sbecker

Hi. My team and I have been trialing using Github Copilot via the VS Code extension and it seems to be a huge security hole. By default, it enables itself on all files, and in the background sends those files to Github Copilot in order to do it's thing. The problem is - many of those files may contain sensitive info - API keys, private notes, etc. On more than one occasion I've been on a zoom call with a colleague and noticed the Github Copilot autocomplete helper happening on a file where API keys are, or confidential notes. So basically, people are unintentionally sending all kinds of sensitive stuff they don't intend to, to Github/Microsoft/OpenAI. The best you can do right now is to disable by file type. In my opinion this extension as it's currently implemented is a huge security hole and should probably be taken down by Microsoft until they come up with a way to opt in/out on a file by file basis - either .gitignore or simply a UI toggle that is default to off for EVERY file until you turn it on. Thoughts?