> If your data is stored in a database that a company can freely read and access (i.e. not end-to-end encrypted), the company will eventually update their ToS so they can use your data for AI training — the incentives are too strong to resist
(-:
Like using that /s or using that smiling emoji sign you used.
A good joke would land even if some other people miss it because of the text format.
"Microsoft would never do this" would have landed for me.
/s is basically the internet-enabled equivalent of a sarcasm tone or a wink - it is much more difficult to detect genuine subtle sarcasm on the internet because of the absence of common communication tools. /s is also a valuable accessibility tool for those that might have difficulty with social cues and subtlety so, for all my autistic friends, I'm happy to defend it.
On the internet it is very possible and often plausible that someone can very much believe what may appear to a reasonable person to be sarcasm. Having a crutch online does not equate to an equivalent crutch offline.
Anecdotally, neurodivergent folks I know prefer, and some even require, a sarcasm indicator online.
If you can tell sarcasm from text, that doesn't mean everyone can.
For my part, the smiley face was much-appreciated as I've seen people who genuinely would think that with a straight face.
--- EDIT: Spelling of a word
:)
I didn't become paranoid, everybody else didn't!
Stallman is always right.
So I dunno bout that.
About communication with other humans he’s pretty much always wrong.
Imagine we’d had a better communicator who wasn’t a gross toe nail picking troll fronting free software? It shouldn’t matter. Only the ideas should matter . But the reality is different.
When you put in law that ISPs should adhere to some government-provided blocklist, this is already a game over. No matter how sane your government is. The government in 10 years might be vastly different, and the ability to control the ISPs is too alluring to not abuse
I'd rather live in a world where you could find words like "kill all russians", or child porn, or blatant propaganda than to live with the government censorship. I lived in Russia and the experience was nightmare. Who knows, maybe if the government didn't have the tools they had then the independent media would still be reachable by an average russian, the pictures of the pointless massacre would be public and the war would be over in a week
Any takes on what 2029 will look like? (related to this topic, ofc)
Pro tip: sign up for the business/enterprise version when reasonable in price.
I do this with Google Workspace. You can also do it with GitHub.
(Google doesn’t train on Workspace, Github doesn’t train on business customers, etc)
Please don't reward these companies with money.
Yes, I know, it's dicey when people get used to a nice, friendly platform, and the platform gains lots of users, and then at some point (or several points), the terms start getting worse, and people feel misled and betrayed.
I get that. But this is a corporation. Hell, this is Microsoft. It's hilarious how many people think they've actually changed since their antitrust judgment in the 90s. I guess a lot of folks here are too young to remember it, even.
Companies exist to make money. If they are giving you something for free, they are either a) getting something else out of it already, or b) giving it to you for free now and looking for ways to get their own value out of it later. I don't mean that in some sort of cynical, "fuck the world" sense; that's just reality, and that's fine, for the most part.
If you don't like this, don't use free services provided by corporations. Host your own. Yes, I know it can cost money. Yes, I know it's more work. But that's life. TANSTAAFL.
I've had a VPS running for a couple decades on a small provider. These days it costs me a little under $200/year. Much cheaper options exist. I run a web server, gitea instance, matrix homeserver, and a slew of other things on it. It requires very little maintenance because I just run Debian stable on it, keep up with security updates, but otherwise leave it alone. It backs up the important stuff to S3 using duplicity, but -- knock on wood -- I've never had a catastrophic failure that required a restore in the ~20 years its been running.
Obviously the root problem is the incentive structures created by a system that relies on scarcity to assign value to things being applied to things that effectively cost zero to duplicate. Obviously companies are not my friends, I self host everything, heck I even have a local copy of my VPS, it's on solar, I'M fine. I don't expect Github to do good things and make good choices, but that doesn't mean I can't be mad about it when they do things I don't like. Also I live in the real world and have to deal with society and there would be friction I create for myself when I try to exist in tech and refuse to use github, might be a worthwhile trade but it IS a trade.
If the publishing industry can't win a case against the AI firms then you don't stand a chance when you finally find out they've been training on your private data the whole time.
They can tell you one thing and do the opposite and there's effectively nothing you can do about it. You'd be a fool to trust them.
...yet
Conspiratorial thinking? Sure. But if you've been around for a couple decades and seen the games these people play (and you aren't a complete sucker), then you'll at least be aware that there's at least slight possibility that these companies can get things from their customers that they (the customers) did not knowingly agree to.
The belief of business users that this will remain true is grounded more in hope than in cold, dispassionate, business based decision making.
If it's not life or death, encrypt every byte of data you send to the cloud.
If it is life or death, you should probably not be letting that data traverse the open internet in any form.
And I don't see any mention that that exempts you from being trained on. (Yes, the blog says you're still covered, but at that price I'd like to see a contract saying that)
For users of Free, Pro and Pro+ Copilot, if you don’t opt out then we will start collecting usage data of Copilot for use in model training.
If you are a subscriber for Business or Pro we do not train on usage.
The blog post covers more details but we do not train on private repo data at rest, just interaction data with Copilot. If you don’t use Copilot this will not affect you. However you can still opt out now if you wish and that preference will be retained if you decide to start using Copilot in the future.
Hope that helps.
> Should you decide to participate in this program, the interaction data we may collect and leverage includes:
> - Outputs accepted or modified by you
> - Inputs sent to GitHub Copilot, including code snippets shown to the model
> - Code context surrounding your cursor position
> - Comments and documentation you write
> - File names, repository structure, and navigation patterns
> - Interactions with Copilot features (chat, inline suggestions, etc.)
> - Your feedback on suggestions (thumbs up/down ratings)
"should you decide to participate.."??? You didn't ask if I wanted to participate. You asked if I didn't.
I didn't get to decide to participate. I had to decide not to. You made me do work to prevent my privacy from being violated.
Second response: Maybe? I press the little button to auto-generate commit titles and messages that showed up in my Github Desktop. Does that count?
I'm asking sincerely. I don't "use Copilot" as in using it in VS Code or while writing code, so I'm honestly not sure if I am.
I'm pretty sure if you use the site you're using GitHub Copilot in some way, so your question becomes irrelevant.
> interaction data—specifically inputs, outputs, code snippets, and associated context [...] will be used to train and improve our AI models
So using Copilot in a private repo, where lots of that repo will be used as context for Copilot, means GitHub will be using your private repo as training data when they were not before.
Boiling the frog with a Venn diagram.
I don't have to be a Copilot user to click on it.
This change is malicious, and it doesn't only affect Copilot users. It affects everyone on the platform!
If I go to one of your GPL projects and I ask a simple question to find out what this project is about, you will be perfectly "ok" that this interaction (that includes most of the code that is required to answer my dumb the question) will be used for training?
This is not ok.
So why do any of this at all? You're putting a large part of your customer base on edge in order to improve a service that "most people don't use." The erosion of trust this brings doesn't seem like a worthwhile or prudent sacrifice.
I am not certain if you're a spokesperson for github - but it's good to be careful in your language. Instead of "No we won't" a lead like "That isn't entirely accurate" would be more suitable. In the end both the original post title and your reply have ended up being misleading.
This statement itself is misleading. Also, GitHub probably should have seen this coming.
They are not doing what I initially thought, which is slurping up your private repo, wholesale, into its training set. You don't have to opt out of anything to prevent that.
They are slurping any context and input containing code from your private repo which is provided to them as part of using Copilot.
So, in addition to the opt-out setting, there is an even easier way to avoid providing them your private repository data to train AI models, and that's by continuing to not use Copilot.
Why would I ever use copilot on any code Id want to be kept private? Labling it a private repo and having a tiny clause in the TOS saying we can take your code and show it to everybody is just an upright lie
The idea that because any piece of code could possibly contain some personal data -- while 99.99% of it doesn't -- that therefore the entirety is PD is not supported by the gdpr. You could as well say any text field anywhere can hypothetically have someone type their name and is thus personal data as well.
Personal data is about identifying a person and relating information to that person. A name in an unrelated text field isn’t personal data if you can’t tell the relation between the name and the person who input it, or any surrounding data. The contents of a repository, however, and the interaction with Copilot, can very well help identifying the account holder and their personal data. For example, I might be processing personal health data identifiable as such in a private repository with the help of Copilot.
https://grep.app/search?regexp=true&q=%5Ba-z%5D%7B8%2C%7D%5C...
For example, license files often contain names and many package managers require a contact person.
When this goes to court, GitHub will probably make the excuse that they somehow did not know that people upload personal data, but the fact that this happens so often that they had to make a secret scanner to stop people from uploading their private keys will prove them as liars.
> model training
> Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement
Are you seriously trying to claim that the code isn't input, output, or associated context of Copilot operating on a private repo? What term do you think better applies to the code that's being read as input, used as context, and potentially produced as output?
""" Allow GitHub to use my data for AI model training
Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement. """
If the reality is less scary than how it sounds, then the wording needs to be less scary-sounding. It may be that GitHub isn't training models on private repos, but the language certainly suggests that it is. The feedback we're seeing in this post is proof enough of that.
Finally, I read the Privacy Statement, and it's unclear what the applicable language is. "Inputs," "Outputs," and "Associated Context" are terms of art that have no matching definitions in the Statement. (The terms "Outputs" and "Associated Context" don't even appear in the Statement at all. Not even "train.") As an attorney I find this completely baffling.
Because microsuck is about to violate the law that many times
How does this work for a private repository with access granted to additional contributors? Which setting is consulted then?
Honestly, if you work at GitHub, maybe you should focus on your uptime -- it's awful.
To the PM behind this - developers are sensitive to this kind of thing. Just make it opt-in instead?
This affects anyone using VS Code or Copilot with proprietary data, including all the users automating workflows through the Copilot SDK and the like. A perfect storm.
Did anyone from GitHub's legal team actually authorise this, or did they use Copilot to sign off on it?
> Allow GitHub to use my data for AI model training: Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement.
“Associated Context” is the repo. If I use copilot, I’m giving it access to my repo.
I don’t know in all the ways copilot can be triggered, and I’m not certain that I could stop it from being triggered, given Microsoft’s past behaviors in slapping Copilot on everything that exists.
This suspect denial is why I will get my clients moved off of github.
No? Because no one would opt-in, you say?
Wow. It's almost like this is a user-hostile feature that breaks the implicit promise behind a "private" repo.
Honestly, what the fuck? This changes was already pretty bad but this being the apparent corporate response is insane.
Done with Github and Microsoft after this. Just disgusting how little you care for users, ethics, or morals.
You’re laundering the code of users who don’t opt-in through Copilot users who do, to read in as many LoC as possible. It’s clear as day to everyone not morally bankrupt.
That’s fucking terrifying.
I didn’t think Github had much of a brand left to damage, but here we are.
Doesn’t seem to leave non-enterprise projects with much choice but to ban contributors from using copilot (to whatever extent they can - company policy, etc.)
“HALT IMMEDIATELY. Copilot is banned on this project.”
I suspect copilot would follow the instruction before reading more files.
Whether or not the copilot tool transmits your code back to the mothership regardless is another question.
[1] https://docs.github.com/en/copilot/how-tos/configure-custom-...
You see coders have this reasoning flaw where they go "Oh I've understood the system, now I can work out all the ramifications of my actions", and then they get tricked at every step of the life.
That's my bar. My time is my time, and anything that takes time from me better have a damn good excuse. Github is not bringing any good reasons to the table to justify making me take my time to protect privacy I've had by default up to now.
> takes 30 seconds.
Corrupting Steinmetz' quip to Ford: it's 30 seconds to flip the switch, 240 hours to know that a switch needs to be flipped.
Previously we didn’t do any training on usage. However as other products have come into the market they do train on usage. We’ve been training on our internal usage for just over a year and have seen some major improvements. For details see of the types of improvements we’ve seen from training on our internal usage check out this article: https://github.blog/news-insights/product-news/copilot-new-e...
I thought neural nets never repeat the training data verbatim, and copyright does not pass through them, so what's the problem?
> If they want to incentivise people to contribute their sources and copilot sessions, they could easily make it opt-in on a per-repository basis and provide some incentive, like an increased token quota.
If you wouldn't use your personal email account on your work computer, I don't see why you wouldn't create a new GitHub account only for work.
It's convenient for MS to make this opt in by default for sure.
Is there any information about how much information from an organization managed repo may be trained on if an individual user has this flag enabled? Will one leaky account cause all of our source code to be considered fair game?
And Copilot is integrated with IDEs. Doesn't need any interaction with the github site beyond the initial sign in...
Sure, you can poke around in the settings and find one that you believe opts you out, but in lieu of clear and explicit instructions from GitHub, you'll have no way to find out. Only the possibility of finding out later that you guessed wrong.
You might have closed it...
Just go to your account settings and find the opt-out option.
The chip on your shoulder doesn't make for productive conversation here.
You don't want an LLM trained on my private repos. Trust me.
The feature to opt out is at the bottom under privacy: "Allow GitHub to use my data for AI model training"
TIL: you cannot opt out of a copilot-pro subscription. How is it a subscription if I can't cancel?
(Honestly, who has time to evade all these traps? Or to migrate 150+ repo's on 6+ machines...)
Which doesn't answer your question at all, but it is the metric they'll pay attention to. And it is the the thing that actually addresses the underlying problem.
Microsoft services are tech debt. I moved the moment they were acquired and never regretted it.
"Finally, AI for the entire software lifecycle."
Not very trust inspiring, that.
Can I even have git hosting without anything else being crammed down my throat, or it's just like Microsoft?
If it's really important to you that the repo is private, I'd self-host.
But it always seemed to me that the UI should run locally with encryption keys that are shared and the service just manages encrypted blobs of diffs that can roll from version to version of encrypted data and that’s about it. Granted I probably don’t know the full workflow, i typically am a single dev on simple projects where I don’t need 99% of the overhead these introduce.
Apparently someone has developed something similar to this
There's instructions on running a Git server in the git book: https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protoco...
And according to their PM and privacy policy, they're not training their models on your code[0].
[0]: https://forum.gitlab.com/t/can-i-opt-out-from-my-code-being-...
I just looked up gitosis on github though and it was last updated 12 years ago.... still works for me though.
Overall, hosting your own repos is very easy.
I definitely feel like more can be done within this space and that there is space for more competitors (even forgejo instances for that matter)
There are tons of git providers including free ones that include full gitlab/gitea/forgejo to get similar features to github and there is nothing more easy to self host or host on a vps with near zero maintenance.
You wouldn't believe the amount of people that would list Github, but not git, as a skill.
If they want to incentivise people to contribute their sources and copilot sessions, they could easily make it opt-in on a per-repository basis and provide some incentive, like an increased token quota.
This is not hard.
It's consistent with believing that AI is the future -- if a company doesn't perform really well, it loses that race. And if the userbase they piss off is also the userbase that's skeptical about AI, then they're not pissing off anyone that's relevant to the company winning.
Downside: Pissing off users is gross.
So far it's been a benefit because coding agents seems to understand my code and can follow my style.
I don't store client data (much less credentials) in my repos (public or private) so I'm not worried about data leaks. And I don't expect any of my clients to decide to replace me and vibe code their way to a solution.
I do worry (slightly) about large company competitors using AI to lower their prices and compete with me, but that's going to happen regardless of whether anyone trains on my code. And my own increases in efficiency due to AI have made up for that.
I suspect MSFT is in a similar spot. If they don’t train on more data, they’ll be left behind by Anthropic/OAI. If they do, they’ll annoy a few diehards for a while, they’ll work through the kinks, then everyone will get used to it.
Or, perhaps more directly, training their image-gen models on your private Google Photos.
They’re training (with an opt out) on stuff people feel is an invasion of their privacy to make their service better.
Settings->Copilot->Features->Privacy=>[ Allow GitHub to use my data for AI model training
Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement. ]
> Allow GitHub to use my data for AI model training
It's not a new setting, fwiw. I opted out years(??) ago.
https://github.com/flolu/git-gcrypt
It's very easy to set up and integrates nicely into git. Obviously only works if you don't need Actions or anything that requires Github to know what's in your repo (duh).
I will go screaming and kicking and fighting into this dystopian nightmare post-privacy shithole world that so many people seem fine with. If I have to move off of every service or technology to maintain some semblance of privacy so be it.
And I have the same question about private notes, or even a diary. Can an AI training on a bunch of personal stuff damage the person that wrote it?
Do you really keep trading algorithms on github?
This setting will make no difference to whether your code is fed into their training set. "Oops we accidentally ignored the private flag years ago and didn't realise, we are very sorry, we were trying to not do that".
// todo… remove this before it goes to prod lol
Imagine a man asking a woman “want to have sex? Or maybe later?” out of the blue, then asking her again every 3 days until she says “yes”
Yeah, it ain't sex, but it does still come down to basic respect.
However, do you think people accept Microsoft backup because they want a backup?
Or do you think they click yes because it makes the popup go away for good?
Wearing me down until I say yes isn’t the same as just yes.
It’s the same dark pattern for the 10-11 upgrade. My father in law managed to upgrade by accident because it kept popping up. He didn’t really make an informed choice for himself. One day he just couldn’t figure out why everything was different.
Take this extremely simple example about antenna pod. I can change the order and what buttons show up in the app nav bar. For example I can remove the "home" button or put other things there instead like playback history.
This is a small minor point of the bigger picture. Yet there is this distinct sense in which when using that app I don't feel like I'm beholden to some chain of management in some company deciding they get to decide what I get to do.
Like its almost unthinkable that the YouTube app let you remove shorts or reorder the navigation bar and decide what you wanted to have there.
I don't have much hope, but I wish that ignoring software licensing and attribution at scale becomes harder than it currently seems.
I love falling into a rabbit hole looking at people’s projects
TLDR: As long as you aren't using Copilot, your code should be safe (according to GitHub).
What data are you collecting?
When an individual user has this setting enabled, the interaction data we may collect includes:
- Outputs accepted or modified by the user
- Inputs sent to GitHub Copilot, including code snippets shown to the model
- Code context surrounding the user’s cursor position
- Comment and documentation that the user wrote
- File names, repository structure, and navigation patterns
- Interactions with Copilot features including Chat and inline suggestionsNow, anything that gets referenced in a copilot chat is fair game
Not for commercial success, just wanted a git and github like experience for my new game project.
Then I started getting into features specific to game dev like moving away from LFS and properly diffing binaries.
paganartifact.com/benny/artifact
Mirror: GitHub bennyschmidt/artifact
The possibilities are endless. I thought of this after remembering seeing a post a couple months ago about how it doesn't take a significant amount of bad data to poison an LLM's training.
I'm absolutely sure that there are state actors with gigantic budgets that are putting a lot of effort into similar attacks, though.
If you don't use Github Copilot, this shouldn't effect you, and may be why you got no email. The current headline is fairly misleading--it's about Copilot usage, not private repos per se.
Enabled - "You will have access to this feature" as help text. Disabled - "You will not have access to this feature".
WTF does that mean?
And it is absolute dogshit. And offensive to actual copilots.
I see no reason to ever go back to holding my code elsewhere.
Don’t forget git is fairly new
When I first started doing production code it was pre-github so we used some other kind of repo management system
This is a perfect example of where the they’re starting to cannibalize their base and now we have the ability to get away from them entirely.
If so, this might be illegal.