undefined | Better HN

0 pointspixel_popping15d ago0 comments

I doubt workers stealing data (which is more frequent than you might think) will just openly post about it...

Do you really believe it's normal that banks are on Windows? Do you want governments, military and such to be on Windows, really? It's not a popularity contest, we know that most corpos do terrible choice about IT stuff (at least back then and now they are doomed).

It breach basic every security principles, we should be relying on cryptography and not human trust? Would you let your ISP inject a CA in your OS and just rely on the trust of their employees to not look at your traffic? you're building your security model on the assumption that a private corporation's employees won't abuse access they structurally have, you rely on faith which imo is plain wrong. But even, the privacy factor has not been addressed, you are alright with MS correlating your entire life, many wouldn't accept that.

0 comments

gambiting15d ago

>>I doubt workers stealing data (which is more frequent than you might think) will just openly post about it.

Can you explain what mechanism is there for Microsoft workers to steal data off my Windows PC that doesn't upload anything to OneDrive? Like I'm genuienly curious - how do they do it?

pixel_poppingOP15d ago

It depends what you consider data, to me for example, all the devices I use in my home, who comes in my home and such are considered private (as it should, but we might disagree on this), but realize that the moment someone steps-in your home, then the typical correlation of SSIDs, BT devices (to simplify it) is sent as telemtry to MS servers (this is official, I'm not just speculating).

And about pure "data" as in filenames file content and such, then obviously typical Windows Defender, Smartscreen and such that would send file hashes, sometimes content, filenames, mod time and such, making Microsoft directly aware of your filesystem content.

gambiting14d ago

Right, so there is no way for Microsoft employees to actually steal any data on my PC unless something gets flagged by Microsoft defender and sent to MS for analysis and even then it's not actual full content of the file[0]. Thanks for confirming.

[0] https://learn.microsoft.com/en-us/defender-endpoint/cloud-pr...

1 more reply

joe_mamba15d ago

>I doubt workers stealing data (which is more frequent than you might think)

Can you post a source for this? I'm sure every newspaper on the planet would love to publish headlines reading "MS workers are stealing your data", but that would require some actual proof, not made up FUD.

>Do you really believe it's normal that banks are on Windows?

It doesn't matter what I believe, what matters are the facts and reality on the street which is what I'm arguing. You are free to believe whatever you want, that doesn't make you right.

pixel_poppingOP15d ago

I'm not dying on a hill. From a security standpoint, every "trust" step is a security assumption that you cannot verify (especially on a Samsung phone), I'm just not willing to bet my threat model on the "goodwill" of a corporation whose business model is built on data aggregation, there is no proofs needed (MS has had a ton of breaches the last decade btw), but you do you.

Let me ask you something and make an hypothetical and you must reply in good faith, this is because we don't agree on fundamental points on security:

If you were a wanted criminal that still needs to work online somehow to make money, would you feel safe using Windows?

I think we can agree that privacy and security are heavily intertwined. If your honest answer is no,then that alone tells you something about the OS trust model. And if your answer is "yes", then i'd genuinely like to hear why, because I can't think of a single compelling reason.

joe_mamba15d ago

You first have to answer my challenges to your original statements, on how banks can use Windows without losing money to hackers, and how MS employees access your data, as per your claims.

I first want to see sources hat back up your claims. Otherwise how can we know you're arguing in good faith and not stringing us along with more FUD and tinfoil conspiracies.

j / k navigate · click thread line to collapse

0 comments

gambiting15d ago

>>I doubt workers stealing data (which is more frequent than you might think) will just openly post about it.

Can you explain what mechanism is there for Microsoft workers to steal data off my Windows PC that doesn't upload anything to OneDrive? Like I'm genuienly curious - how do they do it?

pixel_poppingOP15d ago

gambiting14d ago

[0] https://learn.microsoft.com/en-us/defender-endpoint/cloud-pr...

1 more reply

joe_mamba15d ago

>I doubt workers stealing data (which is more frequent than you might think)

>Do you really believe it's normal that banks are on Windows?

It doesn't matter what I believe, what matters are the facts and reality on the street which is what I'm arguing. You are free to believe whatever you want, that doesn't make you right.

pixel_poppingOP15d ago

Let me ask you something and make an hypothetical and you must reply in good faith, this is because we don't agree on fundamental points on security:

If you were a wanted criminal that still needs to work online somehow to make money, would you feel safe using Windows?

joe_mamba15d ago

You first have to answer my challenges to your original statements, on how banks can use Windows without losing money to hackers, and how MS employees access your data, as per your claims.

I first want to see sources hat back up your claims. Otherwise how can we know you're arguing in good faith and not stringing us along with more FUD and tinfoil conspiracies.

j / k navigate · click thread line to collapse