Using Copilot even as a mere coding assistance is insane, if no other reason than you're sending all your code to Microsoft, and you also let them monitor your work habits in uncomfortably intimate details.
this post was submitted on 26 Jun 2025
334 points (98.3% liked)
Programmer Humor
36755 readers
434 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
Oh no, anyways.
Edit: As if your fucking code isnt hosted on github, own by fuck knows who
*codeberg
pacing data might be useful to pressure us more, later. its not just about the code.
Gimme that co-pilot with real intelligence ---> Shows you syntax errors and inconsistent object definitions.
I said real intelligence --->
Today I was "talking" to copilot asking about how to tackle a certain issue. The fucking thing replied with my manager and his manager's NAMES telling me to reach out to them. Of course I was aware that Copilot's primary function is not as an AI assistant but as a surveillance tool, but working in the EU, this still surprised me a lot.
That said, under the protections the EU affords me, I will absolutely continue to use Copilot for the most inane possible tasks. I know that they know, but they can't act on it without breaking GDPR.
Your move, corporation.
You think american companies care about gdpr? lol
Are you aware Meta keeps paying larger and larger fines each year for failing to comply with gdpr in Facebook? Last one was 1.3 BILLION. they just keep doing it.
He’s just trying to win some more bread for Europe. Eventually everything will be fully subsidized by fines on American companies.
Oh, I'm very aware. My own (EU!) company has ISO certifications that "guarantee" our customers that all their data is perfectly protected.
It is not. We, among other things, have plaintext user/password combos in scripting. Certain logs are certainly not being processed lawfully.
It's also not so bad as to be terrible but it still irks me a lot that we're essentially lying to our users.
All that information is integrated in Active Directory and available for Microsoft to ingest into their AI. Heck it could be something they put in the system prompt. “If you have low confidence in your output then respond ‘contact your manager’ instead.
Hey, at least it gives you somewhat coherent answers. Copilot chat for me is less helpful than the Amazon customer service bot.
I didnt get it. Your manager replied instead of it?
User: Copilot, how can I write a function to print "Hello World"
Copilot: Ask your manager Frank or his manager Frankie for advice.
(Nice avatar BTW)
Thanks, it’s an svg!
No, the AI advised me to contact my direct superior and his superior, but mentioned their names.
I have never provided it with this information, so that means it has a lot more access to our information than is officially known. Technically we aren't even supposed to input anything that could possibly be identifying, again for GDPR purposes, so I have no idea where Copilot got the information from.
I assume that MS lets companies tailor their instance of Copilot to a certain degree and maybe it was fed an organigram of the entire company, but AFAIK this is already not allowed under current legislation. Or maybe it is and I'm just a modern luddite.
Regardless, I'll be even more careful about what I use Copilot for from this point forward.
@Kyrgizion @boredsquirrel I assume you"re using 365 version of Copilot wich can access Active Directory data which if they're correctly setup contains a supervisor field
Thanks for the info!
Probably from the Microsoft 365/Teams/Outlook/whatever profile which can include who's your manager, or potentially from Outlook emails. From what I can tell, Microsoft's been trying hard to shove copilot in any of their systems, like AAD/Entra.
My company has recently migrated their emails to it and as an admin I was very surprised that you can just read any email in full in any mailbox from "regular" functionality like email trace or antispam. I have no idea how that's GDPR compliant - in my other jobs we were using Google Workspace which only shows metadata because of that, and accessing another person's mailbox by other means (e.g. resetting the password on an ex-employee account) was a huge no-no
[...] in my other jobs we were using Google Workspace which only shows metadata because of that[...]
Rare moment when Google is mentioned as behaving GDPR compliant... I mean, I know that big tech is vacuuming up all data and doesn't care about GDPR, but still.... You can be worse than effing Google?
Did you pay for copilot yourself or did your job provide you with a license?
The enterprise tier of copilot is supposed to have access to such data, though it can be managed trough internal policies.
Ask it to summarize your latests emails In outlook/teams messages. If it has access to those (and this is intended) then its near certainty also setup to know who is who in the organization.
Allegedly, the data is “safe” because enterprises is supposedly not harvested and used for training… which makes me conclude non enterprise use absolutely is.
Allegedly because thats what Microsoft claims and on paper it looks legal. But these tech companies never seem to actually follow the law to such a degree that any claims that unmistakably seem to fit within the legal framework automatically are sus to me.
Truely a product of the internet.
Continue.dev extension with VSCodium.
Elix d's nuts