Why do so many people keep falling for the same trick over and over again?
With an over $400 billion gap between the money invested in AI data centers and the actual revenue these products generate, Silicon Valley slowly returned to the tested and trusted playbook: advertising.
Now, ads are starting to appear in pull requests generated by Copilot. According to Melbourne-based software developer Zach Manson, a team member used the AI to fix a simple typo in a pull request. Copilot did the job, but it also took the liberty of editing the PR’s description to include this message: “⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.”
↫ David Uzondu at Neowin
It turns out that Microsoft has added ads to over 1.5 million Copilot pull requests on GitHub, and they’re even appearing on GitLab, one of the GitHub alternatives. The reasoning is clear, too, of course: “AI” companies and investors have poured ungodly amounts of money in “AI” that is impossible to recover, even with paying customers. As such, the logical next step is ads, and many “AI” companies are already starting to add advertising to their pachinko machines. It was only a matter of time before Copilot would start inserting ads into the pull requests it ejaculates over all kinds of projects.
This isn’t the first time a once-free service turns on its users, but it’s definitely one of the quickest turnarounds I’ve ever seen. Usually it takes much longer before companies reach the stage of putting ads in their products to plug any financial bleeding, but with the amount of money poured into this useless black hole, it really shouldn’t be surprising we’re already there. I’m sure Copilot’s competitors, like Claude, will soon follow suit.
They’re enshittifying Git, and developers are just letting it happen. No wonder worker exploitation is so rampant in Silicon Valley.
GIT is not Github. But Microsoft will always be Microsoft.
As Thom said, this crap is even infecting GitLab[1], so yes, it’s a Git thing, not just a GitHub thing.
[1] https://gitlab.tudelft.nl/thomasvermeule/GeneralAviationAircraftFamilyBenchmark/-/merge_requests/7
I’ll still disagree that it’s a `git` issue, but a SaaS hosted git issue. Still an issue, a huge one, and one I REALLY don’t want, but I don’t see this as a git itself issue.
Nothing to do with where the git instance is hosted, it’s entirely down to the tools people are using to create the pull request.
Git it just doing its job with the input it’s given.
@Morgan,
I really don’t want to get into another argument with you, but GIT or Gitlab has nothing to do with this. It is all Microsoft/Copilot and you would receive the same PRs on Subversion, Mercurial, Bazar or whatever tickles your fancy. It is the equivalent of e-mail spam and the Revision Control System is on the receiving end here.
Have a nice day.
That’s not a very positive way to approach a discussion, but if you want to see it that way that’s your prerogative.
Git is the mechanism that Copilot is using to slip this garbage into PRs. There is no provision in Git to stop this (yet), so yes it is very much a Git shortcoming being actively abused by Copilot. If they were using a similar method to insert garbage into CVS/SVN repos, I would say it’s a CVS/SVN issue, but that’s not what is happening here.
I realize at this point we are discussing semantics, but I feel like the Git maintainers should look at how they can prevent this kind of nonsense going forward.
Morgan,
I can’t tell from the article if microsoft is modifying the git data itself or it’s injecting the unwanted content just on the website. But I agree with Drizzt321. I hate the prospect of our tools starting to carrying ads, but what can git can do about it?
If a shareware website injects their ads & bloatware into zip packages, do we blame the zip files? HTML websites have become littered with ads making the web highly unpleasant, is this HTML’s fault?
Even if we want to blame the format/protocol for what the provider does with it, how would you even fix this?
@Alfman:
Just to be clear I’m not blaming the Git maintainers for this AT ALL. The blame lies squarely with Microsoft and their malicious use of a loophole in Git PRs to slam ads down users’ throats. I’m just saying that it would be great if the Git developers could do something on their end to help mitigate this kind of attack. And it is indeed an attack, this is no different from a malicious hacker using an exploit to inject malware, or an ISP using their control of DNS to route their users to a page telling them they went over their quota.
Morgan,
Ok, but what can Git devs do about it? It’s microsoft who have administrator rights on github, not the Git devs. If microsoft want to inject ads into the github website, as admin, they technically can. It’s not clear to me whether microsoft are making any changes to the git data, but regardless if microsoft wants to do it, as admin, they technically can.
Legally speaking, Git is under the GPL2 license, and I don’t see a prohibition against this sort of activity.
We all agree it’s not good.
We all knew this could happen when microsoft bought github. IMHO we deserve at least some blame for letting our guard down depending on infrastructure we do not control. I wish that all developers would re-evaluate their acceptance of corporations having admin access to critical infrastructure. I have always strongly promoted decentralized services, but it’s made me an outlier. Most of the world simply falls in line and has not stood up against this centralization of technology.
@Alfman:
The linked article pointed to a Gitlab hosted project where Microsoft did the same thing on a PR there. Gitlab is not owned by Microsoft and is in fact a competitor to Github. If they can do it to Gitlab via Git, then it’s not just their own property they are defacing and they are using the same vulnerability common to both sites.
Morgan,
Thanks for pointing this out. Obviously they already said “you won’t see this happen again for future PRs.”, so they’ve backed down and the immediate threat is gone. But the fact remains that microsoft have admin rights for each and every project on github and it implies microsoft can technically do things like this – we have to trust that they won’t.
@Morgan
I don’t think they did it via git: git doesn’t create nor manage merge/pull requests. I know there are 3rd party tools that let you interact with GH/GL via git’s CLI but it’s not standard.
Copilot must have used the developer’s access to GitLab via it API, or Copilot was used to create an MR for a GitLab project, but it doesn;t happen magically.
It is not a Git thing, it is a Github copilot thing, the ad is in the text description for the pull request, which is why it works in GitLab as well, this could happen everywhere you can use a tool to enter a text for you. This is not conceptually different than the default signature in Outlook for Android is an ad for getting Outlook, would you say that is an email issue or an outlook issue?
They chickened out : https://news.ycombinator.com/item?id=47573233
This kind of “two steps back, one step forward” happens all the time in the corporate tech world. A company does a Very Bad Thing, then appears to listen to the inevitable overwhelmingly negative feedback telling them how bad the thing is, so they apologize and say “oh so sorry, we won’t do that again.” A few weeks or months later they do a Bad Thing, not quite Very Bad, just Bad, and no one notices because all the outrage was spent on the Very Bad Thing they knew wouldn’t succeed in the first place. Now the Bad Thing, which they really wanted all along, slides under the radar and sets a precedent for doing more Bad Things in the future.
Morgan,
I agree. I don’t like it at all but the playbook works.
IMHO it’s dumb of us to collectively rely on centralized platforms including github….I kind of feel like devs are at fault for stepping into this trap, all of us should know better.
Google are following this playbook too in adding new sideloading restrictions on android. Threaten a total restriction on sideloading rights, then announce less strict restrictions in the face of backlash to make people feel glad the original restrictions are out. Meanwhile it still got harder to use competing app stores, which was google’s goal.
And so as time marches on, little by little we keep loosing more to the corporate overlords.
Governments do exactly the same thing. They test the waters first, take a step back, then proceed to boil the frog slowly.
Of course corporations and governments are owned by the same (self-censured) so no surprise there.
The part I don’t like about articles like this here on OS news is that they end up blaming somebody often arbitrarily. And those darn coders they aren’t doing a damn thing about it! As if they’re going to take Microsoft by the neck and fix them. I write notes and emails to CEOs directly about all of this kind of stuff often a couple times per month. I write scathing emails accusing them of exactly what they’re doing with psychological warfare towards users. Which we all know ads and and the like and dark patterns Etc. You know what I get back? I get Executives writing me with surveys about how they can improve things. Meaningless. I wish your articles would stop being so emotional and stop accusing various people of being somehow substandard. This is Microsoft’s fault. Developers and maintainers didn’t sign up to fix Microsoft.
Society has a proclivity for promoting psychopaths to positions of power and I honestly have no idea how to fix it. Take any random 5 years old child. They want to be race drivers, astronauts, ride the trash truck, gardeners, mothers, doctors, nurses, build rockets and bridges and fly airplanes. No one goes “mommy, when I grow up I want to become a senior accountant” or “Dad, I dream of being VP of marketing”. No one.
The people who are passionate about software are not the bean counters and I am very sure that they are not the ones coming with ideas to enshittify things. Anyone with a modicum of self respect would not deliberately shit on their work.
Heck… in my time as IT for one of the big4, I watched the worst kind of psychopath and complete frauds climb meteorically. Or good technicians become awful managers. I got high enough, but always hit some sort of ceiling and being known for being a troublemaker. I suffered harassment and ended up quitting. If your career goes up someone’s ass, you will smell like shit and people of worth will start avoiding you.
So executives don’t care and your time filling a dehumanized survey is one in a million of data points that won’t ever be considered if they would affect the red line going up. You give minutes of your time, or hours, or days, and they won’t ever value your opinion for that. Because for them, you are a fragment of a human. You are stuck in a call center queue to then talk to a chatbot because your value as a human for them is zero. Your time is worth zero. The fact that you pay for a service is zero. All that matters is that your money becomes their money periodically. Your humanity begins and ends there.
I agree with you, however the big stick is still society waking up enough to turn their gaze long enough on one of the principles you’re talking about her so they balk, and they can balk. But as you imply at least, they hold the manipulation strings on the Net. You say something they don’t like they bury it. I was also a person that wouldn’t put up with bullshit, but I was a lowly release engineer most of my career and they just left me out of meetings. Luckily the end of my career before I retired recently was at a company not concerned with the mainline enshitificaiton of everything the psychopaths touch on the net. A new part of the fight against people like we are talking about, is this fact that they as leaders of tech also hold the mechanisms of manipulation of the populace. I guess I still have the hope that if more people in general understand the nature of the manipulations happening in the ad space and others, that more action will be taken to stop this activity. But like, you… if I’m interpreting you correctly, I don’t have a lot of hope that much change will happen. But I won’t give up. I’ll keep stating my mind to the psychopaths. Why? Because I choose to. I’m not expecting much or any change from what I do personally, but it’s nice to talk with people like you.