• felsiq
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    I disagree with your dismissal of windows’ security implications for companies, but to avoid mixing up concepts I’m focusing only on the end user privacy aspect.

    And regulation, while worthwhile and something we should definitely be working on, is still functionally irrelevant in an environment where there’s realistically no way for anyone outside of M$ themselves to detect any violations. The plain facts are that M$ is fully capable of accessing end users’ private data without user consent or awareness (or even awareness that M$ has the data at all, in many cases). With no realistic way for them to be caught doing this, regulations or no this boils down to a matter of trust that they won’t - again, basically a pinkie promise. Sure, if they broke that promise (and you somehow managed to catch them in it) you could sue them, but again this does nothing to change the fact that they are fully capable of accessing the data.

    Choosing to use windows and onedrive anyway despite knowing this, like I said before, is a valid choice as long as and only if it’s a choice that you knowingly make for yourself. It’s the wrong choice imo, especially when plenty of other services that do the same thing without the ability to access your shit exist, but as long as people are making that choice for themselves I don’t have a problem with it. Its acting like it’s unreasonable to push people to be aware of these facts and make their own informed choices is unreasonable that I disagree with.

    • MudMan@fedia.io
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Ah, if privacy was violated and nobody heard it, did it make a noise and all that.

      Again, you’re off topic on this one, so this is a bit of a non sequitur to the objections I proposed earlier. I’ll say that I don’t typically assume major illegal behavior unless I have at least a hint that it’s at play, or at least a reason to attempt it. And yes, there are plenty of ways to “catch them” in that companies don’t steal data to bask in the glory of data, they take it to sell or otherwise profit from it.

      I feel like the implications of “privacy” have gotten entirely out of proportion or any practical application, to where it’s become less a concern about being profiled or annoyingly targeted for marketing and it’s become more a matter of abstract principle. Not of whether the data is somewhere or being used for something, but about whether it could have been in some parallel reality, where nothing short of making the data physically impossible to access is a valid outcome.

      I suppose that’s why every now and then you get a thread along the lines of “can you believe people used to dox themselves and put their name, addresses and phone numbers in a book they sent out for free?” and so on.

      It’s a weird conversation to have in these terms, because yeah, no, I agree with you in principle: you should know what data is going to be collected and be able to make an informed decision about it with opt-out as a default. Agreed there. But there’s a magnificent leap from there to “Microsoft is probably secretly accessing your cloud stored data for shits and giggles, and even if they aren’t you wouldn’t know if they did, so they’re probably lying about it”, which is… not a thing, not how this works and would lead to the mother of all fines, immediately followed by the mother of all lawsuits.

      You don’t need that scenario to take issue with the choices and policies MS actually deploys. Like, out in the open. They tell you about it. You don’t need the conspiracy theory to have a stance on that. They are not particularly subtle.

      Most normal people will sign off all of that if asked nicely and given the lightest of dark patterns on a consent form. Pretty sure Microsoft legal would at least lightly discourage colluding to perform the largest violation of data privacy regulations in human history when a simple settings toggle buried in the privacy section would achieve pretty much the same result. I don’t know what they do at Microsoft, but I assure you with no doubt or ambiguity that the average software company won’t leave the toilet seat up without first asking legal if it’s a GDPR violation.

      Still off topic for the thread, though.

      • felsiq
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        Ah, if privacy was violated and nobody heard it, did it make a noise and all that.

        Hypothetical for you, to test this assertion: some sicko puts a camera in a school changeroom, gets all the footage of kids they want and removes the camera before they’re caught. Privacy was violated and nobody heard it - did it make a noise?

        And yes, this is very much a non-sequitur because like I said, I’m replying only to the portion of your comment I first highlighted - not weighing in on anything else, just saw incorrect info and added more context. Also, the fact that you trust them is great, but irrelevant - notice we’ve gone back to their pinky promise where you’ve just chosen to accept it (which again, valid and I’m not attacking that choice). You also seem to be conflating the personal data (literally pictures and documents) that M$ has already stolen with the more conventional data “theft” of browsing data, buying habits, etc.
        This isn’t an instance of google selling your interest in some product, it’s Microsoft having access to personal files that people don’t even know have left their computer.

        Another hypothetical: an innocent person with something to hide from their tyrannical government gets a windows computer, sets it up normally and migrates their data. They of course might think their own local storage on their own pc locked behind a strong password is a safe place to put whatever incriminating evidence they need to hide, so into documents it goes (and then right onto Microsoft’s servers). Now with one request from their government, Microsoft is legally obligated to hand over their data (which they conveniently have complete access to, unknown to the innocent person). Substitute the innocent person’s “crime” and the tyrannical government with whatever you prefer, and this is exactly the “practical application” of privacy you don’t believe in. Whether it’s being LGBTQ+ in parts of the world, a political dissenter in an authoritarian state, or anything else - believing that “local storage” on your own PC actually belongs to you should not be enough to get someone jailed or killed, but it (extremely) plausibly is.
        Again, this is a problem not just because Microsoft has both the key and the lock to people’s data, but also because many of these people literally do not know. They’re not choosing to trust Microsoft because “nah they wouldn’t do that”, like you are - the choice has been stolen from them.

        Not of whether the data is somewhere or being used for something, but about whether it could have been in some parallel reality, where nothing short of making the data physically impossible to access is a valid outcome.

        I also wanna note that you say that like it’s an unachievable goal that’s unrealistic to expect, but it’s very achievable and already reasonably common. Properly end to end encrypted cloud solutions (where the users KNOWINGLY store their files) that don’t have access to the encryption keys are out there - even Apple has one.

        But there’s a magnificent leap from there to “Microsoft is probably secretly accessing your cloud stored data for shits and giggles, and even if they aren’t you wouldn’t know if they did, so they’re probably lying about it”

        Interesting rephrasing of what I actually said, which was “Microsoft is capable of secretly accessing your (presumed) local stored data, with no proper oversight to actually prevent this”. I think if you reread what I said you’ll see that I stated facts (their capabilities to do these things) rather than making unprovable assertions (which would be pointless, because as previously noted there’s no way for anyone to prove or disprove that it happened). It also (in your hypothetical where it’s proven) would - according to nearly all historical precedent - lead to at worst a slap on the wrist for Microsoft. I would love to be wrong about this part, and I can only hope that someday it happens and you get to say “I told you so” lmao

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          1
          ·
          1 month ago

          I feel the way you construct your hypotheticals makes my point for how this issue is perceived among… let’s say “privacy preppers” and how it differs from the mainstream.

          I mean, I sure hope your brave freedom fighter is putting more dilligence on operational security in other areas than they do in data security, because man, they certainly aren’t trying very hard if they’re being thwarted by accidentally uploading their super secret freedom fighting documents because they were storing them in a OneDrive-enabled “My Documents” folder. In this scenario, do they have their name and address stitched on the outside of their freedom fighitng uniform?

          For the record, Microsoft has no way to access my local stored data. They at best can access my synced OneDrive folders… which they don’t. It’s an annoyance that they insist on attempting to have OneDrive active by default, but they don’t do that to mine my medical records, they do that in a fruitless attempt to sell me a OneDrive storage subscription. I am as afraid of Microsoft perusing my hard drive as I am of DropBox, in that both sell services that will store my data somewhere else, both are probably are doing a better job of securing it than I do myself and I use neither.

          Now, on what level of privacy and security is reasonable, I will clarify that I don’t think physically securing my files is unachievable. On the contrary, it is trivial for me to rip all my hard drives off my devices, put them in a box and bury them in my basement, where my Fallout New Vegas save games will remain fairly secure for the foreseeable future, free from judgemental Microsoft employees.

          What I’m saying is that is not a reasonable or practical expectation of privacy because it also renders my data unusable. Like me being listed on a phone book, the state of my data privacy is always going to be some balance of functionality, convenience and security. What balance makes sense depends on what I do. Your fictional tech-illiterate freedom fighter sure would benefit from very secure data, at significant convenience cost. Many a careless normie is happy to let Google know every time they have a bowel movement for the convenience of their services. Most people will be somewhere in the middle.

          But it’s the government’s job to set a floor to that range. To establish the rules for a) what data it’s not fine to solicit, b) what the default proesses for soliciting and opting in and out should be, and c) how to properly handle that data once it’s been collected. That is a legitimate, structural issue that we all should care about, reagrdless of our personal needs for privacy and security.