• fraksken@infosec.pub
    link
    fedilink
    English
    arrow-up
    9
    ·
    28 days ago

    And both arguments are valid. However, when discussing privacy with somebody “who has nothing to hide”, the security concerns argument usually holds more ground.

    “Fine, you don’t mind microsoft and their 961 partners to know about your computer usage patterns. But how about the criminals which will have your data as well? You may trust microsoft with your data - “because they have it already” - but do you trust each of these 961 partners? Do you trust all their privacy policies? I have read some. They are horrendus and allow sharing with third parties. Do you trust their privacy and security?”

    • MudMan@fedia.io
      link
      fedilink
      arrow-up
      3
      arrow-down
      6
      ·
      28 days ago

      Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where you’d be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.

      But the other side of your argument is a bit confusing, because it seems to be coming from the angle of… proselytism, I suppose? As in, what is more useful to convince somebody who doesn’t care about the privacy side that they should avoid Windows.

      And to be clear, that’s not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. I’m not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Apple’s pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, I’ll think about it.

      On the merits of the argument, I’m not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, that’s not a real thing).

      I trust a third party’s security setup as far as I can throw it, I don’t care if it’s on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.