those companies? Not an expert on these things, things like NDA’s, uptime guarantees, etc.
I think so? I'm not an expert on the setup or agreement, just worked under that situation. I assume there's a privacy agreement and some level of uptime commitment
I guess upstarts are expected to cut corners.
Because if not, I feel like this could get the team in legal or at least financial hot water with investors.
Which doesn't mean it doesn't happen, just that it's not normal and okay.
Exactly. We’re not taking about hobby projects anymore.
pacing data might be useful to pressure us more, later. its not just about the code.
*codeberg
Today I was "talking" to copilot asking about how to tackle a certain issue. The fucking thing replied with my manager and his manager's NAMES telling me to reach out to them. Of course I was aware that Copilot's primary function is not as an AI assistant but as a surveillance tool, but working in the EU, this still surprised me a lot.
That said, under the protections the EU affords me, I will absolutely continue to use Copilot for the most inane possible tasks. I know that they know, but they can't act on it without breaking GDPR.
Your move, corporation.
You think american companies care about gdpr? lol
Are you aware Meta keeps paying larger and larger fines each year for failing to comply with gdpr in Facebook? Last one was 1.3 BILLION. they just keep doing it.
Oh, I'm very aware. My own (EU!) company has ISO certifications that "guarantee" our customers that all their data is perfectly protected.
It is not. We, among other things, have plaintext user/password combos in scripting. Certain logs are certainly not being processed lawfully.
It's also not so bad as to be terrible but it still irks me a lot that we're essentially lying to our users.
He’s just trying to win some more bread for Europe. Eventually everything will be fully subsidized by fines on American companies.
All that information is integrated in Active Directory and available for Microsoft to ingest into their AI. Heck it could be something they put in the system prompt. “If you have low confidence in your output then respond ‘contact your manager’ instead.
I didnt get it. Your manager replied instead of if?
User: Copilot, how can I write a function to print "Hello World"
Copilot: Ask your manager Frank or his manager Frankie for advice.
(Nice avatar BTW)
Thanks, it’s an svg!
No, the AI advised me to contact my direct superior and his superior, but mentioned their names.
I have never provided it with this information, so that means it has a lot more access to our information than is officially known. Technically we aren't even supposed to input anything that could possibly be identifying, again for GDPR purposes, so I have no idea where Copilot got the information from.
I assume that MS lets companies tailor their instance of Copilot to a certain degree and maybe it was fed an organigram of the entire company, but AFAIK this is already not allowed under current legislation. Or maybe it is and I'm just a modern luddite.
Regardless, I'll be even more careful about what I use Copilot for from this point forward.
@Kyrgizion @boredsquirrel I assume you"re using 365 version of Copilot wich can access Active Directory data which if they're correctly setup contains a supervisor field
Thanks for the info!
Probably from the Microsoft 365/Teams/Outlook/whatever profile which can include who's your manager, or potentially from Outlook emails. From what I can tell, Microsoft's been trying hard to shove copilot in any of their systems, like AAD/Entra.
My company has recently migrated their emails to it and as an admin I was very surprised that you can just read any email in full in any mailbox from "regular" functionality like email trace or antispam. I have no idea how that's GDPR compliant - in my other jobs we were using Google Workspace which only shows metadata because of that, and accessing another person's mailbox by other means (e.g. resetting the password on an ex-employee account) was a huge no-no
[...] in my other jobs we were using Google Workspace which only shows metadata because of that[...]
Rare moment when Google is mentioned as behaving GDPR compliant... I mean, I know that big tech is vacuuming up all data and doesn't care about GDPR, but still.... You can be worse than effing Google?
Did you pay for copilot yourself or did your job provide you with a license?
The enterprise tier of copilot is supposed to have access to such data, though it can be managed trough internal policies.
Ask it to summarize your latests emails In outlook/teams messages. If it has access to those (and this is intended) then its near certainty also setup to know who is who in the organization.
Allegedly, the data is “safe” because enterprises is supposedly not harvested and used for training… which makes me conclude non enterprise use absolutely is.
Allegedly because thats what Microsoft claims and on paper it looks legal. But these tech companies never seem to actually follow the law to such a degree that any claims that unmistakably seem to fit within the legal framework automatically are sus to me.
Hey, at least it gives you somewhat coherent answers. Copilot chat for me is less helpful than the Amazon customer service bot.
Truely a product of the internet.
Gimme that co-pilot with real intelligence ---> Shows you syntax errors and inconsistent object definitions.
I said real intelligence --->
Continue.dev extension with VSCodium.
Elix d's nuts