Yes, MS embeds OneDrive into its OS in annoying ways. OneDrive sucks and that sucks.
But that’s not a security issue when you work with a company that uses Windows to handle your sensitive data. If the company you’re working with is using a default Windows image that accidentally stores your sensitive, legally protected records in a default OneDrive that’s not a Windows issue, that’s an issue with giving your medical records to what seems to be an IT department run by somebody’s cousin who knows computers. If they aren’t savvy enough to avoid that issue they’re not savvy enough to keep your data secure in a Linux system either. And, once again, there is definitely no indication that OneDrive is systematically not secure or that data stored in it is being manipulated or accessed by Microsoft for commercial purposes. I mean, it’s widely used professionally, so I imagine if that was the case Microsoft would get sued to hell and back.
Does that mean I like Microsoft’s choice? Nope. I loathe OneDrive. As I kept telling MS in their annoying user surveys when I was forced to use it for work, it is the one piece of software that cost me the most hours of productivity, bar none, and I dropped it like a rock the moment I didn’t have a contractual obligation to use it.
But holy crap, that absolutely isn’t a valid reason why it’d be a security OR privacy problem that a vendor you use is running Windows.
And that’s the thing, you don’t need to equivocate, make up stuff or jumble concepts like this to point out the ways in which Windows’ implementation of things is sub-par. There are plenty of legitimate examples. Granted, may of those examples are definitely not dealbreakers and plenty of Windows users are aware of them and don’t particularly mind. Just like many MacOS users or Linux users don’t mind their own quirks. But the quirks and shortcomings do exist. You don’t need to make them up or be hyperbolic about them.
This just makes you sound paranoid and kind of unreasonable. It makes it easier to dismiss the legitimate arguments because man, a lot of that is clearly not a reasonable argument, so why would you assume some of it is?
To be clear, I’m not talking about the impacts of companies using windows at all - everything I said was meant in the context of an end user environment. Even more specifically, I’m only talking about privacy (never even used the word security) and I was replying only to where you mentioned their telemetry not affecting user data, to point out that they unapologetically steal user data separately from the telemetry. The data may be encrypted, and technically “secure” from other actors, but Microsoft holds the encryption keys so the only thing standing between them and your personal files you might believe are private is “pinkie promise we won’t look”.
Does this mean bill gates is personally browsing any random person’s photos libraries? Obviously not, but the fact that nothing technically prevents M$ from using the encryption keys (that they store for you) to unlock your “secure” data on their servers that you may not even know they’ve taken is absolutely something that anyone in that position should know. That’s putting significant trust in M$ - which again, many people in this position did not do and did not know they were forced to.
Hopefully this clarifies if it seemed like I was mixing up concepts - I’m tired as fuck and probably not as coherent as I’d like to be. Still, I don’t believe I’ve “made up” anything or even been hyperbolic - other than my pet conspiracy theory about their reasoning behind the setup process and telemetry prompt, everything I wrote is imo a verifiable fact and if you disbelieve any part of it I’m happy to provide sources. (Edited to add: later, right now I need sleep lol)
OK, but that’s not what the thread is about. The thread is about the OP arguing that end users shifting away from Windows is not a solution because companies and other users who interact with them are using Windows and that’s a vector that will compromise their data.
Which is not really a thing, as far as I can tell.
Also, no, it’s not “pinkie promise”, their data protection obligations are regulated (differently depending on where you are, but they are) and even in scenarios where you’re solely relying on their terms of service they may be liable if they are negligent about it. I don’t trust MS. I don’t trust any company. I do business with them and if they bone me as a partner or a customer I have whatever recourse my government’s regulations grant me.
I don’t need to be a digital prepper with every single picture of my dog secured by my own hand, personally. And even if I chose to be that guy, as the OP says, it’s a systemic problem. I shouldn’t have to rely on my own tech skills to secure my information, this should be a regulated space where normal people don’t need full end-to-end control to be kept reasonably safe. Yes, even when using Windows, or Android or whatever other service corporations are providing to them.
You keep mixing up concepts, though.
Yes, MS embeds OneDrive into its OS in annoying ways. OneDrive sucks and that sucks.
But that’s not a security issue when you work with a company that uses Windows to handle your sensitive data. If the company you’re working with is using a default Windows image that accidentally stores your sensitive, legally protected records in a default OneDrive that’s not a Windows issue, that’s an issue with giving your medical records to what seems to be an IT department run by somebody’s cousin who knows computers. If they aren’t savvy enough to avoid that issue they’re not savvy enough to keep your data secure in a Linux system either. And, once again, there is definitely no indication that OneDrive is systematically not secure or that data stored in it is being manipulated or accessed by Microsoft for commercial purposes. I mean, it’s widely used professionally, so I imagine if that was the case Microsoft would get sued to hell and back.
Does that mean I like Microsoft’s choice? Nope. I loathe OneDrive. As I kept telling MS in their annoying user surveys when I was forced to use it for work, it is the one piece of software that cost me the most hours of productivity, bar none, and I dropped it like a rock the moment I didn’t have a contractual obligation to use it.
But holy crap, that absolutely isn’t a valid reason why it’d be a security OR privacy problem that a vendor you use is running Windows.
And that’s the thing, you don’t need to equivocate, make up stuff or jumble concepts like this to point out the ways in which Windows’ implementation of things is sub-par. There are plenty of legitimate examples. Granted, may of those examples are definitely not dealbreakers and plenty of Windows users are aware of them and don’t particularly mind. Just like many MacOS users or Linux users don’t mind their own quirks. But the quirks and shortcomings do exist. You don’t need to make them up or be hyperbolic about them.
This just makes you sound paranoid and kind of unreasonable. It makes it easier to dismiss the legitimate arguments because man, a lot of that is clearly not a reasonable argument, so why would you assume some of it is?
To be clear, I’m not talking about the impacts of companies using windows at all - everything I said was meant in the context of an end user environment. Even more specifically, I’m only talking about privacy (never even used the word security) and I was replying only to where you mentioned their telemetry not affecting user data, to point out that they unapologetically steal user data separately from the telemetry. The data may be encrypted, and technically “secure” from other actors, but Microsoft holds the encryption keys so the only thing standing between them and your personal files you might believe are private is “pinkie promise we won’t look”.
Does this mean bill gates is personally browsing any random person’s photos libraries? Obviously not, but the fact that nothing technically prevents M$ from using the encryption keys (that they store for you) to unlock your “secure” data on their servers that you may not even know they’ve taken is absolutely something that anyone in that position should know. That’s putting significant trust in M$ - which again, many people in this position did not do and did not know they were forced to.
Hopefully this clarifies if it seemed like I was mixing up concepts - I’m tired as fuck and probably not as coherent as I’d like to be. Still, I don’t believe I’ve “made up” anything or even been hyperbolic - other than my pet conspiracy theory about their reasoning behind the setup process and telemetry prompt, everything I wrote is imo a verifiable fact and if you disbelieve any part of it I’m happy to provide sources. (Edited to add: later, right now I need sleep lol)
OK, but that’s not what the thread is about. The thread is about the OP arguing that end users shifting away from Windows is not a solution because companies and other users who interact with them are using Windows and that’s a vector that will compromise their data.
Which is not really a thing, as far as I can tell.
Also, no, it’s not “pinkie promise”, their data protection obligations are regulated (differently depending on where you are, but they are) and even in scenarios where you’re solely relying on their terms of service they may be liable if they are negligent about it. I don’t trust MS. I don’t trust any company. I do business with them and if they bone me as a partner or a customer I have whatever recourse my government’s regulations grant me.
I don’t need to be a digital prepper with every single picture of my dog secured by my own hand, personally. And even if I chose to be that guy, as the OP says, it’s a systemic problem. I shouldn’t have to rely on my own tech skills to secure my information, this should be a regulated space where normal people don’t need full end-to-end control to be kept reasonably safe. Yes, even when using Windows, or Android or whatever other service corporations are providing to them.