-snip-
I'll address this all at once too...
First off, I never claimed that Microsoft would use that data maliciously. I never even claimed that any person would look at it. I was simply answering* your question of what could be potentially done with your data, and I'm simply pointing out the fact that your files are accessible to one or more people inside of Microsoft, and that that's why I'm not upgrading. Again, it's the equivalent of installing security cameras from the local police in every corner of your house. No matter how small the chance of someone seeing you showering is, you still don't want it happening, and you'll refuse to install them.
Second, if there's a data breach, Microsoft is not legally responsible. A quote from their
EULA12. DISCLAIMER OF WARRANTY. The software is licensed "as-is." You bear the risk of using it. Microsoft gives no express warranties, guarantees or conditions.
13. Limitation on and Exclusion of Remedies and Damages. You can recover from Microsoft and its suppliers only direct damages up to U.S. $5.00. You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages.
This means that Microsoft gives no legally-binding guarantee over the safety of your data, your computer, or anything, and in the event of a data breach, the most you could get in damages is $5, and that's a stretch. If your company trade secrets are leaked and you lose millions in profits because of Microsoft, they're not legally responsible.
They would definitely have incentive to clean up after themselves and possibly even release a comforting statement on the matter, but that's all. Unless the data breach was massive, it more than likely wouldn't have a catastrophic effect on the company as a whole. My source for knowing this is that there have been hundreds of data breaches in very large companies, and in very few cases did it have any large effect. Now, the stock price of a company shows in general how good that company is doing. If the stock price goes up, that means they're doing better. If it goes down, that means they're doing worse. This is in terms of profit, by the way.
CVS Pharmacy is the second largest pharmaceutical chain in the US, with an annual revenue of over 55 billion dollars. It had a data breach this July 18th
[1]:
"A pharmacy technician at the CVS Pharmacy on Saturn Boulevard in Imperial Beach California has admitted to stealing customer records and providing the information to her property manager who then used the information to gain credit and credit cards."
And their stock price has gone UP since then! UP!
[2]The breach only affected 100 people, but it still shows that they clearly don't take enough steps to ensure safety of information, and clearly people didn't give a single stuff that 100 people's credit cards got stolen.
Starbucks had a data breach this May where hackers would hack into the mobile app of customers and drain their bank accounts and credit cards.
[1]Their stock price went up too since then! IT WENT UP 8 DOLLARS! That's huge for a stock price!
AT&T had a SEVERE data breach this April
[1]:
"The FCC has fined AT&T $25 million dollars after an investigation revealed that three separate international call centers are at the center of a data breach of customer information.
Call centers in Mexico, the Phillipines and Columbia all had similar incidences "when employees accessed sensitive customer data without adequate authorization. Those employees took payment from third parties who were apparently interested in customer names and Social Security numbers so they could unlock stolen cell phones for sale on secondary markets.""
Guess what? Their stock price rose too.
[3] Two dollars this time, not much, but immediately after the data breach the price started going up and after 2 weeks the stock price shot up.
People clearly don't care about their personal data enough, otherwise there would be goddamn riots in the streets, because there are data breaches left and right.
Third, this is the statement word for word from the privacy policy.
We may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to:
(1) comply with applicable law or respond to valid legal process from competent authorities, including from law enforcement or other government agencies;
(2) protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
(3) operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
(4) protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
They use something called weasel words here, the words "faith" and "belief." They're completely subjective terms, and as I've described before, I could legally have a good faith belief that my highlighter is possessed by the flying spaghetti monster. It allows them to do it at any time they want (especially if there's a law directly allowing it like CISA or laws that currently allow data retrieval via court order), the 4 points in this case aren't even necessary from a legal standpoint.
Even if they had a legally binding guarantee that nobody would ever access it for any reason ever, even in cases where the law forces them to, I still wouldn't want to upgrade. Why? Because they still have the ability to, just like the local police force would have the ability to turn on the cameras in my house on at any time of the day whether or not there's a robbery in progress.
You say that Microsoft's data collection is only looked at by bots. Personally, I'd like a citation for this. I don't know how their data collection system is set up, and I don't think they've released any real information on the exact process of collection and use works. Now, I'm not upset about things like hardware info and performance info being sent, even if lists of software were included. That kind of stuff is mostly non-invasive and I frankly don't care if someone knows I have a heavily outdated video card. The part that I don't like is the fact that they have access to private files, as I've said before. Also, if they have a data collection tool, then it most definitely needs a person to operate it, and as a software programmer I can tell you with certainty that if the computer can access it, so can a person. It doesn't imply that they will, but it implies that they can, and that's where I draw the line. Again, it's about accessibility, not just accessing. Them having the ability to access my information is a direct implication that the OS is not private or secure. If you're alright with having an insecure os with all files accessible by MS, that's fine, however it's not for me.
Poll