Companies just blindly trust MS with their data and even force their employees to hand their personal data over in the process. I've pushed for my company to stop leaking so much company/employee/customer data to MS, but as long as the corporation doesn't personally experience how that data is being used/abused and they aren't being fined or hauled into court over it I doubt much will change.

These contracts are extremely lucrative and extremely detailed. Microsoft applies a business analysis to each one of them. If they determine it’s more financially beneficial to abide by the contract, they will.

There is zero “blind trust” involved, on either side. Where there is trust, it has been earned. And it can be burned.

That might be so for big companies. Most smaller shops more likely just accept the (still extremely detailed) T&C's outright. That certainly structures the relationship, but I doubt there's much balancing involved.

I'm thinking of e.g. the medical lab next door, the girlfriend's gynecologist, most smaller businesses really, of which there are a ton which deal with relatively sensitive customer data.

If Microsoft uses the data they have to come up with competing products, or to time the release of their competing products, or to decide which stocks to buy or short, or to decide which companies to partner with or avoid, or which of your employees they should try to attract, or even to sell or leak privileged information to your competitors you'd never know about any of that without a whistleblower at Microsoft saying something, and that person's income and very comfortable lifestyle depends on them keeping their mouth shut. A whistleblower may also risk legal consequences themself if they ever come forward. Risking themselves, their future, and their family is asking a lot which is why whistleblowers are extremely rare.

That's part of the problem with surveillance capitalism. All the spying being done is to collect massive amounts of extremely valuable data, but very little of that data is used transparently. You simply can never know how the data being collected about you will be used against you, you can just be sure that it will be.

The reason companies are investing huge amounts of resources into collecting, storing, and analyzing every single scrap of data they can get their hands on is because doing so is making them money hand over fist. I doesn't matter if it's your data, or your company's data, they'll be using it in any and every way possible if they even suspect that doing so will give them an advantage or make them more money and their gains will almost always be at your expense.

Just last year Microsoft was fined for illegally collecting children's personal data. Microsoft has also broken the law to sell software in violation of US sanctions. They've illegally bribed government officials. They've committed a number of anti-trust violations. In these cases breaking the law was probably still worth it for them even after the fines they were forced to pay and other slaps on the wrist they received. We have no idea how many other laws they've been breaking without being caught.

For a company willing to break laws in the US and around the globe, violating a contract with Boeing is nothing, especially when the risk that Microsoft would be discovered taking advantage of the data Boeing gave them is basically zero.

You could even argue that Microsoft owes it to their shareholders to exploit every possible advantage they have at their disposal to maximize profits, laws and contracts be damned. That seems to be the position many corporations take at least, and even the companies that have been caught committing the worst kinds of acts like Purdue Pharma, DuPont, or Philip Morris still exist today and seem to have no problems with sustainability. MS could even use the data they collect to help ensure that they maintain their relationship with Boeing for as long as it benefits them to.

Maybe Microsoft used the information found in outlook to tailor their product offering and craft their sales pitch when convincing Boeing to buy into their cloud services and AI tech (https://news.microsoft.com/2022/04/06/boeing-and-microsoft-d...). Perhaps Microsoft found and leveraged detailed information on Boeing's finances and IT budget which allowed them to set a price much higher than they would have for those services. The more you know about a company and their situation the more leverage you'll have in a negotiation.

Just because MS isn't making airlines doesn't mean that they aren't able to abuse the data they collect for their own profit at Boeing's expense.

sabarn01> We don't have access to that data internally. We can't access customer data outside performance metrics about the service. At least for the normal dev there is no real way to get access to what the customer does.

On the other hand we have:

Microsoft> We and 7xx Third Parties access Outlook data on user devices.

Taking both you and Microsoft at face value, we seem to have two fairly different assertions.

Customer concerns could be allayed if their shared data was fully auditable at any time by the customer. This would include what buyers of this data can see.

Fortunately, Microsoft has infrastructure so robust they can share a customer's data with 733 3rd parties.

I think we can safely send one more copy to the customer (who's data it is) without overtaxing anything.

Their use of 3rd party and external tools for adjusting registry during licensing problems is wild.

That is what a support team is for.

And those access elevations will be tracked and audited, just like at any other organization that handles sensitive data.

This isn't some super duper secret, when shit breaks there needs to be a, well secured, escape hatch for the people who fix things to crawl in and make repairs.

Prior to cloud hosting, Microsoft could get permissions to remote in to your servers, or prior to those days, send someone physically out with a laptop and a debugger.

But surely you can see that saying this is still the same as just saying "trust us". It's very, very hard to trust Microsoft.

And the number of markets Microsoft completes in now is tiny. This isn't the 90s where Microsoft competed in slews of consumer and business markets. The potential upside from the Cloud team slurping up secrets from competitors in literally ANY other business segment, is dwarfed by the losses that would hit MS.

Now of course that doesn't mean some corrupt fool in sales won't risk destroying the company so he can make his yearly bonus (that very thing has brought down companies before!), but Microsoft internally has a lot of motivations to ensure that doesn't happen.

So, don't trust Microsoft saying "trust us". Trust Microsoft being greedy and wanting to keep growing the cash cow that is Azure Cloud.

Rergardless, my point is that Microsoft saying that they have audits and controls in place is exactly the same as them saying "trust us". They're just saying "trust that we have effective controls in place".

What an organization can (and should) do is to behave in a way that earns people's trust over time. Microsoft actually had a window of opportunity to do this. They even made a very public campaign proclaiming how they weren't like the Microsoft of old and were more trustworthy than they used to be. And for a while, I even thought that perhaps a real culture change really did happen. But their behavior (especially around Windows and Office) is uncannily similar to that of other companies of questionable trustworthiness.

The utterly massive enterprise market that values security and privacy and also pays Microsoft oodles of money says otherwise.

Also, people aren't enterprises. Microsoft doesn't treat people like they treat enterprises.

And frankly given the monopolistic nature of the business, there are a lot of enterprises that pay for microsoft's services because they don't have the power to make the decision not to

https://servicetrust.microsoft.com/DocumentPage/6ee23fc7-20d...

https://servicetrust.microsoft.com/ViewPage/AllDocuments

In any case, it doesn't much matter. The threads I'm in here are pretty much just me saying I don't trust Microsoft and others saying that I should, so I'll just bow out and leave it at that: we have different opinions.

It's one of those commonly overlooked things.

Cannot say for the entire Microsoft, but in Azure the only way to access customer data is through support flow for cases where customer explicitly gave permissions. Otherwise support portal will not allow access. And there is no other way of accessing customer data. Access is revoked after a case is closed.

The incentive for customers to give this access is simple - with this my team can answer questions right away without very lengthy back and forth (especially if customer is in different time zone). Which results in (way) faster support and problem resolution.

Is there technical protection? Is it encrypted in a way that's only accessible to me?

> Cannot say for the entire Microsoft, but in Azure the only way to access customer data is through support flow for cases where customer explicitly gave permissions.

That article notes that Microsoft says Microsoft accesses our data and make it available to 7xx 3rd parties. It is safe to assume that Microsoft has automated process to violate our privacy and not eyeballs and fingers.

So you don't really need to defend Azure tech support because no one is accusing Azure tech support.

“Can we have access to X, but don’t worry, we don’t let anyone look at X unless Y happens” is a bit suspicious when “grant X permission when Y happens” isn’t an option.

Even worse when the access to X is only disclosed to users living in a jurisdiction requiring it.

Microsoft’s many brand and marketing folks have a big uphill battle if they want to convince me otherwise. Or they can just stop collecting data.

I’m sure you understand, we need to collect your credit card number because that’s how we make money at this bakery. No I will not explicitly explain how. Don’t you feel like I’ve improved your experience?

You also mentioned that collecting user data is how Microsoft is paid in the GP comment. That’s pretty clear to me. I thought when I paid Microsoft, that was the main revenue stream.

The document provided in theory communicates what you said so succinctly before, but with more legal and confusing language.

If it says the opposite, then just asking me to assume that this document that’s extremely difficult to read explains why outlook should ingest information I wasn’t told about, since I live in a jurisdiction where Microsoft doesn’t need to, and why that’s actually a neutral or possibly “good” thing for me, is a bit silly.

—

Edit: if I’m misunderstanding what you said earlier by:

> We have to collect customer data that's what we get paid for.

Then I’m sorry. I don’t mean to frame you as saying something you don’t mean to.

We store data everywhere to meet european GDPR standards regardless of where you live. We have logs but they can only contain sanitized information.

Any document which attempts to describe how a large origination handles data is going to large and complex. As sometimes different standards conflict. For example we have to keep records of anyone who changes the system for some period of but we also have to delete data that has end user identifiers. When stuff like that happens we have to go to lawyers and have language that describes how we handle thoes conflicts. That doesn't lead to a small doc.

This is a major problem, actually, and exactly why people can't and won't trust you.

SOC compliance and external audits can help keep things reasonably secure and prevent the totally careless/incompetent handling of data, but I'm skeptical that they would typically be robust enough to detect Microsoft's own equivalent of Room 641A let alone the actual hardware installed by the feds which MS itself isn't allowed to touch.

Which is one of the many reasons why I will not allow Microsoft products on my machines.

My objection to Microsoft's methods in this regard isn't the data that customers voluntarily and knowingly store on Microsoft servers, it's the collection of data about customers, their machines, and the use of their machines that happens behind the scenes.

Wish you all the best though, a Microsoft people trust would do good for the world.

I'll just chime in to say that, while I appreciate the sentiment the user is conveying, I certainly don't trust a Microsoft pinky promise.

Right but no one is saying your department is violating our privacy. I'm not sure why you feel a need to defend it.

I think we can safely say that MS's methods of violating our privacy are all automated and that you + coworkers aren't eyeballing our personal data. So we can move on from that.

If you'd like to speak to the privacy violations that are referenced in the article, we're all ears. Education guesses about methods or who some of the 3rd parties are would be terrific.

The pros: Outlook doesn't get to speak to MS The cons: When an email has linked images, they don't load, which for the past 20+ years hasn't been a problem.

https://www.reuters.com/technology/microsoft-overtakes-apple...

Some mess.

If you think it is a big issue you can of course talk to your employer about it and see if they will change, but they're also free to disagree with you.

We were sold on (in my mid biz) Microsoft being all-the-things compliant: HIPAA, GDPR, etc.. and this is why we put all our data there. As long as they keep touting this, businesses will keep on feeding them data.

Protonmail is using this to drive demand gen for their services. doesn't make them wrong but understand the motivation and how they are pitching the narrative.

Proton mail may be trying to capitalize on this newish development but they are also not wrong.

Which is also how old outlook works but new outlook wants to man in middle all my email.

Edit: https://sparkmailapp.com/help/general/email-storage-and-back...

I don’t use Teams or the Send later feature which does involve their servers.

https://www.claws-mail.org/index.php

It's lightning fast compared to Outlook, and very stable/reliable. Also available on Windows.

Outlook .pst files (both mail and contacts) also can be easily ported to Mbox or other standard formats, then imported into Claws Mail, by using the readpst utility which is part of libpst utilities, available on various Linux distros. On Debian it's part of pst-utils.

https://www.five-ten-sg.com/libpst/

Also opening a mail that's 30 MiB in size (pictures) and has to be downloaded just freezes the entire UI.

I'd like to advise people to use other software, but I don't know of any perfect email clients:

* sylpheed/claws-mail has this locked UI problem

* mutt doesn't render images and has a steep learning curve

* thunderbird has software bloat, doesn't work on my low end hardware

And other recommendations?

Webmail is also mostly broken. I liked prayer, but it also doesn't render images IIRC and roundcube dropped the classic theme on new versions, and the new theme has less information density.

I like the classic HTML UI of GMail and OWA, though.

https://www.seamonkey-project.org/

Since you mentioned mutt and it's steep learning curve, I recommend you another TUI MTA/mail app. It's nmail (https://github.com/d99kris/nmail). Simple, Pine/Alpine like interface, has great features (for example, saving mails in sqlite - can be viewed offline). Also the developer is active and friendly, in case you find bugs or have any proposals for enhancements.

Eventually our subscribers will get in touch with us asking why our emails are no longer getting sent to them. This is with very low spam rates, DKIM, and DMARC set up. There's also no good way to contact the iCloud postmaster, which is an option for every other major email service.

I also have had several instances where iCloud Drive would take forever to sync. The most recent time got so bad (100% cpu usage that persists after killing the process when I added 5KB worth of files) that I stopped using it completely. Tried Microsoft OneDrive instead and it synced at good speeds and gave me no problems.

If folks ask "why would you pay for email", I think the right first answer to that question is that it's a better service than the free service providers. Then, you can talk about the why's (when you pay for email, you're the customer, not the product, the privacy aspect of not having their email being farmed to enhance a company's advertising profile about you, or being used for AI/ML research if that's important to you, or any of the other reasons that might be important to folks).

So yeah, paid email is a premium service, and if we're being honest, it's been a premium service for regular folk for decades. I happily pay for email myself, but my parents sure don't, my wife doesn't, and most of my friends don't.

I and several people I know are happy to pay for email. Every report like the one linked here makes me an even happier paying customer.

Perhaps you have a different definition of "no one".

Most services just offer a paid email. Proton offers all of its services for an extremely low monthly price. Not to mention their security protocols are among the best.

Everyone uses email. Most use a VPN (everyone should) and almost everyone utilizes some form of cloud storage.

I started off purchasing to use their VPN and now actively use all 3.

It’s a false sense of security and a waste of resources. The ones making the money are datacenters and middle-men.

The point of cyber security tools like VPNs is to limit tracking, data sharing and reduce the potential for malicious actions to be taken against you.

You can't honestly say not using a VPN is better than using one. What's the alternative? Unencrypted web traffic? Your ISP harvesting your web data and selling it? Exposure on public networks?

What is the difference between the ISP knowing this and being a problem, but the VPN sitting with the exact same information, also knowing it?

I don't know if you're aware, but basically all sites on the internet use something called SSL these days. However, SSL is useless if you use a VPN that also provide DNS servers (which most do) - because the provider could listen in on all of your traffic by hijacking the handshake, DNS and traffic to and from any target server - making it much easier to create a user profile, because you're authenticated to the VPN.

Also, third party cookies are blocked in the mainline browsers by default, making VPNs even more useless.

Most if not all of the ISPs also use dynamic IPs, making it unlikely to be cross-site-tracked based on IP sources.

Additionally, 3rd party cookies may be blocked but cross-site are not.

Your VPN doesn't protect against squat when it comes to the agencies that might be watching. Hell it doesn't even protect much against marketers fingerprinting your movement around the internet. You leave a plenty big breadcrumb trail that isn't just IPV4.

Honestly VPNs have been a great marketing example of the last 5 years. You all buy something without needing it or knowing why t f you have it. Yes using internet without one is better. Why? It's cheaper for starters.Auth. faster! No relay slowing down your connection!

VPN best use isn't on consumer end. It's on orchestration end as another tool to guarantee you are who you say you are via another layer of auth.

What does Apple really do with that information? I at least know what Google or Microsoft is doing, by example of this article.

I just laugh as Apple users misplace their trust and think they're somehow secure for it buying an iphone, at least Microsoft users know the insecure mess they're stuck with.

What does this even mean?

I pay for protonmail, and I'm very happy with what I get. I can even use it as a client for receiving and sending email from my own domain. So, if ever I were to want to get away from it, my accounts won't be tied to the email provider.

Do you pay for your personal emails? I do (Fastmail) and I'm very happy. Same with search (Kagi) and many other services.

So you could have two different Outlooks on your Windows 11 computer now. Just like there could be 3(!) versions of Teams installed (Teams for Home with Friends and Family, Teams for Work or School, and New Teams for Work and School).

This Outlook risk hangs over my client's head because they opted to pay. Last year they moved from self-hosed Exchange to hosted-Exchange + Office 365 + all the recurring fees (and support costs).

Paying rent to reside in MS's surveillance hydra isn't a terrific bargain.

> your IMAP and SMTP username and password are transmitted to Microsoft in plain text.

What the heck?

if password "secret123" is sent to you, it doesn't matter if it was sent via carrier pigeon, locked up in a secure briefcase and delivered by someone driving an aston martin, or via a TLS channel. It's still plaintext, because the receiver now has the actual password, and not a hash of the password.

Today, when the context is service provider and customers, "plain text" is used to say that service provider has the data unencrypted.

I think that is not true. I think that is a lie on Proton's behalf.

When I set up the email client, it connects via OAUTH2 to the other services. It's connected as an app and not via credentials. If it connected via bare credentials, then it'd be a "legacy app" and you'd need to generate an "app password" for it, but you don't.

> I think that is not true. I think that is a lie on Proton's behalf.

Sadly, it is all too true:

Microsoft lays hands on login data: Beware of the new Outlook https://www.heise.de/news/Microsoft-lays-hands-on-login-data...

Warning: New Outlook sends passwords, mails and other data to Microsoft https://mailbox.org/en/post/warning-new-outlook-sends-passwo...

1/ Train AI models on corporate customer email

2/ Ask that AI questions about commercially interesting things

3/ Print money

In much the same way that models trained on GPL code write out code which is byte-for-byte identical to but otherwise completely distinct from the code it was trained on, said model will emit interesting emails that have only coincidental correspondence with the commercially sensitive information in the training data set.

Microsoft has absolutely everything they need to do this already in place. Obviously they'd never do something unethical like that so it's safe to continue giving them all your corporate email.

https://www.youtube.com/watch?v=eFCSp23xl40

For proton, I assume they have a free tier (I don't know I pay for it). So I guess they let people know to push adoption or get people to make the jump, but the assumption is they have some conversion rate to paying customers. For those that never want to pay for email as their usage scales, they're better off staying.

According to her, "their" product used to be information. Then it became prediction. And now it's behavior modification, which they achieve by constantly mining us (the data we provide them).

At least IMHO, this is a more accurate depiction of the current state of affairs. Although in the end, it may be quite a similar metaphor, either way.

https://www.heise.de/news/Microsoft-lays-hands-on-login-data...

This is not true.

My business clients on hosted Exchange are paying for O365 Biz. Their local Outlook app has a Try The New Outlook switch in the upper right corner. That's all it says.

The one employee who clicked it (before I could warn them) found the local paid-for, Outlook app transformed into web-based Outlook running in Edge.

All of the same issues mentioned in the article were first discovered in this New Outlook by German researchers.

This client made a point of purchasing local-run Office apps. Web based Office is a non-starter. In this case, MS is using a deceptive method to hijack my client into running software - they they explicitly paid to not have to use.

Microsoft's behavior in this is clearly unethical.

Part of Microsoft Problem here is they have 4 things they call "Outlook". Outlook the Consumer Desktop Application which is privacy nightmare referenced in this article. Outlook the personal free email hosting service (old Hotmail), Outlook the Business Desktop Application most people know. New New 365 Outlook which is just WebView2 Outlook.

Okay. And?

As I mentioned in my post, the same behaviors discussed by the Proton researchers were also discovered by German researchers in the "New Outlook". Does the purchase channel matter here?

That is indeed what Proton showed.

And for the 3rd time, I am saying that German researchers showed that the same bad behavior happens in the New Outlook client that is part of Microsoft's office business suites.

> Outlook (Desktop/Web App) in 365 is COMPLETELY outside of proton article.

Again, so what?

Very specifically, please explain why it matters that the bad Business Outlook behavior was reported in a different article.

Sure, they will disable the data collection and gladly obey the rules we put in the contracts (how do we know?). But they'll make sure that we're paying extra money for it. They're sucking away our now even more valuable tax money[0] and our idiotic leadership of panic throws more money into this black hole.

[0] A "Kleine Anfrage" in the German parliament to the Bundesregierung in December 2023 made it public (but mostly ignored) that the German Bundesregierung will pay 6bn EUR to Microsoft and Oracle in the upcoming years. Source (in German): https://www.zdf.de/nachrichten/politik/deutschland/it-open-s...

I couldn't find a way to turn off these ads.

Great way to destroy trust, Microsoft!

Enshitification galore!

(I'm a proud customer of Proton but only for my business, for the whole family I find the cost just a tad to high to justify so I have a small local provider)

Another place where I encounter this behavior is the pop-ups shown by web browsers for sites asking for special, sometimes weird [1], permission like "location" which took me about five seconds to make sure I pick the "Block" button.

I hope this sort of behavior gets regulated by the corresponding authorities.

1. I once hear a youtuber say: Why on earth a wallpaper app needs to access my and manage my phone calls?!

[1] https://www.reddit.com/r/Windows11/comments/1443318/whats_up...

They want to basically make windows machines, telemetry kiosks for every bit of data they can extract.

This ought to be classified as adware itself now by malware detection. Obviously Windoze "Defender" won't have a problem with this I'm sure, no conflict of interests there.

The things we learn thanks to these regulations keep proving why they’re necessary.

The thing-to-learn from the EU rollout:

The public is a stakeholder and needs to be represented by 1) folks correctly knowledgeable to do so and 2) be invested with enough weight to not be overruled by govs & corps.

I've been on Linux for more than a decade, and even with advancements like Flatpak, Linux is very far from the protections Android, iOS, Mac and Windows have.

In any case, "any software may be tracking the Linux user" is an exaggeration. The vast majority of software on the average Linux user's desktop is open-source software from their distro repo.

Might not be for gaming, but it's perfect for the daily drive!

1) On the login screen (if you let it do its OOBE login background thing)

2) On the post login screen every time I update asking me to sign in to cloud (which is actually asking me to pay for cloud)

3) On the OS notifications on login prompting me to sign in to cloud

4) On the badge of my non-cloud user in the start menu with an orange blip that looks like a notification but is really a prompt to sign in and pay for cloud

5) At the top of my start menu begging me to pay for xbox live

6) Looking at email

7) Any app with AI features that'll be horny to beg you to buy new AI credits. Like notepad.exe

Is there a reason I shouldn't continue showing people how to steal their software or /ideally/ invest in alternatives?

Not that it justifies the behaviour of course but it's not always the case.

Proton also has a VPN, encrypted storage space, and password manager. They're slowly building a full suite of privacy-focused apps with paid tiers for all of them. Development stagnated for a while but it seems like they've made decent progress recently, although their products still don't match the features of Google's app suite.

Full disclosure, I have been paying for Proton services for several years now and use them as my primary email provider.

It's not just Microsoft's email, it's all of Windows too. I tried Windows 11 for the first time not too long ago and it's an abomination of an ad delivery vehicle that makes ChromeOS look magnificent.

After too many years of Windows, I finally bit the bullet and installed Linux on my desktop. Within a few weeks I was more productive than I was on Windows and my OS is no longer trying to sell me something constantly, and I should have done it sooner.

Their products behave too similar to those of bad actors. Recently I had a relative over and was helping them with some computer stuff. They had an odd PDF viewer on their laptop and, when I asked them about it, they called it Adobe. It was not Adobe Reader.

I assumed it was the result of clicking through a paid search result and installing something from the internet, but they insisted they got it from Microsoft. I was confused for a while because it wasn't an app from the Microsoft Store.

Then they explained to me how they got it. They clicked on start, searched for "PDF", and "installed Adobe Reader from Microsoft". The icon for the app they had was obviously made to look similar to Adobe Reader and they had no idea the start menu search is a free for all of Bing results.

They're not stupid and I can't really blame them for misunderstanding. When they showed me, I could see how it would be reasonable to mistake the search result (or ad?) for an app recommendation. The result had an icon and everything. The weird thing is that I can't reproduce it on my PC. I don't get the same results that look too much like recommendations, so either I'm on a different release cadence for Windows or I've disabled some of those unwanted features.

The user should be able to trust everything in the OS. A built-in search feature that exposes users to bad actors is extremely frustrating to see.

Most games can run on Linux fine ( https://www.protondb.com/ ), some even run better.

After some problems with pop-ups I nuked my parent's Windows install and put Linux on the machine. They had no problems using it.

Between those two use cases, why use Windows at all?

A strong warning, the direction Microsoft is going with Windows, Apple is heading in now. I'll put down money that by 2026 iOS and MacOS will no longer be usable. It's good that desktop Linux is now ready for prime time. We can win on mobile too.

I wish I had the same optimism. I have a Fedora partition that gets wiped and reinstalled every release and there's always some showstopper or things are slightly worse that make me unable to commit. I'm not settling for 'slightly worse'. The display server situation on Linux is depressing.

I don't like were Microsoft is heading, but it's way too early to claim Windows is dead.

I agree with your point though - Windows is not dead; for me its a lot of the photo editing applications that I want to use don't run well on Linux.

I think that's exactly the problem. It's too alive, so they can bastardize the experience in any way.

Because it's a partition I use to test Linux and rather than upgrade I'd rather start over from scratch.

As for the distro choice, Fedora is ahead of Ubuntu but not as bleeding edge as Arch.

I'm sure there's plenty arguments for using x distro over y. Fedora is just what I landed on.

When the games run however, I agree they typically run better.

Yes, with WSL to keep it afloat just long enough to steal your private data before it sinks.

It use to be the case that your private data would be sold to advertisers but that model is changing with the privacy laws, user starting to not tolerate it (e.g. see poor Google search results), and moats that are starting to fall apart (e.g. Apples app store).

Just in time for the next frontier. This time, the goal is to to feed GPT models with your private data. Windows and Outlook seem like excellent funnels to do just that. The best GPT model will require the most intimate data and at the lowest price possible. MSFT is positioned to do just that.

I don't see how that can be true. Valve has made huge strides in pushing Linux gaming forward, and thousands of Windows-only games are playable on Linux, sometimes even with better than native performance.

The small percentage of games that have anti-cheat mechanisms or intrusive DRM (Steam notwithstanding) that are problematic on Linux are likely games that don't deserve my money or attention anyway.

Disclaimer: I do still game primarily on Windows, but mostly because I find dealing with Linux issues (whether that's related to games or otherwise) much more annoying than dealing with Windows' spyware. I can reasonably handle the latter, but nothing is more frustrating than having non-working software when I just want to unwind for a while. I think these are not unsurmountable issues and am pretty hopeful the state of Linux gaming can only improve.

If we are talking about games whose compatibility will increase Linux adoption though, most of those have anti-cheat and DRM.

I am more optimist than this, mainly because of Valve. They contributed a lot to Linux gaming and are now in a position where they can pounce and steal Microsoft's cake.

Microsoft simply cannot allow themselves to slip up on this anymore and I feel like we are at a point where one more major blunder or a scandal from Microsoft could irreversibly sway the tide towards Valve and Linux gaming in general.

The hoyoverse titles used to detect VMs, but it seems to have calmed down. (I was able to try Honkai Star Rail with no obfuscation effort on my part.) NVIDIA stopped caring about VMs in their GPU drivers a few years ago. FatShark almost made the anti-VM mistake with the new Warhammer 40K Darktide anti-cheat; I refunded the title during early-access and told them why. They reversed course before launch and that also works in a VM. - I've played many Blizzard properties (but not WoW) in a VM as well, though they tend to hate networked storage, for reasons I don't yet understand. (Had to setup iSCSI because my CIFS share over 10Gbit/s paravirtualized NIC was "not good enough", I guess.)

Windows runs in a Hyper-V VM by default now, anyways, so "running in a VM" as a heuristic is of questionable utility to me. (It's how the "Core Isolation" feature is provided.) The real irony is I can't even use the VM to cheat, anyways. The guest's memory is encrypted by default. Modifying it, or even reading it, from the host-side would be prohibitively painful. I guess a VM would perhaps obfuscate emulated/scripted inputs, but I use real devices, and a real USB hub on the guest anyways, because the latency and functionality of the emulated HIDs is awful.

Thankfully Steam is very pro-consumer: if a title I purchase does not run in the VM, or on Linux via Proton, it gets instantly refunded. The nice thing is it is actually in Valve's interest financially to push back on these devs: both to prop up the value of the SteamDeck, and to stop people like me from getting refunds.

Edit: I am "posting too fast" it seems (a few messages per hour, I guess?), so here's a response to a comment below here about the mixed-OS household:

I wouldn't mind using macOS or Linux, and I actually would pay if I could install macOS on my PC tower. I might be the idiot here, jumping out of the MS frying pan into the Apple fire, but I find macOS to be just fine for my use, and not too locked down overall when it comes to running the software I need on it and it's very well integrated with some of my other tech stuff. Sure, I can't tweak every aspect of the OS, but I don't mind how it works out of the box so I am cool with that. It would also be nice if I could use some of the macOS features on other platforms, like iCloud, Messages (whatever the blue-bubble messages are called), and iPhone integrations.

Kernel level cheat engines (not VAC) will catch you on a different OS 100% of the time. EAC is vastly more popular for detecting in game cheating, versus VAC which scans the users computer for possible cheats and typically doesn't work well when it comes to preventing cheating if at all.

Many companies invest heavily in kernel level anti-cheat and having to support multiple OS's when the other two big OS's account for less 0.5% of the profit, I just don't see business folk lining up to ensure non-windows users can play video games given the fact it's probably Microsoft making or publishing the game in some capacity.