Your confusion is understandable since MS has called like 4 different products “Copilot”. This refers to the coding assistant built into GitHub for everything from CI/CD to coding itself.
All code uploaded to GitHub is subject to being scraped by Copilot to both train and provide inference context to its model(s).
Basically having your code in GitHub is implicit consent to have your code fed to MSs LLMs.
“Basically” your vibes aren’t an actual answer. Businesses are not forking over millions to give away their code.
You can have conspiracy theories about it using the code anyway (I’m particularly confused about your use of the word “scrape” which tells me you don’t know how AI training works, how hosting a website works, or how scraping works - maybe all three?) but surreptitiously using its competitors’ code to train CoPilot would be a rare existential threat to Microsoft itself.
Does GitHub use Copilot Business or Enterprise data to train GitHub’s model?
No. GitHub does not use either Copilot Business or Enterprise data to train its models.
It’s in every enterprise and business contract signed with them. The FAQ was just the first result on Google. Its obviousness shouldn’t even require that much. It’s extremely clear how few of Lemmy’s “technology” crowd have any contact with adult life.
Why are you referring all your answers to GitHub Enterprise and corporate contracts? Nobody here is talking about that, as the news is about an open source project. Public GitHub and GitHub Enterprise are fundamentally different.
You accuse others of responding based solely on “vibes,” but you do exactly the same thing in the opposite direction. And yet, of all people, you’re saying we don’t act like adults.
All of the responses are saying that Github reads all code. Github public and Github enterprise are products of the same organisation. Many are even saying they will consume enterprise data anyway despite contracts not to. As I said in my first response, there aren’t many things that would ruin Microsoft’s ability to operate but this is one.
What I meant was that you read the comments, identified inconsistencies from your point of view, and then responded in a confrontational manner without including the whole context.
You do have some good points. But instead of opposing everything that has been said, you could have differentiated much better.
For example:
Public repositories on github.com are definitely used for AI training
Private repositories on github.com are suspected of being used for training
Github Enterprise Cloud is probably contractually protected
Github Enterprise Server is the most secure of all options due to contracts and self-hosting (and therefore the only valid best option for enterprises with proprietary code)
All of the responses are saying that Github reads all code.
The first comment explicitly mentions “hosted on GitHub”, which at least excludes GitHub Enterprise Server, which is self-hosted.
The article is about an open source project that, by definition, uses public repositories.
Github public and Github enterprise are products of the same organisation.
Coming from someone who tells others that they first need to deal with “adult life”, I find this statement surprising. I work for an international company and manage several Github orgas with hundreds of repos. Whether the code is stored on github.com or on our own Github Enterprise server is highly relevant and makes a huge difference.
This is the very simple statement that I was responding to, along with the next line about how using Github is implicit consent to feeding your data to an LLM. If the poster wants nuance, they are free to provide it themselves. You can see in subsequent responses there is none.
Of course them being different matters. That’s my point. Not all code uploaded to Github is being fed into an LLM. It is not consent if you are signing a contract demanding that something not be done. It’s preposterous even at a surface level.
Github Enterprise Server is different from Github Enterprise Cloud, which is what I was talking about, and which is explicitly not used for training LLMs, and if it were, would absolutely kill Github as a product and likely mire Microsoft in years of litigation.
Frankly I don’t know of any software company using Github Enterprise on-prem but I suppose there are probably some CEOs out there who haven’t taken the OpEx pill. Maybe deep in the rainforest with Mokele-Mbembe. Certainly in my sliver of the tech industry, telecoms, the idea of owning a server is akin to having a deskphone and an outgoing mail room.
A company that pays Microsoft to host code and would join the suit that would bury them if they used proprietary code to train models in breach of paid contracts?
Lmao desperately trying to justify sunk cost, I see?
You’re right, it’s not scraping, it’s worse. Most AI bots do scrape sites for data, though since MS has direct access to the GH backend, they don’t even need to scrape the data. You’re giving it to them directly.
The issue here is trust. Microsoft, along with every other company invested in the AI race has proven repeatedly that getting ahead in said race is more important to them than anything else. It’s more important than user privacy, ToS, contracts, intellectual property, and the law itself.
If they stand to make more money screwing you over than they stand to lose from a slap on the wrist in court, the choice is clear. And they will lie to your face about it. Profit machines as big as MS don’t care. They can’t. They are optimized for one thing.
Being embarrassed by association with people who say things like “all code uploaded to Github is subject to being scraped” might be childish. Not sure it’s as childish as being embarrassed by “cringe” though. That would imply I care about your opinion on my communication. I don’t.
I do care that you understand that a half dozen people in this thread are actively outing themselves as completely ignorant about the real world of software development and the software industry in general. Probably not surprising given the words “Gentoo” and “Codeberg” in the title of the post.
It often makes up non existent vulnerabilities. I think it was curl getting flooded with fake vulnerability reports which drowns out real reports, esp because it can take time to parse through the code or run the poc
Hold on …
Are you saying all software hosted on github is infected with copilot? Or am I misreading the situation?
Your confusion is understandable since MS has called like 4 different products “Copilot”. This refers to the coding assistant built into GitHub for everything from CI/CD to coding itself.
All code uploaded to GitHub is subject to being scraped by Copilot to both train and provide inference context to its model(s).
Basically having your code in GitHub is implicit consent to have your code fed to MSs LLMs.
No, it isn’t.
“Basically” your vibes aren’t an actual answer. Businesses are not forking over millions to give away their code.
You can have conspiracy theories about it using the code anyway (I’m particularly confused about your use of the word “scrape” which tells me you don’t know how AI training works, how hosting a website works, or how scraping works - maybe all three?) but surreptitiously using its competitors’ code to train CoPilot would be a rare existential threat to Microsoft itself.
https://github.com/features/copilot#faq
FAQs are not legally binding. If you want to quote something, then do privacy policy and terms of service.
It’s in every enterprise and business contract signed with them. The FAQ was just the first result on Google. Its obviousness shouldn’t even require that much. It’s extremely clear how few of Lemmy’s “technology” crowd have any contact with adult life.
Why are you referring all your answers to GitHub Enterprise and corporate contracts? Nobody here is talking about that, as the news is about an open source project. Public GitHub and GitHub Enterprise are fundamentally different.
You accuse others of responding based solely on “vibes,” but you do exactly the same thing in the opposite direction. And yet, of all people, you’re saying we don’t act like adults.
All of the responses are saying that Github reads all code. Github public and Github enterprise are products of the same organisation. Many are even saying they will consume enterprise data anyway despite contracts not to. As I said in my first response, there aren’t many things that would ruin Microsoft’s ability to operate but this is one.
What vibes do you think I’m going off?
What I meant was that you read the comments, identified inconsistencies from your point of view, and then responded in a confrontational manner without including the whole context.
You do have some good points. But instead of opposing everything that has been said, you could have differentiated much better.
For example:
only validbest option for enterprises with proprietary code)The first comment explicitly mentions “hosted on GitHub”, which at least excludes GitHub Enterprise Server, which is self-hosted.
The article is about an open source project that, by definition, uses public repositories.
Coming from someone who tells others that they first need to deal with “adult life”, I find this statement surprising. I work for an international company and manage several Github orgas with hundreds of repos. Whether the code is stored on github.com or on our own Github Enterprise server is highly relevant and makes a huge difference.
This is the very simple statement that I was responding to, along with the next line about how using Github is implicit consent to feeding your data to an LLM. If the poster wants nuance, they are free to provide it themselves. You can see in subsequent responses there is none.
Of course them being different matters. That’s my point. Not all code uploaded to Github is being fed into an LLM. It is not consent if you are signing a contract demanding that something not be done. It’s preposterous even at a surface level.
Github Enterprise Server is different from Github Enterprise Cloud, which is what I was talking about, and which is explicitly not used for training LLMs, and if it were, would absolutely kill Github as a product and likely mire Microsoft in years of litigation.
Frankly I don’t know of any software company using Github Enterprise on-prem but I suppose there are probably some CEOs out there who haven’t taken the OpEx pill. Maybe deep in the rainforest with Mokele-Mbembe. Certainly in my sliver of the tech industry, telecoms, the idea of owning a server is akin to having a deskphone and an outgoing mail room.
Lemmy is completely unhinged on any AI topic. You can’t engage rationally with these people.
They have zero evidence that any of their accusations is really happening but they’ll insult and bully people over it anyway.
source: just trust me bro
Source: I’m employed
Who are you employed by, I wonder?
A company that pays Microsoft to host code and would join the suit that would bury them if they used proprietary code to train models in breach of paid contracts?
Just to add to what the other commenters said, the quote you highlighted doesn’t even say what you think it does.
It says that Copilot data is not used to train the models, not that code uploaded to Github isn’t used to train the models.
As an aside, your nitpicking of the term “scrape” and rant about how the user you’re replying to must be ignorant is cringe, jsyk.
If you’re gullible enough to believe an FAQ coming from Github themselves, then I have bad news for you.
“Gullible” is not a thing you can be when somehow has signed a contract with you… that’s why contracts exist.
go ahead and cite the relevant part of the github business “contract” lmao
Like Meta and it’s privacy rules, I bet they do even if they’re saying they don’t.
You aren’t paying enterprise subscriptions to use Facebook, and as bad as they are, Microsoft are not Meta.
Maybe. But what have American tech companies done lately to win my trust in them? Nothing. So allow me to be skeptical.
Lmao desperately trying to justify sunk cost, I see?
You’re right, it’s not scraping, it’s worse. Most AI bots do scrape sites for data, though since MS has direct access to the GH backend, they don’t even need to scrape the data. You’re giving it to them directly.
The issue here is trust. Microsoft, along with every other company invested in the AI race has proven repeatedly that getting ahead in said race is more important to them than anything else. It’s more important than user privacy, ToS, contracts, intellectual property, and the law itself.
If they stand to make more money screwing you over than they stand to lose from a slap on the wrist in court, the choice is clear. And they will lie to your face about it. Profit machines as big as MS don’t care. They can’t. They are optimized for one thing.
Don’t forget its more important than human rights!
Someday when you’re grown up you will realize how cringe your way of communicating is.
Sure. Any day now.
Being embarrassed by association with people who say things like “all code uploaded to Github is subject to being scraped” might be childish. Not sure it’s as childish as being embarrassed by “cringe” though. That would imply I care about your opinion on my communication. I don’t.
I do care that you understand that a half dozen people in this thread are actively outing themselves as completely ignorant about the real world of software development and the software industry in general. Probably not surprising given the words “Gentoo” and “Codeberg” in the title of the post.
Um AAACCCKKKTUALLY it’s only scraping if it comes from the
beautifulsoupregion of Shodan. Otherwise it’s just Sparkling CIDR.If you’re trying to prove that I can indeed feel cringe, keep going, you’re almost there
Copilot steals from all the code on github.
I guess it’s about copilot scanning the code, submitting PRs, reporting security issues, doing code reviews and such.
deleted by creator
Is this not an advantage? If AI can find new security vulnerabilities reliably?
It cannot
It often makes up non existent vulnerabilities. I think it was curl getting flooded with fake vulnerability reports which drowns out real reports, esp because it can take time to parse through the code or run the poc
https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/
deleted by creator
Or it could introduce new ones :)
Yeah, but you can have it scan without implementing.