Are privacy concerns around Microsoft Windows 11 overblown?

At this point it's moot to me.

Privacy concerns may well be overblown if one were able to objectively assess facts. Perhaps Windows 11 is the most secure OS Microsoft have ever produced :)

But I would still not use or trust it, for reasons the frog would not ride on the scorpion's back, no matter how desperately it wants to cross the river.

I've lived long enough to witness all of Microsoft's shenanigans, the hostile takeovers, the insults to free software, the lies, the threatening behaviour, the bribery, court cases, criminal convictions and fines. Insomuch as a company can be, Microsoft are unethical to the core. Indeed they are the paradigmatic untrustworthy company.

If you were to offer me a water-tight mathematical formal proof that Microsoft's code was secure and private, I would still choose to use to use something else.

Although they default everything to being on, you can turn off every privacy-centric feature in Windows. That depends on whether you believe they are lying about those settings actually doing what they say they do.

On top of that, you can use network-level tools to block your data from leaving your home. This could be something like a pihole that blocks the relevant domains, and/or a firewall that blocks them entirely.

At least on paper, Apple does seem to be doing better on privacy. They are private by default. Again, this all depends on how much you believe they aren't lying. There are also edge cases with them. For example, iMessage is encrypted end to end, but if you make an iCloud backup of your iMessages, those are not completely protected.

If someone is that paranoid about the OS being the point of failure their privacy, open source OSes are available for them to use. I'm personally not concerned about using Windows, MacOS, iOS, or even Android as long as I am thorough about configuring all the settings in the OS and my network appropriately.

I think the weight of defaults is easy to overlook. While the options are available and most things people fear can be disabled... it's reasonable to look at this and ask, "What don't we know about?"

This, in combination with the trend of less and less autonomy over our time, equipment, and purchasing.... I think it's perfectly valid to be loud about.

As far as I'm aware, Microsoft has never been transparent with what exactly is sent to them as part of the telemetry, which cannot be turned off in consumer versions. However, they added the same telemetry updates to Windows 7 and 8, so it was a concern a decade ago as well.

https://support.microsoft.com/en-us/topic/update-for-custome...

Forensic experts are a good information source on this: https://arxiv.org/pdf/2002.12506.pdf (Windows 10)

"Required diagnostics" seem reasonable: https://learn.microsoft.com/en-us/windows/privacy/required-d...

Do note that "optional diagnostics" seem to include collecting filenames/authors/modification dates for Office files; the names of installed and removed applications, hardware information (with serial numbers), process execution history, Start Menu pins, app usage history, and more: https://learn.microsoft.com/en-us/windows/privacy/windows-di...

I'm currently a Microsoft employee, I feel like your data is secure, at least from my experiences. we are audited by consultants regularly and have internal teams making sure there are no security breaches. even things like log messages are scrubbed and strictly PR reviewed, but that's just my org. It could be different elsewhere

You mean "Microsoft deliberately pwning your computer" instead of "the same level of abysmal security Microsoft has delivered since DOS; expect someone to pwn your system Real Soon Now"?

Add TPM and UEFI, and the CPU and chipset backdoors, and it's a real horrorshow down at the hardware level, too.

1. Spyware started with XP and was greatly improved in Win7. If you are asking this only now, then Microsoft and everyone else already knows everything there is to know about you.

2. When a company tells you that their product protects your privacy, what they mean is that they will try to be the only ones that have personal data about you (and that private data about you can only be bought from them). NOT that you will have any privacy.

----

How you go forward? Best way is to stop using the internet. Go live in a cabin in the woods. (I'm only half joking.)

If you live in Europe you can ask for your account and data to be deleted, but that doesn't affect the companies that your data was sold to, nor anon / aggregate statistics your data is part of.

To have privacy about what you do/think/like in the future, you can try Linux, but you're not safe even there. Firefox will track your internet activity (can be disabled) and there is spyware such as Ubuntu's popularity-contest package that monitors and reports what you run on your Linux machine.

If you want to keep using Windows, the best way would be to wipe your HDD, install clean, activate it, update it (or not), and then cut the direct internet connection. From then on, use a whitelist filtering proxy as the only possible internet access. No DHCP or any usable gateway. I'm using this and is a pain to manage. I have to manually add to the whitelist every new site I want to visit (it gets easier after a while).

Another way to do it is to have an non-filtering but password-protected proxy, and don't tell Windows about it. Firefox can use a proxy that is different than Windows' proxy setting. This way you can navigate the web without allowing Windows access to the internet.

> What's the best way to go forward if this is the case?

Linux, OSS.

These same concerns/arguments have been repeated since Windows XP (I don't remember Win9x or NT/2000 having the same scope of privacy concerns). The FUD has never changed.

But, that doesn't mean the concerns are unwarranted.

That's why I first started using Linux around 1994. I was concerned about my privacy, and I've been viewed a paranoid freak. I feel like Cassandra.

It's not even really about our OS's and what not. I don't understand that people still aren't fucking pissed that you can type in someone's full name in Google and shit sites still broadcast phone numbers, addresses, age, history. It's a trainwreck that's already been there for 20 years people.

They're only overblown in that I haven't seen anything to suggest it is any worse than Windows 10, which was already horrible from a privacy perspective.

I think we need a concentrated effort to separate "privacy" from "targeted invasive advertising". I know they're related, since ads are the main reason big tech break privacy, but as used now it's a term that clouds both legislative response and general public sentiment.

Sending back stack traces of crash reports is not the same as gathering data for targeting and pushing manipulative ads while you're browsing your folders.

I for one don't care about privacy that much, and that's how most consumers are. Almost everyone hates with a fury being shown ad over ad.

Keep ads out of my OS, it's that simple.

I think the people at Microsoft have concluded that only suckers and dups are still using Windows. Young folks use their phones, neohipsters use Macs, and techbros use Linux. For the leftovers still on Windows, Microsoft is serving up Edge browser toolbar scams, taskbar "news" ads, lock screen ads for whatever it is that Bing is doing. Elon Musk should buy Microsoft so it can die too.

Disclaimer: I worked at MSFT in the past.

I think it depends on whose perspective you're talking about. For some people it'll be overblown.

In my case, I don't really like what MSFT has been doing with their OS. It's clear for years now that they are intent on creating some form of ads platform and they'll likely do it in a way that is directly integrated with the OS. You can't even install Windows 11 without a Microsoft account (so they obviously have a way to identify you).

This seems in line with what Apple seems to be planning for their own platform [0].

All of these companies will claim they'll build something in a privacy-conscious manner, which might be true.

The question I ask myself is: Am I comfortable with that? Even if it has privacy safeguards, I am not. I'm not willing pay $130 for a Windows license AND have ads presented to me.

If Microsoft said they were going to offer a freemium model, where people that don't wanna pay for the OS will get ads I'd be fine. I'd just pay for the license to get rid of all ad tech and the respective tracking.

But regarding the future, I have no idea. I don't think there's any stopping this anymore. The only way would be for governments to get their shit together and regulate this space.

The only way to keep your privacy IMO is to choose "pain":

- Move to an OS that won't track you (Linux, *BSD, etc) – I don't care what Linux zealots say, the Desktop experience is still not even close to what Windows and macOS offer

- Avoid being online as much as possible and when you are, use tools to mask your presence

[0] https://digiday.com/media/apple-is-building-a-demand-side-pl...