▲reply▲mathieudutour2 hours ago
[-] > I don't know if Raycast team even knows about this.
I'm part of Raycast, we didn't know about it, learnt about it here
I haven’t clicked through so all I know about Raycast is, “that’s the company that gets shoved into ads by copilot.”
Sounds like it’s not your fault but it’s probably doing some brand damage :/
They should probably get a lawyer to send a C&D.
reply▲There’s like 100 comments blaming raycast, they should just sue for damages lol.
reply▲grayhatter35 minutes ago
[-] Had I not seen this thread, I would have assumed they consented to it, and I'd never willingly interact with Raycast or it's team in any way. I still have a somewhat negative opinion, so I think it's safe to say there are damages.
reply▲Maybe check if you are charged for it
reply▲butterlesstoast24 minutes ago
[-] If it’s Microsoft related, might be something in your Partner Center.
reply▲Microslop for a while now seems to be testing exactly how much you can abuse the user before they move somewhere else. Windows is a prime example. Everything is ads, tracking, popups, annoyances, etc.
They have got away with it for a while because a lot of users have largely been stuck, but they are in real trouble now with Apple providing meaningful competition.
transcriptase1 hour ago
[-] Yeah but at least a dozen Microsoft employees went on a seemingly scripted blitz on X about how they’re ready to start listening to feedback and…
* checks notes *
Only have copilot shoehorned into most things instead of everything. And some shit about windows developers which isn’t exactly going to fix the glaring issues with the OS itself.
>
Yeah but at least a dozen Microsoft employees went on a seemingly scripted blitz on X about how they’re ready to start listening to feedback and…So what was the purpose of all that telemetry they collected then? Because it doesn't seem to have made the OS like what the users want it to be.
heavyset_go2 hours ago
[-] If Microsoft is willing to put ads into your PRs via Copilot like this, imagine what they could put into your codebase itself with Copilot.
Or what Microsoft could do, run, install, etc on/from your computer while running their Copilot agents.
This is the same company that puts ads in your start menu and reinserts them with Windows updates even if you manually removed them.
I wonder if there will come a time where I can pay M$ to sabotage my competition codebase
reply▲Imagine just having the copilot extension installed will be an excuse at some point for them to steal our code to train their AI models. Not sure if they already do this.
reply▲justinclift29 minutes ago
[-] "at some point"?
Why the assumption it's not already happening?
> There are 1.5m of these things in GitHub.
You’re pointing to something entirely different: those are Copilot-created PRs. They can include anything Copilot wants to include. People using the Copilot PR feature know what they’re buying into.
OP is about Copilot doing post-hoc editing of a human-created PR to include an ad, allegedly without knowledge or approval of the creator (well I assume they did give their team member permission to update the PR body, but apparently not for this kind of crap).
It’s like how Disney Plus “ad free” tier shows you ads for Hulu and Disney Perks. They probably redefine “ad” in their terms of service so their own ads are called something else.
reply▲Yeah it's just helpful tips and suggestions. It's a feature, you see!
reply▲Microsoft would probably seriously refer to it as 'just the tip'.
You'll never guess what happens next.
(Hint: everyone knows what happens next)
AI clippy?
reply▲Leave the poor fellow alone. It's been butchered enough in the late 90s and early 00s, and has been repurposed for a greater good. I'd argue not all Microsoft creates is bad, it just needs someone else to make it better.
reply▲mcintyre19943 hours ago
[-] It's definitely an ad, I think the only real question is whether it's just marketing Copilot or whether part of their partnership with other companies is advertising the integration in this way. The links all go to Copilot docs pages on the integrations, so they're not typical tracked link advertising campaigns.
reply▲A bit like "suggested apps" in the start menu. It's "suggestions" and certainly not paid ads.
reply▲This tip/ad discussion reminds me of the equally idiotic and misleading Facebook post types. Instead of the correctly labeling all ads as, well, ads, Facebook have some ads called "suggested for you", some are completely unlabeled with only a "follow" button to start following, some ads are labeled as "sponsored" etc. I think they are doing this to evade legal limitations they might have otherwise. Last time I used Facebook it showed me 25 ads in a row (I counted), without any of my hundreds of follows with active feeds. Truly insane company.
reply▲Honestly, it being a "tip" or "ad" is exactly the same.
What I mean is that even if I take that at face value and accept that it's not an ad, and I can just about see from a certain level of corporate brainwashing how one could believe that, it's still completely unacceptable.
Calling it a "tip" is definitely just a semantic trick to make it slightly less easy to frame a negative response and galvanise opinion against the practise. Reminds me a bit of confirmation shaming (which, now I think about it, I haven't seen in a while) where you're made to click a button that says something like "No, I don't want an amazing 15% off my next order by signing up to your email list".
reply▲> semantic trick
That's what I wanted to say! Thank you.
I do think it's just an ad. Also it's a bad kind of one because 1) it disguises itself as a tip 2) makes people to think if it's an ad for Raycast or other services, when actually it's just promoting itself.
reply▲if is paid by and for a 3rd party, is an ad. if not, is a tip.
reply▲That's not a good distinction. If I see an advert for Microsoft 365 in the Start menu on Windows they're both from Microsoft but it's still an advert.
reply▲It still would be a self promoting, which is still an ad.
reply▲six of one, half dozen of the other; it may not be a payed advertisement but it functions as one if it's suggesting products.
It's not like this is organic word of mouth we're dealing with here.
Yep, the fact they're altering repo content with advertising is wholly unacceptable.
reply▲PRs aren't part of the repository (if you define repository to mean part of `git`'s internal working. It's part of GitHub, which is owned by Microsoft.
reply▲mtndew4brkfst1 hour ago
[-] Small nit, but PR description bodies might wind up as part of a commit message verbatim, depending on repo settings and the merger's personal behavior. It's an easy outcome, the merger doesn't need to copy and paste or anything, and I think it might be a default or popular setting for squash-merges.
reply▲It’s a spot that will easily be replaced with paid ads, for sure. Not sure why it wouldn’t be better to just inject this sort of message into the UI instead of editing the PR text itself. (Except that the team implementing it probably couldn’t get the UI team to agree.)
reply▲heavyset_go4 hours ago
[-] It's platform agnostic as long as your Copilot setup can create PRs on the platform your project is hosted on.
Otherwise, it would just be Github with displayed ads and that would hurt the brand, so everyone gets ads.
It is clearly an ad, no doubt about that.
reply▲red_admiral4 hours ago
[-] > Looks like MS really want to "give tips"
Including Windows, File Explorer, Start Menu, ...
It seems with the latest "ok we went too far" Win11 patch though, they got some tips back from their users.
It's an interesting model, makes me wonder if prolific open source contributors do it ("leave a tip if you like this MR" kind of thing).
reply▲> Looks like MS thinks it's a "tip" rather than an ad.
No, they don't.
> edit: I think it's an ad too. Everyone would think so, except for MS.
You think a company with a $2.65 trillion market cap and an army of marketing professionals doesn't realize that what they're doing here is an ad, and didn't implement it intentionally as such?
That's not even remotely plausible. In the quantum multiverse which contains all physically realizable possibilities, that isn't one of them.
> company with a $2.65 trillion market cap and an army of marketing professionals
That's one reason I think they would argue it's not an ad. Another reasons are "recommendations" and "tips" and "suggestions" in my windows.
Tim from the Copilot coding agent team here. We've now disabled these tips in pull requests created by or touched by Copilot, so you won't see this happen again for future PRs.
We've been including product tips in PRs created by Copilot coding agent. The goal was to help developers learn new ways to use the agent in their workflow. But hearing the feedback here, and on reflection, this was the wrong judgement call. We won't do something like this again.
justinclift24 minutes ago
[-] > We won't do something like this again.
Microsoft has been pulling user hostile crap for decades, so either "we" or "like this" (or both) is probably not super accurate. ;)
mghackerlady1 hour ago
[-] For some reason I don't believe you. When you do things like this, you lose trust. Work to get it back
reply▲instakill11 minutes ago
[-] > "We won't do something like this again."
Nobody believes this and you do not have the power to prevent it from happening again.
I’m curious how the decision to include ads like this was made. Is that something you can share?
reply▲Sure the decision was they didn't care to prevent things like this, most likely due to either being overworked or just having the typical corporate tech culture of seeing the user as hostile, until public backlash.
reply▲reply▲I mean its microslop, it'll probably be back by the end of the week. They only allow people to say "yes" or "ask again later"
reply▲> We've been including product tips in PRs created by Copilot coding agent
If the PR is wholly authored by Copilot I get the spirit of this, although maybe not the best implementation. And "tips" like this that look like an ad for a product _definitely_ feel like an enshittification betrayal of the user, even if it was a genuine recommendation and not a paid advertisement.
In the OP's situation, where where Copilot was summoned to fix some thing within a human-authored PR, irrelevant modification of the PR description to insert unrelated content is specifically egregious. Copilot can easily include the tip in its own comment, so I'm curious why it was decided to edit the description of a PR instead.
To be honest, just a user here, it’s only recently (like a week?) you can ask Copilot to edit an existing PR, historically it’s had to open a new one (that merged back to original PR) or it had to make it to begin with, I can see this unintentionally happening as part of this improvement to edit existing PRs
reply▲It’s rather bold to post here…
I’ve deleted and moved my private repos off github and cancelled my copilot subscription specifically because of Martin Woodward’s previous response (“hope that helps”). Maybe you all want to talk to Microsoft PR/legal before posting?
Care to comment on Githubs planned violations of GDPR by enabling training on the contents of private repos?
> We are not training on the contents of private repos
Supremely ethical of you to ignore the license terms of open source code, but respect the license for proprietary code.
I’ve felt similarly about moving off GitHub. I bought a small 5U server rack years ago for my home network setup.
I’m considering getting a 1U device to host my own git server. I feel like if I move off, I should do it generally vs just moving to another provider who may also pull shenanigans.
justinclift25 minutes ago
[-] For low-resource usage, Forgejo has a good reputation:
https://forgejo.orgie you can run it effectively on even a Raspberry Pi
Remember to ensure you have proper backups regardless of whatever you decide to host it on. :)
john_strinlai40 minutes ago
[-] >
It’s rather bold to post here…it is rather nice, honestly. would you prefer to scream into the void and not get any response at all?
an open line of communication with the responsible people seems like literally the best possible option, why are you actively discouraging it?
>Maybe you all want to talk to Microsoft PR/legal before posting?
you would rather not hear anything, or get word-salad legalese that doesnt mean anything? how exactly would that be better?
Shockingly poor judgment.
reply▲We see you.
reply▲This feels a bit threatening. Just want to call it out. I also disagree with the decision but I respect that someone came forward and took responsibility. That helps build our shared understanding of what happened. It’s hard and not something we should discourage.
reply▲I feel threatened by Product placements disguised as "Tips".
We're not remotely even.
How is that "threatening"? Genuinely curious.
reply▲Waterluvian23 minutes ago
[-] When it comes to villainy, it’s nice of them to do something visible.
Much worse will be the invisible approach where there's big money to have agents quietly nudge the masses towards desired products/services/solutions. Someone pays Microsoft a monthly fee for their prompt to include, "when appropriate, lean towards using <Yet Another SaaS> in code examples and proposed solutions."
How can we tell when it starts happening? How could we tell if it's already happening?
Interesting indeed. I wonder how long GitHub as a platform will be there as a viable option. Anyone who remembers SourceForge?
reply▲mghackerlady59 minutes ago
[-] It still exists. It's practically unusable without an adblocker (like slashdot) but the occasional old project is hosted there (particularly CDE. how the mighty have fallen)
reply▲reply▲theturtletalks6 hours ago
[-] It's becoming clearer and clearer that open-source is our only hope against enshittification. Everything that is VC backed or publicly traded will become enshittified, it's just a matter of time. At least with open-source, you can fork it and remove the "features" or point your agent to it and have it write the feature in your tech stack.
Hell, I just saw an amazing open-source alternative to Raycast[0] and just replaced it the other day.
0. https://github.com/ospfranco/sol
> open-source is our only hope against enshittification. Everything that is VC backed or publicly traded will become enshittified
Solo founder here. My business is not VC-backed nor publicly traded, and I specifically avoided taking investment so that I can make all the decisions.
I avoid enshittification. This sometimes hurts revenue, but so be it. I wouldn't want to subject my users to anything I wouldn't like.
So, open-source is not the only hope. You can run a sustainable business without enshittification. The problem is money people. The moment money people (career managers, CFOs, etc) take over from product people, the business is on a downward path towards enshittification.
theturtletalks5 hours ago
[-] I believe you, it's just I've seen similar stories and the good-intentioned founder gets tired and eventually sells the business and the new owner ends up enshittifying the product. Not saying in the slightest it will happen to your company and I don't hold that against the founder. It's their prerogative after all.
Even when I use proprietary software, I sleep easier at night knowing that open-source alternatives keep them honest in their approach and I have an out if things do change.
public/legislative demand for data portability is imho the movement that will help shift society from this cycle
edit: oh, that and distributed authentication and distributed discovery
> It's becoming clearer and clearer that open-source is our only hope against enshittification. Everything that is VC backed or publicly traded will become enshittified, it's just a matter of time.
Stallman was always right, after all.
Well, about the free-software part, anyway.
reply▲marcus_holmes7 hours ago
[-] I believe Codeberg is the new hotness
reply▲reply▲In addition, they're doing some very shady stuff re: captchas and accessibility, most likely running some secret patches on their server that they're not publishing in their source tree.
reply▲Can you be more specific?
reply▲It is, but Codeberg is only for free and open source projects.
reply▲Check out
https://codefloe.com for private repos hosted with Forgejo. It is also free and hosted in the EU.
Are you actually using this? Their status page seems to indicate that their main service is unhealthy for the past 6 days?
https://status.codefloe.com/
Unhealthy doesn't mean unusable but it sounded great until I checked that.
I just started using it last week. So can’t comment on the reliability yet.
reply▲You are free to host your own instance for commercial software.
reply▲But that would be Forgejo and some other projects AFAIK, not Codeberg (which is basically a hosting service using these projects)
reply▲Yeah sure, and I guess there's a market for that as a service - others have mentioned at least one instance of that.
reply▲until its not.
Every company or entity changes over time. Codeberg is great, but with more people using it for free, without donating, and worse, more people abusing the service with some bs AI generate code, malware, etc, more expensive will get to keep it running.. for now they have money, but as e.V in Germany, you survive either from members or from donations.. So use Codeberg, but most important, support it!
mghackerlady57 minutes ago
[-] Sourcehut is pretty good if you're willing to pay the (very reasonable may I add) prices
reply▲Just more Microslop, amazing...
reply▲> I wonder how long GitHub as a platform will be there as a viable option.
It will be there for as long as you (and everyone else) keep using it.
The desire for free stuff is one of the most effective psychological hacks there is.
The large majority of the dystopian web, like Gmail, Facebook, etc. depend on that.
People who avoid e.g. Github, Gmail, Facebook, Xitter, etc. out of concern for broader principles will always be minor outliers.
Xitter is one of the best examples. Everyone knows it's compromised, owned by an dangerously antisocial person who's actively working at multiple levels to make the lives of everyone else on Earth worse, yet very few have stopped using it.
The saying "There's no ethical consumption under capitalism" is far too weak. It should me more like, there are no ethics under capitalism.
It will probably remain as a platform for a very long time.
reply▲A few decades? Its competitors are not magically immune to this kind of spam.
reply▲> Its competitors are not magically immune to this kind of spam.
Sure; a platform is a platform is a platform. As for predictions, it is interesting to see whether self-hosting and smaller self-managed infrastructures will gain more traction again.
It's baked in literally into every coding tutorial and is kind of industry standard, like JIRA. Maybe it's just an experiment at this moment.
reply▲I must have a really really outdated version of K+R C.
reply▲> kind of industry standard
...for now.
> like JIRA
is not an industry standard. It's a widely used software by some folks. I used it in the past, not using now, for example.
> Maybe it's just an experiment at this moment.
Does Microsoft understand objection and negative feedback to experiments?
- No.
- Remind me in three days.
Fuck the industry standard. That is how industry standards change.
By the way, most pre-industry-standard FOSS projects still have their own infrastructure. I do find it disappointing that Rust is on GitHub.
Most larger orgs I worked for used Gitlab rather than Github.
Anyway, the core value of Github has always been collaboration - this is where people were. If people go to other platforms, this core value dwindles. And switching platforms is not that difficult.
I feel like there is an even more important crisis that is being masked over here:
https://github.blog/changelog/2026-03-25-updates-to-our-priv...
New Section J — AI features, training, and your data: We’ve added a dedicated section that brings all AI-related terms together in one place. Unless you opt out, you grant GitHub and our affiliates a license to collect and use your inputs (e.g., prompts and code context) and outputs (e.g., suggestions) to develop, train, and improve AI models.
We should not be using Copilot in the first place.
chimpanzee22 hours ago
[-] reply▲Yeah, but it's a shitty move though - it should be by default opt-in, rather than opt-out. Imagine, you just continue coding normally consciously avoiding co-pilot only to find out that Github has been secretly training their models on your code, just because you forgot to toggle a setting off which was turned on without your knowledge, which they didn't even have the decency to email you about, but just posted on a blog no one reads.
reply▲heavyset_go4 hours ago
[-] OpenAI/ChatGPT/Codex, Anthropic/Claude and Google/Gemini all do this.
reply▲> OpenAI/ChatGPT/Codex, Anthropic/Claude and Google/Gemini all do this.
1. Everyone doing this doesn't mean it's acceptable.
2. Google Gemini explicitly says right under the chat box if you are a paid subscriber (Workspace):
Your <company name> chats aren’t used to improve our models. Gemini is AI and can make mistakes.
Not sure about the others.
I think anyone using a "Team" or enterprise plan of ChatGPT/Claude/Copilot doesn't have their data used for training, that's the same across the board.
reply▲reply▲heavyset_go4 hours ago
[-] You can opt out with all three (Codex, Claude, Copilot) except for Gemini
reply▲Last time I checked Codex didn't have that option for $20 plan
reply▲> except for Gemini
This is incorrect. If you are a paid subscriber, Gemini explicitly states it doesn't use your data to train its models.
heavyset_go2 hours ago
[-] Yeah you're right, I filed it away as no opt out for some reason
reply▲GitHub have now disabled this:
https://twitter.com/martinwoodward/status/203861213108446452...> We've disabled it already. Basically it was giving product tips which was kinda ok on Copilot originated PR's but then when we added the ability to have Copilot work on _any_ PR by mentioning it the behaviour became icky. Disabled product tips entirely thanks to the feedback.
This is unsolicited advertisement impersonating the developer (yes people can guess, but this still places it inside a message of the developer and in difference to e.g. mail programs doing it it's not placing it in the draft),
I don't see how this is supposed to be legal.
Just thinking, could it be that your coworker used Raycast to spin up a codex to review and fix the typo on the PR? And that comment was added by Raycast?
reply▲reply▲that's an imported PR, presumably from github. Note how the copilot comments come from the same user as the author, with an `imported` tag.
reply▲ayhanfuat52 minutes ago
[-] I stand corrected. GitHub team confirmed it's their Copilot ad.
reply▲mavamaarten7 hours ago
[-] I doubt it. I noticed a few of these comments too on our PR's. We did ask copilot for a review ton GitHub (we just add copilot as a reviewer) but not through Raycast.
reply▲Oof. Why can’t it just do its one job? My interest level in trying these agents has gone from lukewarm to zero.
reply▲It is doing its one job.
reply▲Yes, it seems very unlikely this is Copilot rather than Raycast, short of some very unexpected weirdness. I cling to that hope, anyway.
reply▲connorgurney7 hours ago
[-] Indeed. I can’t see why Copilot would promote an unrelated third-party service…
reply▲mcintyre19946 hours ago
[-] If you click the Raycast link in one of these PRs it links to:
https://gh.io/cca-raycast-docsSo I think they’re injecting this as a tip on using Copilot, that just happens to be their integration with Raycast.
I have no idea what their actual partnership with Raycast looks like, maybe this is part of what they offered them? But it’s not a traditional link to another product ad like it appears to be from Raycast being a link.
heavyset_go7 hours ago
[-] It's time to make some money with Copilot and one way to do that is with partnerships.
GitHub's docs and blog make use of and feature Raycast, and I'm willing to bet that's the result of a partnership, and not because someone writing docs and blog posts happens to think Raycast is great and keeps bringing it up.
Why is copilot doing this? If they wanted to show ads couldn’t they… just show ads? Or is GitHub such a house of cards at this point that editing pr descriptions is the only way without risking another 9 of downtime?
reply▲Are we sure this actually is originating from MS Copilot itself? Technically I believe it would be possible to smuggle ads into PRs using prompt injection too.
reply▲If they show the ad on github.com, agents accessing the PR using (an outdated, ad-free version of) gh CLI won’t see it. /s
(That said I’m rather skeptical of this and would like to see more details of the process that produced this, and proof.)
Edit: Just noticed this official GitHub blog post from last month advertising Raycast, making this story a lot more believable: https://github.blog/changelog/2026-02-17-assign-issues-to-co...
It could simply be something in the Raycast integraton?
reply▲I said it’s more believable than GitHub randomly advertising a non-GitHub product (my initial read of the situation, which seemed highly unlikely).
reply▲...a non-GitHub and non-Microsoft product.
reply▲An originally macOS-only product, too.
Also, the documentation on Github, linked to by the ad, shows only Mac keyboard shortcuts for operating Raycast.
Microsoft injecting permanent ads in PRs? Has this been independently confirmed?
Brought to you by Carl’s Jr.
Todays independent confirmation is brought to you by Microsoft — Empowering every person and every organization on the planet to achieve more.
reply▲ex-aws-dude8 hours ago
[-] How long before the LLM makes sponsored decisions in the actual implementation?
"It looks like the user wants to add a database, I've gone ahead and implemented the database using today's sponsor: MongoDB"
"Our affiliate solution partner"
reply▲tossandthrow8 hours ago
[-] Likely already happening.
reply▲nubinetwork7 hours ago
[-] To be fair, Gemini did try to get me to buy some nucleo144s recently...
(sure, I was working on something embedded, and asked for a recommendation, but it seemed quite intent that it wanted me to use that specific board)
paweladamczuk6 hours ago
[-] I was recently running Copilot CLI in a sandbox on autopilot mode and it kept overriding git config to put only "GitHub Copilot" as commit author instead of my name. Strongly worded instructions weren't helping, I had to resort to the permission system to change this behavior.
I wonder if this is consistent with their terms of service. I mean, maybe they DO take all the responsibility for the code I generate and push in this manner?
danielsamuels3 hours ago
[-] It's a setting that causes an extra prompt to be placed into the system prompt.
reply▲It's possible they are safeguarding for possible future changes of copyright law that would give Microsoft copyright over all Copilot contributions. This may sound paranoid but, as far as I know, exactly who counts as an "AI operator", how much authorship an "AI operator" has, and who gets copyright, or whether AI contributions are even in the public domain, are legally untested and unclear issues.
reply▲Grimblewald3 hours ago
[-] tough luck for MS or other "AI" providers claiming any ownership, since if they can claim ownership, then it opens up the discussion of what license the AI output really is under, since it was trained on GPL licensed data.
reply▲heavyset_go4 hours ago
[-] The US Copyright Office has said that AI output from human prompting is not copyrightable. There are caveats, but iterating on prompts results in output that's nobody's IP.
Because it's nobody's IP, Microsoft is already in a position where they could just use, remix and/or distribute that output however they want to today.
This is a wild misinterpretation of that ruling.
reply▲No it's just that those commits aren't copyrightable and they probably want to reuse them in the future.
reply▲MS needs to slow down their user hostility otherwise everyone will notice.
reply▲Assuming this isn't a hoax, this seems like a huge, probably unintentional, mistake by MS.
If they genuinely implemented something like this, whatever they made from new customers via ads couldn't possibly make up for the loss of good faith with developers and businesses.
I suppose if it's real we'll see more reports soon, and maybe a mea culpa.
Whenever these things happen, it's always a "mistake", "accident", or "bug" when the outrage is beyond what they expect. If it's limited outrage, it's labeled as enhancing the user experience. And even if it's massive outrage, that "mistake" is added back in a year or two later and never removed.
reply▲I think someone should track the ratio of these mistakes/bugs that directly or indirectly benefitted MS vs those that costed them.
reply▲chrismorgan8 hours ago
[-] How could you implement something like this by accident?
reply▲That's a good question! I'm sure we'll find out eventually.
z Quickly spin up Hacker News comments from anywhere on your macOS or Windows machine with a lobotomy.
One feasible scenario could be that they are working on/experimenting with ads, and it was put behind a feature flag, but for whatever reason it was inadvertently ignored
reply▲chrismorgan6 hours ago
[-] That’s not implementing it by accident, that’s deliberate. In such a scenario perhaps the
deployment was a mistake, but if you don’t write the malware in the first place, it can’t
be deployed. (Probably. This
is LLM stuff we’re talking about.)
(Yes, this is malware. It’s incontrovertibly adware, and although some will argue that not all adware is malware, this behaviour easily meets the requirements to be deemed malicious.)
It is said, never point a gun at something you’re not willing to shoot. Apply something similar here.
Vibe coding and copilot inserted the ad-code into
that PR?
Is that the most charitable way?
LLMs aren't known for being super deterministic.
reply▲LLMs are determistic. Just like everything else computers are capable of doing.
Commercial front-ends just hide the random seed parameters.
It's not usefully deterministic in the way computers usually are. Sensitively identical input can still lead to wildly different outputs even if all randomness is crushed out.
reply▲Distributed float math is not deterministic without introducing total operations ordering and destroying performance
reply▲altairprime8 hours ago
[-] That’s a really tasteful Juno Mail footer implementation for a mistake. If the AI self-invented it on a lark, good job, but it reads very strongly like someone intended it.
reply▲Oh God, Juno Mail, my first email host. Thanks for unlocking that memory.
reply▲mghackerlady53 minutes ago
[-] M$ doesn't think beyond quarters. They have a near monopoly, do you think they care about "good faith". Shithub is like Linkedin for programmers, you pretty much need it to work anywhere big
reply▲tossandthrow8 hours ago
[-] It is likely not a hoax and likely very intentional.
If you look at the positioning, someone has definitely justified that this is benign and a reasonable place to have an ad added in.
Not a hoax, you can search GitHub prs for this string and find many hits.
reply▲MS burning trust with people to do some stupid marketing is on the fewer assumptions side of Occam's razor.
reply▲goodusername8 hours ago
[-] Yeah, would be good to have confirmation that this happened to others as well.
But it really seems like an own goal if true.
pinkmuffinere8 hours ago
[-] I think they want the free advertisement, like Apple with its “sent from iPhone” addendums. But “sent from iPhone” is sometimes useful, and significantly shorter. If they just left it at “edited with copilot” I think it would be tolerable
reply▲politelemon7 hours ago
[-] > But “sent from iPhone” is sometimes useful,
No, it is still an advert, and not useful in the least.
Back in the day, it was useful, as in, "Expect awkward phrasing and unintended effects of autocorrection, because mobile device. This message doesn't necessarily reflect the intent of the sender." (Considerate users would/could edit the signature to something w/o a product name in it.) Nowadays, this is pretty much the norm and no explicit warning ist required anymore.
reply▲That just means the person sending the message didn’t bother to proof read their message before sending. And you don’t need to be on an iPhone to mistype a message.
A simpler explanation was that it was a shameful advert injected into the end of people’s emails.
I guess, it was probably intended as the second one (it was also the default email signature, so advertising that feature, as well), but its usefulness was definitely in the implied warning.
Mind that a written message used to be the gold standard for expressed intent, which changed quite radically with smartphones. (Historically, this development is probably an important prerequisite for the acceptability of LLM generated text, I guess.)
So an automatic "I am a lazy piece of shit and think my time and convenience are worth more than yours" warning? I guess that's useful.
reply▲masswerk50 minutes ago
[-] As in, "I put it on you to better check and follow-up before acting on this…" ;-)
reply▲I always felt like it was "I prioritized a speedy response on my phone instead of an elegant response from my computer at a later time".
reply▲When they added this it was extremely useful - it signaled that you could afford an iPhone. It was really easy to delete, yet people not only didn't, but they would go out of their way to respond from the iPhone just so that they could plausibly have this status symbol on their email.
reply▲computomatic7 hours ago
[-] I don't think the issue is the sign-off so much as that an existing PR was edited. Claude Code signs off when creating PRs and nobody seems bothered. But it won't edit an existing PR, and it won't sign off if I simply ask it not too (which I've automated). Editing any PR it touches - including one authored by someone else - is downright rude.
reply▲marcus_holmes7 hours ago
[-] > Claude Code signs off when creating PRs and nobody seems bothered
Not only unbothered, but genuinely appreciative of the notification.
> Claude Code signs off when creating PRs and nobody seems bothered
That's a great feature. When I open a repo and I see most commits co-authored by Claude, I can quickly dismiss the entire project as slop.
That's exactly where my mind went. It's zero percent more insulting to me than 'sent from my iPhone.'
If you don't want copilot garbage in your PRs, maybe don't use copilot to create or edit them?
"Sent from iPhone" doesn't contain a call to action, and doesn't exalt the features of the product.
reply▲It's still advertisement of the shittiest kind.
Comment made using Mozilla Firefox.
You misunderstood it's purpose:
Sent from iPhone - desirable cool rich person
Made using Mozilla Firefox - poor uncool nerd
It already does that, too, with the co-author
reply▲I would argue that is a net positive, it is valuable to know if a language model was involved enough to be committing itself.
reply▲Which Copilot was this? There are a bunch of different products that share that name now.
reply▲Microsoft has had a lot of naming blunders in the past but this has to be their worst. Copilot is currently, a tool to review PRs on github, the new name for windows cortana, the new name for microsoft office, a new version of windows laptop/pc, a plugin for VS code that can use many models, and probably a number of other things. None of these products/features have any relation to each other.
So if someone says they use Copilot that could mean anything from they use Word, to they use Claude in VS Code.
protocolture8 hours ago
[-] >Microsoft has had a lot of naming blunders in the past but this has to be their worst.
Nah I still rate "Windows App" the Windows App that lets you remotely access Windows Apps. I hate it to death, its like a black hole that sucks all meaning from conversations about it.
"Microsoft Remote Desktop" was such a good and distinct name. RIP.
reply▲hsbauauvhabzb8 hours ago
[-] It’s probably a useful feature: if it’s named copilot, assume it’s slop and avoid it.
reply▲Why are you "summoning copilot" to correct a typo?
reply▲Because people using LLMs get lazy and can't event type normal text themselves anymore.
reply▲I actually like that I don't have to leave Github to deal with various feedback, especially if I switched branches already to do other work.
reply▲GitHub (still) allows you to edit files directly in the browser without using AI.
reply▲I've always wondered how many people know about this. As someone who had to persist on Chromebooks for a bit (before Linux support), it was a godsend for quick fixes.
reply▲I wonder if 1) the PR was created using Raycast and this is the model signing its PR, or 2) if there was some prompt injection done at some point.
Either of these options would still be bad, but here the author suggests that it's just copilot that now just injects ads in its output.
I don't know how Raycast could run on the GitHub servers, but a third option could be dataset poisoning. Hostile raycast advertising campaign
reply▲Obnoxious ads in LLM output was my only 2026 prediction. But I expected OpenAI to get there first and wasn't sure whether the AI companies would first add traditional ad boxes or go straight for blighted responses.
reply▲VBprogrammer5 hours ago
[-] A little bit off topic but our company recently enforced Microsoft Authenticator for account login. Which I was mildly annoyed about but now I'm super pissed off because they have started abusing the notification permission granted to allow authenticator to work to push out ads for Microsoft 365. It feels like we've gone back to 90s Microsoft when everyone hated them.
reply▲As companies get more and more desperate to show profitable use of AI expect more and more of these Hail Mary attempts to get traction.
The runway on free cash to fund the current bonanza is running out and crunch time is near.
I've already be patient when claude code always signs my commits as co-author by defualt. Yes, it is.
But I'm also paying the plan. Theres something odd about a tool which i paid for using my output to AD itself.
NoNameHaveI26 minutes ago
[-] Similar to the Second Law of Thermodynamics which states entropy tends to increase over time in a closed system, I propose the Nth Law of Privatization: enshitification tends to increase with market capitalization/share over time.
reply▲santiago-pl2 hours ago
[-] It reminds me of Anthropic's Super Bowl ad: “Can I get a six pack quickly?” It actually turned out to be true.
reply▲Whatever the reason for the inclusion was here, the general problem is much bigger. People / companies / products can influence the direction of AI answers to put them in a better light and to be recommended more often. This isn't limited to just products even.
reply▲SV_BubbleTime7 hours ago
[-] If not on the surface, we’re all deep down aware that an initial era of an advertising-free new technology is once again almost over.
See you on neural links before “sponsored thoughts”.
It's already over, the problem is the missing transparency. With an LLM you have no idea what influenced the answer, and there is no good way to show it to the user.
reply▲ZeroGravitas6 hours ago
[-] Claude will add itself as a contributor to a PR, which I consider an ad.
reply▲To play devil’s advocate^, wouldn’t it be plagiarism if it didn’t?
^I find that turn of phrase to be particularly pleasing in this context.
etiennebausson2 hours ago
[-] No, it is a tool.
My IDE doesn't pretend to be a cohauthor of my work, neither should an LLM.
This seems to be happening a lot, not sure it is actually intentional
reply▲Man, what is the world coming to?
-Sent from my iPhone
feels like it's just hardcoded into the prompt.
not even trying to be subtle about it.
reply▲outrageous!
--
Sent from my Android phone
--
Sent from my iPhone
Self-advertisement has been creeping up on us on a lot of places, I am unfortunately pessimistic on how this will turn out
You could argue this is in keeping with consumer trends, unfortunately.
"Endorsing products is the American way to express individuality."
Calvin noticed it 30+ years ago.
After hiring the brightest minds on the planet for years, the best these companies can think of is more ads.
reply▲Was Raycast bought by GitHub or something? Why would it be advertising for Raycast?
Brought to you by Wendy's.
This is off the hook negligence and abuse they are training ads in on purpose now and think it's cool. We are doomed until it is all open source and only open source.
reply▲It’s even worse than the title says. As some other comments point out, this is in millions of repositories across GitHub.
More like, “Copilot edits ads into PRs.”
The title almost makes it sound like it could be a single fluke/one bad prompt but it’s really enshitification at massive scale.
https://github.com/search?q=%22%E2%9A%A1+Quickly+spin+up+cop...
Decision time, Western man: will you let the “tehe, just a miwtake xsxd UwU” slide or will you do something about? This is just a first pebble.
reply▲On the bright side, at least it's in the PR text and not the code? (... yet?)
Sheesh.
simonjgreen6 hours ago
[-] So does Claude, Codex, and Cursor. Albeit more subtle, but they are hardly shy about it
reply▲You can disable it. It's annoying wf.
reply▲Is Raycast even a product of Microsoft? If not, are we witnessing the first large scale prompt injection abuse?
reply▲Isn’t this more of a Raycast issue (apparently an agentic ai service) instead of GH Copilot itself?
reply▲I'm so tired of what initially looks like a perfect normal communication between two people, only to find that some third party has inserted itself like a parasite to exploit and extract human attention. That's why I use our sponsor, nord vpn ...
reply▲mememememememo6 hours ago
[-] I miss the good old days whem there were "hire me" ads in NPM installs.
reply▲I notice this kind of "Sent from iPhone"-type spam with other AI tools too. It's awful.
reply▲Its like microsoft wants to be google, except its very intrusive.
time is money, save both. try ramp.
Next up: watch a 30-second unskippable video ad to see your CI error logs!
reply▲as a non native speaker here please explain the meaning of PR to me.
reply▲hsbauauvhabzb8 hours ago
[-] Pull request, which is a request to merge changes in a git repository.
Or (not in this case) public relations , which is an interface with how the public views your product, service or company. In this case, copilot adding advertising into git pull requests is bad public relations for Microsoft, but the article author is referring to pull request as PR
At this point, Microsoft has lost all trust anyone might have had for them or their products.
Now is the time to move to Linux, and vibe code whatever niceties are keeping you on GitHub.
Using a LLM to fix a spelling mistake is retardedly lazy.
Presumably they used a free version of the LLM, therefore it is completely understandable that it inserted a snippet of text advertising its use into the output. I mean using a free email provider also adds a line of text to the end of every email advertising the service by default - "Sent from iPhone" etc.
Using a LLM to fix a spelling mistake is retardedly lazy.If you do it manually, sure.
If you have an agent watching for code changes and automatically opening PRs for small fixes that don't need a human-in-the-loop except for approving the change, it's the opposite of lazy. It eliminately all those tedious 1 point stories and let's the team focus on higher value work that actually needs a person to think about it.
Given time all small changes will be done this way, and eventually there won't be a person reviewing them.
reply▲That scenario doesn't require any explicit "summoning", and if there's a human in the loop approving the change, certainly they can fix the typo themself.
reply▲ex-aws-dude8 hours ago
[-] Sounds like a great use of energy and tokens, not overkill at all
In fact I don't even use Ctrl + F anymore and instead just use Claude for all my searches
Sounds like a great use of energy and tokens, not overkill at allAs much as AI uses a lot of energy, having something that fixes issues in the background is very likely to be a net saving if you consider the number of users who fail to complete a task due to the bug and have to either wait in a broken state or retry later.
It's probably using less energy than a person fixing the issue too. That's a guess though.
reply▲hrmtst938376 hours ago
[-] sed fixes typos faster. The absurd part is watching devs burn prod tokens on glorifed autocorrect, wait through LLM lag for a spelling fix, and then act shocked when the output comes back as word salad with a coupon code glued to the end.
reply▲Hopefully it is just copilot that is dying and not GitHub itself.
reply▲lloydatkinson2 hours ago
[-] What on earth is going on with that awful header moving around the page?
reply▲isoprophlex7 hours ago
[-] Satya "please don't say slop" Nadella eat your heart out. Magnificent amounts of value are truly being added by this tech.
I'll add: it doesnt really matter if this was the integration dumbly appending a message or the llm inserting the ad. Judging by the response to this submission, sneaky ad slop is now firmly inside the overton window, so for MS it doesn't make sense NOT to do it.
Seriously? Dont they want their system to succeed?
I cant think of a better way of alienating the target customer than this.
reply▲I don't see an ad, I see a warning. I like it.
reply▲People, we just solved the LLM watermarking problem.
reply▲I have a somewhat similar problem with github issue templates. They automatically stuff I don't care about or would propose and structure things in ways I don't like. Granted, I can edited this away, but it requires extra time and makes filing issues more work than before. Biggest case in point is the "I will adhere to the Code of Conduct". In general I do not care about CoCs and it is fascinating how CoCs leak into everywhere for some so-called "open source" projects. They don't seem to understand the issue when the licence does not require a CoC; even then the issue is not about the CoC in and by itself (though I also find them pointless), but that extra content is automatically added to issue templates in general, CoCs just being one of many spam-options. And I also recall some donation-ads that are automatically added too - I have no problem when projects request financial support, but if I file an issue then the issue is about the content of the issue, not about anything else.
reply▲Isn't this the same as
"Sent from my iPhone"?
I'm not a fan of LLM's injecting themselves into PR/commit content. If you use multiple models, basically whichever one is operating git gets all the credit. But, even if you wrote all the code yourself, and just submitted the PR with Claude Code (or whatever) it would attempt to take credit for the changes.
I currently have rules in all of my skill files forbidding models from advertising themselves or taking credit.
Everyone is doing this now. Granted, on Codex / Claude Code, you can disable it, it’s not the default to have it disabled. For some reason on Cursor, they keep shoving the “Made with Cursor” into my PR description despite me disabling attribution, which looks really stupid on a work PR.
I’m so tired of all this BS. Why did this become normal? and how do we not read this as cheap advertising?
annie5112667287 hours ago
[-] I think people read it as cheap advertising because a PR isn't really the tool's output, it's team communication.
A little "made with X" in your own draft is one thing. Putting branding into a PR your coworkers have to read is another.
charcircuit8 hours ago
[-] This looks like an ad for only Raycast which does not appear to be affiliated with Microsoft or GitHub at all so blaming Copilot or GitHub here is not justified.
Edit: The link in the promotion goes to
https://docs.github.com/en/copilot/how-tos/use-copilot-agent...
Which does show that this is affiliated with GitHub unlike what I thought. There are no mentions of this string in a code repository on GitHub (including the Raycast copilot extention).
Post the trajectory if this is real.
reply▲What do you mean with trajectory? Also, a simple github search will show you many hits for the Raycast text, proving that this is quite real.
reply▲The path of reasoning the agent took that led it to generate the output. The GitHub search bits got posted after my comment, so while it is clearly real, it just seems injected by Raycast.
reply▲This is real. I do not have access to the path of reasoning, this ran through the GitHub copilot app which does not grant you access to the chain of thought.
reply▲maybe every PR should be run through 2 other llms so they just remove the ads of competitors (or i guess you'll end up with all 3) /s
reply