Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
heavyset_go 19 hours ago

If Microsoft is willing to put ads into your PRs via Copilot like this, imagine what they could put into your codebase itself with Copilot.

Or what Microsoft could do, run, install, etc on/from your computer while running their Copilot agents.

This is the same company that puts ads in your start menu and reinserts them with Windows updates even if you manually removed them.

sehansen 18 hours ago | parent | next [-]

"Reflections on Trusting Trust" for the new era. MSVC doesn't compile a secret master-password into your software, just a Copilot ad.

("Reflections on Trusting Trust" Turing Award Lecture by Ken Thompson: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...)

le-mark 18 hours ago | parent [-]

+1000 Everyone in technology should read this.

nulltrace 7 hours ago | parent | prev | next [-]

Spent yesterday pruning dependencies in a project. Cut half of them and everything still worked. Makes you wonder how much stuff we pull in without thinking about it. Same thing with AI-generated PRs honestly, one bad suggestion and it ships.

henry2023 18 hours ago | parent | prev | next [-]

I wonder if there will come a time where I can pay M$ to sabotage my competition codebase

degrees57 10 hours ago | parent | next [-]

You have to get acquired by Microsoft first.

StilesCrisis 11 hours ago | parent | prev [-]

If they're using Copilot, you're already most of the way there.

neya 19 hours ago | parent | prev | next [-]

Imagine just having the copilot extension installed will be an excuse at some point for them to steal our code to train their AI models. Not sure if they already do this.

NateEag 15 hours ago | parent | next [-]

Of course they already do this.

The ToS (https://www.microsoft.com/en-us/microsoft-copilot/for-indivi...) says explicitly:

> Copilot may include both automated and manual (human) processing of data. You shouldn’t share any information with Copilot that you don’t want us to review.

so they're reserving the right to process whatever it looks at.

You're sending them your codebase already, as part of the prompt for generating new snippets, debugging, etc. So they have access to it.

They'd be absolute fools not to be using the results of sessions to continue to refine their models, and they already reserved the rights to look at what you send them, so yeah - they're doing it.

(Bonus comedy from the ToS:

> Copilot is for entertainment purposes only.

The lawyers know these things cannot be trusted.)

circuit10 13 hours ago | parent | next [-]

Also for some reason that site hijacks your scrolling and tries to "smooth" it, which just makes it feel more unresponsive as most browsers already have smooth scrolling?

Looks like they're using this: https://github.com/gblazex/smoothscroll-for-websites

I know it's a bit off topic but I'm just confused as to why that would be on there...

neya 14 hours ago | parent | prev [-]

> Copilot is for entertainment purposes only.

Jokes on them, that's why I consider entire Microsoft for entertainment purposes only.

justinclift 16 hours ago | parent | prev [-]

"at some point"?

Why the assumption it's not already happening?

neya 14 hours ago | parent [-]

> Not sure if they already do this.

cookiengineer 3 hours ago | parent | prev | next [-]

Can somebody explain to me why this is legal?

If anybody but Microsoft does this, it's called malware and they'll end up with an FBI visit and prison time.

Why are the judicative so skewed here in their judgements?

aiedwardyi 16 hours ago | parent | prev [-]

This is the core issue. These tools operate with very little transparency about what they're doing under the hood. Even basic stuff like how much of your session resources have been consumed is hidden from you in most tools.