Copilot exposes private GitHub pages, some removed by Microsoft
(arstechnica.com)
from neme@lemm.ee to programming@programming.dev on 28 Feb 2025 01:21
https://lemm.ee/post/56829434
from neme@lemm.ee to programming@programming.dev on 28 Feb 2025 01:21
https://lemm.ee/post/56829434
#programming
threaded - newest
Microsoft: Copilot is the future! /s
The fact that there are so many “acts” that got violated tells me that those laws are just as shoddy as the fact that Microsoft’s fix didn’t take into account that the AI still has access to private data. Total shit show on all fronts.
Kind of a nothing burger.
The repo was listed as public and archived. It’s not clear from the article but I suspect that the “private” information is just a copy of what was made public and not the information added after it was made private.
When a code repository is shut down on github the expectation is that it’s removed. We’re all aware that the internet will never forget that API key you accidentally committed once but the expectation was always that it wouldn’t be github itself doing the remembering and openly sharing it with others.
According to the article it was Bing and not GitHub.
“According to the article it was Microsoft and not Microsoft.”
Do you see now how silly you sound?
From an ownership perspective, sure. But it’s still different from the implication that github is leaking currently private repositories.
Github actually does that too, in some cases at least.
trufflesecurity.com/…/anyone-can-access-deleted-a…
No joke I let them know about that in their official discussion board day 1 copilot came out. When they announced it, the first day you could ask it about the contents of private repos and it would just tell you.
They fixed it but this looks really similar.
As one commented below the article, “Recall too I bet”.
It’s like the dumbest anosmic sheep dog that’ll just show the wolf the way to the sheep.
Bless you.