Copilot is weird and can give out very weird responses that have little to do with your conversations.
And of course it might just grab context depending on what you do (e.g. clicking the copilot button might already do that).
I found it works best as GPT model if you disable the fancy stuff like search. It too easily looses track of what happened or completly goes off the rails.
(i believe disabling search is a beta feature in some regions, but its a hidden flag you can theoretically set, i made a tampermonkey script to add a button).
I hate the slow UI of Copilot, so i translate requests from a different GPT interface.
afaik, most if not all modern browsers and clients in e.g. apps, use Diffie-Hellman key exchange in TLS.
Some Apps go even further and implmement certificate pinning, only allowing a set of specific certificates the server is allowed to “present”.
You can only break it by an active Man in the middle attack, presenting your own Diffie-hellman parameters toeachother and signing them with a certificate the client trusts (we can probably assume US agencies have access to some CA keys and can do this)
I dont think this is very feaseable on a large scale as you’d need to intercept every interesting connection, break the handshake, risking detection, and further proxy and process the whole traffic.
Metadata will be more juicy en mass than the content and easier to obtain with less risks.
bUt iTs Ai InTeGrAtEd