I don't think native MS apps running on a local machine are a risk, I imagine (with a little nieviety) that if MS apps/OS were phoning home on a regular basis with the content of ones documents - someone would have noticed and raised a flag (or did I miss it). Nor is exchange BCC a copy to the NSA - again someone would have noticed. Cloud services excluded.
PS. It's *buntu that spins my propeller.
PPS. I'd be interested in what RMS has to say, not just about MS in this case but the whole PRISM/NSA thing in general - he has been warning us.
Windows natively has several data collecting operations on any machine with Windows installed.
Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.
Each update, a summery of all installed packages are collected and sent to Microsoft in order to "improve the experience".
WAT collects your hardware specification, including the serial number of your hard drive.
Each time you connect your operative system to the Internet, it calls home to a Microsoft server to check if the connect works. Its doubtful that they throw away the logs from this.
Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Microsoft word (and Outlook?) do also collect information, but it is supposed to be optional. I don't remember if its on by default, but I am rather sure it is.
Then we have semi-native application such as massager or skype. Both has messages being "scanned".
>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.
Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.
The ones you mentioned about Updates is also true for Chrome updates. [1]
>Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Any source on this?
>Microsoft word (and Outlook?) do also collect information.
With Office 365, this is more or less a reality.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned".
Are you talking about URL scanning? So does FB, Gchat etc. Expect your messages to scanned or stored no matter what 3rd party service you use. Always use client-side encryption for secure communication.
The most important one you left out is SkyDrive. I remember installing it on my computer and then signing onto the web interface to find out I could even access files outside of my sync directory. Sure you can turn "off" the feature, but I promptly uninstalled it instead.
I don't trust Microsoft with privacy in the cloud but neither do I with any other 3rd party.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned". - Are you talking about URL scanning? So does FB, Gchat etc.
The OP talked about native MS apps as being risk free. Just because FB and Gchat also do bad thing, doesn't make someone else applications less risky to use.
> Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.
Hashing the URLs won't give you any privacy, because the set of used URLs is public and relatively small. Also, I'm not aware of Firefox doing that, are you sure about it?
At IE and Chrome, sending that data is optional. It's neither opt-in nor opt-out. The browser makes a question at the first use, and you must select one option. IE's question is a bit biased toward a "opt-in or you'll get phished", but there is no reason to think that wording is malicious - one can even claim it's true.
Besides all that, MS sends all known vunerabilities of it's products to the NSA long before either publishing or fixing them. That's enough to give the NSA administrative priviledges on Windows machines.
I might have clicked through it. I guess I am still paranoid since you can re-enable it on the web, its not a client controlled setting. Surely someone could take advantage, not just the NSA but even a hacker breaking into your Outlook.
>Nor is exchange BCC a copy to the NSA - again someone would have noticed.
True, but what about Windows Phone vs. Android (with Google's apps, not just a FOSS build like Replicant) vs. Apple? Which is the lesser evil for your privacy?
Ah yes, well - OK I'd be thinking, given recent history, Windows Phone would be high on my list of most likely to be evil, but in the back of my mind is always, its the carrier that holds the cards there. But u have a point I had not considered - the mobile arena. What one would you consider the lesser evil?
With Google's apps? I've already mentioned Replicant (http://replicant.us/) in my original post. Replicant is a fully-FOSS Android distribution based on CyanogenMod.
PS. It's *buntu that spins my propeller.
PPS. I'd be interested in what RMS has to say, not just about MS in this case but the whole PRISM/NSA thing in general - he has been warning us.