If you don't opt out by Apr 24 GitHub will train on your private repos

Hacker News Discussion ↗

What GitHub is changing

  • Several commenters clarify the change is about Copilot interaction data, not bulk ingestion of all private repos “at rest.”
  • For Free/Pro/Pro+ Copilot users who don’t opt out, GitHub will use:
    • Inputs to Copilot (including code snippets and surrounding context),
    • Accepted/edited outputs,
    • File names, repo structure, navigation, and interaction telemetry.
  • Business/Enterprise Copilot customers are said to be excluded from this training change.
  • If you don’t use Copilot, multiple comments say this shouldn’t affect you, though some remain skeptical.

Scope and ambiguity

  • Many argue the distinction between “private repo data” and “Copilot interaction data” is semantic: Copilot’s “context” effectively includes private repo code.
  • The wording of the setting (“Inputs, Outputs, and associated context”) is viewed as vague and legally opaque; even an attorney in the thread finds it hard to interpret.
  • It’s unclear how this applies when Copilot is managed by an organization, or when a user is in both personal and enterprise Copilot plans.

Opt-out, UX, and dark patterns

  • Major criticism: using opt‑out instead of explicit opt‑in for a new data use.
  • Some saw a persistent banner and/or email; others never noticed either, especially those who use GitHub only via CLI.
  • The UI copy for the toggle (“you will have access to this feature”) is viewed as misleading, implying you must enable training to “use Copilot.”
  • Some note the setting is missing entirely for accounts controlled by orgs or possibly in some regions.

Privacy, legal, and ethical concerns

  • Strong distrust of Microsoft/GitHub, framed as “enshittification” and data-grab inevitability once data isn’t end‑to‑end encrypted.
  • Multiple mentions of GDPR: opt‑out consent is argued to be invalid; code and commits can contain personal data (names, emails, even health data).
  • Worry that contributors using Copilot will leak entire private repos, including sensitive or regulated code (e.g., CUI, secrets).
  • Some fear policies can later expand silently; others assume companies may ignore flags in practice with limited recourse.

User responses and alternatives

  • Many vow to migrate off GitHub or at least stop using Copilot; some already moved due to the Microsoft acquisition.
  • Alternatives mentioned: GitLab, Bitbucket, Sourcehut, Forgejo, Gitea, Codeberg (with caveats), Fossil, self‑hosting on VPS/mini‑PC, and encrypted repos (git-crypt/git-gcrypt).
  • A few propose “poisoning” training sets with bad or adversarial code, though others doubt its effectiveness at scale.
  • A minority explicitly state they don’t mind training on their code and see benefits (models better matching their style), especially when no secrets are stored in repos.