Microsoft's Gaming Copilot automatically captures screenshots, but you can turn it off

[Alfonso Maruccia]

Facepalm: Microsoft is increasingly pushing its Copilot AI service onto lower-tier Windows users. The company aims to "help" gamers with Gaming Copilot, but the tool may raise privacy concerns by capturing screenshots during gaming sessions.

Microsoft appears to be capturing large numbers of screenshots through Gaming Copilot, extracting text from them, and using the data to further train its AI models. A user recently discovered a potential breach of both privacy and trust related to the Copilot tool, which is now automatically installed on Windows 11 PCs alongside the latest OS updates.

A ResetEra forum user named "RedbullCola" discovered what Gaming Copilot was doing by analyzing network traffic from his system. According to his findings, the chatbot was sending almost all of his activity to Microsoft, including an unreleased game he was playing under a non-disclosure agreement with the developers.

In short, Gaming Copilot was taking screenshots of RedbullCola's gaming session, extracting text using OCR algorithms, and transmitting the data to Microsoft servers. This behavior potentially violated the user's privacy and, paradoxically, placed him at risk of breaching his NDA, meaning he could have been both a victim of Microsoft's AI exploitation and inadvertently implicated in violating confidentiality terms.

The automatic screenshot feature is enabled by default, according to RedbullCola, but it can be disabled through the Gaming Copilot settings in the Xbox Game Bar. Microsoft introduced the Copilot for Gaming service earlier this year, promoting it as an "intelligent" assistant that could help players improve performance with tips, narrated walkthroughs, and more.

However, Microsoft did not disclose to RedbullCola – or any users – that the service would collect screenshots and other data to improve its AI models. While some may view this as a minor privacy concern, it could also draw scrutiny from EU authorities under GDPR regulations.

ResetEra users are now debating whether Microsoft is using Gaming Copilot data to train AI models or merely to enhance the service. The distinction may be largely semantic, given that any collection of personal gaming activity raises potential privacy issues.

Copilot and other AI-driven features recently added to Windows PCs are fueling growing unease among users. Some vendors are pushing back, and users concerned about privacy may wish to disable all AI and Copilot features while using Windows.

Permalink to story:

Microsoft's Gaming Copilot automatically captures screenshots, but you can turn it off

 

[Theinsanegamer]

Anyone who trusts Microsoft after years of their lies deserves whatever they get.

 

[NumberNine]

Windows 10 IoT LTSC doesn't go out of support until 2032 and MAS are so easy to use.

 

[Kirby1]

It's an option feature, and I can't imagine screenshots from games is going to be a major privacy concern for many. This actually seems like a useful feature if it works well enough.

 

[Theinsanegamer]

It's an option feature, and I can't imagine screenshots from games is going to be a major privacy concern for many. This actually seems like a useful feature if it works well enough.

It's an undisclosed system taking recordings of your actions and sending them to a remote server. We call those keyloggers and spyware.

How exactly would this be useful? I see no use for the average user, but lots of use if MS wanted to spy on what you do in order to sell your data to advertisers.

 

[brucek]

It's an option feature, and I can't imagine screenshots from games is going to be a major privacy concern for many. This actually seems like a useful feature if it works well enough.

Windows has literally thousands of settings. This one is for a "feature" most users would not dream even exists, and is buried in a sub-component of another component many users never summon or view. According to the article it is enabled by default. That's not an option, at least not an informed consented one.

"Games" covers a lot of territory and there are some that function at least partly as social hubs as much or even more so than the gaming portion. (I.e., there was a time all the school kids were essentially using Fortnite as their class discord.)

Then there's say online poker for real cash. Think those players would care that certain employees in Microsoft can view their cards in real time?

 

[Kirby1]

Windows has literally thousands of settings. This one is for a "feature" most users would not dream even exists, and is buried in a sub-component of another component many users never summon or view. According to the article it is enabled by default. That's not an option, at least not an informed consented one.

"Games" covers a lot of territory and there are some that function at least partly as social hubs as much or even more so than the gaming portion. (I.e., there was a time all the school kids were essentially using Fortnite as their class discord.)

Then there's say online poker for real cash. Think those players would care that certain employees in Microsoft can view their cards in real time?

CoPilot can already do a lot more than this. Right now I could open AutoCad and have CoPilot watch my screen and help me with the program if I wanted to, and I don't even have an NPU in my PC.

Obviously having anyone, AI or not, watch your screen so they can help you is less private. I agree it should be disabled by default, but it's in beta right now so hopefully they make it less intrusive.

However nothing is being viewed in real time by any human on Microsoft's end and the article does not suggest that.

 

[Watzupken]

Microsoft’s only goal is to sell you software to farm data. Windows is no more my go to OS for more than a year and all these “extra” spyware affirms my decision to abandon it. It’s bloated with telemetry, undesirable new features for me, and a heavy burden on the hardware. To put it bluntly, the retail version of Windows is no longer fit for purpose. It’s fit for Microsoft’s purpose.

 

[brucek]

However nothing is being viewed in real time by any human on Microsoft's end and the article does not suggest that.

You mean nothing is supposed to be viewed in real time by a bad actor at Microsoft. And I'd bet they even have real policies about that and would act on them should someone be caught. That said, I also think there's plenty of historical precedent to believe that someone has already thought of and acted on this opportunity to make money, or something like it (I'm talking about humans generally, not Microsoft specifically.)

 

[OortCloud]

Anyone who trusts Microsoft after years of their lies deserves whatever they get.

While I agree, they are a cuddly bear in comparison to Meta, Amazon, Google etc.

 

[MasterAce]

If the product is free, then you are the product. And Windows isn’t even free.

 

[dangh]

Windows 10 IoT LTSC doesn't go out of support until 2032 and MAS are so easy to use.

It is still windows and you are not gaining anything by sticking to it. Time to switch, and Linux is already good enough to use. If you won't change yourself, nothing will change for you.

 

[Kirby1]

You mean nothing is supposed to be viewed in real time by a bad actor at Microsoft. And I'd bet they even have real policies about that and would act on them should someone be caught. That said, I also think there's plenty of historical precedent to believe that someone has already thought of and acted on this opportunity to make money, or something like it (I'm talking about humans generally, not Microsoft specifically.)

The ability to stream a video or real time info back to a human overseeer like that is not part of how this works. Not saying you should trust Microsoft, but they are not watching people through copilot.

 

[brucek]

The ability to stream a video or real time info back to a human overseeer like that is not part of how this works. Not saying you should trust Microsoft, but they are not watching people through copilot.

Again, you're confusing official policy vs. the right person's technical capability. Somewhere there are engineers who designed the APIs that receive and process the OCR'd screen extracts. Beyond them there are dev ops or other technical staff who maintain the servers and databases that run those APIs and store the results. Should any of them go rogue, it would not be rocket science to filter for unique aspects of certain online poker sites, and then extract player hands. That's just the first random scheme that popped into my mind; I'm sure there's lots more and better including ones that extract value from historical data vs. real-time data.

I've gotten in the weeds. Putting it in bigger picture terms, the fact that some users may not feel violated or see how this could harm them, does not mean that is true for all users.

 

[Kirby1]

Again, you're confusing official policy vs. the right person's technical capability. Somewhere there are engineers who designed the APIs that receive and process the OCR'd screen extracts. Beyond them there are dev ops or other technical staff who maintain the servers and databases that run those APIs and store the results. Should any of them go rogue, it would not be rocket science to filter for unique aspects of certain online poker sites, and then extract player hands. That's just the first random scheme that popped into my mind; I'm sure there's lots more and better including ones that extract value from historical data vs. real-time data.

I've gotten in the weeds. Putting it in bigger picture terms, the fact that some users may not feel violated or see how this could harm them, does not mean that is true for all users.

Your statement is pure unfounded speculation, basically a conspiracy theory with no actual evidence beyond AI bad Microsoft bad AI send data bad.

It's completely fair to have objections to this, but nothing about it rises to the level of spying that you claim.

 

[brucek]

Your statement is pure unfounded speculation, basically a conspiracy theory with no actual evidence beyond AI bad Microsoft bad AI send data bad.

If you mean as to is this exact scam happening this minute, of course I have no idea. I was giving a hypothetical example not an indictment.

As to how a "cloud" API could receive and store data and how that data could be accessed, well I do the (honest part) for a living so I do know a little bit.

As to industry and government issues whereby employees did not follow policies and accessed data inappropriately, while companies are not typically eager to publish the stats or individual actions taken, I've been around long enough to know this not a hypothetical future thing that might one day happen one time; it's an ongoing issue that companies with strong enough internal audit processes are all too familiar with. IIRC the IRS used to disclose stats on how many new hires it fired in their initial probationary period, where it explained "use this data retrieval system only for IRS business" and sure enough out of every new crop there were always a few who were searching for celebrities, exes, what-have-you right off the top.

Again though, why should I have to fight to defend my data staying on my computer? Whether for solid good reason or just a personal preference you might consider silly, I think we as a society ought to start with Microsoft not being able to unilaterally start screen-shotting (even if "just" OCR'd) all its users screens and storing with no meaningful informed consent. Many states have laws making it illegal to record just the voice of even a single person without their consent. Yet it's OK for Microsoft to steal this data from millions of users because it wants to?

 

[Kirby1]

If you mean as to is this exact scam happening this minute, of course I have no idea. I was giving a hypothetical example not an indictment.

As to how a "cloud" API could receive and store data and how that data could be accessed, well I do the (honest part) for a living so I do know a little bit.

As to industry and government issues whereby employees did not follow policies and accessed data inappropriately, while companies are not typically eager to publish the stats or individual actions taken, I've been around long enough to know this not a hypothetical future thing that might one day happen one time; it's an ongoing issue that companies with strong enough internal audit processes are all too familiar with. IIRC the IRS used to disclose stats on how many new hires it fired in their initial probationary period, where it explained "use this data retrieval system only for IRS business" and sure enough out of every new crop there were always a few who were searching for celebrities, exes, what-have-you right off the top.

Again though, why should I have to fight to defend my data staying on my computer? Whether for solid good reason or just a personal preference you might consider silly, I think we as a society ought to start with Microsoft not being able to unilaterally start screen-shotting (even if "just" OCR'd) all its users screens and storing with no meaningful informed consent. Many states have laws making it illegal to record just the voice of even a single person without their consent. Yet it's OK for Microsoft to steal this data from millions of users because it wants to?

Can Microsoft or a government agency spy on users in a bunch of different ways? Yes, absolutely.

Is Microsoft doing that with CoPilot gaming via screenshots that get sent back to servers in non-image format? 99.99% chance they are not. Even if they love spying on people all the time and have no issues breaking privacy rules and lying about it straight to our faces, it wouldn't even be an efficient or effective way of doing that with so many other options at their disposal.

Vastly more like is that they want to use player gaming interaction data to help train their AI, and they are pushy about it by enabling the data collection by default, but Microsoft is hardly alone here in wanting to collect data to train their AI and being pushy or annoying about it when infact that is the typical trend from all major tech companies.