Comment by heavyset_go
2 months ago
If Microsoft is willing to put ads into your PRs via Copilot like this, imagine what they could put into your codebase itself with Copilot.
Or what Microsoft could do, run, install, etc on/from your computer while running their Copilot agents.
This is the same company that puts ads in your start menu and reinserts them with Windows updates even if you manually removed them.
"Reflections on Trusting Trust" for the new era. MSVC doesn't compile a secret master-password into your software, just a Copilot ad.
("Reflections on Trusting Trust" Turing Award Lecture by Ken Thompson: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...)
+1000 Everyone in technology should read this.
I wonder if there will come a time where I can pay M$ to sabotage my competition codebase
You have to get acquired by Microsoft first.
If they're using Copilot, you're already most of the way there.
Spent yesterday pruning dependencies in a project. Cut half of them and everything still worked. Makes you wonder how much stuff we pull in without thinking about it. Same thing with AI-generated PRs honestly, one bad suggestion and it ships.
No linter?
Imagine just having the copilot extension installed will be an excuse at some point for them to steal our code to train their AI models. Not sure if they already do this.
Of course they already do this.
The ToS (https://www.microsoft.com/en-us/microsoft-copilot/for-indivi...) says explicitly:
> Copilot may include both automated and manual (human) processing of data. You shouldn’t share any information with Copilot that you don’t want us to review.
so they're reserving the right to process whatever it looks at.
You're sending them your codebase already, as part of the prompt for generating new snippets, debugging, etc. So they have access to it.
They'd be absolute fools not to be using the results of sessions to continue to refine their models, and they already reserved the rights to look at what you send them, so yeah - they're doing it.
(Bonus comedy from the ToS:
> Copilot is for entertainment purposes only.
The lawyers know these things cannot be trusted.)
That's the TOS for the broader Microsoft Copilot, not for the GitHub one, which has its own TOSes (depending whether your last renewal was before or after March 5) that don't include the "entertainment" wording.
But one to file away!
Also for some reason that site hijacks your scrolling and tries to "smooth" it, which just makes it feel more unresponsive as most browsers already have smooth scrolling?
Looks like they're using this: https://github.com/gblazex/smoothscroll-for-websites
I know it's a bit off topic but I'm just confused as to why that would be on there...
1 reply →
> Copilot is for entertainment purposes only.
Jokes on them, that's why I consider entire Microsoft for entertainment purposes only.
"at some point"?
Why the assumption it's not already happening?
> Not sure if they already do this.
Can somebody explain to me why this is legal?
If anybody but Microsoft does this, it's called malware and they'll end up with an FBI visit and prison time.
Why are the judicative so skewed here in their judgements?
They have trillions
[flagged]