Copilot's use of Microsoft Graph and DeepSeek's data handling differ significantly in terms of data collection, usage, and security practices.
Copilot and Microsoft Graph
Microsoft Copilot integrates with Microsoft Graph, which acts as a central API connecting various Microsoft applications and services. This integration allows Copilot to access and process data from Microsoft 365 apps, such as emails, documents, and user profiles, enhancing its ability to provide contextually relevant responses and suggestions. The Microsoft Graph ensures that Copilot can leverage organizational data securely, respecting privacy and compliance boundaries within an organization's tenant. This means that Copilot only accesses data that the user has permission to view, maintaining a high level of data security and privacy[1][4][6].
Copilot uses Microsoft Graph for both pre-processing and post-processing of data. During pre-processing, it grounds itself in the context provided by Microsoft Graph to generate more accurate responses. After generating responses, it again uses Microsoft Graph to refine the output, ensuring that the information is relevant and secure[1]. This synergy between Copilot and Microsoft Graph enhances productivity by automating tasks and providing personalized insights based on organizational data[4].
DeepSeek's Data Handling
DeepSeek, on the other hand, collects a wide range of user data, including keystrokes, IP addresses, device information, and chat history. It also gathers data from third-party sources, such as advertising and analytics partners, to build a comprehensive profile of user behavior. This data collection extends beyond the chatbot itself, tracking interactions across multiple platforms and combining user data with mobile identifiers and cookie tracking[2][5].
DeepSeek stores user data in secure servers located in the People's Republic of China, raising concerns about data sovereignty and potential access by government entities[5]. Additionally, DeepSeek has faced security issues, including an exposed database that leaked sensitive information such as chat history and backend details[8]. The app also employs anti-debugging mechanisms and has been found to have security vulnerabilities like weak encryption and hardcoded keys[9].
Key Differences
- Data Collection Scope: Copilot focuses on organizational data within Microsoft 365, ensuring privacy and compliance, while DeepSeek collects a broader range of personal data, including keystrokes and third-party information.
- Security Practices: Microsoft Graph provides a secure framework for data access, whereas DeepSeek has faced security vulnerabilities and data leaks.
- Data Usage: Copilot uses data to enhance productivity and provide contextually relevant responses within Microsoft applications, whereas DeepSeek builds comprehensive user profiles that can be used for targeted advertising and other purposes.
- Geographical Data Storage: Copilot's data is managed within Microsoft's secure infrastructure, while DeepSeek stores data in China, raising concerns about data sovereignty.
Citations:
[1] https://www.reddit.com/r/microsoft_365_copilot/comments/1bywp4x/microsoft_graph_and_copilot/
[2] https://www.expressvpn.com/blog/is-deepseek-safe/
[3] https://www.youtube.com/watch?v=omXgX9Azn78&vl=en
[4] https://dev.to/borisgigovic/exploring-the-relationship-between-microsoft-graph-and-microsoft-copilot-b02
[5] https://www.forcepoint.com/blog/insights/does-deepseek-save-data
[6] https://datanorth.ai/blog/microsoft-copilot-what-is-it-and-how-to-use-it
[7] https://learn.microsoft.com/en-us/graph/api/reportroot-getmicrosoft365copilotusageuserdetail?view=graph-rest-beta
[8] https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
[9] https://securityscorecard.com/blog/a-deep-peek-at-deepseek/