Don’t forget with the Recall feature, you may be on Linux and are using a secure communication application, but if who you are talking to is on windows your conversation can be scraped.
Same thing with email. It’s all well and good if you’re using ProtonMail or Tuta or Posteo, but you’re still cooked if the other side is using Gmail.
Old problems, new modi operandi.
You can send self destructing messages with Protonmail
Do Proton remotely erase the message on the recipient’s email server? Even if it’s not a protonmail server?
They burn down the datacenter if they are not deleted in time.
Someone correct me if I’m wrong because I don’t know how proton works on this. These type of things usually don’t send the protected content in the email to the recipient’s server, they just send a link that the recipient opens and it’s all still kept on the private service’s server.
Good morning, Mr. Phelps.
It’s not like companies that use Linux don’t get breached either. Your personal data is in thousands of databases that have varying levels of security. Personal choices don’t affect any of that, regulations like GDPR are what’s needed.
GDPR has much the same problem: it can only actually be enforced against entities with a presence in Europe. When Europeans do international business, the GDPR only protects them if that foreign site has a business presence within Europe. When they have no bank accounts or business assets inside the EU, they are not subject to the GDPR.
Even though the GDPR covers your side, it doesn’t always cover the other side.
That’s why I said “regulations like the GDPR”. The US and other blocs need similar regulations. Especially the US is important, as they’ve shown that they’re willing to stretch the size of their jurisdiction to sometimes absurd lengths.
That’s usually a bad thing, but in this case that might be good.
I think you missed my point…
I am not subject to the GDPR. I don’t have to abide by it. Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.
Microsoft has proven themselves overtly hostile to privacy. Yours, mine, and everyone’s. The available options are:
-
Attempt to regulate them into behaving like decent human beings.
-
Avoid their business.
When my therapist is using a system that is overtly hostile to their privacy and mine, the solution is not to ask the government to chastise their attacker. The solution is to eliminate their reliance on their attacker, and get them in a system the attacker doesn’t control.
I’m not saying we should avoid GDPR-like regulation altogether. I’m saying that at the OS level, Linux is intrinsically compliant with the intent of such regulation but may not comply with the letter, if the letter requires some sort of affirmative confirmation or certification of compliance that would be complicated for the developer to implement.
Microsoft will be able to be technically compliant with the law, but will definitely subvert it’s intent and purpose however it can.
Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.
That could depend on how the regulation is written, so we should push to have these new regulations cover all users of services hosted in our countries.
-
getting breached is different from using spyware.
this goes for pretty much every single chat app out there. most of the popular ones are proprietary and go through private servers.
privacy is important kids.
So it’s not enough to brag about being on Linux ourselves, we should be encouraging our friends to switch to Linux as well?
How’s this different from someone just record your call? The thing you are worrying about has been possible long before Recall is a thing.
But does your medical clinic do?
No, they don’t, and it pisses me off. Every time I see it, I think, Well, there goes my medical privacy.
But where else can I go? There’s only one health company in town, and they bought all the doctor’s offices.
Who can I complain to? The doctors and nurses are visibly frustrated with Windows every time I see them use it. If they can’t change it, how could I?
That ship has sailed anyway. I’ve had no less than 5 breach notifications show up in the mail from things related to my health care in the last 2 years, and it’s not like I’m constantly at the doctor. The whole system is a disaster.
They might not know there are alternatives. So they likely do not ccomplain to their IT person.
Dont be a “jUsT uSe LiNuX” guy, but when you see them frustrated maybe say “hey I see you are frustrated as well and I as a patient are concerned about my medical data privacy. You know there are better and safer alternatives, maybe you could ask your IT if it would be possible to switch to Linux?”
Realistically, they can’t switch because the software to use some $€1m medical device only runs on windows.
I’ve had the se thought as expressed in the last paragraph the other day and isn’t the anwser in compatibility layer? Like can’t they install and run windows medical software using WINE?
Having worked in healthcare IT. Adding more complexity will only make things harder for them. A lot of healthcare staff can barely operate the Windows PCs and applications they’re used to. Change anything and they act like the sky is falling.
That opens up a legal liability for the people creating the compatibility layer. You’ve gone from two points of failure (the doctor and the machine) to three.
For sure it can be done but most people / companies won’t want to take on that liability.
I work for a healthcare company and when we launched we made a huge deal about only using Linux on our backend and only giving Macs to employees. It’s been almost 10 years and we’ve hired a small army of morons since then and they fired our CTO. These idiots have demanded windows so they can “do analytics” despite all our analytics being in looker and dbt and a bunch of fucking business bros in the csuite and vp level who demanded windows laptops because they just like it. They eventually canned our head of IT ans well and replaced him with a dumbass and that guy is currently trying to take MacBooks away from engineering. Then the head of “cloud engineering” just started outsourcing half our shit to consultants who keep building one off snowflake windows machines because nobody gives a shit anymore. So what used to be a clean ecosystem is now a giant botched pile of lowest effort garbage.
Stay away from this entire industry. There’s some brain rot where they only hire people with healthcare backgrounds even if the role has nothing to do with healthcare. What that turns into is people from ancient out of date orgs who have no idea what they are doing being hired over people from legitimate tech roles or any other background that is more advanced in other fields and the company will always slowly roll backwards into stupidity.
I sell encryption. Send me the lead dog ;p
privacy is scary stuff if you think. it’s like, i care so i dont share my phone number with facebook, but someone out there may have my number/address/name on their contact list and chances are big that they have no problem sharing with zuck. so i’ll still end up on zuck’s database.
I just activated my checking account with PayPal and one of the questions from the verification battery was asking me which email I recognized. They were different domains of my mother’s ISP email that she uses only with Amazon.
I had the urge to answer incorrectly as if that would remove their association.
My dad did that. The man has a slight obsession with collecting information about our entire extended family, as far back as he can go in time. He’s been known to get in touch with small municipalities to ask for their records about someone 8 generations back. He’s collated quite a bit of data over the years.
And then one day he went and loaded all of that into a shitty mobile family tree app. Phone numbers, current addresses, email addresses, photos, a shit ton of personal information of a shit ton of people, uploaded to some random developer’s unknown database without their consent. He didn’t even pause to think about it for one second. I told him what he did, he wasn’t even bothered.
There are tons of people like my dad who don’t have a single cell in their entire bodies that gives a flying fuck about data privacy, unfortunately, and they give out everyone’s data along with their own.
Demand it from who? With what power or leverage?
Not to be defeatist, but I’m just a guy. Nobody’s gonna listen to my demands. I’m surprised privacy notifications say anything other than “You don’t have any” with two buttons that both say “OK”. All I can do is selfhost as much as possible and decline to use tons of applications or services that underpin modern societal functions or social activities. So I do. But it sucks ass and I don’t have any power to change any of it.
Where I am, unlike climate change, the privacy issue is not discussed properly so just explaining it to people that trust you can boost any future systemic action.
Legislature. GDPR was a good step.
Yes well my government is about to be run by a bunch of techno-nazi’s so that’s a non starter.
No, but the point they’re trying to make is, I think, that the more you complain, the more other people complain and the more other people start complaining and unless we have enough complainers and people switching, nothing is gonna change.
Our power is imperceptible but not non-existent
i use linux and don’t have family or friends or get any kind of medical care ☺️ checkmate
Using Linux in America be like
The failures of the United States healthcare system are compatible with the Unix philosophy due to its emphasis on doing one thing poorly and leaving the rest for the user to figure out. Like Unix tools, each component—insurance, billing, and treatment—functions independently, refusing to communicate effectively while relying on the user to “pipe” themselves between endless calls, paperwork, and escalating bills. Debugging your health, much like debugging code, requires advanced knowledge, infinite patience, and a willingness to accept that nothing will ever be fully resolved.
So that’s why they named it Wine.
This very succinctly explains why I, with AuDHD, find it practically impossible to get anything done as I slowly rot from untreated chronic illnesses.
Audhd?
Autism + ADHD
Most sociable Linux user.
human relationships are antithetical to the unix philosophy
And most servers do too.
God save ASP and .NET applications
What drives me nuts about this subject is rarely spoken about.
No single company can properly compensate all of their users for the damages caused by mishandling their personal data.
In fact the damages may even be too great for the government to properly compensate said users.
My government forces a fingerprint on our id cards. I already lost. I can’t use my fingerprint anywhere for authentication because it’s not mine anymore.
I think people who say “I don’t care, I use Linux” are really saying “You should use Linux to stop this.”
I hate to be that guy, but they may not be aware of alternatives.
Im sure the receptionist in the doctors surgery cant wait to have that conversation.
Yes. And whereas if you say “You should use linux” might get you downvoted and angry responsens, just saying “I use linux” does not.
But with enough repetition the people who care enough might eventually give Linux a try on their own time.Yeah but that misses the point.
Others SHOULD use Linux. We’ve been saying that for decades now and slooooowly people are learning. Stop down voting people for saying what everyone should be listening yo
“does your medical clinic do”
Bring back grammar nazis
This is common in British English.
For example, the question “Are you going into town?” might be answered by an American with, “I might,” and by a Brit with “I might do”. In past tense it would be “I might have” vs. “I might have done”.
This is all perfectly systematic and grammatical - this person just has a different grammar than you do. Though I guess that’s what Nazis do best: enforcing arbitrary standards in systems they don’t understand to destroy diversity to everyone’s detriment.
Could you give some more examples of this? Because I don’t think I agree that it’s even technically correct, though I don’t have a proper argument as for why. I feel like this is more likely a non-native speaker picking up on a structure like “does your X do Y?” and repurposing it incorrectly.
Wow that’s standard? It was the most awkward thing I’ve read all day. I feel bad for you guys out there…
Do you mean us guys where the language originated?
The uk didn’t invent English. The German ancestors did hence the term grammar Nazi.
They might not be native English speakers.
Not a native speaker here, what would be correct?
“Does your medical clinic use Linux?” or just “Does your medical clinic?”
“Do you do” is redundant. Of course you do do if you do. You just do.
How do you?
Howdy
That was not the question though.
This is common and considered correct in British English.
Assuming you’re asking about American English. Here is the revised scenario.
“I use Linux”
“Does your medical clinic?”
In this example the response is in a new sentence. So one should also include the subject in the new sentence.
“Does your medical clinic also use Linux?”
Clearly this post was written by Tim Robinson.
Best I can do is actual Nazis.
I think there’s some confusion at play here. That argument is about security, not privacy.
Is the concern that Microsoft is ingesting your data and thus your actions aren’t private? Or is it that Windows is not secure and so you don’t think data stored in Windows systems is safe from third party access? That distinction matters, because in both cases the way it’s framed here isn’t really accurate but for different reasons.
And both arguments are valid. However, when discussing privacy with somebody “who has nothing to hide”, the security concerns argument usually holds more ground.
“Fine, you don’t mind microsoft and their 961 partners to know about your computer usage patterns. But how about the criminals which will have your data as well? You may trust microsoft with your data - “because they have it already” - but do you trust each of these 961 partners? Do you trust all their privacy policies? I have read some. They are horrendus and allow sharing with third parties. Do you trust their privacy and security?”
Well, for one, I have no information regarding MS keeping mandatory telemetry of Windows application usage or data (at least outside their own software suite). As far as I know what is there is opt-in and does not extend to keeping any copies of your computer data, which is the point where you’d be worried about something like your medical records. One of the reasons the Recall nonsense drew so much attention is that it was an unusual instance of something approximating that.
But the other side of your argument is a bit confusing, because it seems to be coming from the angle of… proselytism, I suppose? As in, what is more useful to convince somebody who doesn’t care about the privacy side that they should avoid Windows.
And to be clear, that’s not my goal, or at least not a goal I think is worthwhile in absolute or abstract terms, for its own sake. I’m not an OS activist, use whatever the hell you want and works for you. The closest I have is a distaste for Apple’s pricing and ecosystem-focused tactics but, man, that 600 bucks M4 Mac Mini is nice value, I’ll think about it.
On the merits of the argument, I’m not sure it tracks, either. If someone attacks a legitimate holder of your data the part I care about is how secure their data storage is (because, again, nobody is sharing your medical records over Microsoft telemetry gathering, that’s not a real thing).
I trust a third party’s security setup as far as I can throw it, I don’t care if it’s on Azure, Google, Amazon or a self-hosted Linux server. Hell, I may trust the self-hosted Linux server of a provider least of all of those. Not because of Linux, but because of the self-hosting.
No, you need to demand that government organizations use Linux or other open source systems as well, there is no other way.
You can require Microsoft to comply with rules, it won’t. It doesn’t care, it wants money, and more money, and that is it. It’s been like that since it’s inception. The same goes for all other tech companies
You know what brand doesn’t careuch about money and will respect your privacy?
Open source software. Linux. Firefox (eh, mostly) with plugins, mariadb, etc…
If you believe the duly elected people have less power than a corporation, well, that’s also a “we” problem
We can’t even get the government to stop using Twitter.
I once took a government contract for rebuilding a critical piece of software to provide civic services to the under-employed.
I finished it in about a month. Was paid. And I was on a retainer for three years to provide updates.
It actually took FOUR years before it was launched live to the general public.
Best of luck convincing the underpaid govt IT to move OSes.
You speak the truth.
Maybe we should tell people to use Linux
As a home user the OS thing is preference, some prefer Windows, some Mac, some Linux, etc.
Your post however raises a good point, and it certainly makes me form an opinion in a greater context. Thanks for making me think about this, genuinely - it’s good to have opinions challenged.
Thanks for making me think about this, genuinely - it’s good to have opinions challenged.
Not me. I plan to continue being a sweaty holier-than-thou neck beard and mock people using Windows. Brb gotta write to my dentist about how good Linux is now and recommending Arch to my general doctor who still uses a computer from 2010.
I made a similar point in one of My blog articles
I like your writing style. Nailed it.
This is unrelated to the article you’re sharing now, but I read that (I agree thoroughly that the GDPR needs to be a start, but that it’s inconsistently followed/enforced) and then I saw and read your article about apathetic cis people who might be agender. That’s a neat perspective that I hadn’t considered before — I’m cis and very much not apathetic about my gender (and I sometimes experience dysphoria if I am not treated as my gender). However, I have a bunch of other friends who have described their attachment to their gender as being far more “meh”, and I am looking forward to getting a chance to discuss your article with them.
It strikes me that most of my friends are some flavour of LGBTQIA+, but I don’t know anyone who is agender. However, 10 years ago, many of my friends who now are non-binary didn’t know a term for their experience of gender, so identified as the closest they could find (such as lesbian). I wonder how many people I know who might find that “agender” feels like a fitting identity, if it were more prevalent in discourse etc.
That’s why I demand (nag constantly) that everyone around me run Linux 🤣
Jk we’re all doomed to live in an Orwellian dystopia
(me screaming at the gas station attendant from behind the bulletproof glass)
BRO CHANGE YOUR OS!