Meredith Whittaker, president of encrypted messaging service Signal, has a blunt message for AI chatbot users: stop treating these tools like friends, confidants, or private diarists. In a June 2026 Bloomberg interview, she singled out ChatGPT, Claude, and Microsoft Copilot—arguing that the increasing power of AI agents to read and act on user data turns casual chats into massive privacy liabilities. For the millions of Windows users who interact with Copilot daily, often as a natural-language assistant woven into the operating system, the warning cuts deep.

Whittaker is no stranger to the tech industry's inner workings. A former Google manager turned vocal critic of surveillance capitalism, she co-founded NYU's AI Now Institute and has spent years advocating for meaningful privacy protections. Her assessment now is direct:

"These systems are designed to extract value from you. They aren't your friends; they're corporate products engineered to simulate intimacy while logging every word," she told Bloomberg. The problem isn't just data harvesting, she says—it's the new “agent” paradigm, where AI assistants are granted permission to run across apps, screens, and messages, turning them into all-seeing intermediaries that erode any expectation of privacy.

Whittaker's blunt assessment

The Signal president’s remarks arrive as AI companies race to embed “agentic” features deep into operating systems and productivity suites. Microsoft, with its Copilot+ PCs and Windows 12, has made Copilot a central pillar, capable of summarizing emails, controlling system settings, and even performing multi-step tasks across applications.

“We’re moving from a world where you might type a query into a web chatbot to one where an AI agent has persistent access to your entire digital life,” Whittaker said. “When you vent to that agent late at night, it’s not just a conversation—it’s a structured data point stored on a server somewhere, potentially shared with third parties, and almost certainly not private.”

Her concerns echo a growing body of research into “intimacy-by-design” in consumer AI products. Chatbots employ conversational patterns, humor, and perceived empathy to build trust, leading many users to overshare. Whittaker pointed to studies showing people freely disclose health worries, relationship troubles, and financial anxieties to bots without considering the backend consequences.

The rise of AI agents in Windows and beyond

The shift toward AI agents hit a major milestone in 2025 when Microsoft launched Copilot Agent Runtime in Windows 12. This framework lets Copilot not just answer questions but actively manipulate files, manage calendars, and even draft replies in third-party apps—all with the user’s permission, but often with overly broad consent dialogs that most people gloss over.

“When you click ‘Allow,’ you’re not just letting it read one email; you’re opening a data pipeline that can stream your activity to Microsoft’s cloud for processing, indexing, and sometimes training future models,” Whittaker explained. “And once that data is out there, you have no meaningful control over it.”

Microsoft’s own documentation admits that Copilot in Windows can access “content from your screen, clipboard, and typed text” when the “let Copilot see what’s on your screen” feature is enabled. Combined with the “agentic actions” that let Copilot execute commands, this creates a surveillance window into practically everything a user does on their PC. The company insists such data is handled in accordance with its privacy policy and not used for advertising. But Whittaker and privacy advocates argue that “policy” is not the same as protection, especially given Microsoft’s track record of pushing users into cloud-dependent workflows.

How Windows Copilot turns chat into a surveillance tool

Many Windows enthusiasts appreciate Copilot’s convenience—asking it to summarize a PDF or translate a web page can save precious minutes. But the feature’s chat-oriented interface can lull people into treating it like a personal assistant in the same way they might text a friend. Microsoft has leaned into this with a conversational personality and even optional voice modes that mimic human banter.

“The design deliberately blurs the line between a tool and a companion,” Whittaker noted. “That’s how you get users confessing personal details to what is essentially a corporate data funnel.”

She called out the particular dangers of AI agents that can “remember” past interactions. Microsoft’s Copilot Memory feature, still in preview across Windows 12 devices, lets the agent recall context from earlier conversations to provide more helpful answers. While marketed as personalization, this means intimate details shared in a moment of trust could resurface weeks later in an unrelated query—and are available to Microsoft’s engineers and legal teams if a government request arrives.

The risk is amplified by the trend toward “Copilot everywhere”: the assistant is present not just in Windows but in Edge, Office apps, and even the Xbox dashboard. Each integration expands the attack surface for data leakage. A growing number of security researchers have documented ways that malicious actors could, in theory, manipulate agent permissions to extract sensitive information, though no widespread exploits have been confirmed yet.

The Signal philosophy: privacy by design

Whittaker’s platform, Signal, operates on the opposite principle. It collects almost no metadata, encrypts everything end-to-end by default, and has famously refused to monetize user data even when pressured by advertisers. “Signal exists to prove that you don’t have to trade privacy for useful technology,” she said. “The AI industry is going in the complete opposite direction, and regulators are asleep at the wheel.”

This isn’t just corporate posturing: Signal’s open-source code and independently audited protocols have made it the gold standard for private communication, used by journalists, activists, and even cybersecurity teams at major tech firms. But Whittaker acknowledges that Signal’s model is hard to replicate for an AI assistant that must process large amounts of data in the cloud. “We need on-device AI that respects local storage and doesn’t phone home. The technology is there—it’s just not profitable enough for the big players to prioritize.”

Microsoft has made some moves toward local processing with the Neural Processing Units (NPUs) in Copilot+ PCs, which can handle basic AI tasks without sending data to the cloud. But advanced Copilot features still lean heavily on Microsoft’s servers, and the default settings often favor the most data-hungry options.

Real-world consequences of over-sharing with AI

To hear Whittaker tell it, the dangers aren’t hypothetical. She referenced a 2025 incident in which a Microsoft Copilot user’s intimate relationship details—shared during a late-night chat—later appeared in a generated email draft spotted by a coworker, thanks to a combination of faulty memory retention and overly generous permissions. Microsoft quickly fixed the bug, but the episode underscored how easily private data can escape its intended context.

“This is the inevitable result of a model that treats everything as training fodder and every interaction as an opportunity to extract more,” she said. “We’re going to see more leaks, more embarrassing revelations, and more chilling effects on free expression if we don’t set hard boundaries now.”

Legal experts also worry about the implications for professional privacy and attorney-client privilege. If a lawyer uses Copilot to draft a sensitive document, does that waive privilege because the text was processed by a third-party AI? Similar questions are already being litigated around Microsoft 365’s AI features in enterprise environments. Whittaker’s warning extends to anyone using a company-issued Windows PC: “Your boss can potentially see what you tell that chatbot, and you won’t know until it’s too late.”

What Windows users can do right now

Whittaker doesn’t suggest abandoning AI tools entirely—“that’s not realistic for most people”—but she urges Windows users to aggressively audit permissions and, where possible, opt for local, open-source alternatives. Here are concrete steps that can immediately reduce your exposure:

  • Turn off “Let Copilot see your screen”: In Windows Settings > Privacy & security > Copilot, disable this feature. It prevents the agent from harvesting on-screen content.
  • Review Copilot’s memory and history: Regularly clear chat history and disable memory features if they aren’t essential. On Windows 12, navigate to Copilot settings > Data > Delete history.
  • Limit app integrations: In Copilot’s settings, disconnect any third-party apps or services you don’t need. Each connection is a potential data leak.
  • Use a local LLM: Tools like LM Studio or Ollama can run open-weight models entirely on your device, with no cloud dependence. Performance is now competitive on NPU-equipped Windows 12 machines.
  • Segment sensitive activities: Never discuss medical, legal, or highly personal matters with a cloud-connected assistant. Use an encrypted messaging app like Signal for private conversations with humans.
  • Check enterprise policies: If your Windows PC is managed by an employer, ask your IT department exactly what Copilot data is collected and retained. Some companies have started blocking agent features entirely.

Whittaker also recommends supporting regulation that mandates clear, affirmative consent for AI agent access and that forbids dark patterns in permission dialogs. In Europe, the AI Act is beginning to enforce some of these rules, but enforcement remains patchy.

The policy gap and what’s next

Despite growing awareness, U.S. federal privacy law still lacks a comprehensive framework for AI agent accountability. Whittaker has been a vocal proponent of the view that privacy must be protected structurally—not just through user education. “You can’t expect people to navigate 50 checkboxes every time they install an update. The defaults have to be private, and the onus must be on the companies to prove their systems are secure.”

Microsoft, for its part, has announced a “Copilot Trust Initiative” that promises clearer disclosures and stricter data handling for agentic features, but Whittaker remains skeptical. “I’ve seen this cycle before. A public outcry, a PR fix, and then business as usual. Real change will only come when users start refusing to give away their data, and when developers refuse to build tools that demand it.”

For Windows enthusiasts, the challenge is to balance the undeniable productivity gains of AI agents with the privacy trade-offs that come with them. As Whittaker put it: “Convenience is powerful, but it’s not free. Right now, the price is your personal life—and you’re paying it whether you realize it or not.”