• einlander@lemmy.world
    link
    fedilink
    English
    arrow-up
    143
    ·
    28 days ago

    Don’t forget with the Recall feature, you may be on Linux and are using a secure communication application, but if who you are talking to is on windows your conversation can be scraped.

    • Hellfire103@lemmy.ca
      link
      fedilink
      English
      arrow-up
      76
      ·
      28 days ago

      Same thing with email. It’s all well and good if you’re using ProtonMail or Tuta or Posteo, but you’re still cooked if the other side is using Gmail.

      Old problems, new modi operandi.

        • bitwolf@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          11
          ·
          28 days ago

          Do Proton remotely erase the message on the recipient’s email server? Even if it’s not a protonmail server?

          • Arcka@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            28 days ago

            Someone correct me if I’m wrong because I don’t know how proton works on this. These type of things usually don’t send the protected content in the email to the recipient’s server, they just send a link that the recipient opens and it’s all still kept on the private service’s server.

    • jonne@infosec.pub
      link
      fedilink
      English
      arrow-up
      35
      arrow-down
      1
      ·
      28 days ago

      It’s not like companies that use Linux don’t get breached either. Your personal data is in thousands of databases that have varying levels of security. Personal choices don’t affect any of that, regulations like GDPR are what’s needed.

      • Rivalarrival@lemmy.today
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        28 days ago

        GDPR has much the same problem: it can only actually be enforced against entities with a presence in Europe. When Europeans do international business, the GDPR only protects them if that foreign site has a business presence within Europe. When they have no bank accounts or business assets inside the EU, they are not subject to the GDPR.

        Even though the GDPR covers your side, it doesn’t always cover the other side.

        • jonne@infosec.pub
          link
          fedilink
          English
          arrow-up
          18
          ·
          edit-2
          28 days ago

          That’s why I said “regulations like the GDPR”. The US and other blocs need similar regulations. Especially the US is important, as they’ve shown that they’re willing to stretch the size of their jurisdiction to sometimes absurd lengths.

          That’s usually a bad thing, but in this case that might be good.

          • Rivalarrival@lemmy.today
            link
            fedilink
            English
            arrow-up
            1
            ·
            28 days ago

            I think you missed my point…

            I am not subject to the GDPR. I don’t have to abide by it. Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.

            Microsoft has proven themselves overtly hostile to privacy. Yours, mine, and everyone’s. The available options are:

            1. Attempt to regulate them into behaving like decent human beings.

            2. Avoid their business.

            When my therapist is using a system that is overtly hostile to their privacy and mine, the solution is not to ask the government to chastise their attacker. The solution is to eliminate their reliance on their attacker, and get them in a system the attacker doesn’t control.

            I’m not saying we should avoid GDPR-like regulation altogether. I’m saying that at the OS level, Linux is intrinsically compliant with the intent of such regulation but may not comply with the letter, if the letter requires some sort of affirmative confirmation or certification of compliance that would be complicated for the developer to implement.

            Microsoft will be able to be technically compliant with the law, but will definitely subvert it’s intent and purpose however it can.

            • Arcka@midwest.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              28 days ago

              Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.

              That could depend on how the regulation is written, so we should push to have these new regulations cover all users of services hosted in our countries.

    • umbrella@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      28 days ago

      this goes for pretty much every single chat app out there. most of the popular ones are proprietary and go through private servers.

      privacy is important kids.

    • AbsentBird@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      28 days ago

      So it’s not enough to brag about being on Linux ourselves, we should be encouraging our friends to switch to Linux as well?

    • nialv7@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      28 days ago

      How’s this different from someone just record your call? The thing you are worrying about has been possible long before Recall is a thing.

  • Limonene@lemmy.world
    link
    fedilink
    English
    arrow-up
    86
    arrow-down
    2
    ·
    28 days ago

    But does your medical clinic do?

    No, they don’t, and it pisses me off. Every time I see it, I think, Well, there goes my medical privacy.

    But where else can I go? There’s only one health company in town, and they bought all the doctor’s offices.

    Who can I complain to? The doctors and nurses are visibly frustrated with Windows every time I see them use it. If they can’t change it, how could I?

    • CarbonatedPastaSauce@lemmy.world
      link
      fedilink
      English
      arrow-up
      52
      ·
      28 days ago

      That ship has sailed anyway. I’ve had no less than 5 breach notifications show up in the mail from things related to my health care in the last 2 years, and it’s not like I’m constantly at the doctor. The whole system is a disaster.

    • groet@feddit.org
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      2
      ·
      28 days ago

      They might not know there are alternatives. So they likely do not ccomplain to their IT person.

      Dont be a “jUsT uSe LiNuX” guy, but when you see them frustrated maybe say “hey I see you are frustrated as well and I as a patient are concerned about my medical data privacy. You know there are better and safer alternatives, maybe you could ask your IT if it would be possible to switch to Linux?”

      Realistically, they can’t switch because the software to use some $€1m medical device only runs on windows.

      • ewigkaiwelo@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        28 days ago

        I’ve had the se thought as expressed in the last paragraph the other day and isn’t the anwser in compatibility layer? Like can’t they install and run windows medical software using WINE?

        • lightnsfw@reddthat.com
          link
          fedilink
          English
          arrow-up
          8
          ·
          28 days ago

          Having worked in healthcare IT. Adding more complexity will only make things harder for them. A lot of healthcare staff can barely operate the Windows PCs and applications they’re used to. Change anything and they act like the sky is falling.

        • skulblaka@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          28 days ago

          That opens up a legal liability for the people creating the compatibility layer. You’ve gone from two points of failure (the doctor and the machine) to three.

          For sure it can be done but most people / companies won’t want to take on that liability.

  • savx@lemmy.world
    link
    fedilink
    English
    arrow-up
    52
    ·
    28 days ago

    privacy is scary stuff if you think. it’s like, i care so i dont share my phone number with facebook, but someone out there may have my number/address/name on their contact list and chances are big that they have no problem sharing with zuck. so i’ll still end up on zuck’s database.

    • Lesrid@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      28 days ago

      I just activated my checking account with PayPal and one of the questions from the verification battery was asking me which email I recognized. They were different domains of my mother’s ISP email that she uses only with Amazon.

      I had the urge to answer incorrectly as if that would remove their association.

    • herrvogel@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      28 days ago

      My dad did that. The man has a slight obsession with collecting information about our entire extended family, as far back as he can go in time. He’s been known to get in touch with small municipalities to ask for their records about someone 8 generations back. He’s collated quite a bit of data over the years.

      And then one day he went and loaded all of that into a shitty mobile family tree app. Phone numbers, current addresses, email addresses, photos, a shit ton of personal information of a shit ton of people, uploaded to some random developer’s unknown database without their consent. He didn’t even pause to think about it for one second. I told him what he did, he wasn’t even bothered.

      There are tons of people like my dad who don’t have a single cell in their entire bodies that gives a flying fuck about data privacy, unfortunately, and they give out everyone’s data along with their own.

  • CarbonatedPastaSauce@lemmy.world
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    3
    ·
    28 days ago

    Demand it from who? With what power or leverage?

    Not to be defeatist, but I’m just a guy. Nobody’s gonna listen to my demands. I’m surprised privacy notifications say anything other than “You don’t have any” with two buttons that both say “OK”. All I can do is selfhost as much as possible and decline to use tons of applications or services that underpin modern societal functions or social activities. So I do. But it sucks ass and I don’t have any power to change any of it.

    • dwindling7373@feddit.it
      link
      fedilink
      English
      arrow-up
      20
      ·
      28 days ago

      Where I am, unlike climate change, the privacy issue is not discussed properly so just explaining it to people that trust you can boost any future systemic action.

    • nyctre@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      28 days ago

      No, but the point they’re trying to make is, I think, that the more you complain, the more other people complain and the more other people start complaining and unless we have enough complainers and people switching, nothing is gonna change.

      Our power is imperceptible but not non-existent

  • spujb@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    2
    ·
    28 days ago

    i use linux and don’t have family or friends or get any kind of medical care ☺️ checkmate

      • spujb@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        28 days ago

        The failures of the United States healthcare system are compatible with the Unix philosophy due to its emphasis on doing one thing poorly and leaving the rest for the user to figure out. Like Unix tools, each component—insurance, billing, and treatment—functions independently, refusing to communicate effectively while relying on the user to “pipe” themselves between endless calls, paperwork, and escalating bills. Debugging your health, much like debugging code, requires advanced knowledge, infinite patience, and a willingness to accept that nothing will ever be fully resolved.

  • parpol@programming.dev
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    1
    ·
    28 days ago

    I think people who say “I don’t care, I use Linux” are really saying “You should use Linux to stop this.”

      • Delphia@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        28 days ago

        Im sure the receptionist in the doctors surgery cant wait to have that conversation.

    • SaharaMaleikuhm@feddit.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      28 days ago

      Yes. And whereas if you say “You should use linux” might get you downvoted and angry responsens, just saying “I use linux” does not.
      But with enough repetition the people who care enough might eventually give Linux a try on their own time.

      • Phoenixz@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        28 days ago

        Yeah but that misses the point.

        Others SHOULD use Linux. We’ve been saying that for decades now and slooooowly people are learning. Stop down voting people for saying what everyone should be listening yo

  • bitwolf@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    31
    ·
    28 days ago

    What drives me nuts about this subject is rarely spoken about.

    No single company can properly compensate all of their users for the damages caused by mishandling their personal data.

    In fact the damages may even be too great for the government to properly compensate said users.

    • InFerNo@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      28 days ago

      My government forces a fingerprint on our id cards. I already lost. I can’t use my fingerprint anywhere for authentication because it’s not mine anymore.

    • hakase@lemm.ee
      link
      fedilink
      English
      arrow-up
      27
      arrow-down
      1
      ·
      edit-2
      28 days ago

      This is common in British English.

      For example, the question “Are you going into town?” might be answered by an American with, “I might,” and by a Brit with “I might do”. In past tense it would be “I might have” vs. “I might have done”.

      This is all perfectly systematic and grammatical - this person just has a different grammar than you do. Though I guess that’s what Nazis do best: enforcing arbitrary standards in systems they don’t understand to destroy diversity to everyone’s detriment.

      • jpeps@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        28 days ago

        Could you give some more examples of this? Because I don’t think I agree that it’s even technically correct, though I don’t have a proper argument as for why. I feel like this is more likely a non-native speaker picking up on a structure like “does your X do Y?” and repurposing it incorrectly.

          • jpeps@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            28 days ago

            Thanks so much for these, I really enjoyed reading them. I’m not sure it’s the same thing though to be honest. I feel like in this example, ‘does’ is where ‘do’ would go. Eg ‘do your family members? Do your staff? Does your partner?’ In your links I think the closest examples are those saying that they need to add a word after ‘do’ to clarify what kind of ‘do’ it is, eg something like ‘Does your medical clinic do that?’

            • hakase@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              27 days ago

              It’s definitely the same thing. We can test this using other modals and auxiliaries in equivalent question constructions to show that we’re dealing with analogous structures:

              If making a question with “might”, for example (with the pro-predicate base sentence “But your medical clinic might do”), we get “But might your medical clinic do?”

              With “would”, “But would your medical clinic do?”

              So, with “dummy do”/do-support leading to the insertion of “do” for inversion purposes, along with the separate pro-predicate “do” lower in the clause, “Your medical clinic does” (or possibly “Your medical clinic does do”) becomes in the same way “Does your medical clinic do?”

      • TimewornTraveler@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        10
        ·
        28 days ago

        Wow that’s standard? It was the most awkward thing I’ve read all day. I feel bad for you guys out there…

  • MudMan@fedia.io
    link
    fedilink
    arrow-up
    13
    ·
    28 days ago

    I think there’s some confusion at play here. That argument is about security, not privacy.

    Is the concern that Microsoft is ingesting your data and thus your actions aren’t private? Or is it that Windows is not secure and so you don’t think data stored in Windows systems is safe from third party access? That distinction matters, because in both cases the way it’s framed here isn’t really accurate but for different reasons.

    • fraksken@infosec.pub
      link
      fedilink
      English
      arrow-up
      9
      ·
      28 days ago

      And both arguments are valid. However, when discussing privacy with somebody “who has nothing to hide”, the security concerns argument usually holds more ground.

      “Fine, you don’t mind microsoft and their 961 partners to know about your computer usage patterns. But how about the criminals which will have your data as well? You may trust microsoft with your data - “because they have it already” - but do you trust each of these 961 partners? Do you trust all their privacy policies? I have read some. They are horrendus and allow sharing with third parties. Do you trust their privacy and security?”

      • MudMan@fedia.io
        link
        fedilink
        arrow-up
        3
        arrow-down
        6
        ·
        28 days ago

        Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where you’d be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.

        But the other side of your argument is a bit confusing, because it seems to be coming from the angle of… proselytism, I suppose? As in, what is more useful to convince somebody who doesn’t care about the privacy side that they should avoid Windows.

        And to be clear, that’s not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. I’m not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Apple’s pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, I’ll think about it.

        On the merits of the argument, I’m not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, that’s not a real thing).

        I trust a third party’s security setup as far as I can throw it, I don’t care if it’s on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.

  • Phoenixz@lemmy.ca
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    28 days ago

    No, you need to demand that government organizations use Linux or other open source systems as well, there is no other way.

    You can require Microsoft to comply with rules, it won’t. It doesn’t care, it wants money, and more money, and that is it. It’s been like that since it’s inception. The same goes for all other tech companies

    You know what brand doesn’t careuch about money and will respect your privacy?

    Open source software. Linux. Firefox (eh, mostly) with plugins, mariadb, etc…

    • Geobloke@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      28 days ago

      If you believe the duly elected people have less power than a corporation, well, that’s also a “we” problem

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      1
      ·
      28 days ago

      I once took a government contract for rebuilding a critical piece of software to provide civic services to the under-employed.

      I finished it in about a month. Was paid. And I was on a retainer for three years to provide updates.

      It actually took FOUR years before it was launched live to the general public.

      Best of luck convincing the underpaid govt IT to move OSes.

  • JadenSmith@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    10
    ·
    28 days ago

    As a home user the OS thing is preference, some prefer Windows, some Mac, some Linux, etc.

    Your post however raises a good point, and it certainly makes me form an opinion in a greater context. Thanks for making me think about this, genuinely - it’s good to have opinions challenged.

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      28 days ago

      Thanks for making me think about this, genuinely - it’s good to have opinions challenged.

      Not me. I plan to continue being a sweaty holier-than-thou neck beard and mock people using Windows. Brb gotta write to my dentist about how good Linux is now and recommending Arch to my general doctor who still uses a computer from 2010.

    • AnarchistArtificer@slrpnk.net
      link
      fedilink
      English
      arrow-up
      1
      ·
      28 days ago

      This is unrelated to the article you’re sharing now, but I read that (I agree thoroughly that the GDPR needs to be a start, but that it’s inconsistently followed/enforced) and then I saw and read your article about apathetic cis people who might be agender. That’s a neat perspective that I hadn’t considered before — I’m cis and very much not apathetic about my gender (and I sometimes experience dysphoria if I am not treated as my gender). However, I have a bunch of other friends who have described their attachment to their gender as being far more “meh”, and I am looking forward to getting a chance to discuss your article with them.

      It strikes me that most of my friends are some flavour of LGBTQIA+, but I don’t know anyone who is agender. However, 10 years ago, many of my friends who now are non-binary didn’t know a term for their experience of gender, so identified as the closest they could find (such as lesbian). I wonder how many people I know who might find that “agender” feels like a fitting identity, if it were more prevalent in discourse etc.

  • mvirts@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    28 days ago

    That’s why I demand (nag constantly) that everyone around me run Linux 🤣

    Jk we’re all doomed to live in an Orwellian dystopia

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      28 days ago

      (me screaming at the gas station attendant from behind the bulletproof glass)

      BRO CHANGE YOUR OS!