If you scroll down to "Allow GitHub to use my data for AI model training" in GitHub settings, you can enable or disable it. However, what really gets me is how they pitch it like it’s some kind of user-facing feature:
Enabled = You will have access to the feature
Disabled = You won't have access to the feature
As if handing over your data for free is a perk. Kinda hilarious.
I went to check on this and I have everything copilot related disabled and in the two bars that measure usage my Copilot Chat usage was somehow in 2%, how is this possible?
Before anyone comes to me to sell me on AI, this is on my personal account, I have and use it in my business account (but it is a completely different user account), I just make it a point to not use it in my personal time so I can keep my skills sharp.
If you're taking about the quota bar. That is only measuring your premium request usage (models with a #.#x multiplier next to the name). If you only use the free models and code completion you won't actually consume any "usage". If you use AI code review that consumes a single request (now). Same with the Github Copilot web chat, if you use a free model, it doesn't count, if you use a premium model you get charged the usage cost.
I guess the "perk" is that maybe their models get retrained on your data making them slightly more useful to you (and everyone else) in the future? idk
> On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out. Review this update and manage your preferences in your GitHub account settings.
Now
"Allow GitHub to use my data for AI model training" is enabled by default.
Yes - not impressed at all that this is opt-in default for business users. We have a policy in place with clients that code we write for them won’t be used in AI training - so expecting us to opt out isn’t an acceptable approach for a business relationship where the expectation is security and privacy.
It is not opt-in by default for business users. The feature flag doesn't show in org policies and github states that it's not scoped to business users.
> Why are you only using data from individuals while excluding businesses and enterprises?
> Our agreements with Business and Enterprise customers prohibit using their Copilot interaction data for model training, and we honor those commitments. Individual users on Free, Pro, and Pro+ plans have control over their data and can opt out at any time.
Ah, so when the inevitable "bug" appears, and we all learn that you've completely failed to honor anything, what will be your "commitment" then? An apology and a few free months?
Time to start pushing for a self hosted git service again.
Reading the github blog post "If you previously opted out of the setting allowing GitHub to collect this data for product improvements, your preference has been retained—your choice is preserved, and your data will not be used for training unless you opt in."
What did everyone expect? I can't understand this community's trust of microsoft or startups. It's the typical land grab: start off decent, win people over, build a moat, then start shaking everybody down in the most egregious way possible.
It's just unusual how quickly they're going for the shakedown this time
If they turned it on for business orgs, that would blow up fast. The line between "helpful telemetry" and "silent corporate data mining" gets blurry once your team's repo is feeding the next Copilot.
People are weirdly willing to shrug when it's some solo coder getting fleeced instead of a company with lawyers and procurement people in the room. If an account tier is doing all the moral cleanup, the policy is bad.
Thanks to Github and the AI apocalypse, all my software is now stored on a private git repository on my server.
Why would I even spend time choosing a copyleft license if any bot will use my code as training data to be used in commercial applications? I'm not planning on creating any more opensource code, and what projects of mine still have users will be left on GH for posterity.
If you're still serious about opensource, time to move to Codeberg.
What is the legal basis of this in the EU? Ignoring the fact they could end up stealing IP, it seems like the collected information could easily contain PII, and consent would have to be
> freely given, specific, informed and unambiguous. In order to obtain freely given consent, it must be given on a voluntary basis.
It’s not clear to me how GitHub would enforce the “we don’t use enterprise repos” stuff alongside “we will use free tier copilot for training”.
A user can be a contributor to a private repository, but not have that repository owner organisation’s license to use copilot. They can still use their personal free tier copilot on that repository.
How can enterprises be confident that their IP isn’t being absorbed into the GH models in that scenario?
We do not train on the contents from any paid organization’s repos, regardless of whether a user is working in that repo with a Copilot Free, Pro, or Pro+ subscription. If a user’s GitHub account is a member of or outside collaborator with a paid organization, we exclude their interaction data from model training.
They didn't even link the setting in their email. They didn't even name it specifically, just vaguely gestured toward it. Dark patterns, but that's Microslop for ya
I have GitHub Copilot Pro. I don't believe I signed up for it. I neither use it nor want it.
1. A lot of settings are 'Enabled' with no option to opt out. What can I do?
2. How do I opt out of data collection? I see the message informing me to opt out, but 'Allow GitHub to use my data for AI model training' is already disabled for my account.
Hey David - if you want to send me (martinwoodward at github.com) details of your GitHub account I can take a look. At a guess I suspect you are one of the many folks who qualified for GitHub Copilot Pro for free as a maintainer of a popular open source project.
Sounds like you are already opted out because you'd previously opted out of the setting allowing GitHub to collect this data for product improvements. But I can check that.
Note, it's only _usage_ data when using Copilot that is being trained on. Therefore if you are not using Copilot there is no usage data. We do not train on private data at rest in your repos etc.
I just checked my Github settings, and found that sharing my data was "enabled".
This setting does not represent my wishes and I definitely would not have set it that way on purpose. It was either defaulted that way, or when the option was presented to me I configured it the opposite of how I intended.
Fortunately, none of the work I do these days with Copilot enabled is sensitive (if it was I would have been much more paranoid).
I'm in the USA and pay for Copilot as an individual.
Shit like this is why I pay for duck.ai where the main selling point is that the product is private by default.
Who in their right mind will opt into sharing their code for training? Absolutely nobody. This is just a dark pattern.
Btw, even if disabled, I have zero confidence they are not already training on our data.
I would also recommend to sprinkle copyright noticed all over the place and change the license of every file, just in case they have some sanity checks before your data gets consumed - just to be sure.
> If you have been granted a free access to Copilot as a verified student, teacher, or maintainer of a popular open source project, you won’t be able to cancel your plan.
So, how does this work with source-available code, that’s still licensed as proprietary - or released under a license which requires attribution?
If someone takes that code and pokes around on it with a free tier copilot account, GitHub will just absorb it into their model - even if it’s explicitly against that code’s license to do so?
They use data from the poor student tier, but arguably, large corporates and businesses hiring talented devs are going to create higher quality training data. Just looking at it logically, not that I like any of this...
That's me. Frankly, looking at just uninstalling VSCode because Copilot straight-up gets in the way of so much, and they stopped even bothering with features that are not related to it (with one exception of native browser in v112, which, admittedly, is great)
If you previously opted out of the setting allowing GitHub to collect data for product improvements, your preference has been retained here. We figured if you didn't want that then you definitely wouldn't want this..
Does it even matter? They trained AI on obviously copyrighted and even pirated content. If this change is legally significant and a legal breach, the existence of all models and all AI businesses also is illegal.
It might or might not be legal, but it seems materially worse to screw over your direct customers than to violate the social-contracty nature of copyright law. But hey ho if you're not paying then you're the product, as ever was.
If this doesn't sound bad enough, it's possible that Copilot is already enabled. As we know this kind of features are pushed to users instead of being asked for.
Maybe it's already active in our accounts and we don't realize it, so our code will be used to train the AI.
Now we can't be sure if this will happen or not, but a company like GitHub should be staying miles away from this kind of policy. I personally wouldn't use GitHub for private corporate repositories. Only as a public web interface for public repos.
> Content from your issues, discussions, or private repositories at rest. We use the phrase “at rest” deliberately because Copilot does process code from private repositories when you are actively using Copilot. This interaction data is required to run the service and could be used for model training unless you opt out.
Sounds like it's even likely to train on content from private repositories. This feels like a bit of an overstep to me.
> From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out.
Now is the time to run off of GitHub and consider Codeberg or self hosting like I said before. [0]
Codeberg doesn't support non OSS and I'd rather just have one 'git' thing I have to know for both OSS and private work. So it's not a great option, IMO. Self-hosting also for other reasons.
I'm not sure there are any good GitHub alternatives. I don't trust Gitlab either. Their landing page title currently starts with "Finally, AI". Eek.
So by default you send all this to Microsoft by opening your IDE.
Enabled = You will have access to the feature
Disabled = You won't have access to the feature
As if handing over your data for free is a perk. Kinda hilarious.
Before anyone comes to me to sell me on AI, this is on my personal account, I have and use it in my business account (but it is a completely different user account), I just make it a point to not use it in my personal time so I can keep my skills sharp.
I'm a little surprised the options aren't "Enable" and "Ask me later".
It could be incompetence but it shouldn't matter. This level of incompetence should be punished equally to malice.
Dark pattern and dick move.
Now "Allow GitHub to use my data for AI model training" is enabled by default.
Turn it off here: https://github.com/settings/copilot/features
Do they have this set on business accounts also by default? If so, this is really shady.
To add on to your (already helpful!) instructions:
- Go to https://github.com/settings/copilot/features - Go to the "Privacy" section - Find: "Allow GitHub to use my data for AI model training" - Set to disabled
You can't believe Microslop is force-feeding people Copilot in yet another way?
> and didn't even post the direct URLs to disable in their blog post
You can't believe Microshaft didn't tell you how to not get shafted?
> Why are you only using data from individuals while excluding businesses and enterprises?
> Our agreements with Business and Enterprise customers prohibit using their Copilot interaction data for model training, and we honor those commitments. Individual users on Free, Pro, and Pro+ plans have control over their data and can opt out at any time.
Ah, so when the inevitable "bug" appears, and we all learn that you've completely failed to honor anything, what will be your "commitment" then? An apology and a few free months?
Time to start pushing for a self hosted git service again.
It's just unusual how quickly they're going for the shakedown this time
Looks like not, but would it actually have been shadier, or are we just used to individual users being fucked over?
People are weirdly willing to shrug when it's some solo coder getting fleeced instead of a company with lawyers and procurement people in the room. If an account tier is doing all the moral cleanup, the policy is bad.
What on earth are they thinking...
@mariorod's public README says one of his focuses is "shaping narratives and changing \"How we Work\"", so there you go.
Why would I even spend time choosing a copyleft license if any bot will use my code as training data to be used in commercial applications? I'm not planning on creating any more opensource code, and what projects of mine still have users will be left on GH for posterity.
If you're still serious about opensource, time to move to Codeberg.
> freely given, specific, informed and unambiguous. In order to obtain freely given consent, it must be given on a voluntary basis.
"others are doing it too so it's ok"
> The data used in this program may be shared with GitHub affiliates, which are companies in our corporate family including Microsoft
So every Microsoft owned company will have access to all data Copilot wants to store?
A user can be a contributor to a private repository, but not have that repository owner organisation’s license to use copilot. They can still use their personal free tier copilot on that repository.
How can enterprises be confident that their IP isn’t being absorbed into the GH models in that scenario?
1. A lot of settings are 'Enabled' with no option to opt out. What can I do?
2. How do I opt out of data collection? I see the message informing me to opt out, but 'Allow GitHub to use my data for AI model training' is already disabled for my account.
Sounds like you are already opted out because you'd previously opted out of the setting allowing GitHub to collect this data for product improvements. But I can check that.
Note, it's only _usage_ data when using Copilot that is being trained on. Therefore if you are not using Copilot there is no usage data. We do not train on private data at rest in your repos etc.
This setting does not represent my wishes and I definitely would not have set it that way on purpose. It was either defaulted that way, or when the option was presented to me I configured it the opposite of how I intended.
Fortunately, none of the work I do these days with Copilot enabled is sensitive (if it was I would have been much more paranoid).
I'm in the USA and pay for Copilot as an individual.
Shit like this is why I pay for duck.ai where the main selling point is that the product is private by default.
Who in their right mind will opt into sharing their code for training? Absolutely nobody. This is just a dark pattern.
Btw, even if disabled, I have zero confidence they are not already training on our data.
I would also recommend to sprinkle copyright noticed all over the place and change the license of every file, just in case they have some sanity checks before your data gets consumed - just to be sure.
Mobile
https://github.com/settings/billing/licensing
EDIT:
https://docs.github.com/en/copilot/how-tos/manage-your-accou...
> If you have been granted a free access to Copilot as a verified student, teacher, or maintainer of a popular open source project, you won’t be able to cancel your plan.
Oh. jeez.
At this point, is there any magic in software development?
If you have super-secret-content is a third party the best location?
If someone takes that code and pokes around on it with a free tier copilot account, GitHub will just absorb it into their model - even if it’s explicitly against that code’s license to do so?
1- Vulnerabilities, Secrets can be leaked to other users. 2- Intellectual Property, can also be leaked to other users.
Most smart clients won't opt-out, they will just cut usage entirely.
(I prefer Emacs anyway, but VSCode is a worthy tool.)
Maybe it's already active in our accounts and we don't realize it, so our code will be used to train the AI.
Now we can't be sure if this will happen or not, but a company like GitHub should be staying miles away from this kind of policy. I personally wouldn't use GitHub for private corporate repositories. Only as a public web interface for public repos.
Sounds like it's even likely to train on content from private repositories. This feels like a bit of an overstep to me.
Now is the time to run off of GitHub and consider Codeberg or self hosting like I said before. [0]
[0] https://news.ycombinator.com/item?id=22867803
I'm not sure there are any good GitHub alternatives. I don't trust Gitlab either. Their landing page title currently starts with "Finally, AI". Eek.