83 comments

[ 5.0 ms ] story [ 171 ms ] thread
the big companies need to go away don't they?
To a country where they can continue doing the same thing?
Because the Microsoft date sync it’s web browser you want to wipe out trillions in value to the US economy, projects that could never be done outside of a large company filled with the best aligned talent (custom chips, google search), and hand it over to the next willing coordinated massive player with entirely different values and regulatory laws (China)?

I think this is a very silly idea that would be super destructive and net negative for the world.

I think it is a very silly idea to think that breaking up big companies would wipe out trillions in value to the US economy.

The whole reason there are anti-competition laws is because many smaller companies are better for an economy than one large company.

Those anti-competition laws are only applicable when a company is using market dominance to exclude new entrants, distorting the free market. Not true in this case. Lots of small companies are not inherently economically better than big firms. It totally depends on the maturity of the market in question. Large firms gain economies of scale, and can pursue opportunities with large upfront capital requirements.
The point wasn't about the competition. The point is that many small companies are better for an economy than a single large company.

Let me give you one small example: MediumCo and SmallCo each need 50 stenographers to get the office work done. When the two merge into MegaConHugeCo, it only needs 60 stenographers to get the office work done. "Economies of scale" are great for the giant new company, but throw 40 people into unemployment. That is bad for an economy.

Multiply that by all of the functions of a company, and you understand why the federal government and politicians put so much attention and resources into helping small and medium businesses.

If true, I don't understand how this is surprising. Google has been using all possible tactics to convince users to give them ("sync") all their data, including bookmarks and passwords. So from the point of view of Nadella, why should MS be any different?
It's possible to be OK sharing information with one company but but not another? Especially when MS has a large history of security f'ups.
Chrome lets you locally encrypt sync'd data with a password.
Google has been far more trustworthy. Is there any evidence they do anything with your data except match it to ads via algorithm?

I've had Hotmail accounts hacked back in the day, never happened with Gmail. MS is insidious in trying to keep squeezing more from you and automatically adding your account to everything. Google just gives me useful stuff, and even takes away all ads on the products I've paid for. With MS there's still ads in paid products.

One more reason not to log in using your Microsoft account at all.
Sucks that Windows forcibly pairs your local account and Microsoft account every once in a while with no opt-out.
This nearly bricked one of my laptops because it changed the local password login to use the microsoft account.
There is a solution to this even if you're on Windows, isn't there?

Never create a Microsoft account. At all.

At least until they stop allowing that for products you're already using, which will probably be tomorrow, if it hasn't already happened.

> At least until they stop allowing that for products you're already using, which will probably be tomorrow, if it hasn't already happened.

I've been forced to enter a Microsoft account to log in to my computer after an update. No thought toward the possibility that I may need to use the computer I'm in front of to reset the password to that account. No Microsoft account, no getting past that screen.

I had to boot into Linux to reset my microsoft account so I could log into windows. I don't even.

Microsoft makes this extremely difficult, even for an offline account.

If you log into any Microsoft product (Office, Teams, Skype OneDrive, etc), Windows forces you to log into everything else.

This is especially infuriating with Office, as they make it extremely difficult to get a standalone product, they very aggressively push Office 364, so you are forced to log into Office to even use it.

The only common thing in all of those is Microsoft.

I think the solution to the problem is obvious.

There's another common thing in all of those: Computers.

For many people, "Just stop using Microsoft" is about as useful as "Just stop using computers"

> For many people, "Just stop using Microsoft" is about as useful as "Just stop using computers"

For many people, it isn't. All of those people should "just stop using Microsoft."

That not only helps them, it's an act of solidarity with the people who are still stuck. Because then alternatives have more market share and vendors have to support platforms that aren't Microsoft, which helps the stuck people extricate themselves tomorrow.

Do it if you can. Even if it's a little bit of work.

I've used Open Office, Go Office, and LibreOffice exclusively since 2005. It used to be a real hassle, but today it is far less so.

MS Office's Excel is better than LibreOffice Calc, and Powerpoint is far, far better than LibreOffice Present. But LibreOffice Writer is much easier to use than MS Office Word. That's not just my opinion - everyone who tries it and does not need some esoteric Word-only functionality agrees. Except for one thing: collaboration. MS Word is, from what I'm told, still better for collaboration.

> For many people, "Just stop using Microsoft" is about as useful as "Just stop using computers"

Absolutely true, but the SaaS/cloud tendency is to turn all computers into terminals (Chromebook/box anyone?), so that one day they'll be a lot cheaper, but sadly all software will have to come off a server on which the user logged in, and all user data will be stored on that or another server as well. Microsoft aims at this, as do Google and others, so for many people sticking with Microsoft and other SaaS pushing companies might really mean one day to stop using real computers anyway.

go on welfare because the people telling you what applications to use as part of your day to day work want Microsoft!
>If you log into any Microsoft product (Office, Teams, Skype OneDrive, etc), Windows forces you to log into everything else.

No? Unless something changed, I specifically remember it asking me whether I wanted to sign into the OS, or that app only.

As of Windows 10 (haven't tried on 11) it asks if you want to log in with a single app, or the whole user account. I think that's great. Contrast that with Apple, that forces you to login to iCloud (and link your computer's serial with your iCloud account) whenever you log in to the App Store, and requires an Apple ID to download free apps from the App Store, AND enables all iCloud sync options on by default whenever you are logged into iCloud (i.e. you login to the app store, now by default your Stocks, Siri info, Contacts, a bunch of app preferences through iCloud Drive, now get synced without any consent).
Hmm...I'll have to look into this, thanks! I did not see an option for that that was obvious to me.
Can confirm it's the same on 11 as well, "No, sign in to this app only" is the trick https://i.imgur.com/hm8tR9k.png. If you're using a personal account for the sign in I don't think the checkbox towards the top is there but otherwise the window is the same.

As is right now I have a local unlinked windows account, a work account signed into Office, and a personal account signed into the store.

> Office 364

I think you're using an old version ;)

No, he just had downtime on a day other than February 29th!
(comment deleted)
From the article:

Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

(Not that “user error” is a good justification. Any system where making a simple mistake means that you’ve forever lost your privacy isn’t a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click “okay” once.)

EDITED TO ADD: It’s actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled.

-

But Microsoft at their build conference said they are a woke corporation:

https://twitter.com/balajis/status/1456344147103653889

Or maybe the performative art of being a woke altruistic corporation is the subterfuge for being evil.

All companies play politics to gain customer's hearts and minds ($$$). All FAANGs play this game masterfully.
Google’s slogan was once: “Do no evil”
No, it was "don' be evil." You can do a lot of evil and still not be evil if you adopt a utilitarian position and claim that the good you've done outweighs it.
Is it at least end to end encrypted?
Why does the presenters describe their appearance and clothes? Is that supposed to be some sort of accessibility thing (for blind people)? If so, how does it help blind people to know that someones top is sleeveless and that they have dark hair?
>Is that supposed to be some sort of accessibility thing

Probably. I remember being on some microsoft site a few months ago, and noticed all the photos had alt-text describing their contents.

For photos I can understand it (if they contain meaningful content), but to me this seems like a text-to-speech tool saying "a black button with white text, slightly rounded borders that sits close to the preceding text and slightly down from the menu above" instead of stating the buttons text or aria-label.
Happened to me about a week ago. When I opened the browser, a notification popped up telling me "Your bookmarks are now being synced". There was an option to turn this off, which I did, but I have to assume that the bookmarks were already sent off to Microsoft.

There's nothing remarkable in my bookmarks. I've never really found it to be a useful tool beyond a way of marking things I want to check out again soon. I don't use it for day to day links. I do recall going through this with Chrome and Firefox in the past when they pushed syncing as a huge wonderful benefit for me and I had no interest at all. I'm sure some people have bookmarks as part of their personal workflow and are grateful to have this syncing ability for multiple devices. That's great for them but all vendors need a very strick opt-in policy, not a "we're so sure you're going to love this that we turned it on for you" scheme.

Firefox doesn't sync by default. And they don't appear to be promoting me to do it on new installs.
Doesn't Firefox sync send off the data encrypted with your password (unknown to them) anyway? This is my understanding. I don't think Firefox can make use of the bookmarks synced to them at all.
I believe that's how Weave worked. The newer Firefox Sync included (still includes?) sharing capabilities that call that into question.
> I believe that's how Weave worked. The newer Firefox Sync included (still includes?) sharing capabilities that call that into question.

A quick search online makes it seem like Mozilla still has no ability to read what you sync. E.g. from https://en.wikipedia.org/wiki/Firefox_Sync you see:

> It keeps user data on Mozilla servers, but according to Mozilla the data is encrypted in such a way that no third party, not even Mozilla, can access user information. It is also possible for the user to host their own Firefox Sync servers, or indeed, for any entity to do so.

I can't find independent verifications, but I would trust Mozilla about this at this point. But I'm not sure what sharing capabilities you refer to so I can't really speak to that.

https://docs.microsoft.com/en-us/microsoft-edge/privacy-whit...

> All synced data is encrypted in transit over HTTPS when transferred between the browser and Microsoft servers. The synced data is also stored in an encrypted state in Microsoft servers. Sensitive data types such as addresses and passwords are further encrypted on the device before being synced.

That's pretty flowery language for "basically all your data is readable by us". It's pretty ridiculous they would do this without an explicit opt-in.

But everything is encrypted on your device itself, so I could imagine they could grab those bookmarks if they don't encrypt.

Google and Firedox do it for their passwords, I'm not sure about bookmarks.

Yeah as far as I know Firefox sync encrypts everything with your own private key on your device. So Mozilla wouldn't have any access to your bookmarks or other stuff that you sync. I don't know anything about how Chrome's syncing works.
What the above says is: Your data is encrypted on your device before being sent to MS. MS knows the key

Once received, MS decrypts your data, does whatever serverside things it wants to on your data (OCR, NSA, search indexing), and then re-encrypts it with a key only they know. Protects your data from unauthorized rogues within Microsoft and random attackers, but not from Microsoft betraying your trust.

If you ask for your data, they decrypt it with their storage keys, re-encrypt it with their transfer keys (which you can decrypt) to guard against middlemen.

You receive the data, you decrypt it.

The model is secure, in that it's resilient against attackers, but requires you to trust the provider to be trustworthy and uncompromised.

That model is much better than some indie apps, which do encrypt your data between your machine and their server and the reverse, but store your data at rest on their server in a plain, unencrypted format. This means attackers and rogue employees have an easier time getting to your data.

True end-to-end or zero knowledge encryption encrypts the data on your device, and the provider's server only ever sees encrypted nonsense, they don't have the keys to undo the decryption even if they wanted to (thus the name zero knowledge). Your data is only decrypted on your device locally.

Edge stores passwords and some other data end to end encrypted, as far as I know, but only some data types. You can't make everything zero knowledge if you tried to. As far as I know, Chrome doesn't do zero knowledge by default, but can be set up to do it.

Firefox, Brave and Vivaldi all run their own sync services and all are (as far as I know) zero knowledge setups.

Seems a bit late to make hoopla about a much more minor infraction.

With Onedrive I'm facing the nightmare that you are not allowed to configure it until syncing is in progress. If you pause syncing immediately on install, you're not allowed to change settings to prevent said syncing from happening.

I have a mix of personal and business data on there. This has been the case for a few years now but recently got worse. Basically, I don't want my hard drive contaminated with this data when going through customs, that's why I am traveling with a FRESHLY FORMATTED AND REINSTALLED laptop. And what does MS do? Coerce me into all this data's metadata touching down on a drive I have no intention of ever letting touch it. Makes my blood boil. It's a well documented fact these idiots in customs will infringe your privacy for shits and giggles and harass you about stuff that has nothing to do with any valid legal concern. Thanks Microsoft.

> Be HN commenter

> Try to avoid own data being on machine

> Log into Microsoft cloud account

> ???

I mean, Windows shouldn't be this user-hostile in the first place. Most of it is literally not designed for "HN commenters".
This isn't really a product issue. Separate your data properly, uninstall or disable the OneDrive client and use the web version if you need something, use a different product.... Not everything has to bend to your "unique" needs.

And it's hard to take your complaint or needs seriously when it starts out with mixing personal and business data.

But here's the thing, they literally provide checkboxes for individual directories you want to sync. They've literally designed it to my needs (actually I was trying to simplify, the reality is I don't mix business but personal grades of porn to varying grades of legality, so do you seriously expect me to have multiple personal Office256 accounts for categories of porn????)

It's just their default settings went from years of causing data corruption as soon as you try to change the default of everything checked to this new cluster of ghost syncing.

I believe they scrape all links pasted in Skype conversations too
Everybody scrape all links. Mostly for the preview function. Just s3nd a unique url with some messengers or mail and look at the serverlogs.

Thats also a reason to use even a simple login.

Yep. My email client has message tracking built in and I forgot to disable it after a re-install once. A lot of messages are "read" immediately. I've always been curious how promotional mailers handle that.
if they do scrape all the links in skype conversations, i have an idea that would keep them very busy, such as a bot that has extensive skype discussions about links
You would be neither the first nor the last with an idea how to DOS Microsoft. Being the receiving end of ideas like that is bread and butter for any of the tech megacorps.
i woudnt exactly say its a DOS, it would be an ^ample^ collection of URLs provided to any skype user that requested it. If somescript scrapes every instance of that list everytime it shows up in a conversation, there had better be a limit to the bandwidth expended
and all filenames in the OS.
Anyone know if this sort of thing happens with enterprise users of Microsoft? Exfiltrating user data would create a shitstorm at one of my previous employers.
I wonder what Microsoft would think of all their employee bookmarks being uploaded?
If Microsoft said it didn't happen, why would anyone believe them?
Considering fraud is a crime, yes.
Nobody would go to prison over this. At most it'd be a fine and if the value gained is bigger than the fine they estimate they'll have to pay, they sure as hell would take that chance. Happens all the time. Even more so, since it's literally something (most) MBAs are being taught.
More firm than ever in my decision to store bookmarks in a simple, grep-able text file.
I like Firefox's bookmarks. You can add tags to each bookmark, which can make sorting and finding them much easier.

I also use a default bookmark folder, so all new bookmarks just go into that one folder, with the most recent at the top of the folder. That means I'm relying more on the position, tags, and naming to find a bookmark, rather than a position in a hierarchy.

I keep meaning to research how to extract/sync from the SQLite database that Firefox uses for bookmarks. I feel like there's a lot of unexplored personal value to one's bookmarks and history.

Firefox bookmarks tagging is a killer feature for me. I even bookmark some local files through it. Too bad it doesn't work on mobile.
What I'd like to be able to do is unify the tags between Firefox and my Emacs org-roam/org-mode data. I think it could be useful to be able to see a view of which bookmarks have the same tags as the document I'm viewing, and vice-versa. Plus a timeline of tags/bookmarks/documents/pages could further bring to light some relationships between information. For instance, "around the time I was writing lots of stuff about AWS IAM roles, I bookmarked these pages, read these sites, browsed these tags".

It's only a half-formed idea and unfortunately it'd require both lots of Emacs elisp work and an extension in Firefox.

I wanted to do the same, and in the end gave up in favour of a simpler approach: I drop the bookmarks in my notes, I can tag as I please, less moving parts and it's easier to search. But I would still like to see someone figuring this out!
You can export your FF bookmarks to an html file and you can backup your FF bookmarks to a json file.
I didn't know this before, but wow, now I really like Firefox's bookmarks. I feel like there's a lot of unexplored personal value to one's bookmarks and history. Thank you for your comment.

I've been using Firefox for years, but I've never paid attention too this before. I just tested this and yeah . . . I am going to be using this a lot.

This comment was generated by GPT-3 because somehow signing up for the sandbox and telling it to rewrite my comment was more fulfilling than just typing a comment. I tried to get it to give you a generic thanks with specifics of how I would use this . . . but GPT-3 kinda sucks for this. Oh, well.

I switched to xBrowserSync a while back and its been a game changer. Your bookmarks are encrypted on the client before uploading and you can self-host your own server if you want. My bookmarks now live independently from my browser. Between that and BitWarden for passwords, I am no longer tied to any browser on any device. Its so easy to browser hop now. Also...turns out keeping scores of folders, inside folders, inside more folders is a terrible way to organize bookmarks; Tags w/ search is the way to go!
Of course they don't steal anything from you.

They just preserve your precious little soul. To your best interest. Which may coincidentially be in their best interest. A friendly customer service, because you happen to honour them using their products. And, if you're lucky, even in the best interest of people that do protect you against evil forces out there in the dark. From time to time they may look into your precious little soul lying down on the ocean ground in an underwater Microsoft data center, to see if all is well with you.

Think about it, sometimes you yourself don't know you're part of those forces, but Microsoft and those other people might know. And they can help you.

They are like shepherds to their flock.

Some may call it customer profiling, customer-retention or even vendor lock-in, mass surveillance and other ugly terms, but I tell you it is love.

Yes, pure caring and love. You may not understand that at first. Like Apple had to learn bitterly recently. But I tell you, in the end, with their help, there will be just shiny happy people around you.

Amen.

Developers! Developers! Developers!
You have won the victory over yourself.
Well, Winston, the party would love to know how many out there don't realize that it's satire. That's fine for the party, because the others don't realize it's not.
One of the comments on that link has offered this URL where Force Sync is mentioned.

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-p...

To me it's absolutely mind boggling the amount of text in that link.

There are nearly 100.000 words, which is the same as:

A 100,000 word count will create about 200 pages single-spaced or 400 pages double-spaced when using normal margins (1″) and 12 pt. Arial or Times New Roman font.

Reference https://capitalizemytitle.com/page-count/100000-words/

That page is so awful it crashed on my machine.
I’m lamenting Google’s decision to stop supporting Google Bookmarks. It was my personal search archive, simple and in the cloud.
My Windows system is used only for gaming and I have a strict rule that it cannot log into anything but gaming related content like Steam etc. No actual accounts or credentials ever go into that system.
Hint hint hint: this is not about bookmarks, it's about privacy and respecting user's choice.

It happened to me too. And then they used this data to show me creepy ads.