Comment by pixel_popping
6 hours ago
I doubt workers stealing data (which is more frequent than you might think) will just openly post about it...
Do you really believe it's normal that banks are on Windows? Do you want governments, military and such to be on Windows, really? It's not a popularity contest, we know that most corpos do terrible choice about IT stuff (at least back then and now they are doomed).
It breach basic every security principles, we should be relying on cryptography and not human trust? Would you let your ISP inject a CA in your OS and just rely on the trust of their employees to not look at your traffic? you're building your security model on the assumption that a private corporation's employees won't abuse access they structurally have, you rely on faith which imo is plain wrong. But even, the privacy factor has not been addressed, you are alright with MS correlating your entire life, many wouldn't accept that.
>>I doubt workers stealing data (which is more frequent than you might think) will just openly post about it.
Can you explain what mechanism is there for Microsoft workers to steal data off my Windows PC that doesn't upload anything to OneDrive? Like I'm genuienly curious - how do they do it?
It depends what you consider data, to me for example, all the devices I use in my home, who comes in my home and such are considered private (as it should, but we might disagree on this), but realize that the moment someone steps-in your home, then the typical correlation of SSIDs, BT devices (to simplify it) is sent as telemtry to MS servers (this is official, I'm not just speculating).
And about pure "data" as in filenames file content and such, then obviously typical Windows Defender, Smartscreen and such that would send file hashes, sometimes content, filenames, mod time and such, making Microsoft directly aware of your filesystem content.
>I doubt workers stealing data (which is more frequent than you might think)
Can you post a source for this? I'm sure every newspaper on the planet would love to publish headlines reading "MS workers are stealing your data", but that would require some actual proof, not made up FUD.
>Do you really believe it's normal that banks are on Windows?
It doesn't matter what I believe, what matters are the facts and reality on the street which is what I'm arguing. You are free to believe whatever you want, that doesn't make you right.
I'm not dying on a hill. From a security standpoint, every "trust" step is a security assumption that you cannot verify (especially on a Samsung phone), I'm just not willing to bet my threat model on the "goodwill" of a corporation whose business model is built on data aggregation, there is no proofs needed (MS has had a ton of breaches the last decade btw), but you do you.
Let me ask you something and make an hypothetical and you must reply in good faith, this is because we don't agree on fundamental points on security:
If you were a wanted criminal that still needs to work online somehow to make money, would you feel safe using Windows?
I think we can agree that privacy and security are heavily intertwined. If your honest answer is no,then that alone tells you something about the OS trust model. And if your answer is "yes", then i'd genuinely like to hear why, because I can't think of a single compelling reason.