https://github.com/settings/copilot/features
For users of Free, Pro and Pro+ Copilot, if you don’t opt out then we will start collecting usage data of Copilot for use in model training.
If you are a subscriber for Business or Pro we do not train on usage.
The blog post covers more details but we do not train on private repo data at rest, just interaction data with Copilot. If you don’t use Copilot this will not affect you. However you can still opt out now if you wish and that preference will be retained if you decide to start using Copilot in the future.
Hope that helps.
> Should you decide to participate in this program, the interaction data we may collect and leverage includes:
> - Outputs accepted or modified by you
> - Inputs sent to GitHub Copilot, including code snippets shown to the model
> - Code context surrounding your cursor position
> - Comments and documentation you write
> - File names, repository structure, and navigation patterns
> - Interactions with Copilot features (chat, inline suggestions, etc.)
> - Your feedback on suggestions (thumbs up/down ratings)
"should you decide to participate.."??? You didn't ask if I wanted to participate. You asked if I didn't.
I didn't get to decide to participate. I had to decide not to. You made me do work to prevent my privacy from being violated.
Second response: Maybe? I press the little button to auto-generate commit titles and messages that showed up in my Github Desktop. Does that count?
I'm asking sincerely. I don't "use Copilot" as in using it in VS Code or while writing code, so I'm honestly not sure if I am.
I'm pretty sure if you use the site you're using GitHub Copilot in some way, so your question becomes irrelevant.
> interaction data—specifically inputs, outputs, code snippets, and associated context [...] will be used to train and improve our AI models
So using Copilot in a private repo, where lots of that repo will be used as context for Copilot, means GitHub will be using your private repo as training data when they were not before.
Boiling the frog with a Venn diagram.
I don't have to be a Copilot user to click on it.
This change is malicious, and it doesn't only affect Copilot users. It affects everyone on the platform!
So why do any of this at all? You're putting a large part of your customer base on edge in order to improve a service that "most people don't use." The erosion of trust this brings doesn't seem like a worthwhile or prudent sacrifice.
I am not certain if you're a spokesperson for github - but it's good to be careful in your language. Instead of "No we won't" a lead like "That isn't entirely accurate" would be more suitable. In the end both the original post title and your reply have ended up being misleading.
This statement itself is misleading. Also, GitHub probably should have seen this coming.
They are not doing what I initially thought, which is slurping up your private repo, wholesale, into its training set. You don't have to opt out of anything to prevent that.
They are slurping any context and input containing code from your private repo which is provided to them as part of using Copilot.
So, in addition to the opt-out setting, there is an even easier way to avoid providing them your private repository data to train AI models, and that's by continuing to not use Copilot.
Why would I ever use copilot on any code Id want to be kept private? Labling it a private repo and having a tiny clause in the TOS saying we can take your code and show it to everybody is just an upright lie
https://grep.app/search?regexp=true&q=%5Ba-z%5D%7B8%2C%7D%5C...
For example, license files often contain names and many package managers require a contact person.
When this goes to court, GitHub will probably make the excuse that they somehow did not know that people upload personal data, but the fact that this happens so often that they had to make a secret scanner to stop people from uploading their private keys will prove them as liars.
""" Allow GitHub to use my data for AI model training
Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement. """
If the reality is less scary than how it sounds, then the wording needs to be less scary-sounding. It may be that GitHub isn't training models on private repos, but the language certainly suggests that it is. The feedback we're seeing in this post is proof enough of that.
Finally, I read the Privacy Statement, and it's unclear what the applicable language is. "Inputs," "Outputs," and "Associated Context" are terms of art that have no matching definitions in the Statement. (The terms "Outputs" and "Associated Context" don't even appear in the Statement at all. Not even "train.") As an attorney I find this completely baffling.
> model training
> Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement
Are you seriously trying to claim that the code isn't input, output, or associated context of Copilot operating on a private repo? What term do you think better applies to the code that's being read as input, used as context, and potentially produced as output?
How does this work for a private repository with access granted to additional contributors? Which setting is consulted then?
This suspect denial is why I will get my clients moved off of github.
Honestly, if you work at GitHub, maybe you should focus on your uptime -- it's awful.
To the PM behind this - developers are sensitive to this kind of thing. Just make it opt-in instead?
Because microsuck is about to violate the law that many times
Hope that helps.
This affects anyone using VS Code or Copilot with proprietary data, including all the users automating workflows through the Copilot SDK and the like. A perfect storm.
Did anyone from GitHub's legal team actually authorise this, or did they use Copilot to sign off on it?
> Allow GitHub to use my data for AI model training: Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement.
“Associated Context” is the repo. If I use copilot, I’m giving it access to my repo.
I don’t know in all the ways copilot can be triggered, and I’m not certain that I could stop it from being triggered, given Microsoft’s past behaviors in slapping Copilot on everything that exists.
No? Because no one would opt-in, you say?
Wow. It's almost like this is a user-hostile feature that breaks the implicit promise behind a "private" repo.
Honestly, what the fuck? This changes was already pretty bad but this being the apparent corporate response is insane.
Done with Github and Microsoft after this. Just disgusting how little you care for users, ethics, or morals.
That’s fucking terrifying.
You’re laundering the code of users who don’t opt-in through Copilot users who do, to read in as many LoC as possible. It’s clear as day to everyone not morally bankrupt.
Why the smug sarcastic attitude? nah, fuck github i'm out.
I'm not bidding against you to not train on my data.
I didn’t think Github had much of a brand left to damage, but here we are.
> If your data is stored in a database that a company can freely read and access (i.e. not end-to-end encrypted), the company will eventually update their ToS so they can use your data for AI training — the incentives are too strong to resist
(-:
Like using that /s or using that smiling emoji sign you used.
A good joke would land even if some other people miss it because of the text format.
"Microsoft would never do this" would have landed for me.
I didn't become paranoid, everybody else didn't!
Stallman is always right.
So I dunno bout that.
About communication with other humans he’s pretty much always wrong.
Imagine we’d had a better communicator who wasn’t a gross toe nail picking troll fronting free software? It shouldn’t matter. Only the ideas should matter . But the reality is different.
Not really. Almost always right....
Any takes on what 2029 will look like? (related to this topic, ofc)
Pro tip: sign up for the business/enterprise version when reasonable in price.
I do this with Google Workspace. You can also do it with GitHub.
(Google doesn’t train on Workspace, Github doesn’t train on business customers, etc)
Please don't reward these companies with money.
Yes, I know, it's dicey when people get used to a nice, friendly platform, and the platform gains lots of users, and then at some point (or several points), the terms start getting worse, and people feel misled and betrayed.
I get that. But this is a corporation. Hell, this is Microsoft. It's hilarious how many people think they've actually changed since their antitrust judgment in the 90s. I guess a lot of folks here are too young to remember it, even.
Companies exist to make money. If they are giving you something for free, they are either a) getting something else out of it already, or b) giving it to you for free now and looking for ways to get their own value out of it later. I don't mean that in some sort of cynical, "fuck the world" sense; that's just reality, and that's fine, for the most part.
If you don't like this, don't use free services provided by corporations. Host your own. Yes, I know it can cost money. Yes, I know it's more work. But that's life. TANSTAAFL.
I've had a VPS running for a couple decades on a small provider. These days it costs me a little under $200/year. Much cheaper options exist. I run a web server, gitea instance, matrix homeserver, and a slew of other things on it. It requires very little maintenance because I just run Debian stable on it, keep up with security updates, but otherwise leave it alone. It backs up the important stuff to S3 using duplicity, but -- knock on wood -- I've never had a catastrophic failure that required a restore in the ~20 years its been running.
If the publishing industry can't win a case against the AI firms then you don't stand a chance when you finally find out they've been training on your private data the whole time.
They can tell you one thing and do the opposite and there's effectively nothing you can do about it. You'd be a fool to trust them.
And I don't see any mention that that exempts you from being trained on. (Yes, the blog says you're still covered, but at that price I'd like to see a contract saying that)
...yet
The belief of business users that this will remain true is grounded more in hope than in cold, dispassionate, business based decision making.
If it's not life or death, encrypt every byte of data you send to the cloud.
If it is life or death, you should probably not be letting that data traverse the open internet in any form.
Conspiratorial thinking? Sure. But if you've been around for a couple decades and seen the games these people play (and you aren't a complete sucker), then you'll at least be aware that there's at least slight possibility that these companies can get things from their customers that they (the customers) did not knowingly agree to.
Doesn’t seem to leave non-enterprise projects with much choice but to ban contributors from using copilot (to whatever extent they can - company policy, etc.)
“HALT IMMEDIATELY. Copilot is banned on this project.”
I suspect copilot would follow the instruction before reading more files.
Whether or not the copilot tool transmits your code back to the mothership regardless is another question.
[1] https://docs.github.com/en/copilot/how-tos/configure-custom-...
You see coders have this reasoning flaw where they go "Oh I've understood the system, now I can work out all the ramifications of my actions", and then they get tricked at every step of the life.
It's convenient for MS to make this opt in by default for sure.
Is there any information about how much information from an organization managed repo may be trained on if an individual user has this flag enabled? Will one leaky account cause all of our source code to be considered fair game?
And Copilot is integrated with IDEs. Doesn't need any interaction with the github site beyond the initial sign in...
Sure, you can poke around in the settings and find one that you believe opts you out, but in lieu of clear and explicit instructions from GitHub, you'll have no way to find out. Only the possibility of finding out later that you guessed wrong.
You might have closed it...
Just go to your account settings and find the opt-out option.
You don't want an LLM trained on my private repos. Trust me.
The feature to opt out is at the bottom under privacy: "Allow GitHub to use my data for AI model training"
TIL: you cannot opt out of a copilot-pro subscription. How is it a subscription if I can't cancel?
(Honestly, who has time to evade all these traps? Or to migrate 150+ repo's on 6+ machines...)
Microsoft services are tech debt. I moved the moment they were acquired and never regretted it.
"Finally, AI for the entire software lifecycle."
Not very trust inspiring, that.
Can I even have git hosting without anything else being crammed down my throat, or it's just like Microsoft?
If it's really important to you that the repo is private, I'd self-host.
But it always seemed to me that the UI should run locally with encryption keys that are shared and the service just manages encrypted blobs of diffs that can roll from version to version of encrypted data and that’s about it. Granted I probably don’t know the full workflow, i typically am a single dev on simple projects where I don’t need 99% of the overhead these introduce.
Apparently someone has developed something similar to this
I definitely feel like more can be done within this space and that there is space for more competitors (even forgejo instances for that matter)
And according to their PM and privacy policy, they're not training their models on your code[0].
[0]: https://forum.gitlab.com/t/can-i-opt-out-from-my-code-being-...
There's instructions on running a Git server in the git book: https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protoco...
I just looked up gitosis on github though and it was last updated 12 years ago.... still works for me though.
Overall, hosting your own repos is very easy.
Which doesn't answer your question at all, but it is the metric they'll pay attention to. And it is the the thing that actually addresses the underlying problem.
There are tons of git providers including free ones that include full gitlab/gitea/forgejo to get similar features to github and there is nothing more easy to self host or host on a vps with near zero maintenance.
You wouldn't believe the amount of people that would list Github, but not git, as a skill.
If they want to incentivise people to contribute their sources and copilot sessions, they could easily make it opt-in on a per-repository basis and provide some incentive, like an increased token quota.
This is not hard.
It's consistent with believing that AI is the future -- if a company doesn't perform really well, it loses that race. And if the userbase they piss off is also the userbase that's skeptical about AI, then they're not pissing off anyone that's relevant to the company winning.
Downside: Pissing off users is gross.
So far it's been a benefit because coding agents seems to understand my code and can follow my style.
I don't store client data (much less credentials) in my repos (public or private) so I'm not worried about data leaks. And I don't expect any of my clients to decide to replace me and vibe code their way to a solution.
I do worry (slightly) about large company competitors using AI to lower their prices and compete with me, but that's going to happen regardless of whether anyone trains on my code. And my own increases in efficiency due to AI have made up for that.
I see no reason to ever go back to holding my code elsewhere.
Don’t forget git is fairly new
When I first started doing production code it was pre-github so we used some other kind of repo management system
This is a perfect example of where the they’re starting to cannibalize their base and now we have the ability to get away from them entirely.
Settings->Copilot->Features->Privacy=>[ Allow GitHub to use my data for AI model training
Allow GitHub to collect and use my Inputs, Outputs, and associated context to train and improve AI models. Read more in the Privacy Statement. ]
> Allow GitHub to use my data for AI model training
It's not a new setting, fwiw. I opted out years(??) ago.
If you don't use Github Copilot, this shouldn't effect you, and may be why you got no email. The current headline is fairly misleading--it's about Copilot usage, not private repos per se.
TLDR: As long as you aren't using Copilot, your code should be safe (according to GitHub).
What data are you collecting?
When an individual user has this setting enabled, the interaction data we may collect includes:
- Outputs accepted or modified by the user
- Inputs sent to GitHub Copilot, including code snippets shown to the model
- Code context surrounding the user’s cursor position
- Comment and documentation that the user wrote
- File names, repository structure, and navigation patterns
- Interactions with Copilot features including Chat and inline suggestionshttps://github.com/flolu/git-gcrypt
It's very easy to set up and integrates nicely into git. Obviously only works if you don't need Actions or anything that requires Github to know what's in your repo (duh).
I suspect MSFT is in a similar spot. If they don’t train on more data, they’ll be left behind by Anthropic/OAI. If they do, they’ll annoy a few diehards for a while, they’ll work through the kinks, then everyone will get used to it.
Or, perhaps more directly, training their image-gen models on your private Google Photos.
They’re training (with an opt out) on stuff people feel is an invasion of their privacy to make their service better.
And this is the problem: any time you're adding a new "feature" that invades users' privacy, it needs to be opt-in.
Imagine a man asking a woman “want to have sex? Or maybe later?” out of the blue, then asking her again every 3 days until she says “yes”
Yeah, it ain't sex, but it does still come down to basic respect.
However, do you think people accept Microsoft backup because they want a backup?
Or do you think they click yes because it makes the popup go away for good?
Wearing me down until I say yes isn’t the same as just yes.
It’s the same dark pattern for the 10-11 upgrade. My father in law managed to upgrade by accident because it kept popping up. He didn’t really make an informed choice for himself. One day he just couldn’t figure out why everything was different.
Take this extremely simple example about antenna pod. I can change the order and what buttons show up in the app nav bar. For example I can remove the "home" button or put other things there instead like playback history.
This is a small minor point of the bigger picture. Yet there is this distinct sense in which when using that app I don't feel like I'm beholden to some chain of management in some company deciding they get to decide what I get to do.
Like its almost unthinkable that the YouTube app let you remove shorts or reorder the navigation bar and decide what you wanted to have there.
I will go screaming and kicking and fighting into this dystopian nightmare post-privacy shithole world that so many people seem fine with. If I have to move off of every service or technology to maintain some semblance of privacy so be it.
And I have the same question about private notes, or even a diary. Can an AI training on a bunch of personal stuff damage the person that wrote it?
Do you really keep trading algorithms on github?
This setting will make no difference to whether your code is fed into their training set. "Oops we accidentally ignored the private flag years ago and didn't realise, we are very sorry, we were trying to not do that".
// todo… remove this before it goes to prod lol
The possibilities are endless. I thought of this after remembering seeing a post a couple months ago about how it doesn't take a significant amount of bad data to poison an LLM's training.
I'm absolutely sure that there are state actors with gigantic budgets that are putting a lot of effort into similar attacks, though.
I don't have much hope, but I wish that ignoring software licensing and attribution at scale becomes harder than it currently seems.
Or am I missing some trick / dark GUI pattern? Just want to make sure.
Now, anything that gets referenced in a copilot chat is fair game
I love falling into a rabbit hole looking at people’s projects
Enabled - "You will have access to this feature" as help text. Disabled - "You will not have access to this feature".
WTF does that mean?
Say some personal data leaked into training data, where can I request surgical deletion of that data from the LLM? Not only license washing is done using LLM, but also PII washing and consent ignoring is done using LLMs. How will a service provider make sure to not ever have personal data in the training data set and fix earlier mistakes pertaining to personal data? Are they not obliged to have a way of deleting one's personal data? GDPR or something?
If so, this might be illegal.
And it is absolute dogshit. And offensive to actual copilots.
Not for commercial success, just wanted a git and github like experience for my new game project.
Then I started getting into features specific to game dev like moving away from LFS and properly diffing binaries.
paganartifact.com/benny/artifact
Mirror: GitHub bennyschmidt/artifact