Updates to GitHub Copilot interaction data usage policy

Posted by prefork 5 hours ago

Updates to GitHub Copilot interaction data usage policy(github.blog)

206 points | 99 comments

stefankuehnel 4 hours ago|

If you scroll down to "Allow GitHub to use my data for AI model training" in GitHub settings, you can enable or disable it. However, what really gets me is how they pitch it like it’s some kind of user-facing feature:

Enabled = You will have access to the feature

Disabled = You won't have access to the feature

As if handing over your data for free is a perk. Kinda hilarious.

data-ottawa 1 hour ago||

It’s not so bad, there’s no double negative and it’s not a confusing “switch” that is always ambiguous as to whether it’s enabled or not.

In contrast when you create a a GCS bucket it uses a checkmark for enabling “public access prevention”. Who designed that modal? It takes me a solid minute to figure out if I’m publishing private data or not.

a1o 4 hours ago|||

I went to check on this and I have everything copilot related disabled and in the two bars that measure usage my Copilot Chat usage was somehow in 2%, how is this possible?

Before anyone comes to me to sell me on AI, this is on my personal account, I have and use it in my business account (but it is a completely different user account), I just make it a point to not use it in my personal time so I can keep my skills sharp.

hakunin 3 hours ago|||

Does Github count it as copilot chat usage when you use AI search form on their website, I wonder?

a1o 1 hour ago||

I wonder if that’s it! I occasionally do some code search on GitHub and then remember it doesn’t work well and go back to searching in the IDE. I usually need to look into not the main branch because I do a lot of projects that have a develop branch where things actually happen. But that would explain so I guess this is it.

saratogacx 3 hours ago|||

If you're taking about the quota bar. That is only measuring your premium request usage (models with a #.#x multiplier next to the name). If you only use the free models and code completion you won't actually consume any "usage". If you use AI code review that consumes a single request (now). Same with the Github Copilot web chat, if you use a free model, it doesn't count, if you use a premium model you get charged the usage cost.

Rapzid 2 hours ago|||

Is that not some stock feature-flag verbiage?

bigiain 2 hours ago|||

Stock dark pattern verbiage...

I'm a little surprised the options aren't "Enable" and "Ask me later".

NewJazz 1 hour ago|||

But it isn't a feature, so using a feature flag is a bit weird.

UqWBcuFx6NV4r 31 minutes ago||

No, it’s not. Please think like a developer and not like someone playing amateur gotcha journalist on social media. Feature flags are (ab)used in this way all the time. What is a feature? What is a feature flag? It’s like asking what authorisation is vs all your other business rules. There’s grey area.

NewJazz 22 minutes ago||

"Please think like a developer" lmao if I said this to someone at my dayjob I'd be gone.

petcat 4 hours ago|||

I guess the "perk" is that maybe their models get retrained on your data making them slightly more useful to you (and everyone else) in the future? idk

mirekrusin 3 hours ago|||

The feature is that your coding style will be in next models!

rzmmm 3 hours ago||

I wish my GPL license would transit along with my code.

UqWBcuFx6NV4r 30 minutes ago||

If you are wholly confident that model training is a violation of the GPL then go sue.

martin-t 2 hours ago|||

A few days ago, I unchecked it, only to see it checked again when I reloaded the page.

It could be incompetence but it shouldn't matter. This level of incompetence should be punished equally to malice.

7bit 3 hours ago||

It's worded that way to create FOMO in the hopes people keep it enabled.

Dark pattern and dick move.

QuadrupleA 2 hours ago||

Fun fact: Copilot gives you no way to ignore sensitive files with API keys, passwords, DB credentials, etc.: https://github.com/orgs/community/discussions/11254#discussi...

So by default you send all this to Microsoft by opening your IDE.

nulld3v 12 minutes ago||

Sadly, this issue is systemic: https://github.com/openai/codex/issues/2847

0xbadcafebee 41 minutes ago|||

Separate fun fact: Gemini CLI blocks env vars with strings like 'AUTH' in the name. They have two separate configuration options that both let you allow specific env vars. Neither work (bad vibe coding). Tried opening an issue and a PR, and two separate vibe-coding bots picked up my issue and wrote PRs, but nobody has looked at them. Bug's still there, so can't do git code signing via ssh agent socket. Only choice is to do the less-secure, not-signed git commits.

On top of that, Gemini 3 refuses to refactor open source code, even if you fork it, if Gemini thinks your changes would violate the spirit of the intent of the original developers in a safety/security context. Even if you think you're actually making it more secure, but Gemini doesn't, it won't write your code.

malnourish 55 minutes ago||

I swear I just set up enterprise and org level ignore paths.

veverkap 45 minutes ago||

Yeah, it's a Copilot Business/Enterprise feature

mentalgear 4 hours ago||

> On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out. Review this update and manage your preferences in your GitHub account settings.

Now "Allow GitHub to use my data for AI model training" is enabled by default.

Turn it off here: https://github.com/settings/copilot/features

Do they have this set on business accounts also by default? If so, this is really shady.

lenova 4 hours ago||

Ugh, can't believe they made this opt-in by default, and didn't even post the direct URLs to disable in their blog post.

To add on to your (already helpful!) instructions:

- Go to https://github.com/settings/copilot/features - Go to the "Privacy" section - Find: "Allow GitHub to use my data for AI model training" - Set to disabled

inetknght 3 hours ago||

> can't believe they made this opt-in by default

You can't believe Microslop is force-feeding people Copilot in yet another way?

> and didn't even post the direct URLs to disable in their blog post

You can't believe Microshaft didn't tell you how to not get shafted?

parkersweb 3 hours ago|||

Yes - not impressed at all that this is opt-in default for business users. We have a policy in place with clients that code we write for them won’t be used in AI training - so expecting us to opt out isn’t an acceptable approach for a business relationship where the expectation is security and privacy.

aksss 1 hour ago||

It is not opt-in by default for business users. The feature flag doesn't show in org policies and github states that it's not scoped to business users.

parkersweb 53 minutes ago||

Gah - you’re right - but given that I don’t use personal copilot - but I do manage an organisation that gives copilot to some of our developers AND I was sent an email this evening making no mention at all of business copilot being excluded it could definitely have been communicated better…

g947o 4 hours ago|||

https://github.com/orgs/community/discussions/188488

> Why are you only using data from individuals while excluding businesses and enterprises?

> Our agreements with Business and Enterprise customers prohibit using their Copilot interaction data for model training, and we honor those commitments. Individual users on Free, Pro, and Pro+ plans have control over their data and can opt out at any time.

dormento 3 hours ago|||

Aka "they have lawyers and you usually don't, so we think we can get away with it."

gentleman11 2 hours ago||

only big companies have access to the legal system. nobody else can afford it

themafia 3 hours ago|||

> and we honor those commitments.

Ah, so when the inevitable "bug" appears, and we all learn that you've completely failed to honor anything, what will be your "commitment" then? An apology and a few free months?

Time to start pushing for a self hosted git service again.

martinwoodward 4 hours ago|||

Just confirming, we do not use Copilot interaction data for model training of Copilot Business or Enterprise customers.

archb 4 hours ago|||

Interestingly, it is disabled by default for me.

crashingintoyou 4 hours ago|||

Reading the github blog post "If you previously opted out of the setting allowing GitHub to collect this data for product improvements, your preference has been retained—your choice is preserved, and your data will not be used for training unless you opt in."

gpm 4 hours ago|||

Me too, which is making me wonder if they're planning on silently flipping this setting on April 24th (making it impossible to opt out in advance).

spiderfarmer 4 hours ago||

Is it because I'm in the EU?

paularmstrong 4 hours ago|||

I'm in the US and it's off for me. I believe I've previously opted out of everything copilot related in the past if there was anything.

gpm 3 hours ago|||

I'm in Canada, so not only the EU at least.

gentleman11 2 hours ago|||

What did everyone expect? I can't understand this community's trust of microsoft or startups. It's the typical land grab: start off decent, win people over, build a moat, then start shaking everybody down in the most egregious way possible.

It's just unusual how quickly they're going for the shakedown this time

DavidSJ 4 hours ago||

> Do they have this set on business accounts also by default? If so, this is really shady.

Looks like not, but would it actually have been shadier, or are we just used to individual users being fucked over?

hrmtst93837 4 hours ago||

If they turned it on for business orgs, that would blow up fast. The line between "helpful telemetry" and "silent corporate data mining" gets blurry once your team's repo is feeding the next Copilot.

People are weirdly willing to shrug when it's some solo coder getting fleeced instead of a company with lawyers and procurement people in the room. If an account tier is doing all the moral cleanup, the policy is bad.

pred_ 3 hours ago||

What is the legal basis of this in the EU? Ignoring the fact they could end up stealing IP, it seems like the collected information could easily contain PII, and consent would have to be

> freely given, specific, informed and unambiguous. In order to obtain freely given consent, it must be given on a voluntary basis.

LadyCailin 1 hour ago|

I actually don’t seem to have this option on my GitHub settings page, which leads me to wonder if this only applies to Americans.

spartanatreyu 22 minutes ago|||

I have the setting in Australia.

I'd be curious to see which countries are affected

LauraMedia 1 hour ago|||

I actually did have to manually disable this from Germany, so it might be a different reason you don't have it?

sph 4 hours ago||

Thanks to Github and the AI apocalypse, all my software is now stored on a private git repository on my server.

Why would I even spend time choosing a copyleft license if any bot will use my code as training data to be used in commercial applications? I'm not planning on creating any more opensource code, and what projects of mine still have users will be left on GH for posterity.

If you're still serious about opensource, time to move to Codeberg.

thesmart 3 hours ago||

Yeah, I'm guessing that probably because in their TOS you grant them some license work-around for running the service, which can mean anything.

midasz 3 hours ago||

I'm in my happy space selfhosting forgejo and having a runner on my own hardware

diath 4 hours ago||

> This approach aligns with established industry practices

"others are doing it too so it's ok"

theshrike79 4 hours ago|

Ackshually Anthropic is opt-in AND they give you discounts if you enable it

nodar86 2 hours ago|||

What kind of discounts? I have never heard of this

cma 3 hours ago|||

Anthropic puts up random prompts defaulting to enabled to trick you into accidentally enabling.

section_me 4 hours ago||

If I'm paying, which I am, I want to have to opt-in, not opt-out, Mario Rodriguez / @mariorod needs to give his head a wobble.

What on earth are they thinking...

sph 4 hours ago||

> What on earth are they thinking...

@mariorod's public README says one of his focuses is "shaping narratives and changing \"How we Work\"", so there you go.

fmjrey 4 hours ago|||

Translation: more alignment with Microsoft practices

section_me 4 hours ago|||

"shaping narratives", sounds like they follow the methodologies of a current president

okanat 4 hours ago||

It looks like the literal translation of "manipulation" to Linkedin-speak.

wenldev 4 hours ago||

[dead]

Deukhoofd 4 hours ago||

So basically they want to retain everyone's full codebases?

> The data used in this program may be shared with GitHub affiliates, which are companies in our corporate family including Microsoft

So every Microsoft owned company will have access to all data Copilot wants to store?

OtherShrezzing 3 hours ago||

It’s not clear to me how GitHub would enforce the “we don’t use enterprise repos” stuff alongside “we will use free tier copilot for training”.

A user can be a contributor to a private repository, but not have that repository owner organisation’s license to use copilot. They can still use their personal free tier copilot on that repository.

How can enterprises be confident that their IP isn’t being absorbed into the GH models in that scenario?

danelski 20 minutes ago||

Quite simply, that's just a matter of the corporate internal policy and its (lack of) enforcement. This problem is just a subset of the wider IP breach with some people happily feeding their work documents into the free tier of ChatGPT.

martinwoodward 2 hours ago||

We do not train on the contents from any paid organization’s repos, regardless of whether a user is working in that repo with a Copilot Free, Pro, or Pro+ subscription. If a user’s GitHub account is a member of or outside collaborator with a paid organization, we exclude their interaction data from model training.

hmate9 4 hours ago|

For what it's worth they're not trying to hide this change at all and are very upfront about it and made it quite simple to opt out.

matltc 4 hours ago|

They didn't even link the setting in their email. They didn't even name it specifically, just vaguely gestured toward it. Dark patterns, but that's Microslop for ya

hmate9 3 hours ago||

going to github i was greeted with a banner and a link directly to the settings for changing it

More comments...