Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where youād be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.
But the other side of your argument is a bit confusing, because it seems to be coming from the angle ofā¦ proselytism, I suppose? As in, what is more useful to convince somebody who doesnāt care about the privacy side that they should avoid Windows.
And to be clear, thatās not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. Iām not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Appleās pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, Iāll think about it.
On the merits of the argument, Iām not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, thatās not a real thing).
I trust a third partyās security setup as far as I can throw it, I donāt care if itās on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.
Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data
Iām not gonna start ranting about their mandatory telemetry, but I do gotta note this is a hell of an issue to ignore (considering the windows telemetry āopt-inā during setup boils down to āwant us to take ALL your data, or just whatever we want?ā). That aside, Microsoftās setup process is imo designed to make people think exactly what youāve written - the telemetry is the invasive part, and (*deep huff of copium*) maybe they wonāt steal any of my juiciest data. I honestly think they deliberately made their telemetry prompts a little abrasive, so that anyone who gives half a shit about privacy will focus on that part and see it as the privacy violating aspect of a new windows computer or install.
Meanwhile, as soon as youāre logged in to your new windows OS your user folders have been stored in onedrive by default - so that all your documents, desktop, etc get sent straight to Microsoft. You can migrate all your files from your old pc - dump all those medical and tax records right in your documents, where they get sent straight out to Microsoftās servers without ANY consent or even awareness from most users. Most windows users I talk to donāt even know anythingās up until they start getting warnings about using up all their onedrive storage, and by that point M$ has all their shit and the damage canāt be undone. Sure, you can move the folders back out of the onedrive path (good luck explaining how to anyone who isnāt tech savvy) and onedrive is āāāend to end encryptedāāā (which is a joke when M$ has the encryption keys), but the reality is theyāve deliberately made windows trick people into allowing their personal files to be stolen. Dark patterns like these are all throughout the OS, and theyāre a big part of why the proselytism you mentioned absolutely is a worthwhile goal for its own sake. Using windows is choosing to engage with a manipulative and untrustworthy entity thatās actively hostile to your privacy, and the worst part is most people donāt even realize it IS a choice. Like most choices, itās got pros and cons - knowing you have other options doesnāt mean you have to choose them, and if someone wants to keep using windows to play their kernel-level anticheat competitive games or something thatās fair enough. I just think they absolutely need to be aware of what their choice is costing them (and the people around them due to network effects) both for their own risk management and because you canāt truly make a choice without information. āOS activismā is the only hope to actually fix or even salvage this situation, lacking any government willing and able to meaningfully regulate tech companies.
Yes, MS embeds OneDrive into its OS in annoying ways. OneDrive sucks and that sucks.
But thatās not a security issue when you work with a company that uses Windows to handle your sensitive data. If the company youāre working with is using a default Windows image that accidentally stores your sensitive, legally protected records in a default OneDrive thatās not a Windows issue, thatās an issue with giving your medical records to what seems to be an IT department run by somebodyās cousin who knows computers. If they arenāt savvy enough to avoid that issue theyāre not savvy enough to keep your data secure in a Linux system either. And, once again, there is definitely no indication that OneDrive is systematically not secure or that data stored in it is being manipulated or accessed by Microsoft for commercial purposes. I mean, itās widely used professionally, so I imagine if that was the case Microsoft would get sued to hell and back.
Does that mean I like Microsoftās choice? Nope. I loathe OneDrive. As I kept telling MS in their annoying user surveys when I was forced to use it for work, it is the one piece of software that cost me the most hours of productivity, bar none, and I dropped it like a rock the moment I didnāt have a contractual obligation to use it.
But holy crap, that absolutely isnāt a valid reason why itād be a security OR privacy problem that a vendor you use is running Windows.
And thatās the thing, you donāt need to equivocate, make up stuff or jumble concepts like this to point out the ways in which Windowsā implementation of things is sub-par. There are plenty of legitimate examples. Granted, may of those examples are definitely not dealbreakers and plenty of Windows users are aware of them and donāt particularly mind. Just like many MacOS users or Linux users donāt mind their own quirks. But the quirks and shortcomings do exist. You donāt need to make them up or be hyperbolic about them.
This just makes you sound paranoid and kind of unreasonable. It makes it easier to dismiss the legitimate arguments because man, a lot of that is clearly not a reasonable argument, so why would you assume some of it is?
To be clear, Iām not talking about the impacts of companies using windows at all - everything I said was meant in the context of an end user environment. Even more specifically, Iām only talking about privacy (never even used the word security) and I was replying only to where you mentioned their telemetry not affecting user data, to point out that they unapologetically steal user data separately from the telemetry. The data may be encrypted, and technically āsecureā from other actors, but Microsoft holds the encryption keys so the only thing standing between them and your personal files you might believe are private is āpinkie promise we wonāt lookā.
Does this mean bill gates is personally browsing any random personās photos libraries? Obviously not, but the fact that nothing technically prevents M$ from using the encryption keys (that they store for you) to unlock your āsecureā data on their servers that you may not even know theyāve taken is absolutely something that anyone in that position should know. Thatās putting significant trust in M$ - which again, many people in this position did not do and did not know they were forced to.
Hopefully this clarifies if it seemed like I was mixing up concepts - Iām tired as fuck and probably not as coherent as Iād like to be. Still, I donāt believe Iāve āmade upā anything or even been hyperbolic - other than my pet conspiracy theory about their reasoning behind the setup process and telemetry prompt, everything I wrote is imo a verifiable fact and if you disbelieve any part of it Iām happy to provide sources. (Edited to add: later, right now I need sleep lol)
OK, but thatās not what the thread is about. The thread is about the OP arguing that end users shifting away from Windows is not a solution because companies and other users who interact with them are using Windows and thatās a vector that will compromise their data.
Which is not really a thing, as far as I can tell.
Also, no, itās not āpinkie promiseā, their data protection obligations are regulated (differently depending on where you are, but they are) and even in scenarios where youāre solely relying on their terms of service they may be liable if they are negligent about it. I donāt trust MS. I donāt trust any company. I do business with them and if they bone me as a partner or a customer I have whatever recourse my governmentās regulations grant me.
I donāt need to be a digital prepper with every single picture of my dog secured by my own hand, personally. And even if I chose to be that guy, as the OP says, itās a systemic problem. I shouldnāt have to rely on my own tech skills to secure my information, this should be a regulated space where normal people donāt need full end-to-end control to be kept reasonably safe. Yes, even when using Windows, or Android or whatever other service corporations are providing to them.
I disagree with your dismissal of windowsā security implications for companies, but to avoid mixing up concepts Iām focusing only on the end user privacy aspect.
And regulation, while worthwhile and something we should definitely be working on, is still functionally irrelevant in an environment where thereās realistically no way for anyone outside of M$ themselves to detect any violations. The plain facts are that M$ is fully capable of accessing end usersā private data without user consent or awareness (or even awareness that M$ has the data at all, in many cases). With no realistic way for them to be caught doing this, regulations or no this boils down to a matter of trust that they wonāt - again, basically a pinkie promise. Sure, if they broke that promise (and you somehow managed to catch them in it) you could sue them, but again this does nothing to change the fact that they are fully capable of accessing the data.
Choosing to use windows and onedrive anyway despite knowing this, like I said before, is a valid choice as long as and only if itās a choice that you knowingly make for yourself. Itās the wrong choice imo, especially when plenty of other services that do the same thing without the ability to access your shit exist, but as long as people are making that choice for themselves I donāt have a problem with it. Its acting like itās unreasonable to push people to be aware of these facts and make their own informed choices is unreasonable that I disagree with.
Ah, if privacy was violated and nobody heard it, did it make a noise and all that.
Again, youāre off topic on this one, so this is a bit of a non sequitur to the objections I proposed earlier. Iāll say that I donāt typically assume major illegal behavior unless I have at least a hint that itās at play, or at least a reason to attempt it. And yes, there are plenty of ways to ācatch themā in that companies donāt steal data to bask in the glory of data, they take it to sell or otherwise profit from it.
I feel like the implications of āprivacyā have gotten entirely out of proportion or any practical application, to where itās become less a concern about being profiled or annoyingly targeted for marketing and itās become more a matter of abstract principle. Not of whether the data is somewhere or being used for something, but about whether it could have been in some parallel reality, where nothing short of making the data physically impossible to access is a valid outcome.
I suppose thatās why every now and then you get a thread along the lines of ācan you believe people used to dox themselves and put their name, addresses and phone numbers in a book they sent out for free?ā and so on.
Itās a weird conversation to have in these terms, because yeah, no, I agree with you in principle: you should know what data is going to be collected and be able to make an informed decision about it with opt-out as a default. Agreed there. But thereās a magnificent leap from there to āMicrosoft is probably secretly accessing your cloud stored data for shits and giggles, and even if they arenāt you wouldnāt know if they did, so theyāre probably lying about itā, which isā¦ not a thing, not how this works and would lead to the mother of all fines, immediately followed by the mother of all lawsuits.
You donāt need that scenario to take issue with the choices and policies MS actually deploys. Like, out in the open. They tell you about it. You donāt need the conspiracy theory to have a stance on that. They are not particularly subtle.
Most normal people will sign off all of that if asked nicely and given the lightest of dark patterns on a consent form. Pretty sure Microsoft legal would at least lightly discourage colluding to perform the largest violation of data privacy regulations in human history when a simple settings toggle buried in the privacy section would achieve pretty much the same result. I donāt know what they do at Microsoft, but I assure you with no doubt or ambiguity that the average software company wonāt leave the toilet seat up without first asking legal if itās a GDPR violation.
Ah, if privacy was violated and nobody heard it, did it make a noise and all that.
Hypothetical for you, to test this assertion: some sicko puts a camera in a school changeroom, gets all the footage of kids they want and removes the camera before theyāre caught. Privacy was violated and nobody heard it - did it make a noise?
And yes, this is very much a non-sequitur because like I said, Iām replying only to the portion of your comment I first highlighted - not weighing in on anything else, just saw incorrect info and added more context. Also, the fact that you trust them is great, but irrelevant - notice weāve gone back to their pinky promise where youāve just chosen to accept it (which again, valid and Iām not attacking that choice). You also seem to be conflating the personal data (literally pictures and documents) that M$ has already stolen with the more conventional data ātheftā of browsing data, buying habits, etc.
This isnāt an instance of google selling your interest in some product, itās Microsoft having access to personal files that people donāt even know have left their computer.
Another hypothetical: an innocent person with something to hide from their tyrannical government gets a windows computer, sets it up normally and migrates their data. They of course might think their own local storage on their own pc locked behind a strong password is a safe place to put whatever incriminating evidence they need to hide, so into documents it goes (and then right onto Microsoftās servers). Now with one request from their government, Microsoft is legally obligated to hand over their data (which they conveniently have complete access to, unknown to the innocent person). Substitute the innocent personās ācrimeā and the tyrannical government with whatever you prefer, and this is exactly the āpractical applicationā of privacy you donāt believe in. Whether itās being LGBTQ+ in parts of the world, a political dissenter in an authoritarian state, or anything else - believing that ālocal storageā on your own PC actually belongs to you should not be enough to get someone jailed or killed, but it (extremely) plausibly is.
Again, this is a problem not just because Microsoft has both the key and the lock to peopleās data, but also because many of these people literally do not know. Theyāre not choosing to trust Microsoft because ānah they wouldnāt do thatā, like you are - the choice has been stolen from them.
Not of whether the data is somewhere or being used for something, but about whether it could have been in some parallel reality, where nothing short of making the data physically impossible to access is a valid outcome.
I also wanna note that you say that like itās an unachievable goal thatās unrealistic to expect, but itās very achievable and already reasonably common. Properly end to end encrypted cloud solutions (where the users KNOWINGLY store their files) that donāt have access to the encryption keys are out there - even Apple has one.
But thereās a magnificent leap from there to āMicrosoft is probably secretly accessing your cloud stored data for shits and giggles, and even if they arenāt you wouldnāt know if they did, so theyāre probably lying about itā
Interesting rephrasing of what I actually said, which was āMicrosoft is capable of secretly accessing your (presumed) local stored data, with no proper oversight to actually prevent thisā. I think if you reread what I said youāll see that I stated facts (their capabilities to do these things) rather than making unprovable assertions (which would be pointless, because as previously noted thereās no way for anyone to prove or disprove that it happened). It also (in your hypothetical where itās proven) would - according to nearly all historical precedent - lead to at worst a slap on the wrist for Microsoft. I would love to be wrong about this part, and I can only hope that someday it happens and you get to say āI told you soā lmao
I feel the way you construct your hypotheticals makes my point for how this issue is perceived amongā¦ letās say āprivacy preppersā and how it differs from the mainstream.
I mean, I sure hope your brave freedom fighter is putting more dilligence on operational security in other areas than they do in data security, because man, they certainly arenāt trying very hard if theyāre being thwarted by accidentally uploading their super secret freedom fighting documents because they were storing them in a OneDrive-enabled āMy Documentsā folder. In this scenario, do they have their name and address stitched on the outside of their freedom fighitng uniform?
For the record, Microsoft has no way to access my local stored data. They at best can access my synced OneDrive foldersā¦ which they donāt. Itās an annoyance that they insist on attempting to have OneDrive active by default, but they donāt do that to mine my medical records, they do that in a fruitless attempt to sell me a OneDrive storage subscription. I am as afraid of Microsoft perusing my hard drive as I am of DropBox, in that both sell services that will store my data somewhere else, both are probably are doing a better job of securing it than I do myself and I use neither.
Now, on what level of privacy and security is reasonable, I will clarify that I donāt think physically securing my files is unachievable. On the contrary, it is trivial for me to rip all my hard drives off my devices, put them in a box and bury them in my basement, where my Fallout New Vegas save games will remain fairly secure for the foreseeable future, free from judgemental Microsoft employees.
What Iām saying is that is not a reasonable or practical expectation of privacy because it also renders my data unusable. Like me being listed on a phone book, the state of my data privacy is always going to be some balance of functionality, convenience and security. What balance makes sense depends on what I do. Your fictional tech-illiterate freedom fighter sure would benefit from very secure data, at significant convenience cost. Many a careless normie is happy to let Google know every time they have a bowel movement for the convenience of their services. Most people will be somewhere in the middle.
But itās the governmentās job to set a floor to that range. To establish the rules for a) what data itās not fine to solicit, b) what the default proesses for soliciting and opting in and out should be, and c) how to properly handle that data once itās been collected. That is a legitimate, structural issue that we all should care about, reagrdless of our personal needs for privacy and security.
Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where youād be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.
But the other side of your argument is a bit confusing, because it seems to be coming from the angle ofā¦ proselytism, I suppose? As in, what is more useful to convince somebody who doesnāt care about the privacy side that they should avoid Windows.
And to be clear, thatās not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. Iām not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Appleās pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, Iāll think about it.
On the merits of the argument, Iām not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, thatās not a real thing).
I trust a third partyās security setup as far as I can throw it, I donāt care if itās on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.
Iām not gonna start ranting about their mandatory telemetry, but I do gotta note this is a hell of an issue to ignore (considering the windows telemetry āopt-inā during setup boils down to āwant us to take ALL your data, or just whatever we want?ā). That aside, Microsoftās setup process is imo designed to make people think exactly what youāve written - the telemetry is the invasive part, and (*deep huff of copium*) maybe they wonāt steal any of my juiciest data. I honestly think they deliberately made their telemetry prompts a little abrasive, so that anyone who gives half a shit about privacy will focus on that part and see it as the privacy violating aspect of a new windows computer or install.
Meanwhile, as soon as youāre logged in to your new windows OS your user folders have been stored in onedrive by default - so that all your documents, desktop, etc get sent straight to Microsoft. You can migrate all your files from your old pc - dump all those medical and tax records right in your documents, where they get sent straight out to Microsoftās servers without ANY consent or even awareness from most users. Most windows users I talk to donāt even know anythingās up until they start getting warnings about using up all their onedrive storage, and by that point M$ has all their shit and the damage canāt be undone. Sure, you can move the folders back out of the onedrive path (good luck explaining how to anyone who isnāt tech savvy) and onedrive is āāāend to end encryptedāāā (which is a joke when M$ has the encryption keys), but the reality is theyāve deliberately made windows trick people into allowing their personal files to be stolen. Dark patterns like these are all throughout the OS, and theyāre a big part of why the proselytism you mentioned absolutely is a worthwhile goal for its own sake. Using windows is choosing to engage with a manipulative and untrustworthy entity thatās actively hostile to your privacy, and the worst part is most people donāt even realize it IS a choice. Like most choices, itās got pros and cons - knowing you have other options doesnāt mean you have to choose them, and if someone wants to keep using windows to play their kernel-level anticheat competitive games or something thatās fair enough. I just think they absolutely need to be aware of what their choice is costing them (and the people around them due to network effects) both for their own risk management and because you canāt truly make a choice without information. āOS activismā is the only hope to actually fix or even salvage this situation, lacking any government willing and able to meaningfully regulate tech companies.
You keep mixing up concepts, though.
Yes, MS embeds OneDrive into its OS in annoying ways. OneDrive sucks and that sucks.
But thatās not a security issue when you work with a company that uses Windows to handle your sensitive data. If the company youāre working with is using a default Windows image that accidentally stores your sensitive, legally protected records in a default OneDrive thatās not a Windows issue, thatās an issue with giving your medical records to what seems to be an IT department run by somebodyās cousin who knows computers. If they arenāt savvy enough to avoid that issue theyāre not savvy enough to keep your data secure in a Linux system either. And, once again, there is definitely no indication that OneDrive is systematically not secure or that data stored in it is being manipulated or accessed by Microsoft for commercial purposes. I mean, itās widely used professionally, so I imagine if that was the case Microsoft would get sued to hell and back.
Does that mean I like Microsoftās choice? Nope. I loathe OneDrive. As I kept telling MS in their annoying user surveys when I was forced to use it for work, it is the one piece of software that cost me the most hours of productivity, bar none, and I dropped it like a rock the moment I didnāt have a contractual obligation to use it.
But holy crap, that absolutely isnāt a valid reason why itād be a security OR privacy problem that a vendor you use is running Windows.
And thatās the thing, you donāt need to equivocate, make up stuff or jumble concepts like this to point out the ways in which Windowsā implementation of things is sub-par. There are plenty of legitimate examples. Granted, may of those examples are definitely not dealbreakers and plenty of Windows users are aware of them and donāt particularly mind. Just like many MacOS users or Linux users donāt mind their own quirks. But the quirks and shortcomings do exist. You donāt need to make them up or be hyperbolic about them.
This just makes you sound paranoid and kind of unreasonable. It makes it easier to dismiss the legitimate arguments because man, a lot of that is clearly not a reasonable argument, so why would you assume some of it is?
To be clear, Iām not talking about the impacts of companies using windows at all - everything I said was meant in the context of an end user environment. Even more specifically, Iām only talking about privacy (never even used the word security) and I was replying only to where you mentioned their telemetry not affecting user data, to point out that they unapologetically steal user data separately from the telemetry. The data may be encrypted, and technically āsecureā from other actors, but Microsoft holds the encryption keys so the only thing standing between them and your personal files you might believe are private is āpinkie promise we wonāt lookā.
Does this mean bill gates is personally browsing any random personās photos libraries? Obviously not, but the fact that nothing technically prevents M$ from using the encryption keys (that they store for you) to unlock your āsecureā data on their servers that you may not even know theyāve taken is absolutely something that anyone in that position should know. Thatās putting significant trust in M$ - which again, many people in this position did not do and did not know they were forced to.
Hopefully this clarifies if it seemed like I was mixing up concepts - Iām tired as fuck and probably not as coherent as Iād like to be. Still, I donāt believe Iāve āmade upā anything or even been hyperbolic - other than my pet conspiracy theory about their reasoning behind the setup process and telemetry prompt, everything I wrote is imo a verifiable fact and if you disbelieve any part of it Iām happy to provide sources. (Edited to add: later, right now I need sleep lol)
OK, but thatās not what the thread is about. The thread is about the OP arguing that end users shifting away from Windows is not a solution because companies and other users who interact with them are using Windows and thatās a vector that will compromise their data.
Which is not really a thing, as far as I can tell.
Also, no, itās not āpinkie promiseā, their data protection obligations are regulated (differently depending on where you are, but they are) and even in scenarios where youāre solely relying on their terms of service they may be liable if they are negligent about it. I donāt trust MS. I donāt trust any company. I do business with them and if they bone me as a partner or a customer I have whatever recourse my governmentās regulations grant me.
I donāt need to be a digital prepper with every single picture of my dog secured by my own hand, personally. And even if I chose to be that guy, as the OP says, itās a systemic problem. I shouldnāt have to rely on my own tech skills to secure my information, this should be a regulated space where normal people donāt need full end-to-end control to be kept reasonably safe. Yes, even when using Windows, or Android or whatever other service corporations are providing to them.
I disagree with your dismissal of windowsā security implications for companies, but to avoid mixing up concepts Iām focusing only on the end user privacy aspect.
And regulation, while worthwhile and something we should definitely be working on, is still functionally irrelevant in an environment where thereās realistically no way for anyone outside of M$ themselves to detect any violations. The plain facts are that M$ is fully capable of accessing end usersā private data without user consent or awareness (or even awareness that M$ has the data at all, in many cases). With no realistic way for them to be caught doing this, regulations or no this boils down to a matter of trust that they wonāt - again, basically a pinkie promise. Sure, if they broke that promise (and you somehow managed to catch them in it) you could sue them, but again this does nothing to change the fact that they are fully capable of accessing the data.
Choosing to use windows and onedrive anyway despite knowing this, like I said before, is a valid choice as long as and only if itās a choice that you knowingly make for yourself. Itās the wrong choice imo, especially when plenty of other services that do the same thing without the ability to access your shit exist, but as long as people are making that choice for themselves I donāt have a problem with it. Its acting like itās unreasonable to push people to be aware of these facts and make their own informed choices is unreasonable that I disagree with.
Ah, if privacy was violated and nobody heard it, did it make a noise and all that.
Again, youāre off topic on this one, so this is a bit of a non sequitur to the objections I proposed earlier. Iāll say that I donāt typically assume major illegal behavior unless I have at least a hint that itās at play, or at least a reason to attempt it. And yes, there are plenty of ways to ācatch themā in that companies donāt steal data to bask in the glory of data, they take it to sell or otherwise profit from it.
I feel like the implications of āprivacyā have gotten entirely out of proportion or any practical application, to where itās become less a concern about being profiled or annoyingly targeted for marketing and itās become more a matter of abstract principle. Not of whether the data is somewhere or being used for something, but about whether it could have been in some parallel reality, where nothing short of making the data physically impossible to access is a valid outcome.
I suppose thatās why every now and then you get a thread along the lines of ācan you believe people used to dox themselves and put their name, addresses and phone numbers in a book they sent out for free?ā and so on.
Itās a weird conversation to have in these terms, because yeah, no, I agree with you in principle: you should know what data is going to be collected and be able to make an informed decision about it with opt-out as a default. Agreed there. But thereās a magnificent leap from there to āMicrosoft is probably secretly accessing your cloud stored data for shits and giggles, and even if they arenāt you wouldnāt know if they did, so theyāre probably lying about itā, which isā¦ not a thing, not how this works and would lead to the mother of all fines, immediately followed by the mother of all lawsuits.
You donāt need that scenario to take issue with the choices and policies MS actually deploys. Like, out in the open. They tell you about it. You donāt need the conspiracy theory to have a stance on that. They are not particularly subtle.
Most normal people will sign off all of that if asked nicely and given the lightest of dark patterns on a consent form. Pretty sure Microsoft legal would at least lightly discourage colluding to perform the largest violation of data privacy regulations in human history when a simple settings toggle buried in the privacy section would achieve pretty much the same result. I donāt know what they do at Microsoft, but I assure you with no doubt or ambiguity that the average software company wonāt leave the toilet seat up without first asking legal if itās a GDPR violation.
Still off topic for the thread, though.
Hypothetical for you, to test this assertion: some sicko puts a camera in a school changeroom, gets all the footage of kids they want and removes the camera before theyāre caught. Privacy was violated and nobody heard it - did it make a noise?
And yes, this is very much a non-sequitur because like I said, Iām replying only to the portion of your comment I first highlighted - not weighing in on anything else, just saw incorrect info and added more context. Also, the fact that you trust them is great, but irrelevant - notice weāve gone back to their pinky promise where youāve just chosen to accept it (which again, valid and Iām not attacking that choice). You also seem to be conflating the personal data (literally pictures and documents) that M$ has already stolen with the more conventional data ātheftā of browsing data, buying habits, etc.
This isnāt an instance of google selling your interest in some product, itās Microsoft having access to personal files that people donāt even know have left their computer.
Another hypothetical: an innocent person with something to hide from their tyrannical government gets a windows computer, sets it up normally and migrates their data. They of course might think their own local storage on their own pc locked behind a strong password is a safe place to put whatever incriminating evidence they need to hide, so into documents it goes (and then right onto Microsoftās servers). Now with one request from their government, Microsoft is legally obligated to hand over their data (which they conveniently have complete access to, unknown to the innocent person). Substitute the innocent personās ācrimeā and the tyrannical government with whatever you prefer, and this is exactly the āpractical applicationā of privacy you donāt believe in. Whether itās being LGBTQ+ in parts of the world, a political dissenter in an authoritarian state, or anything else - believing that ālocal storageā on your own PC actually belongs to you should not be enough to get someone jailed or killed, but it (extremely) plausibly is.
Again, this is a problem not just because Microsoft has both the key and the lock to peopleās data, but also because many of these people literally do not know. Theyāre not choosing to trust Microsoft because ānah they wouldnāt do thatā, like you are - the choice has been stolen from them.
I also wanna note that you say that like itās an unachievable goal thatās unrealistic to expect, but itās very achievable and already reasonably common. Properly end to end encrypted cloud solutions (where the users KNOWINGLY store their files) that donāt have access to the encryption keys are out there - even Apple has one.
Interesting rephrasing of what I actually said, which was āMicrosoft is capable of secretly accessing your (presumed) local stored data, with no proper oversight to actually prevent thisā. I think if you reread what I said youāll see that I stated facts (their capabilities to do these things) rather than making unprovable assertions (which would be pointless, because as previously noted thereās no way for anyone to prove or disprove that it happened). It also (in your hypothetical where itās proven) would - according to nearly all historical precedent - lead to at worst a slap on the wrist for Microsoft. I would love to be wrong about this part, and I can only hope that someday it happens and you get to say āI told you soā lmao
I feel the way you construct your hypotheticals makes my point for how this issue is perceived amongā¦ letās say āprivacy preppersā and how it differs from the mainstream.
I mean, I sure hope your brave freedom fighter is putting more dilligence on operational security in other areas than they do in data security, because man, they certainly arenāt trying very hard if theyāre being thwarted by accidentally uploading their super secret freedom fighting documents because they were storing them in a OneDrive-enabled āMy Documentsā folder. In this scenario, do they have their name and address stitched on the outside of their freedom fighitng uniform?
For the record, Microsoft has no way to access my local stored data. They at best can access my synced OneDrive foldersā¦ which they donāt. Itās an annoyance that they insist on attempting to have OneDrive active by default, but they donāt do that to mine my medical records, they do that in a fruitless attempt to sell me a OneDrive storage subscription. I am as afraid of Microsoft perusing my hard drive as I am of DropBox, in that both sell services that will store my data somewhere else, both are probably are doing a better job of securing it than I do myself and I use neither.
Now, on what level of privacy and security is reasonable, I will clarify that I donāt think physically securing my files is unachievable. On the contrary, it is trivial for me to rip all my hard drives off my devices, put them in a box and bury them in my basement, where my Fallout New Vegas save games will remain fairly secure for the foreseeable future, free from judgemental Microsoft employees.
What Iām saying is that is not a reasonable or practical expectation of privacy because it also renders my data unusable. Like me being listed on a phone book, the state of my data privacy is always going to be some balance of functionality, convenience and security. What balance makes sense depends on what I do. Your fictional tech-illiterate freedom fighter sure would benefit from very secure data, at significant convenience cost. Many a careless normie is happy to let Google know every time they have a bowel movement for the convenience of their services. Most people will be somewhere in the middle.
But itās the governmentās job to set a floor to that range. To establish the rules for a) what data itās not fine to solicit, b) what the default proesses for soliciting and opting in and out should be, and c) how to properly handle that data once itās been collected. That is a legitimate, structural issue that we all should care about, reagrdless of our personal needs for privacy and security.