Comment Re:Microsoft issues the Linux keys too (Score 1) 96
We're not going to agree, again, which is fine, but Microsoft is the digital equivalent of Epstein.
You can claim they don't take your data, and it's all carefully stated in the ToS, Licensing / Privacy Policies, but it all means nothing if they don't prove it, and they've never proved it. License terms and contracts are for fools, it's all hand waving and legal jargon to excuse themselves from wrongdoing.
If you doubt that, write your own terms, make them fair, and sensible, and ask Microsoft to sign off and grant your terms, not theirs. If your terms are reasonable, they shouldn't have a problem with that, but, they will not sign your terms, they won't consider them. Seriously, give them a set of terms that all software is required to be open-source, open-audit, free from any analytic tracking or data grab. Require Microsoft to release build keys, verification keys, and a signed source chain trust, for all code. Force them to PGP sign everything, and provide you with source level build scripts. Force them to have a full isolated, independent, third-party verifications of all systems, sub-systems, and code. When they refuse to sign, why? I can tell you why, they aren't accountable, trustable, and they're digitally molesting you to the point Epstein would ask them to calm down.
If Microsoft wanted to improve their image, they would start by stripping all the analytic nonsense from their products. They would remove services that collect, analyze and traffic your data, and they would lock down Windows into a default secure state, by enabling the Group Policies that are off by default, but shouldn't be. They would remove the online account nonsense, One Drive, Office bundles, and all of that useless waste.
You can do a lot of that yourself, but shouldn't have to, since the default state should be security first, which is absolutely not how Microsoft operates. Microsoft does not care about security, some people in Microsoft might, but the company as a whole doesn't. This is straightforward to prove, require all email communication from them to use PGP, they won't, they'll refuse, but why? Granted, just using PGP means nothing, but it's an essential first step / first stage to email, which means they can't even engage with email correctly.
Oh, and you have to strip out the Microsoft secure boot keys, and resign everything, which, if Microsoft was handling properly, it would have Windows walk you thought generating client-side keys for the secure boot chain, and doing the resigning on your computer.
I really don't care what you think I know or don't know about cyber-security, it doesn't matter in this context, I've listed very basic things that Microsoft could easily do, to instill trust. I haven't brought up Linux or Unix to any degree to make it sound great or horrible, I'm simply pointed out Windows is a terrible operating system, and it objectively is. I have said many times in the past: "Windows is not for professionals.", that statement is true today, has been true for over a decade, and doesn't look it will be proven false any time in the foreseeable future.
None of this contradicts anything I brought up, if we don't agree, we don't agree.
You can claim they don't take your data, and it's all carefully stated in the ToS, Licensing / Privacy Policies, but it all means nothing if they don't prove it, and they've never proved it. License terms and contracts are for fools, it's all hand waving and legal jargon to excuse themselves from wrongdoing.
If you doubt that, write your own terms, make them fair, and sensible, and ask Microsoft to sign off and grant your terms, not theirs. If your terms are reasonable, they shouldn't have a problem with that, but, they will not sign your terms, they won't consider them. Seriously, give them a set of terms that all software is required to be open-source, open-audit, free from any analytic tracking or data grab. Require Microsoft to release build keys, verification keys, and a signed source chain trust, for all code. Force them to PGP sign everything, and provide you with source level build scripts. Force them to have a full isolated, independent, third-party verifications of all systems, sub-systems, and code. When they refuse to sign, why? I can tell you why, they aren't accountable, trustable, and they're digitally molesting you to the point Epstein would ask them to calm down.
If Microsoft wanted to improve their image, they would start by stripping all the analytic nonsense from their products. They would remove services that collect, analyze and traffic your data, and they would lock down Windows into a default secure state, by enabling the Group Policies that are off by default, but shouldn't be. They would remove the online account nonsense, One Drive, Office bundles, and all of that useless waste.
You can do a lot of that yourself, but shouldn't have to, since the default state should be security first, which is absolutely not how Microsoft operates. Microsoft does not care about security, some people in Microsoft might, but the company as a whole doesn't. This is straightforward to prove, require all email communication from them to use PGP, they won't, they'll refuse, but why? Granted, just using PGP means nothing, but it's an essential first step / first stage to email, which means they can't even engage with email correctly.
Oh, and you have to strip out the Microsoft secure boot keys, and resign everything, which, if Microsoft was handling properly, it would have Windows walk you thought generating client-side keys for the secure boot chain, and doing the resigning on your computer.
I really don't care what you think I know or don't know about cyber-security, it doesn't matter in this context, I've listed very basic things that Microsoft could easily do, to instill trust. I haven't brought up Linux or Unix to any degree to make it sound great or horrible, I'm simply pointed out Windows is a terrible operating system, and it objectively is. I have said many times in the past: "Windows is not for professionals.", that statement is true today, has been true for over a decade, and doesn't look it will be proven false any time in the foreseeable future.
None of this contradicts anything I brought up, if we don't agree, we don't agree.
