• MudMan@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    1 day ago

    Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where you’d be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.

    But the other side of your argument is a bit confusing, because it seems to be coming from the angle of… proselytism, I suppose? As in, what is more useful to convince somebody who doesn’t care about the privacy side that they should avoid Windows.

    And to be clear, that’s not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. I’m not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Apple’s pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, I’ll think about it.

    On the merits of the argument, I’m not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, that’s not a real thing).

    I trust a third party’s security setup as far as I can throw it, I don’t care if it’s on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.

    • felsiq@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      17 hours ago

      Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data

      I’m not gonna start ranting about their mandatory telemetry, but I do gotta note this is a hell of an issue to ignore (considering the windows telemetry “opt-in” during setup boils down to “want us to take ALL your data, or just whatever we want?”). That aside, Microsoft’s setup process is imo designed to make people think exactly what you’ve written - the telemetry is the invasive part, and (*deep huff of copium*) maybe they won’t steal any of my juiciest data. I honestly think they deliberately made their telemetry prompts a little abrasive, so that anyone who gives half a shit about privacy will focus on that part and see it as the privacy violating aspect of a new windows computer or install.

      Meanwhile, as soon as you’re logged in to your new windows OS your user folders have been stored in onedrive by default - so that all your documents, desktop, etc get sent straight to Microsoft. You can migrate all your files from your old pc - dump all those medical and tax records right in your documents, where they get sent straight out to Microsoft’s servers without ANY consent or even awareness from most users. Most windows users I talk to don’t even know anything’s up until they start getting warnings about using up all their onedrive storage, and by that point M$ has all their shit and the damage can’t be undone. Sure, you can move the folders back out of the onedrive path (good luck explaining how to anyone who isn’t tech savvy) and onedrive is “””end to end encrypted””” (which is a joke when M$ has the encryption keys), but the reality is they’ve deliberately made windows trick people into allowing their personal files to be stolen. Dark patterns like these are all throughout the OS, and they’re a big part of why the proselytism you mentioned absolutely is a worthwhile goal for its own sake. Using windows is choosing to engage with a manipulative and untrustworthy entity that’s actively hostile to your privacy, and the worst part is most people don’t even realize it IS a choice. Like most choices, it’s got pros and cons - knowing you have other options doesn’t mean you have to choose them, and if someone wants to keep using windows to play their kernel-level anticheat competitive games or something that’s fair enough. I just think they absolutely need to be aware of what their choice is costing them (and the people around them due to network effects) both for their own risk management and because you can’t truly make a choice without information. “OS activism” is the only hope to actually fix or even salvage this situation, lacking any government willing and able to meaningfully regulate tech companies.

      • MudMan@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        13 hours ago

        You keep mixing up concepts, though.

        Yes, MS embeds OneDrive into its OS in annoying ways. OneDrive sucks and that sucks.

        But that’s not a security issue when you work with a company that uses Windows to handle your sensitive data. If the company you’re working with is using a default Windows image that accidentally stores your sensitive, legally protected records in a default OneDrive that’s not a Windows issue, that’s an issue with giving your medical records to what seems to be an IT department run by somebody’s cousin who knows computers. If they aren’t savvy enough to avoid that issue they’re not savvy enough to keep your data secure in a Linux system either. And, once again, there is definitely no indication that OneDrive is systematically not secure or that data stored in it is being manipulated or accessed by Microsoft for commercial purposes. I mean, it’s widely used professionally, so I imagine if that was the case Microsoft would get sued to hell and back.

        Does that mean I like Microsoft’s choice? Nope. I loathe OneDrive. As I kept telling MS in their annoying user surveys when I was forced to use it for work, it is the one piece of software that cost me the most hours of productivity, bar none, and I dropped it like a rock the moment I didn’t have a contractual obligation to use it.

        But holy crap, that absolutely isn’t a valid reason why it’d be a security OR privacy problem that a vendor you use is running Windows.

        And that’s the thing, you don’t need to equivocate, make up stuff or jumble concepts like this to point out the ways in which Windows’ implementation of things is sub-par. There are plenty of legitimate examples. Granted, may of those examples are definitely not dealbreakers and plenty of Windows users are aware of them and don’t particularly mind. Just like many MacOS users or Linux users don’t mind their own quirks. But the quirks and shortcomings do exist. You don’t need to make them up or be hyperbolic about them.

        This just makes you sound paranoid and kind of unreasonable. It makes it easier to dismiss the legitimate arguments because man, a lot of that is clearly not a reasonable argument, so why would you assume some of it is?

        • felsiq@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          13 hours ago

          To be clear, I’m not talking about the impacts of companies using windows at all - everything I said was meant in the context of an end user environment. Even more specifically, I’m only talking about privacy (never even used the word security) and I was replying only to where you mentioned their telemetry not affecting user data, to point out that they unapologetically steal user data separately from the telemetry. The data may be encrypted, and technically “secure” from other actors, but Microsoft holds the encryption keys so the only thing standing between them and your personal files you might believe are private is “pinkie promise we won’t look”.

          Does this mean bill gates is personally browsing any random person’s photos libraries? Obviously not, but the fact that nothing technically prevents M$ from using the encryption keys (that they store for you) to unlock your “secure” data on their servers that you may not even know they’ve taken is absolutely something that anyone in that position should know. That’s putting significant trust in M$ - which again, many people in this position did not do and did not know they were forced to.

          Hopefully this clarifies if it seemed like I was mixing up concepts - I’m tired as fuck and probably not as coherent as I’d like to be. Still, I don’t believe I’ve “made up” anything or even been hyperbolic - other than my pet conspiracy theory about their reasoning behind the setup process and telemetry prompt, everything I wrote is imo a verifiable fact and if you disbelieve any part of it I’m happy to provide sources. (Edited to add: later, right now I need sleep lol)