this post was submitted on 26 Jun 2025
405 points (98.1% liked)
Programmer Humor
37208 readers
342 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Today I was "talking" to copilot asking about how to tackle a certain issue. The fucking thing replied with my manager and his manager's NAMES telling me to reach out to them. Of course I was aware that Copilot's primary function is not as an AI assistant but as a surveillance tool, but working in the EU, this still surprised me a lot.
That said, under the protections the EU affords me, I will absolutely continue to use Copilot for the most inane possible tasks. I know that they know, but they can't act on it without breaking GDPR.
Your move, corporation.
I didnt get it. Your manager replied instead of it?
No, the AI advised me to contact my direct superior and his superior, but mentioned their names.
I have never provided it with this information, so that means it has a lot more access to our information than is officially known. Technically we aren't even supposed to input anything that could possibly be identifying, again for GDPR purposes, so I have no idea where Copilot got the information from.
I assume that MS lets companies tailor their instance of Copilot to a certain degree and maybe it was fed an organigram of the entire company, but AFAIK this is already not allowed under current legislation. Or maybe it is and I'm just a modern luddite.
Regardless, I'll be even more careful about what I use Copilot for from this point forward.
Probably from the Microsoft 365/Teams/Outlook/whatever profile which can include who's your manager, or potentially from Outlook emails. From what I can tell, Microsoft's been trying hard to shove copilot in any of their systems, like AAD/Entra.
My company has recently migrated their emails to it and as an admin I was very surprised that you can just read any email in full in any mailbox from "regular" functionality like email trace or antispam. I have no idea how that's GDPR compliant - in my other jobs we were using Google Workspace which only shows metadata because of that, and accessing another person's mailbox by other means (e.g. resetting the password on an ex-employee account) was a huge no-no
Rare moment when Google is mentioned as behaving GDPR compliant... I mean, I know that big tech is vacuuming up all data and doesn't care about GDPR, but still.... You can be worse than effing Google?