Demand privacy - eviltoast
  • einlander@lemmy.world
    link
    fedilink
    English
    arrow-up
    168
    ·
    10 days ago

    Don’t forget with the Recall feature, you may be on Linux and are using a secure communication application, but if who you are talking to is on windows your conversation can be scraped.

    • Hellfire103@lemmy.ca
      link
      fedilink
      English
      arrow-up
      92
      ·
      10 days ago

      Same thing with email. It’s all well and good if you’re using ProtonMail or Tuta or Posteo, but you’re still cooked if the other side is using Gmail.

      Old problems, new modi operandi.

      • ASDraptor@lemmy.autism.place
        link
        fedilink
        English
        arrow-up
        25
        arrow-down
        1
        ·
        10 days ago

        Afaik, with proton you can send messages that won’t open through gmail if you protect them with a password. The other person receives a message with a link to open the mail in a browser after entering the password. It’s not the easiest solution but if you want to avoid gmail from knowing the contents of a message, you can do that.

        • bitwolf@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          14
          ·
          9 days ago

          Do Proton remotely erase the message on the recipient’s email server? Even if it’s not a protonmail server?

          • Arcka@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 days ago

            Someone correct me if I’m wrong because I don’t know how proton works on this. These type of things usually don’t send the protected content in the email to the recipient’s server, they just send a link that the recipient opens and it’s all still kept on the private service’s server.

    • jonne@infosec.pub
      link
      fedilink
      English
      arrow-up
      43
      arrow-down
      1
      ·
      10 days ago

      It’s not like companies that use Linux don’t get breached either. Your personal data is in thousands of databases that have varying levels of security. Personal choices don’t affect any of that, regulations like GDPR are what’s needed.

      • Rivalarrival@lemmy.today
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        edit-2
        10 days ago

        GDPR has much the same problem: it can only actually be enforced against entities with a presence in Europe. When Europeans do international business, the GDPR only protects them if that foreign site has a business presence within Europe. When they have no bank accounts or business assets inside the EU, they are not subject to the GDPR.

        Even though the GDPR covers your side, it doesn’t always cover the other side.

        • jonne@infosec.pub
          link
          fedilink
          English
          arrow-up
          21
          ·
          edit-2
          10 days ago

          That’s why I said “regulations like the GDPR”. The US and other blocs need similar regulations. Especially the US is important, as they’ve shown that they’re willing to stretch the size of their jurisdiction to sometimes absurd lengths.

          That’s usually a bad thing, but in this case that might be good.

          • Rivalarrival@lemmy.today
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            9 days ago

            I think you missed my point…

            I am not subject to the GDPR. I don’t have to abide by it. Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.

            Microsoft has proven themselves overtly hostile to privacy. Yours, mine, and everyone’s. The available options are:

            1. Attempt to regulate them into behaving like decent human beings.

            2. Avoid their business.

            When my therapist is using a system that is overtly hostile to their privacy and mine, the solution is not to ask the government to chastise their attacker. The solution is to eliminate their reliance on their attacker, and get them in a system the attacker doesn’t control.

            I’m not saying we should avoid GDPR-like regulation altogether. I’m saying that at the OS level, Linux is intrinsically compliant with the intent of such regulation but may not comply with the letter, if the letter requires some sort of affirmative confirmation or certification of compliance that would be complicated for the developer to implement.

            Microsoft will be able to be technically compliant with the law, but will definitely subvert it’s intent and purpose however it can.

            Regulation will likely have chilling effects on the better option, while promoting the worse.

            • Arcka@midwest.social
              link
              fedilink
              English
              arrow-up
              2
              ·
              9 days ago

              Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.

              That could depend on how the regulation is written, so we should push to have these new regulations cover all users of services hosted in our countries.

    • umbrella@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      10 days ago

      this goes for pretty much every single chat app out there. most of the popular ones are proprietary and go through private servers.

      privacy is important kids.

    • AbsentBird@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      ·
      9 days ago

      So it’s not enough to brag about being on Linux ourselves, we should be encouraging our friends to switch to Linux as well?

    • nialv7@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      9 days ago

      How’s this different from someone just record your call? The thing you are worrying about has been possible long before Recall is a thing.

  • Limonene@lemmy.world
    link
    fedilink
    English
    arrow-up
    95
    arrow-down
    3
    ·
    10 days ago

    But does your medical clinic do?

    No, they don’t, and it pisses me off. Every time I see it, I think, Well, there goes my medical privacy.

    But where else can I go? There’s only one health company in town, and they bought all the doctor’s offices.

    Who can I complain to? The doctors and nurses are visibly frustrated with Windows every time I see them use it. If they can’t change it, how could I?

    • CarbonatedPastaSauce@lemmy.world
      link
      fedilink
      English
      arrow-up
      57
      ·
      10 days ago

      That ship has sailed anyway. I’ve had no less than 5 breach notifications show up in the mail from things related to my health care in the last 2 years, and it’s not like I’m constantly at the doctor. The whole system is a disaster.

    • groet@feddit.org
      link
      fedilink
      English
      arrow-up
      26
      arrow-down
      2
      ·
      10 days ago

      They might not know there are alternatives. So they likely do not ccomplain to their IT person.

      Dont be a “jUsT uSe LiNuX” guy, but when you see them frustrated maybe say “hey I see you are frustrated as well and I as a patient are concerned about my medical data privacy. You know there are better and safer alternatives, maybe you could ask your IT if it would be possible to switch to Linux?”

      Realistically, they can’t switch because the software to use some $€1m medical device only runs on windows.

      • ewigkaiwelo@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 days ago

        I’ve had the se thought as expressed in the last paragraph the other day and isn’t the anwser in compatibility layer? Like can’t they install and run windows medical software using WINE?

        • lightnsfw@reddthat.com
          link
          fedilink
          English
          arrow-up
          13
          ·
          9 days ago

          Having worked in healthcare IT. Adding more complexity will only make things harder for them. A lot of healthcare staff can barely operate the Windows PCs and applications they’re used to. Change anything and they act like the sky is falling.

        • skulblaka@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          7
          ·
          9 days ago

          That opens up a legal liability for the people creating the compatibility layer. You’ve gone from two points of failure (the doctor and the machine) to three.

          For sure it can be done but most people / companies won’t want to take on that liability.

    • fishpen0@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      9 days ago

      I work for a healthcare company and when we launched we made a huge deal about only using Linux on our backend and only giving Macs to employees. It’s been almost 10 years and we’ve hired a small army of morons since then and they fired our CTO. These idiots have demanded windows so they can “do analytics” despite all our analytics being in looker and dbt and a bunch of fucking business bros in the csuite and vp level who demanded windows laptops because they just like it. They eventually canned our head of IT ans well and replaced him with a dumbass and that guy is currently trying to take MacBooks away from engineering. Then the head of “cloud engineering” just started outsourcing half our shit to consultants who keep building one off snowflake windows machines because nobody gives a shit anymore. So what used to be a clean ecosystem is now a giant botched pile of lowest effort garbage.

      Stay away from this entire industry. There’s some brain rot where they only hire people with healthcare backgrounds even if the role has nothing to do with healthcare. What that turns into is people from ancient out of date orgs who have no idea what they are doing being hired over people from legitimate tech roles or any other background that is more advanced in other fields and the company will always slowly roll backwards into stupidity.

    • Nyanix@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 days ago

      I work in IT for healthcare, and our CTO, CIO, and head of Cybersecurity are all ex-Microsoft. We’re a “Windows Shop” adopting anything Microsoft has ever made, from Windows to Azure DevOps to Access

  • savx@lemmy.world
    link
    fedilink
    English
    arrow-up
    59
    ·
    10 days ago

    privacy is scary stuff if you think. it’s like, i care so i dont share my phone number with facebook, but someone out there may have my number/address/name on their contact list and chances are big that they have no problem sharing with zuck. so i’ll still end up on zuck’s database.

    • Lesrid@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      9 days ago

      I just activated my checking account with PayPal and one of the questions from the verification battery was asking me which email I recognized. They were different domains of my mother’s ISP email that she uses only with Amazon.

      I had the urge to answer incorrectly as if that would remove their association.

    • herrvogel@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 days ago

      My dad did that. The man has a slight obsession with collecting information about our entire extended family, as far back as he can go in time. He’s been known to get in touch with small municipalities to ask for their records about someone 8 generations back. He’s collated quite a bit of data over the years.

      And then one day he went and loaded all of that into a shitty mobile family tree app. Phone numbers, current addresses, email addresses, photos, a shit ton of personal information of a shit ton of people, uploaded to some random developer’s unknown database without their consent. He didn’t even pause to think about it for one second. I told him what he did, he wasn’t even bothered.

      There are tons of people like my dad who don’t have a single cell in their entire bodies that gives a flying fuck about data privacy, unfortunately, and they give out everyone’s data along with their own.

  • spujb@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    61
    arrow-down
    2
    ·
    9 days ago

    i use linux and don’t have family or friends or get any kind of medical care ☺️ checkmate

      • spujb@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        20
        arrow-down
        2
        ·
        9 days ago

        The failures of the United States healthcare system are compatible with the Unix philosophy due to its emphasis on doing one thing poorly and leaving the rest for the user to figure out. Like Unix tools, each component—insurance, billing, and treatment—functions independently, refusing to communicate effectively while relying on the user to “pipe” themselves between endless calls, paperwork, and escalating bills. Debugging your health, much like debugging code, requires advanced knowledge, infinite patience, and a willingness to accept that nothing will ever be fully resolved.

  • CarbonatedPastaSauce@lemmy.world
    link
    fedilink
    English
    arrow-up
    53
    arrow-down
    3
    ·
    10 days ago

    Demand it from who? With what power or leverage?

    Not to be defeatist, but I’m just a guy. Nobody’s gonna listen to my demands. I’m surprised privacy notifications say anything other than “You don’t have any” with two buttons that both say “OK”. All I can do is selfhost as much as possible and decline to use tons of applications or services that underpin modern societal functions or social activities. So I do. But it sucks ass and I don’t have any power to change any of it.

    • dwindling7373@feddit.it
      link
      fedilink
      English
      arrow-up
      22
      ·
      10 days ago

      Where I am, unlike climate change, the privacy issue is not discussed properly so just explaining it to people that trust you can boost any future systemic action.

    • nyctre@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      10 days ago

      No, but the point they’re trying to make is, I think, that the more you complain, the more other people complain and the more other people start complaining and unless we have enough complainers and people switching, nothing is gonna change.

      Our power is imperceptible but not non-existent

  • bitwolf@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    38
    ·
    9 days ago

    What drives me nuts about this subject is rarely spoken about.

    No single company can properly compensate all of their users for the damages caused by mishandling their personal data.

    In fact the damages may even be too great for the government to properly compensate said users.

    • JasonDJ@lemmy.zip
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 days ago

      No single company can properly compensate all of their users for the damages caused by mishandling their personal data.

      What do you mean? Every time I’ve been involved in a data leak, I got offered 6 months of identity monitoring. What more could you want?

    • InFerNo@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 days ago

      My government forces a fingerprint on our id cards. I already lost. I can’t use my fingerprint anywhere for authentication because it’s not mine anymore.

  • parpol@programming.dev
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    1
    ·
    10 days ago

    I think people who say “I don’t care, I use Linux” are really saying “You should use Linux to stop this.”

      • Delphia@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        10 days ago

        Im sure the receptionist in the doctors surgery cant wait to have that conversation.

    • SaharaMaleikuhm@feddit.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 days ago

      Yes. And whereas if you say “You should use linux” might get you downvoted and angry responsens, just saying “I use linux” does not.
      But with enough repetition the people who care enough might eventually give Linux a try on their own time.

      • Phoenixz@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 days ago

        Yeah but that misses the point.

        Others SHOULD use Linux. We’ve been saying that for decades now and slooooowly people are learning. Stop down voting people for saying what everyone should be listening yo

    • hakase@lemm.ee
      link
      fedilink
      English
      arrow-up
      30
      arrow-down
      1
      ·
      edit-2
      10 days ago

      This is common in British English.

      For example, the question “Are you going into town?” might be answered by an American with, “I might,” and by a Brit with “I might do”. In past tense it would be “I might have” vs. “I might have done”.

      This is all perfectly systematic and grammatical - this person just has a different grammar than you do. Though I guess that’s what Nazis do best: enforcing arbitrary standards in systems they don’t understand to destroy diversity to everyone’s detriment.

      • jpeps@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 days ago

        Could you give some more examples of this? Because I don’t think I agree that it’s even technically correct, though I don’t have a proper argument as for why. I feel like this is more likely a non-native speaker picking up on a structure like “does your X do Y?” and repurposing it incorrectly.

          • jpeps@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            9 days ago

            Thanks so much for these, I really enjoyed reading them. I’m not sure it’s the same thing though to be honest. I feel like in this example, ‘does’ is where ‘do’ would go. Eg ‘do your family members? Do your staff? Does your partner?’ In your links I think the closest examples are those saying that they need to add a word after ‘do’ to clarify what kind of ‘do’ it is, eg something like ‘Does your medical clinic do that?’

            • hakase@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              9 days ago

              It’s definitely the same thing. We can test this using other modals and auxiliaries in equivalent question constructions to show that we’re dealing with analogous structures:

              If making a question with “might”, for example (with the pro-predicate base sentence “But your medical clinic might do”), we get “But might your medical clinic do?”

              With “would”, “But would your medical clinic do?”

              So, with “dummy do”/do-support leading to the insertion of “do” for inversion purposes, along with the separate pro-predicate “do” lower in the clause, “Your medical clinic does” (or possibly “Your medical clinic does do”) becomes in the same way “Does your medical clinic do?”

              • jpeps@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                8 days ago

                Sorry but I’m really not convinced, though I am really enjoying this conversation so thank you for your reply.

                Reading the article you shared, my impression is that if the medical clinic question is the inverted form of the previous sentence “sure, you do”, then the inverted part is the “do” moving to the front of the question in “does your medical clinic?”

                Responding to your examples, I feel the exact same way. They read completely unnaturally to me. Do you actually hear people speak like that? I don’t think I ever have. It really sticks out to me because I would expect the context for ‘do’ to follow on, eg “but would your medical clinic do better?” I agree that a sentence like “I don’t, but your medical clinic might do” is acceptable like in the original link you provided, but when posed as a question, I would expect to drop one of the words in “might do” ie “but might your medical clinic?” or “but does your medical clinic?”

                Looking forward to hearing your thoughts.

      • TimewornTraveler@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        10
        ·
        10 days ago

        Wow that’s standard? It was the most awkward thing I’ve read all day. I feel bad for you guys out there…

  • Phoenixz@lemmy.ca
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    9 days ago

    No, you need to demand that government organizations use Linux or other open source systems as well, there is no other way.

    You can require Microsoft to comply with rules, it won’t. It doesn’t care, it wants money, and more money, and that is it. It’s been like that since it’s inception. The same goes for all other tech companies

    You know what brand doesn’t careuch about money and will respect your privacy?

    Open source software. Linux. Firefox (eh, mostly) with plugins, mariadb, etc…

    • Geobloke@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 days ago

      If you believe the duly elected people have less power than a corporation, well, that’s also a “we” problem

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 days ago

      I once took a government contract for rebuilding a critical piece of software to provide civic services to the under-employed.

      I finished it in about a month. Was paid. And I was on a retainer for three years to provide updates.

      It actually took FOUR years before it was launched live to the general public.

      Best of luck convincing the underpaid govt IT to move OSes.

  • AgentGrimstone@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    8 days ago

    I’m still pissed the email I had managed to keep junk free for years was leaked because my insurance company had a breach.

    • frayedpickles@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 days ago

      Simplelogin/anonaddy

      That having been said, keeping an email “private” is roughly as silly as people who think phone numbers are private, as if the white pages never existed.

  • MudMan@fedia.io
    link
    fedilink
    arrow-up
    13
    ·
    10 days ago

    I think there’s some confusion at play here. That argument is about security, not privacy.

    Is the concern that Microsoft is ingesting your data and thus your actions aren’t private? Or is it that Windows is not secure and so you don’t think data stored in Windows systems is safe from third party access? That distinction matters, because in both cases the way it’s framed here isn’t really accurate but for different reasons.

    • fraksken@infosec.pub
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 days ago

      And both arguments are valid. However, when discussing privacy with somebody “who has nothing to hide”, the security concerns argument usually holds more ground.

      “Fine, you don’t mind microsoft and their 961 partners to know about your computer usage patterns. But how about the criminals which will have your data as well? You may trust microsoft with your data - “because they have it already” - but do you trust each of these 961 partners? Do you trust all their privacy policies? I have read some. They are horrendus and allow sharing with third parties. Do you trust their privacy and security?”

      • MudMan@fedia.io
        link
        fedilink
        arrow-up
        3
        arrow-down
        6
        ·
        10 days ago

        Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where you’d be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.

        But the other side of your argument is a bit confusing, because it seems to be coming from the angle of… proselytism, I suppose? As in, what is more useful to convince somebody who doesn’t care about the privacy side that they should avoid Windows.

        And to be clear, that’s not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. I’m not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Apple’s pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, I’ll think about it.

        On the merits of the argument, I’m not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, that’s not a real thing).

        I trust a third party’s security setup as far as I can throw it, I don’t care if it’s on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.

        • felsiq@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 days ago

          Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data

          I’m not gonna start ranting about their mandatory telemetry, but I do gotta note this is a hell of an issue to ignore (considering the windows telemetry “opt-in” during setup boils down to “want us to take ALL your data, or just whatever we want?”). That aside, Microsoft’s setup process is imo designed to make people think exactly what you’ve written - the telemetry is the invasive part, and (*deep huff of copium*) maybe they won’t steal any of my juiciest data. I honestly think they deliberately made their telemetry prompts a little abrasive, so that anyone who gives half a shit about privacy will focus on that part and see it as the privacy violating aspect of a new windows computer or install.

          Meanwhile, as soon as you’re logged in to your new windows OS your user folders have been stored in onedrive by default - so that all your documents, desktop, etc get sent straight to Microsoft. You can migrate all your files from your old pc - dump all those medical and tax records right in your documents, where they get sent straight out to Microsoft’s servers without ANY consent or even awareness from most users. Most windows users I talk to don’t even know anything’s up until they start getting warnings about using up all their onedrive storage, and by that point M$ has all their shit and the damage can’t be undone. Sure, you can move the folders back out of the onedrive path (good luck explaining how to anyone who isn’t tech savvy) and onedrive is “””end to end encrypted””” (which is a joke when M$ has the encryption keys), but the reality is they’ve deliberately made windows trick people into allowing their personal files to be stolen. Dark patterns like these are all throughout the OS, and they’re a big part of why the proselytism you mentioned absolutely is a worthwhile goal for its own sake. Using windows is choosing to engage with a manipulative and untrustworthy entity that’s actively hostile to your privacy, and the worst part is most people don’t even realize it IS a choice. Like most choices, it’s got pros and cons - knowing you have other options doesn’t mean you have to choose them, and if someone wants to keep using windows to play their kernel-level anticheat competitive games or something that’s fair enough. I just think they absolutely need to be aware of what their choice is costing them (and the people around them due to network effects) both for their own risk management and because you can’t truly make a choice without information. “OS activism” is the only hope to actually fix or even salvage this situation, lacking any government willing and able to meaningfully regulate tech companies.

          • MudMan@fedia.io
            link
            fedilink
            arrow-up
            1
            ·
            9 days ago

            You keep mixing up concepts, though.

            Yes, MS embeds OneDrive into its OS in annoying ways. OneDrive sucks and that sucks.

            But that’s not a security issue when you work with a company that uses Windows to handle your sensitive data. If the company you’re working with is using a default Windows image that accidentally stores your sensitive, legally protected records in a default OneDrive that’s not a Windows issue, that’s an issue with giving your medical records to what seems to be an IT department run by somebody’s cousin who knows computers. If they aren’t savvy enough to avoid that issue they’re not savvy enough to keep your data secure in a Linux system either. And, once again, there is definitely no indication that OneDrive is systematically not secure or that data stored in it is being manipulated or accessed by Microsoft for commercial purposes. I mean, it’s widely used professionally, so I imagine if that was the case Microsoft would get sued to hell and back.

            Does that mean I like Microsoft’s choice? Nope. I loathe OneDrive. As I kept telling MS in their annoying user surveys when I was forced to use it for work, it is the one piece of software that cost me the most hours of productivity, bar none, and I dropped it like a rock the moment I didn’t have a contractual obligation to use it.

            But holy crap, that absolutely isn’t a valid reason why it’d be a security OR privacy problem that a vendor you use is running Windows.

            And that’s the thing, you don’t need to equivocate, make up stuff or jumble concepts like this to point out the ways in which Windows’ implementation of things is sub-par. There are plenty of legitimate examples. Granted, may of those examples are definitely not dealbreakers and plenty of Windows users are aware of them and don’t particularly mind. Just like many MacOS users or Linux users don’t mind their own quirks. But the quirks and shortcomings do exist. You don’t need to make them up or be hyperbolic about them.

            This just makes you sound paranoid and kind of unreasonable. It makes it easier to dismiss the legitimate arguments because man, a lot of that is clearly not a reasonable argument, so why would you assume some of it is?

            • felsiq@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              9 days ago

              To be clear, I’m not talking about the impacts of companies using windows at all - everything I said was meant in the context of an end user environment. Even more specifically, I’m only talking about privacy (never even used the word security) and I was replying only to where you mentioned their telemetry not affecting user data, to point out that they unapologetically steal user data separately from the telemetry. The data may be encrypted, and technically “secure” from other actors, but Microsoft holds the encryption keys so the only thing standing between them and your personal files you might believe are private is “pinkie promise we won’t look”.

              Does this mean bill gates is personally browsing any random person’s photos libraries? Obviously not, but the fact that nothing technically prevents M$ from using the encryption keys (that they store for you) to unlock your “secure” data on their servers that you may not even know they’ve taken is absolutely something that anyone in that position should know. That’s putting significant trust in M$ - which again, many people in this position did not do and did not know they were forced to.

              Hopefully this clarifies if it seemed like I was mixing up concepts - I’m tired as fuck and probably not as coherent as I’d like to be. Still, I don’t believe I’ve “made up” anything or even been hyperbolic - other than my pet conspiracy theory about their reasoning behind the setup process and telemetry prompt, everything I wrote is imo a verifiable fact and if you disbelieve any part of it I’m happy to provide sources. (Edited to add: later, right now I need sleep lol)

              • MudMan@fedia.io
                link
                fedilink
                arrow-up
                1
                ·
                9 days ago

                OK, but that’s not what the thread is about. The thread is about the OP arguing that end users shifting away from Windows is not a solution because companies and other users who interact with them are using Windows and that’s a vector that will compromise their data.

                Which is not really a thing, as far as I can tell.

                Also, no, it’s not “pinkie promise”, their data protection obligations are regulated (differently depending on where you are, but they are) and even in scenarios where you’re solely relying on their terms of service they may be liable if they are negligent about it. I don’t trust MS. I don’t trust any company. I do business with them and if they bone me as a partner or a customer I have whatever recourse my government’s regulations grant me.

                I don’t need to be a digital prepper with every single picture of my dog secured by my own hand, personally. And even if I chose to be that guy, as the OP says, it’s a systemic problem. I shouldn’t have to rely on my own tech skills to secure my information, this should be a regulated space where normal people don’t need full end-to-end control to be kept reasonably safe. Yes, even when using Windows, or Android or whatever other service corporations are providing to them.

                • felsiq@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  8 days ago

                  I disagree with your dismissal of windows’ security implications for companies, but to avoid mixing up concepts I’m focusing only on the end user privacy aspect.

                  And regulation, while worthwhile and something we should definitely be working on, is still functionally irrelevant in an environment where there’s realistically no way for anyone outside of M$ themselves to detect any violations. The plain facts are that M$ is fully capable of accessing end users’ private data without user consent or awareness (or even awareness that M$ has the data at all, in many cases). With no realistic way for them to be caught doing this, regulations or no this boils down to a matter of trust that they won’t - again, basically a pinkie promise. Sure, if they broke that promise (and you somehow managed to catch them in it) you could sue them, but again this does nothing to change the fact that they are fully capable of accessing the data.

                  Choosing to use windows and onedrive anyway despite knowing this, like I said before, is a valid choice as long as and only if it’s a choice that you knowingly make for yourself. It’s the wrong choice imo, especially when plenty of other services that do the same thing without the ability to access your shit exist, but as long as people are making that choice for themselves I don’t have a problem with it. Its acting like it’s unreasonable to push people to be aware of these facts and make their own informed choices is unreasonable that I disagree with.

  • beanlink_@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    9 days ago

    Until there is serious consequences to data breaches and criminal charges it doesn’t matter. It’s been a free for all for a long time the best we can do is simply keep using products or services that respect your privacy and discourage or not use services.

    • Bytemeister@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 days ago

      Yeah, our response to the Equifax breach was the end of data privacy. Oh, you lost literally all of the data for all of the adults in the US that you have been tracking without consent? All good, don’t worry.

      Really, the response should have been the FBI taking all of their equipment, figuring out exactly what was stolen, notifying all the victims, then formatting and shredding all the equipment and sending Equifax a bill, on top of a huge fine.

  • JadenSmith@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    12
    ·
    9 days ago

    As a home user the OS thing is preference, some prefer Windows, some Mac, some Linux, etc.

    Your post however raises a good point, and it certainly makes me form an opinion in a greater context. Thanks for making me think about this, genuinely - it’s good to have opinions challenged.

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      6
      ·
      9 days ago

      Thanks for making me think about this, genuinely - it’s good to have opinions challenged.

      Not me. I plan to continue being a sweaty holier-than-thou neck beard and mock people using Windows. Brb gotta write to my dentist about how good Linux is now and recommending Arch to my general doctor who still uses a computer from 2010.

  • ChaoticNeutralCzech@feddit.org
    link
    fedilink
    English
    arrow-up
    11
    ·
    9 days ago

    Does your company/school provide employee/student Microsoft 365 licences? Ask your Windows-using colleague to check that “Optional Connected Experiences” are enabled and tell the IT team that they are likely allowing genAI training on internal documents (Microsoft seems to have reserved the right to do that and never denied the allegations). Yes, they can disable this organization-wide and will likely contact Microsoft over this, and if enough of us do this they’ll know they crossed a line.

    If your company’s IT team does not respond, you’ll have another argument getting your peers over to LibreOffice.

    • Phoenixz@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      8 days ago

      We’re working hard to get rid of Microsoft as last we checked, we can’t disable copiloi using our data used on SharePoint without also removing all required user functionality like searching documents from SharePoint. We searched everywhere and literally couldn’t find a way to remove that.

      I know that government is storing citizens data there…

      WTF, why have companies ever decided to use Microsoft ?

      Dump Microsoft, now.

      • Zeon@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        8 days ago

        Because the IT Manager is a clueless imbecile who only wants things his way and will not take in any other alternatives whatsoever. Doesn’t matter if it’s better for the company, they insist on having everything their way.

        • nature_man@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 days ago

          I remember bringing up possibly switching to linux to my IT manager at my previous job, I was told, and I quote:

          I would love to, windows sends a lot of junk network traffic and that sometimes makes it hard to investigate shit, but I was told by corporate that people already know windows and we already paid for the licenses, so no.

          That’s basically been my experience as well whenever I recommend linux over Windows to corpos, they can’t understand that there are valid reasons to switch, they are corporate and they know better than you, even when they know nothing about your field!