I disagree. Maybe certain sensitive things are outside that folder such as browser cookies, but most users have a LOT of sensitive stuff there. "Tax forms 2023.pdf" for instance.

It's similar to UAC - a good and important protection, but fundamentally if you're letting code run with access to your plain old non-administrator documents that's where the biggest data threats are.

But how is this worse? If you run an agent now, it will run with your privileges. If you run an agent after this feature, it will run with limited privileges as specified by you.

Heaps of ranting here about agents sucking down private data to Microsoft servers without your knowledge, where a cursory look at this feature is to give you more control if you actually want to use agents. Sure, it might be learned reflex behavior, but that is exactly what OP was talking about.

It's worse because they're exposing these features to the kind of people who aren't running agents now.

It literally says in the article:

"This feature is completely optional and is never turned on by default."

Reading the full article this is just a power user feature and in beta at that. I can see where it could be useful and the fact it puts further restrictions on how each agent works mitigates security issues.

For now. Features that are opt-in in developer preview have a way of becoming defaults later.

Fundamentally, having a model that makes it easy to give access to an entire library instead of requiring explicit tight scoping of access to individual files is dangerous and teaches people to make mistakes that can lead to data misuse and leaks.

> For now.

What evidence are you basing that on?

From what I read of the article if it was on by default, it does nothing.

When it's on you get the option to create an agent. That's when you need to be careful.

Even so, the current version is off, it has a big warning about the dangers of using it before and during switching it on.

> that makes it easy to give access to an entire library instead of requiring explicit tight scoping of access to individual files is dangerous

Again from the article, the user literally set the access rights of the agent.

> but most users have a LOT of sensitive stuff there. "Tax forms 2023.pdf" for instance.

So don’t give it access?

It clearly says it’ll have granular ACLs. How is this any different from something like Gemini CLI or Claude Code where you’re running it in your src directory?

It’s basically that, but for non-devs and with a GUI instead of a TUI.

Interesting that you see the sheer amount of criticism, week after week, and assume it must be bad faith by microsoft critics rather than bad faith by microsoft.

the critics always complain about what bad thing Microsoft will do in the future, rarely about what they are actually doing

secureboot was supposedly an evil conspiracy to block running linux on computers. secureboot is everywhere now, and Linux still runs on personal computers

Except that one line of Microsoft PCs that only run Windows because secureboot enabled Microsoft to make it so.

yeah, but the argument was that all PCs built by anyone will be blocked from running Linux.

Are you kidding? This is pure theft. If I got into your computer and accessed your Documents and Desktop, I'd be in jail but its OK when Microsoft does it.

Most apps on Windows can already access those folders though, except for UWP/AppContainer apps (which require particular capabilities to access them). I think the same is generally still true of the equivalents on most Linux distributions despite that things like SELinux exist.

That, and how many commenters in this thread are using something like Claude Code with their src directory as context? This is no different. It’s [claude code/gemini CLI/codex] but for non-devs and with a GUI instead of a TUI.

I feel like everyone here is overly dismissive of this because it’s cool to hate Windows in these parts, but this could be genuinely useful for your average office drone. Much like we love to shit on Copilot for M365 but it’s been extremely useful to the non-tech folks at my work.

wouldnt the more apt comparison being that anthropic uses a zero day to run claude code as root on / with "dangerously ignore permissions" turned on?

claude code is quite useful, but its a tool that accepts the context i give it, and it asks for permissions before it does things

Interesting fact: Codex has access to all the files your current user has access to as well, even if you just opened it in the src directory.

Microsoft is not giving themselves access to your Docs and Desktop. They're giving you a tool that allows you to give an Agent access to files when you want the agent to do things with those files. If you don't set out to use an agent, none of that even happens. They're not proposing to just add an agent that when you boot your computer scans all your files to come up with random ideas.

Normally, if you just open a random program you installed in Windows, the program also "can access" all the files in your home directory without even asking your permission. That doesn't make Photoshop, notepad or MSPaint malware. They'd be malware if they did bad things with them without your permission, but it's bad faith to assume that Microsoft plans to someday trick you into enabling this feature and using an agent that exfiltrates your files.

Does this not run locally?

Obligatory https://xkcd.com/1200/

Just replace "someone steals my laptop" with "Microsoft installs malware"