Unless you happened to install Ubuntu, which used to send all your local file searches to the cloud to find Amazon deals

Yes, Apps can't do that.

> As compared to Windows or Mac where apps are sandboxed by default?

Yes, apps from both the windows and mac App Stores are sandboxed.

I'm not sure what your point is. I'm not saying Windows is perfect at all, but the GUI security is better. If nothing else, consider the classic ctrl+alt+delete, which no app can catch. On Linux there is no way to be sure the 'login' you are seeing isn't a program someone has installed to capture logins. On Windows I know the login is genuine if I press ctrl+alt+delete.

Windows provides UI isolation between privilege levels:

https://msdn.microsoft.com/en-us/library/bb625963.aspx

As compared to Windows or Mac where apps are sandboxed by default?

As the sibling commenter mentions. Mac App Store applications are required to be sandboxed:

https://developer.apple.com/library/content/documentation/Se...

The same applies for Windows Store apps.

Windows has rootkits as does Mac.

Mac has system integrity protection (SIP). Even as root, you cannot replace system files (unless you disable SIP):

https://support.apple.com/en-us/HT204899

So, in contrast to default Linux distributions, a root kit cannot replace system files (a common trick that root kits apply is to replace system files to preserve itself during reboots and to hide the root kit, e.g. by hiding it from 'ps' output).

Moreover, macOS only loads signed kernel extensions, so it is not possible for a root kit to inject itself as a loadable kernel module. I think the same is true for Windows, but I am not familiar enough with Windows.

I am also not worried about government agencies having unfettered access to my machine as a default setting.

You are throwing two things one one heap now: (1) having a backdoor and (2) sending out usage data.

If you believe that there is a difference between Linux, macOS, or Windows when it comes to (1), this is utterly naive. Linux distributions have a large number of package maintainers and upstream projects. You cannot be certain that none of these ten thousands of people is compromised and inserts a subtle backdoor. And even if you are certain about this, it's likely that government actors have a collection of exploitable remote and local exploits.

When it comes to sending out data, such as usage data, use an app firewall. E.g. with a program like Little Snitch, it is easy to configure which program can contact what server in the outside world.

Ps. Linux has the potential to be very secure. A lot of the technology is there (e.g. Wayland and SELinux). The problem is that the Linux community is too conservative and/or believes in the myth that Linux is already secure.