The Sins of Microsoft

Microsoft is a company that likes to send telemetry data from Windows users and is now also using user data to train its own AI. Microsoft does not take massive security vulnerabilities seriously, concealing and delaying them. This is the finding of investigators from the USA and also the BSI (German federal security agency).

Introduction

Microsoft is unfortunately almost impossible to ignore in everyday life anymore. Microsoft itself knows this and exploits the naivety of many people to generate gold of the modern age: data.

Microsoft's hunger for data goes so far that the new Outlook can only be used if the stupid user understands that Microsoft reads all emails and uses them to train its Microsoft AI. Microsoft also uses usernames and passwords of the stupid user for this purpose.

Many companies and people are purpose optimists: What is supposed to be useful or allegedly has to be useful, must inevitably be good. It cannot be bad. Thus, every problem can be downplayed or even dismissed.

There are alternatives to numerous Microsoft applications, which are listed at the end of the article. For everything else, only praying or perhaps filing a lawsuit helps. By the way, employees can take legal action against their employer if the latter does not offer a way to perform their work without Microsoft spying on employee behavior.

By the way, some Microsoft products are really bad. This realization was for example developed in a test of Copilot.

Microsoft Azure Cloud is insecure

Message from June 07, 2024: Critical Azure vulnerability: Patch status currently unclear. Symptom: Hacker executing malicious code on Azure customer endpoints. This was and is by no means the only significant security incident with a global impact.

Further incidents of this kind are listed below, even another incident related to Azure. Notably, companies and authorities can operate their AI much more cost-effectively and securely than on the Azure Cloud. The solution is called Offline-AI and offers even the possibility for significantly better results for your use case.

Incidentally, "Recall" should be mentioned as a keyword. That's what Microsoft calls a "feature" with which users of Copilot+ and Windows 11 can be completely spied on. After initially being always active, Microsoft then made this "feature" opt-in due to public pressure.

BSI sues Microsoft

The Federal Office for Information Security (BSI (German federal security agency)) has sued Microsoft. The BSI (German federal security agency) wants to force Microsoft to release information about the "Security Disaster" that occurred in May 2024.

The BSI (German federal security agency) is not known for disclosing companies. Therefore, this case is noteworthy. Some of the security issues affecting Microsoft are listed in the linked article and below.

Microsoft Exchange is a danger to national security

This former director of cybersecurity from the US says that. We recall: Microsoft is an American company.

Microsoft not only logs too many data points that are only logged for a fee (see following section). No, Microsoft also fails to log important data and demands payment to do so. This means security attacks cannot be reliably traced because the logs for hacker activities are missing.

For Microsoft, every spying on user data for their own purposes is a reason and everything else isn't. See Data retention.

Unfair market practices

It only ever affects others. Nonsense. A monopoly is no good for anyone except the monopolist.

Microsoft was sued by 700 Spanish startups for unfair market practices. It's about Microsoft products Windows, Office and SQL Server among other things. And it's about both technical and legal measures that Microsoft allegedly took against the interests of the market. The lawsuit is ongoing. Even Amazon was involved in a previous lawsuit against Microsoft Cloud Infrastructure. Amazon is not necessarily the most sympathetic company in the world and also not known for considering the rights of employees or suppliers as best possible.

Current (Source from June 28, 2024) is reviewing the EU, whether Microsoft is abusing its market position in cooperation with OpenAI.

Advertising platform Xandir leaks your data to third parties

Microsoft's Werbe-Broker Xandr distributes your data widely to advertising partners, when you visit websites that embed ads through Xandr. This is what the privacy organization noyb says, and it reported on this on July 9, 2024. noyb has filed a complaint against Xandr and its market practices.

Windows telemetry data

Microsoft unnecessarily sends an endless amount of usage data for Windows. This means the behavior of Windows users is partially illuminated by Microsoft. There is no opt-out option.

Microsoft documents here some of the numerous endpoints , also here. The information appears comprehensive and opaque.

That Windows also works as expected without delivering telemetry data to Microsoft, as shown by the test with hard-blocked telemetry data. However, this hard block must be regularly reconfigured because everything can look different again after the next Windows update. It is best to use Ubuntu with WINE to be able to use Microsoft applications without Windows. A virtual machine under Ubuntu, in which Windows runs, is also a good option for data control.

Apparently, the telemetry brake is only available for Windows Enterprise, so the more expensive version of the operating system. Remarkably, Windows still works without telemetry data collection. Who would have thought? Cars that don't spy on users or the environment (like Tesla) certainly don't send telemetry data anywhere else, and if they do in more modern cars, then only at the user's request or if it's necessary.

In passing, it should be noted that Windows has significant security holes. Microsoft does not do this intentionally, but it doesn't make things better either. In one case, a security hole has existed since at least 2020. It is still active in April 2024, as Microsoft quoted, and allows Russian hackers access to Windows computers.

Microsoft Azure Security Vulnerability

In the article Microsoft employees revealed internal passwords at security gap, it is described how insecure the Azure Cloud is. The article is from April 9, 2024.

An unprotected Microsoft server storing highly sensitive data was exposed to the internet without any access controls.

Even in 2023, there were already massive security problems with Microsoft Azure. Microsoft did not try to get a grip on these particularly well. The strategy was rather to calm customers down and downplay and deny the problems. This was reported on April 3, 2024 in a German article.

At that time, the BSI (German federal security agency) had still remained silent and thus apparently not taken the problems seriously.

See also The Sins of Meta for further evidence as to why one should not trust Microsoft, Meta or Google. Especially because Microsoft collaborates closely with the aforementioned other data sinners.

Microsoft exchanges user data with Meta

Meta has granted Microsoft access to sensitive data from Facebook users. Microsoft was thus able to see virtually all friend lists of Facebook users who communicated with the Facebook platform via Microsoft platforms.

All of this happened without the knowledge and consent of the users.

More on this partnership agreement between Meta and Microsoft.

ChatGPT with Microsoft as a shareholder

Microsoft and OpenAI are jointly responsible for ChatGPT. Microsoft must have a particular fondness for ChatGPT. This is because OpenAI has repeatedly been caught using data for the AI training of ChatGPT that came from partly unverified sources.

Similarly, OpenAI only offered a removal option for the storage of user data entered through prompts under pressure. However, this opt-out is also questionable. Instead, users should be asked for consent. The normal case that no user data is collected is replaced by the opposite. With Microsoft on board, things will not improve.

Microsoft Teams

Microsoft Teams does not use full end-to-end encryption. This is documented by Microsoft () (also in English). The problem became known because a well-known German software manufacturer convened an MS Teams meeting and guaranteed the full confidentiality of the data. As can be seen, this guarantee was incorrect. The guarantor has therefore made a legally relevant false statement, as they had wrongly relied on Microsoft.

Solutions from German software providers are often better because they are frequently installation-free. In case of a question, a problem, or even a detected security vulnerability, these providers are reachable and take action! This is unlike Microsoft.

Regular target of hackers

Security incidents can be reported for almost any time period. See above as well as briefly in addition to the report: Russia's hackers plunder email accounts of Microsoft customers (Source from 30.06.2024). Further reports will follow (certainly).

Conclusion

Microsoft apparently shines with security problems and through mass surveillance of users. Microsoft itself would probably call it differently and often not talk about it at all (security). Perhaps Microsoft also calls it "creating value" instead of surveillance.

For Microsoft, the same applies as for Google or Meta: it's best to avoid using products from these purely profit-driven companies that circumvent every law and regulation until they receive fines. Unfortunately, Microsoft & Co. often make more money with their lawbreaking than they have to spend on the fines.

Some alternatives for Microsoft products:

• Microsoft Teams/Video: ecosero and other German providers, completely without installation and without tenant problems. Teams has some functional weaknesses, though.
• ChatGPT: Mistral and Claude as European providers, for authorities Aleph Alpha as German provider, for German companies also local AI solutions with extremely powerful open-source AI models (Example: Knowledge Assistant).
• Microsoft OneDrive: Does anyone need this? There are plenty of cloud storage options from Germany and Europe: Open Telecom Cloud (OTC), Bunny CDN, …
• For those who want to continue using Microsoft Office products, it is recommended to use Office 2016 and avoid cloud products. Office 2016 is functionally up-to-date and only needs to be purchased once. The price for it is now ridiculously low.
• Microsoft Azure: Open Telecom Cloud or, depending on the use case, simply without Azure. Or even better: own Offline-AI, which can solve all major problems.
• Microsoft Windows: Unfortunately Apple is not better either. Only Linux remains. Linux is not competitive at its core. What does work, however, is Linux together with WineHQ. With Wine normal Windows applications can be installed in Linux and used as if it were Windows.

Regarding Windows, one more word: Artificial intelligence is the top topic and will remain so until the end of our days. AI systems run very poorly or not at all under Windows. The AI operating system is Linux, or for example Ubuntu as a popular Linux version. Anyone who wants to do more with AI has to switch to Ubuntu. Windows is really bad here, let alone privacy and other aspects. Windows and also WSL (Windows Subsystem for Linux, i.e. Linux under Windows) quickly reach their limits.

AI has therefore reduced the significance of Microsoft Windows and has already made an important contribution!