Don’t forget with the Recall feature, you may be on Linux and are using a secure communication application, but if who you are talking to is on windows your conversation can be scraped.
Same thing with email. It’s all well and good if you’re using ProtonMail or Tuta or Posteo, but you’re still cooked if the other side is using Gmail.
Old problems, new modi operandi.
Afaik, with proton you can send messages that won’t open through gmail if you protect them with a password. The other person receives a message with a link to open the mail in a browser after entering the password. It’s not the easiest solution but if you want to avoid gmail from knowing the contents of a message, you can do that.
But windows recall scrapes your screen, so even that wouldn’t work.
“But they are stored locally! Certainly, Microsoft won’t have access to those, right? Right???”
True
You can send self destructing messages with Protonmail
Do Proton remotely erase the message on the recipient’s email server? Even if it’s not a protonmail server?
They burn down the datacenter if they are not deleted in time.
Someone correct me if I’m wrong because I don’t know how proton works on this. These type of things usually don’t send the protected content in the email to the recipient’s server, they just send a link that the recipient opens and it’s all still kept on the private service’s server.
Good morning, Mr. Phelps.
It’s not like companies that use Linux don’t get breached either. Your personal data is in thousands of databases that have varying levels of security. Personal choices don’t affect any of that, regulations like GDPR are what’s needed.
GDPR has much the same problem: it can only actually be enforced against entities with a presence in Europe. When Europeans do international business, the GDPR only protects them if that foreign site has a business presence within Europe. When they have no bank accounts or business assets inside the EU, they are not subject to the GDPR.
Even though the GDPR covers your side, it doesn’t always cover the other side.
That’s why I said “regulations like the GDPR”. The US and other blocs need similar regulations. Especially the US is important, as they’ve shown that they’re willing to stretch the size of their jurisdiction to sometimes absurd lengths.
That’s usually a bad thing, but in this case that might be good.
I think you missed my point…
I am not subject to the GDPR. I don’t have to abide by it. Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.
Microsoft has proven themselves overtly hostile to privacy. Yours, mine, and everyone’s. The available options are:
-
Attempt to regulate them into behaving like decent human beings.
-
Avoid their business.
When my therapist is using a system that is overtly hostile to their privacy and mine, the solution is not to ask the government to chastise their attacker. The solution is to eliminate their reliance on their attacker, and get them in a system the attacker doesn’t control.
I’m not saying we should avoid GDPR-like regulation altogether. I’m saying that at the OS level, Linux is intrinsically compliant with the intent of such regulation but may not comply with the letter, if the letter requires some sort of affirmative confirmation or certification of compliance that would be complicated for the developer to implement.
Microsoft will be able to be technically compliant with the law, but will definitely subvert it’s intent and purpose however it can.
Regulation will likely have chilling effects on the better option, while promoting the worse.
Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.
That could depend on how the regulation is written, so we should push to have these new regulations cover all users of services hosted in our countries.
-
getting breached is different from using spyware.
this goes for pretty much every single chat app out there. most of the popular ones are proprietary and go through private servers.
privacy is important kids.
So it’s not enough to brag about being on Linux ourselves, we should be encouraging our friends to switch to Linux as well?
How’s this different from someone just record your call? The thing you are worrying about has been possible long before Recall is a thing.
But does your medical clinic do?
No, they don’t, and it pisses me off. Every time I see it, I think, Well, there goes my medical privacy.
But where else can I go? There’s only one health company in town, and they bought all the doctor’s offices.
Who can I complain to? The doctors and nurses are visibly frustrated with Windows every time I see them use it. If they can’t change it, how could I?
That ship has sailed anyway. I’ve had no less than 5 breach notifications show up in the mail from things related to my health care in the last 2 years, and it’s not like I’m constantly at the doctor. The whole system is a disaster.
deleted by creator
I sell encryption. Send me the lead dog ;p
I work in IT for healthcare, and our CTO, CIO, and head of Cybersecurity are all ex-Microsoft. We’re a “Windows Shop” adopting anything Microsoft has ever made, from Windows to Azure DevOps to Access
i use linux and don’t have family or friends or get any kind of medical care ☺️ checkmate
Using Linux in America be like
The failures of the United States healthcare system are compatible with the Unix philosophy due to its emphasis on doing one thing poorly and leaving the rest for the user to figure out. Like Unix tools, each component—insurance, billing, and treatment—functions independently, refusing to communicate effectively while relying on the user to “pipe” themselves between endless calls, paperwork, and escalating bills. Debugging your health, much like debugging code, requires advanced knowledge, infinite patience, and a willingness to accept that nothing will ever be fully resolved.
So that’s why they named it Wine.
This very succinctly explains why I, with AuDHD, find it practically impossible to get anything done as I slowly rot from untreated chronic illnesses.
Audhd?
Gold deficit hyperactivity disorder.
Getting stressed AF when you don’t have money.
Autism + ADHD
Most sociable Linux user.
human relationships are antithetical to the unix philosophy
And most servers do too.
God save ASP and .NET applications
privacy is scary stuff if you think. it’s like, i care so i dont share my phone number with facebook, but someone out there may have my number/address/name on their contact list and chances are big that they have no problem sharing with zuck. so i’ll still end up on zuck’s database.
I just activated my checking account with PayPal and one of the questions from the verification battery was asking me which email I recognized. They were different domains of my mother’s ISP email that she uses only with Amazon.
I had the urge to answer incorrectly as if that would remove their association.
My dad did that. The man has a slight obsession with collecting information about our entire extended family, as far back as he can go in time. He’s been known to get in touch with small municipalities to ask for their records about someone 8 generations back. He’s collated quite a bit of data over the years.
And then one day he went and loaded all of that into a shitty mobile family tree app. Phone numbers, current addresses, email addresses, photos, a shit ton of personal information of a shit ton of people, uploaded to some random developer’s unknown database without their consent. He didn’t even pause to think about it for one second. I told him what he did, he wasn’t even bothered.
There are tons of people like my dad who don’t have a single cell in their entire bodies that gives a flying fuck about data privacy, unfortunately, and they give out everyone’s data along with their own.
Demand it from who? With what power or leverage?
Not to be defeatist, but I’m just a guy. Nobody’s gonna listen to my demands. I’m surprised privacy notifications say anything other than “You don’t have any” with two buttons that both say “OK”. All I can do is selfhost as much as possible and decline to use tons of applications or services that underpin modern societal functions or social activities. So I do. But it sucks ass and I don’t have any power to change any of it.
Where I am, unlike climate change, the privacy issue is not discussed properly so just explaining it to people that trust you can boost any future systemic action.
Legislature. GDPR was a good step.
Yes well my government is about to be run by a bunch of techno-nazi’s so that’s a non starter.
No, but the point they’re trying to make is, I think, that the more you complain, the more other people complain and the more other people start complaining and unless we have enough complainers and people switching, nothing is gonna change.
Our power is imperceptible but not non-existent
Wow that last line is exactly what I needed to hear, thank you
What drives me nuts about this subject is rarely spoken about.
No single company can properly compensate all of their users for the damages caused by mishandling their personal data.
In fact the damages may even be too great for the government to properly compensate said users.
No single company can properly compensate all of their users for the damages caused by mishandling their personal data.
What do you mean? Every time I’ve been involved in a data leak, I got offered 6 months of identity monitoring. What more could you want?
My government forces a fingerprint on our id cards. I already lost. I can’t use my fingerprint anywhere for authentication because it’s not mine anymore.
All your fingers, or just one?
I think people who say “I don’t care, I use Linux” are really saying “You should use Linux to stop this.”
I hate to be that guy, but they may not be aware of alternatives.
Im sure the receptionist in the doctors surgery cant wait to have that conversation.
“does your medical clinic do”
Bring back grammar nazis
This is common in British English.
For example, the question “Are you going into town?” might be answered by an American with, “I might,” and by a Brit with “I might do”. In past tense it would be “I might have” vs. “I might have done”.
This is all perfectly systematic and grammatical - this person just has a different grammar than you do. Though I guess that’s what Nazis do best: enforcing arbitrary standards in systems they don’t understand to destroy diversity to everyone’s detriment.
Could you give some more examples of this? Because I don’t think I agree that it’s even technically correct, though I don’t have a proper argument as for why. I feel like this is more likely a non-native speaker picking up on a structure like “does your X do Y?” and repurposing it incorrectly.
Thanks so much for these, I really enjoyed reading them. I’m not sure it’s the same thing though to be honest. I feel like in this example, ‘does’ is where ‘do’ would go. Eg ‘do your family members? Do your staff? Does your partner?’ In your links I think the closest examples are those saying that they need to add a word after ‘do’ to clarify what kind of ‘do’ it is, eg something like ‘Does your medical clinic do that?’
It’s definitely the same thing. We can test this using other modals and auxiliaries in equivalent question constructions to show that we’re dealing with analogous structures:
If making a question with “might”, for example (with the pro-predicate base sentence “But your medical clinic might do”), we get “But might your medical clinic do?”
With “would”, “But would your medical clinic do?”
So, with “dummy do”/do-support leading to the insertion of “do” for inversion purposes, along with the separate pro-predicate “do” lower in the clause, “Your medical clinic does” (or possibly “Your medical clinic does do”) becomes in the same way “Does your medical clinic do?”
Sorry but I’m really not convinced, though I am really enjoying this conversation so thank you for your reply.
Reading the article you shared, my impression is that if the medical clinic question is the inverted form of the previous sentence “sure, you do”, then the inverted part is the “do” moving to the front of the question in “does your medical clinic?”
Responding to your examples, I feel the exact same way. They read completely unnaturally to me. Do you actually hear people speak like that? I don’t think I ever have. It really sticks out to me because I would expect the context for ‘do’ to follow on, eg “but would your medical clinic do better?” I agree that a sentence like “I don’t, but your medical clinic might do” is acceptable like in the original link you provided, but when posed as a question, I would expect to drop one of the words in “might do” ie “but might your medical clinic?” or “but does your medical clinic?”
Looking forward to hearing your thoughts.
Wow that’s standard? It was the most awkward thing I’ve read all day. I feel bad for you guys out there…
Do you mean us guys where the language originated?
Fallacious reasoning, and I’m quite certain the language worked very differently at its origin compared to modern UK
Almost as though languages evolve. Perhaps you should embrace change and find joy in it. Or not I don’t care 😂
I genuinely do, but it would be meaningless to appreciate changes if I didn’t occasionally find some changes to be absolutely ridiculous such as this one! skibidi out
The uk didn’t invent English. The German ancestors did hence the term grammar Nazi.
They might not be native English speakers.
Not a native speaker here, what would be correct?
“Does your medical clinic use Linux?” or just “Does your medical clinic?”
“Do you do” is redundant. Of course you do do if you do. You just do.
How do you?
Howdy
That was not the question though.
This is common and considered correct in British English.
Assuming you’re asking about American English. Here is the revised scenario.
“I use Linux”
“Does your medical clinic?”
In this example the response is in a new sentence. So one should also include the subject in the new sentence.
“Does your medical clinic also use Linux?”
Best I can do is actual Nazis.
Clearly this post was written by Tim Robinson.
No, you need to demand that government organizations use Linux or other open source systems as well, there is no other way.
You can require Microsoft to comply with rules, it won’t. It doesn’t care, it wants money, and more money, and that is it. It’s been like that since it’s inception. The same goes for all other tech companies
You know what brand doesn’t careuch about money and will respect your privacy?
Open source software. Linux. Firefox (eh, mostly) with plugins, mariadb, etc…
If you believe the duly elected people have less power than a corporation, well, that’s also a “we” problem
We can’t even get the government to stop using Twitter.
I once took a government contract for rebuilding a critical piece of software to provide civic services to the under-employed.
I finished it in about a month. Was paid. And I was on a retainer for three years to provide updates.
It actually took FOUR years before it was launched live to the general public.
Best of luck convincing the underpaid govt IT to move OSes.
At some point they’ll have to
You speak the truth.
I’m still pissed the email I had managed to keep junk free for years was leaked because my insurance company had a breach.
Simplelogin/anonaddy
That having been said, keeping an email “private” is roughly as silly as people who think phone numbers are private, as if the white pages never existed.
I think there’s some confusion at play here. That argument is about security, not privacy.
Is the concern that Microsoft is ingesting your data and thus your actions aren’t private? Or is it that Windows is not secure and so you don’t think data stored in Windows systems is safe from third party access? That distinction matters, because in both cases the way it’s framed here isn’t really accurate but for different reasons.
And both arguments are valid. However, when discussing privacy with somebody “who has nothing to hide”, the security concerns argument usually holds more ground.
“Fine, you don’t mind microsoft and their 961 partners to know about your computer usage patterns. But how about the criminals which will have your data as well? You may trust microsoft with your data - “because they have it already” - but do you trust each of these 961 partners? Do you trust all their privacy policies? I have read some. They are horrendus and allow sharing with third parties. Do you trust their privacy and security?”
Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where you’d be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.
But the other side of your argument is a bit confusing, because it seems to be coming from the angle of… proselytism, I suppose? As in, what is more useful to convince somebody who doesn’t care about the privacy side that they should avoid Windows.
And to be clear, that’s not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. I’m not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Apple’s pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, I’ll think about it.
On the merits of the argument, I’m not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, that’s not a real thing).
I trust a third party’s security setup as far as I can throw it, I don’t care if it’s on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.
Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data
I’m not gonna start ranting about their mandatory telemetry, but I do gotta note this is a hell of an issue to ignore (considering the windows telemetry “opt-in” during setup boils down to “want us to take ALL your data, or just whatever we want?”). That aside, Microsoft’s setup process is imo designed to make people think exactly what you’ve written - the telemetry is the invasive part, and (*deep huff of copium*) maybe they won’t steal any of my juiciest data. I honestly think they deliberately made their telemetry prompts a little abrasive, so that anyone who gives half a shit about privacy will focus on that part and see it as the privacy violating aspect of a new windows computer or install.
Meanwhile, as soon as you’re logged in to your new windows OS your user folders have been stored in onedrive by default - so that all your documents, desktop, etc get sent straight to Microsoft. You can migrate all your files from your old pc - dump all those medical and tax records right in your documents, where they get sent straight out to Microsoft’s servers without ANY consent or even awareness from most users. Most windows users I talk to don’t even know anything’s up until they start getting warnings about using up all their onedrive storage, and by that point M$ has all their shit and the damage can’t be undone. Sure, you can move the folders back out of the onedrive path (good luck explaining how to anyone who isn’t tech savvy) and onedrive is “””end to end encrypted””” (which is a joke when M$ has the encryption keys), but the reality is they’ve deliberately made windows trick people into allowing their personal files to be stolen. Dark patterns like these are all throughout the OS, and they’re a big part of why the proselytism you mentioned absolutely is a worthwhile goal for its own sake. Using windows is choosing to engage with a manipulative and untrustworthy entity that’s actively hostile to your privacy, and the worst part is most people don’t even realize it IS a choice. Like most choices, it’s got pros and cons - knowing you have other options doesn’t mean you have to choose them, and if someone wants to keep using windows to play their kernel-level anticheat competitive games or something that’s fair enough. I just think they absolutely need to be aware of what their choice is costing them (and the people around them due to network effects) both for their own risk management and because you can’t truly make a choice without information. “OS activism” is the only hope to actually fix or even salvage this situation, lacking any government willing and able to meaningfully regulate tech companies.
You keep mixing up concepts, though.
Yes, MS embeds OneDrive into its OS in annoying ways. OneDrive sucks and that sucks.
But that’s not a security issue when you work with a company that uses Windows to handle your sensitive data. If the company you’re working with is using a default Windows image that accidentally stores your sensitive, legally protected records in a default OneDrive that’s not a Windows issue, that’s an issue with giving your medical records to what seems to be an IT department run by somebody’s cousin who knows computers. If they aren’t savvy enough to avoid that issue they’re not savvy enough to keep your data secure in a Linux system either. And, once again, there is definitely no indication that OneDrive is systematically not secure or that data stored in it is being manipulated or accessed by Microsoft for commercial purposes. I mean, it’s widely used professionally, so I imagine if that was the case Microsoft would get sued to hell and back.
Does that mean I like Microsoft’s choice? Nope. I loathe OneDrive. As I kept telling MS in their annoying user surveys when I was forced to use it for work, it is the one piece of software that cost me the most hours of productivity, bar none, and I dropped it like a rock the moment I didn’t have a contractual obligation to use it.
But holy crap, that absolutely isn’t a valid reason why it’d be a security OR privacy problem that a vendor you use is running Windows.
And that’s the thing, you don’t need to equivocate, make up stuff or jumble concepts like this to point out the ways in which Windows’ implementation of things is sub-par. There are plenty of legitimate examples. Granted, may of those examples are definitely not dealbreakers and plenty of Windows users are aware of them and don’t particularly mind. Just like many MacOS users or Linux users don’t mind their own quirks. But the quirks and shortcomings do exist. You don’t need to make them up or be hyperbolic about them.
This just makes you sound paranoid and kind of unreasonable. It makes it easier to dismiss the legitimate arguments because man, a lot of that is clearly not a reasonable argument, so why would you assume some of it is?
To be clear, I’m not talking about the impacts of companies using windows at all - everything I said was meant in the context of an end user environment. Even more specifically, I’m only talking about privacy (never even used the word security) and I was replying only to where you mentioned their telemetry not affecting user data, to point out that they unapologetically steal user data separately from the telemetry. The data may be encrypted, and technically “secure” from other actors, but Microsoft holds the encryption keys so the only thing standing between them and your personal files you might believe are private is “pinkie promise we won’t look”.
Does this mean bill gates is personally browsing any random person’s photos libraries? Obviously not, but the fact that nothing technically prevents M$ from using the encryption keys (that they store for you) to unlock your “secure” data on their servers that you may not even know they’ve taken is absolutely something that anyone in that position should know. That’s putting significant trust in M$ - which again, many people in this position did not do and did not know they were forced to.
Hopefully this clarifies if it seemed like I was mixing up concepts - I’m tired as fuck and probably not as coherent as I’d like to be. Still, I don’t believe I’ve “made up” anything or even been hyperbolic - other than my pet conspiracy theory about their reasoning behind the setup process and telemetry prompt, everything I wrote is imo a verifiable fact and if you disbelieve any part of it I’m happy to provide sources. (Edited to add: later, right now I need sleep lol)
OK, but that’s not what the thread is about. The thread is about the OP arguing that end users shifting away from Windows is not a solution because companies and other users who interact with them are using Windows and that’s a vector that will compromise their data.
Which is not really a thing, as far as I can tell.
Also, no, it’s not “pinkie promise”, their data protection obligations are regulated (differently depending on where you are, but they are) and even in scenarios where you’re solely relying on their terms of service they may be liable if they are negligent about it. I don’t trust MS. I don’t trust any company. I do business with them and if they bone me as a partner or a customer I have whatever recourse my government’s regulations grant me.
I don’t need to be a digital prepper with every single picture of my dog secured by my own hand, personally. And even if I chose to be that guy, as the OP says, it’s a systemic problem. I shouldn’t have to rely on my own tech skills to secure my information, this should be a regulated space where normal people don’t need full end-to-end control to be kept reasonably safe. Yes, even when using Windows, or Android or whatever other service corporations are providing to them.
I disagree with your dismissal of windows’ security implications for companies, but to avoid mixing up concepts I’m focusing only on the end user privacy aspect.
And regulation, while worthwhile and something we should definitely be working on, is still functionally irrelevant in an environment where there’s realistically no way for anyone outside of M$ themselves to detect any violations. The plain facts are that M$ is fully capable of accessing end users’ private data without user consent or awareness (or even awareness that M$ has the data at all, in many cases). With no realistic way for them to be caught doing this, regulations or no this boils down to a matter of trust that they won’t - again, basically a pinkie promise. Sure, if they broke that promise (and you somehow managed to catch them in it) you could sue them, but again this does nothing to change the fact that they are fully capable of accessing the data.
Choosing to use windows and onedrive anyway despite knowing this, like I said before, is a valid choice as long as and only if it’s a choice that you knowingly make for yourself. It’s the wrong choice imo, especially when plenty of other services that do the same thing without the ability to access your shit exist, but as long as people are making that choice for themselves I don’t have a problem with it. Its acting like it’s unreasonable to push people to be aware of these facts and make their own informed choices is unreasonable that I disagree with.
As a home user the OS thing is preference, some prefer Windows, some Mac, some Linux, etc.
Your post however raises a good point, and it certainly makes me form an opinion in a greater context. Thanks for making me think about this, genuinely - it’s good to have opinions challenged.
Thanks for making me think about this, genuinely - it’s good to have opinions challenged.
Not me. I plan to continue being a sweaty holier-than-thou neck beard and mock people using Windows. Brb gotta write to my dentist about how good Linux is now and recommending Arch to my general doctor who still uses a computer from 2010.
Until there is serious consequences to data breaches and criminal charges it doesn’t matter. It’s been a free for all for a long time the best we can do is simply keep using products or services that respect your privacy and discourage or not use services.
Yeah, our response to the Equifax breach was the end of data privacy. Oh, you lost literally all of the data for all of the adults in the US that you have been tracking without consent? All good, don’t worry.
Really, the response should have been the FBI taking all of their equipment, figuring out exactly what was stolen, notifying all the victims, then formatting and shredding all the equipment and sending Equifax a bill, on top of a huge fine.
Maybe we should tell people to use Linux