How to turn off Copilot and protect your data from Microsoft's AI (proton.me)

Microsoft has pushed Copilot — its generative-AI assistant powered by OpenAI’s GPT family (including GPT‑4o) and Microsoft’s own models — deep into Windows 11, Edge, Bing and the Microsoft 365 suite, even shipping Copilot+ PCs with a dedicated key. The rollout is part of a major Microsoft/OpenAI bet to make AI a core OS and productivity feature, but the integration is tightly coupled with Microsoft Graph, connectors to services like OneDrive/Google Drive, and both cloud and local clients (web app, Windows app, Gaming Copilot). That tight integration raises material privacy and security concerns for the AI/ML community and end users: only Microsoft 365 enterprise admins can fully uninstall Copilot; consumer users can only disable it per-app, hide taskbar icons, or toggle privacy settings in the Copilot web app (turn off model training on text/voice, delete memory, disable connectors). Important technical implications: Copilot interactions may be logged and used for model training, Microsoft’s service terms grant broad processing rights to user content, and human reviewers may access prompts/attachments. Security risks are real — e.g., EchoLeak (CVE‑2025‑32711), a zero‑click M365 Copilot flaw that exfiltrated data, illustrates attack surface from automating access to emails/docs. Data can cross jurisdictions (CLOUD Act exposure) and, once used for training, cannot be “untrained.” Users worried about data governance should prefer enterprise controls or switch to privacy-first assistants.