Microsoft hits back at claims it slurps your Word, Excel files to train AI models Microsoft's Connected Experiences option in its productivity suite has been causing consternation amid accusations that the default setting might allow Microsoft to train AI models using customers' Word and Excel documents and other data. The Windows giant vehemently denies the claims. A spokesperson told The Register: "In …
"Microsoft does not use customer data to train large language models without your permission."
We asked Microsoft what it meant by "permission" and if the permission was opt-in or opt-out, and the IT titan has yet to respond.
The key word is "permission". What permission, and how is it obtained? Probably by agreeing "yes" to the Windows EULA - doesn't that give them the ability to help themselves to any file on your PC, for any purpose, at any time?
Microsoft's "Connected Experiences" has existed for years in Office and from reading the terms (prior to the current AI craze) "permission" means you ticked the box to get your local weather forecast displayed in Outlook. When you asked for local weather to be displayed in Outlook, or access to the thesaurus in Word, you may not have noticed that also gave Microsoft permission to do whatever they want with all of your most private data but you should have guessed really. It says it clearly on page 75.
Yes, how else do you suppose they got enough high quality data to train GPTs 1-4 ...
I also note that for "work/school accounts", " connected experiences" is mandatory, turned on via group policy (i guess probably on by default, and requires a friendly BOFH to turn it off)
It amazes me how "work/school" are assumed to be allowed to make deleterious privacy decisions on your behalf
Page 75, which I hope you read each of the 13 times they've obsequiously updated their ToS since you first read it, which they'll present to you at the most opportune moment while you're in a rush of some kind before allowing you to access the product you've been relying on. Living services are a scourge.
Because if the situation was "it is only used if you explicitly opt in" then they would have said so. Saying "permission" leaves open a lot of doors, especially with click through EULAs or volume license agreements for enterprises. I mean you'd hope companies would have lawyers go through VLAs with a fine toothed comb, but if not all of them do such a clause giving permission unless you send them a written notice otherwise might escape unchallenged for enough companies to give them plenty of juicy training data.
If it turns out that it is explicitly opt-in only then you'd have to wonder at the incompetence of Microsoft's press relations to simply say "permission" and let people's minds go wild with the possibilities. Which they should have expected would happen, given Microsoft's rather pathetic record on that front - especially considering the botched rollout of Recall.
This post has been deleted by its author
I've come across that wording also with their predictive text privacy statement and asked our IT to tell me whether we've declined to give this permission. The only response they'll give me is that the use of the MS cloud apps has gone through DPIA and been approved. This tells me 1) they don't even know how to check, 2) the DPIA didn't consider this, and 3) MS defaults being what they are, we've surely 'given' the permission.
I don't use the Office suit much any more.......But, having to use GPO, registery settings, and 17 different firewall outbound rules to stop the M$ sniffing and taking is something people shouldn't have to do to use a paid for product.
I don't use OutLook any more (it's thunderbird now) because of how polluted it is with crap. If M$ continues down this road I may just throw Office under the truck and leave it there until the end of time. I will miss Word and Excel but it seems this option is no longer up to the customer anymore.
You know that Daddy MS knows what is best for you... (sic)
Seriously,
It has to be time for people to give them the finger wherever possible. The security risks are just waiting to be exposed.
OTOH how long will it be for your fictional story that includes doing away with a major political figure results in a knock on your door at 04:00? I'm not saying do that but as of writing this, I can write a story where someone plots to kill someone else and gets stopped in the process of doing so and NOT be sent to Gitmo. But for how long after 20th Jan 2025?
MS will steal your data (just like Google etc) if you let them. Stop using MS (and Google etc). Protect your data from the thieves. You know it makes sense.
try to install outlook mobile, for example, and have a look at how many different domains it connects to, they do not even try to group them up to make it look less 'massive' (or they do the grouping already and it's really a massive data gathering operation...)
>Fairly easy to show that it's leaving your PC
The majority of people using Office are using Office365 so everything goes to the cloud. Ironically those users with the most sensitive data are more likely to be using Office365 vs a local copy
>And say you do prove a badness, who goes to jail?
Did you do anything hacker-ish to prove this ? Like running wireguard or a VPN or Kali Linux or anything else "cyber"?
Then you do
+> Fairly easy to show that it's leaving your PC
Is it?
Wouldn't it be using the same encrypted channel as all the other "telemetry" that it sends?
And with a Copilot+ PC, it won't even need to send the raw data, it will just send a low-rank adaptation matrix which lossily and noisily encodes everything you have ever typed or displayed on your screen. It is literally the difference between you and the average user, encoded as a LoRA. Everything they need for both training and surveillance, but without the pesky legal issues.
This isn't standard Microsoft/Windows bashing but, despite how much they might protest, the reasonable assumption is that all these companies are using your data until it is demonstrated otherwise. That Pokemon Go data has military applications is the latest crowning turd in that water pipe.
That said, I did look up what Connected Services entailed after the widely distributed advice to turn it off, and it seems like "and all the other stuff Word does for you", rather than AI training. I don't remember turning it on, though.
"The Connected Services setting is an industry standard setting "
A whole family of weasel word there.
Which industry? The Microsoft industry?
Whose standard? An independent open standard, a standard set by an OSI committee dominated by Microsoft acolytes or a Microsoft standard?
What's the setting? Slurp?
> Depends if they think they can get away with it.
Exactly. They will try it, if only because it's the cheapest choice. And if the EU (eventually) starts complaining, they will claim they are misunderstood and everything was for the users' benefit (and "somebody think of the children", too), and thus try to stall for as long as possible. After all managers never plan beyond 2-3 financial quarters.
Even if there is an option to opt in/out of this data slurp, what possible justification is there for building-in such capabilities?
Nobody with half a brain cell would want MS to trawl through their word documents for any reason whatsoever, so what possible twisted thinking goes on at MS to think such an option is viable?
Years back, MS used to be run by arseholes. Now it’s run by fucking megalomaniac scum
> what possible justification is there for building-in such capabilities?
Collecting precious "telemetry"? I mean, what was the rationale for everything else they did lately? Think of Recall©™, that's another feature which isn't really of any use, it might even be dangerous for the sucker client. But Microsoft decided they can make money from that, and that's the only justification it requires.
They are utterly shameless, and given this has no negative effects on their bottom line, they will keep increasing the spying while progressively dropping any pretense of decency.
Is this Opt-in or Opt-out
"There are circumstances where enterprise customers may want or consent to our use of their data for foundation model training, such as custom model development requested by the customer.""
These people really need their heads repeatedly smashed against their desks until they give a straight answer.
Tech is just run by assholes employing people without a choice.
Given how much they want to slurp your data everywhere else, its hard to believe they dont already repeat the same from Word and XL.
Its almost like their lawyers are useless and couldnt automatically request/ force permission around word and xl files from the start.
Fire them Bill, your lawyers arent doing their job...
Unfortunately, most of Microsoft's communications are in Corporate Lawyer Speak. In other words, Weasel worded gobbledegook which could mean anything when taken to court. I have lost trust in Microsoft, and have ditched all of their products. Most Big Tech has gone, or is going, in the same direction.
Is this something to do with that office ai.exe that I keep finding running on my PC and burning up 20% of my CPU? The one I keep deleting and it keeps reinstalling itself? Once upon a time that would have been regarded as malware.
When and why did this kind of thing become acceptable practice?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
