cross-posted from: https://sh.itjust.works/post/41641719

Keystrokes? Screen recordings? Camera and microphone spying? Assuming an average person who’s not actively targeted by an intelligence agency.

  • hansolo@lemmy.today
    link
    fedilink
    arrow-up
    29
    arrow-down
    1
    ·
    1 day ago

    Aside from the Ars Technica article in the xpost, there’s a lot of “it depends.”

    It depends on not just the OS, but if it’s a custom image built for Dell or HP or Asus etc. computers, what settings are on, what settings were on by default, what bloatware is pre-installed, etc.

    Typically, all MS or Apple really want are to know what apps you have installed, zip code, email address, IP address, crash reports, and possibly keywords they can associate with advertising. That’s their baseline wish list, which is all advertising fodder, and depending on your settings, that can quickly expand to “anonymized” (it’s not) cookie use, tracking of websites visited, etc.

    If you have a custom image (i.e. a Dell specific version of Windows) the laptop manufacturer will look for access to roughly the same data.

    With the whole Copilot fiasco, recording things like keystrokes and screenshots really are potentially in play now. But, again, only if you have foolishly installed Copilot and turned that stuff on. And that only after huge public outcry. So there’s always a non-zero risk of that, but do your due diligence to know you settings.

    Can you strip out bloatware and tighten down Windows to a reasonable degree? Sure. But because MS can and does change system settings without your consent, you might find in 6 months an article about a setting you turned off, that they turned back on and you had no idea.

    • iamtherealwalrus@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      1 day ago

      Even if you turn off the setting and it stays off in subsequent updates, how can you know that the setting actually does anything at all? That is to say how can you trust Microsoft does not ignore the setting and just gathers the data always.

      • derpgon@programming.dev
        link
        fedilink
        arrow-up
        7
        ·
        1 day ago

        It might be not sending any extra data - which can be verified via packet sniffing like Wireshark - but how do you confirm they are not saving the legit requests you do and collect it silently at the backend? It cannot be proven (beyond reasonable doubt).