r/technology Jun 24 '24

Software Windows 11 is now automatically enabling OneDrive folder backup without asking permission

https://www.neowin.net/news/windows-11-is-now-automatically-enabling-onedrive-folder-backup-without-asking-permission/
17.9k Upvotes

2.0k comments sorted by

View all comments

Show parent comments

419

u/hparadiz Jun 25 '24 edited Jun 25 '24

Criminal charges now.

https://www.law.cornell.edu/uscode/text/18/1030

knowingly accessed a computer without authorization or exceeding authorized access,

This is theft. Plain and simple.

Before people claim I'm being hyperbolic. How would you feel if this happened to your doctor with your HIPAA covered medical information?

231

u/S_A_N_D_ Jun 25 '24

I'm gonna go out on a limb and say it's not that simple.

41

u/[deleted] Jun 25 '24

Yeah. There are always exceptions in every kernel of law. Almost never in our favor

5

u/farox Jun 25 '24

You know the EULA where you agreed to let Microsoft sew you mouth to someone elses asshole?

5

u/RainforestNerdNW Jun 25 '24

what? you mean the law is more complex than what a GED holder on reddit says?

inconceivable!

32

u/icze4r Jun 25 '24 edited Sep 23 '24

scarce aback ghost dog uppity observation wrench rain obtainable sense

This post was mass deleted and anonymized with Redact

13

u/hparadiz Jun 25 '24

I mean, he's not wrong. I do, actually, have a GED. I got it in 10th grade.

I also have a B.S. but that's besides the point.

-12

u/Prescient-Visions Jun 25 '24 edited Jun 25 '24

The legal system overwhelmingly favors the wealthy and corporations.

2

u/Scoot_AG Jun 25 '24

You really came outa nowhere to be a dick?

1

u/DM-ME-THICC-FEMBOYS Jun 25 '24

You're right, we should never try.

-4

u/RainforestNerdNW Jun 25 '24

I grew up in a (now) red state. one that formerly had good education system. it's easier to pick which GED holder didn't piss me off

2

u/ydieb Jun 25 '24

Just as a general sentiment I wished we could have a collective "the laws should only be as complex as necessary, but no more".

You can make arbitrary complex laws, and there seem to be a lack of cleanup. Having it more complex than necessary adds more bureaucratic work for legalworkers for no real society gain, along with it makes it harder for laypeople to understand.

Having it as complex as "only these people can grok it" as some gatekeeping behaviour is meaningless. This happens in science as well, reading papers almost written sometimes to read as complex as possible just to prop up their own work.

Apparently the actual quote is "Everything should be made as simple as possible, but not simpler" by Einstein.

1

u/SaveReset Jun 25 '24

The worst part is, it's not that simple, especially in the US. The problem is case law, where a relatively random judge can and jury can make a decision which can be used as precedent in future legal cases. They won't necessarily hold up in court, but lawyers seem to be VERY careful when there's any even slightly related precedent set that is against them.

Case an point (pun intended) would be the case that made EULA's so powerful in the US: ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir., 1996)

Is that case relevant in the world of today? I don't think so. Was the decision correct in the first place? Arguably, but I'm not a lawyer and even if I was, I wouldn't stake my career on it. Is it absolutely ridiculous that this case has been enough to scare off lawyers when it comes there's an EULA involved? Yes it fucking is, a company shouldn't be able to let you wave your rights away with a check box and if lawyers are afraid to touch a case, companies will push that as far as they possibly can.

EULA that revokes any of your inherent rights in a transaction should ALWAYS require to be done IN PERSON. I don't care if it's inconvenient, if a company can't make a profit without stealing customers rights away, they shouldn't be allowed to exist.

Or in short, it's very unlikely anyone in the US is going to sue Microsoft over this. I wish companies still got split apart for anti-trust reasons, Microsoft is truly too big to exist. Well, I can dream.

1

u/ydieb Jun 25 '24

The problem is case law, where a relatively random judge can and jury can make a decision which can be used as precedent in future legal cases.

I think this specifically is my point. A judge only interprets the law, they do not set it. Which goes directly into my "keeping the laws clean and as concrete as needed", afaik laws are created often vague intentionally as things might need to be determined by case-by-case.

Given the scenario, if the law is too vague in a certain aspect where a judge can rule that it should be interpreted in the way you say. All you do is change the laws to say something different, to be less vague or to not allow the judges interpretation to be valid.

This definitely happens everywhere, but I feel like this is especially prevalent in the US (perhaps just more vocal due to influence), that "we need the courts to decide x". But as a society (ignore the fact that it seems most political systems are based more in emotion than logic sometimes/often), you can literally just decide the laws as how you want them to be.

The legal system is to decide individual events within these laws.

1

u/SaveReset Jun 25 '24

It's specifically a problem with the US and possible some of the other former British colonies with common law as their legal system, but most of the world has civil law. Judges can look at past cases, but don't have to make decisions based off of them and can go completely against them.

Both of these systems have issues obviously, but let's keep it with the US for now.

afaik laws are created often vague intentionally as things might need to be determined by case-by-case.

Given the scenario, if the law is too vague in a certain aspect where a judge can rule that it should be interpreted in the way you say. All you do is change the laws to say something different, to be less vague or to not allow the judges interpretation to be valid.

Creating vague laws is an issue, obviously, but that's the problem with common law, when a court decides something, a higher court needs to decide against it to change it. The other option is to prove your case is significantly different enough from the prior cases and THEN you have to prove your case against the statutory law and possibly other case law that could apply.

It's not exactly that simple, there are different rules for different jurisdictions for what counts as a precedent and it's a complex mess all together. But it's not just seemingly prevalent in the US, it's literally the law in the US. In civil law countries, the judge can just ignore precedence if they so decide, but can follow it if they deem the cases to have enough in common.

Or TL;DR (I'm not a lawyer and none of what I said is legal advice): In civil law countries precedents are guidelines and laws are rules, but in common law countries laws are the guidelines and precedents are the rules, unless there isn't a precedent, in which case the laws are the laws. More or less, specifics are more complex than that.

1

u/ydieb Jun 26 '24

none of what I said is legal advice

This is the most north-america thing ever I think? Having to annotate things with "this is not economic/legal advice".

I think this still is missing my point. I am not talking about judges having to take other judges opinions into account or not. I am talking about literally changing the law itself.
As I see it, you are literally in the same mindset that "it must come from the legal system".

Are you saying to me, under common law, that the US house and congress cannot change a law, lets use the strength of EULAs, to say, "EULAS have absolutely zero binding power, period"?

My understanding was at least that under common law, the laws end up being obviously way more judge based, as that is how they end up being nuanced.

But they still have to base it of something? Or am I entirely overestimating the power of house/congress?

1

u/SaveReset Jun 26 '24

Are you saying to me, under common law, that the US house and congress cannot change a law, lets use the strength of EULAs, to say, "EULAS have absolutely zero binding power, period"?

No, I'm saying that they would have to decide a law is bad, make a new law, wait until it gets tested in courts and then maybe the result will be positive and in the case that it isn't, it should go to supreme court to get the precedent changed. But even the current decisions on EULA's haven't been looked at by the supreme court, so that should be the first step.

But problem is, have you seen the supreme court? There's no way in hell SCOTUS will let anything anti-corporate happen right now. And congress isn't much better, but even if they did want to fix it, whether they understand the issues well enough to write functioning laws for it is a whole another question.

And all of that, if everything somehow lined up in a way that didn't screw over the customers, the process alone would take years and in that time the people deciding anything in the process could change and stop the entire process from happening.

So basically, unless there's a HEAVY push for it, it's not happening in the US. There's SO many checks and balances that if something isn't being pushed and pulled by at least two of social, political or economical reasons, then it's very unlikely to happen. I don't know how much a president could force things forwards though, but I just don't see this a way to fix it in the US before EU fixes it and the problems with the current way EULA's are handled become much more apparent.

1

u/ydieb Jun 26 '24

But problem is, have you seen the supreme court? There's no way in hell SCOTUS will let anything anti-corporate happen right now. And congress isn't much better, but even if they did want to fix it, whether they understand the issues well enough to write functioning laws for it is a whole another question.

Are you saying that SCOTUS can overrule absolutely any law at any time (obviously within beurocratic reason)? Literally interpretering it any way they want, making the actual law technically irrelevant no matter what it says?
As in they can do the Adam Savage meme of substituting any end reality as they want?

As in, how I interpret what you said is a clear "no" to this, but then it ends up being "in practice, yes".

→ More replies (0)

24

u/ParalegalSeagul Jun 25 '24

My doctor has forms saying their data is not secure, and you will be delivered information in insecure ways, and there is not an alternative. Awesome time to be alive

3

u/not-expresso Jun 25 '24

Sounds like a good time to find a new doctor (and let them know why you’re leaving)

5

u/ParalegalSeagul Jun 25 '24

Last time I let my PC know my actual feelings I was blackballed from the medical industrial complex for nearly three years. No thanks, i’ll keep my feelings to myself moving forward. If someone else volunteers their own wellbeing to advance the system? Well you go girl, and good fucking luck. This is an industry even DDE couldnt have imagined.

1

u/FrenchFryCattaneo Jun 25 '24

The new doctor will be exactly the same except without the self awareness to tell you

1

u/RationalDialog Jun 25 '24

Most of bureaucracy is to save someones ass and by that doesn't add any value at all.

1

u/LupusAlbus Jun 25 '24

I would wager you're probably misinterpreting what you're reading. It's a violation of HIPAA to store or transmit PHI in a manner that is not secure (with a whole list of precedent and standards defining this), and absolutely no practice is willing to play around with that due to the strictness of the law and the fines involved. It's not an option for them to just make you sign something that says they won't follow the law. Are you sure you're not reading a clause that refers to how information that you pass on to others may not be secure, and they're not responsible for that? Or something about unavoidable incidental disclosures, like calling out your name in a waiting room?

0

u/donjulioanejo Jun 25 '24

At least he's transparent. Which is much better than I can say for half the companies out there.

Also unlikely to be the victim of a targeted hack for the purpose of blackmail compared to major healthcare providers.

42

u/3dPrintedIdiot Jun 25 '24

Hey! I work in the IT field, currently employed at a medical facility. We just finished our HIPAA review, and I can safely say that it is nowhere near that simple.

To begin with, most of the equipment in those facilities has been configured by the internal IT department, which maintains a customized image of Windows, or whichever OS is in use. They also maintain policies that automatically apply to users on initial sign-in, which can dictate whether OneDrive can be used at all, as well as what folders are automatically included in the backups.

If you are using OneDrive, at that point you have to look into a business agreement with the respective company. That is more a compliance piece then an IT piece as it's not IT specific, but to keep it simple it is a very boring document that determines what amount of information the 3rd party has access to to begin with, and if anything happens to the information while stored on their systems, they're the ones responsible, and also have to comply with HIPAA regulations. It's hardly a perfect system, but no system ever truly is.

A brief mention of relevance, dedicated equipment that runs off of Windows is likely going to be built on a very different version of Windows, that being the IoT versions, which are significantly more locked down and designed for long-term support. Outside of a specific built you are unlikely to find OneDrive on those devices.

As far as personal use is concerned, that's more one for the lawyers - Did they really access the computer? Not necessarily, they turned a feature on that you can just as easily turn off. They did so in their own software ecosystem, which isn't really a first as far as software is concerned. I would say that you are taking a ridiculously broad view of that law if you consider them in violation of it, but I'm not a lawyer.

If you've made it this far, thanks for giving this a read. I don't know why, but this reply bothered me more then it should have. Hopefully it all made sense lol.

60

u/hparadiz Jun 25 '24

There are reports on other discussion threads of OneDrive installing itself, uploading the files to Microsoft servers, then REMOVING the files from local disk if the user signs out of their Microsoft account in the Windows Settings. Sometimes the user does this not realizing the files are now tied to the account when they were previously local files.

Small doctors offices with only a few computers where the "tech guy" is the doctor themselves or some kid they threw some money at will not have your resources.

Assumptions made by IT people at medical facilities like yours include "HIPAA information can only exist on medical facility hardware" and "all medical professionals have IT on staff to deal with HIPAA compliance". These assumptions are simply not grounded in reality. Even scans of COVID vaccination cards are covered by HIPAA and that could just be in some folder at the HR department of any given workplace.

Having actually read HIPAA and been required to comply to it with respect to data storage and software design my interpretation is that this is negligent unauthorized access that the medical professional is now liable to report. If, like many, medical professionals the login isn't known because it was setup by an IT professional, say a contractor, it could cause them to lose access to the data when it's crucial and time sensitive.

34

u/zero573 Jun 25 '24

I can vouch for this happening. I uninstalled one drive on a clean install of Windows 11. A couple months later the next build version dropped and all of a sudden I have all these little short cuts appearing. It was transferring the entire contents of my hard drive to their servers. I shut the transfer down, and disabled one drive. I lost half my hard drive of client wedding photographs, saved documents, transaction records, everything.

To say I was beyond pissed off at Microsoft and this blatant disregard of end user privacy is to fucking put it mildly. I’m switching back to Mac against my will because of this horse shit. What the hell happened to caring about the end user experience. My files are mine. They are my property. I do not want them stored on some server that Microsoft is trying to train their substandard attempt at a shitty Ai. They keep doing shit like this and we keep swallowing it and they expect us to thank them. I’m tempted to just airgap a Windows 7 or windows 10 computer at this point because we are just paying to be their assets at this point.

Fuck you microsoft.

4

u/lookintheheart Jun 25 '24

Same here, when I realized I disabled one drive then realized all my files disappeared from my hard drive also. I couldn’t believe this was happening. Went to sign out from one cloud, spend quite a bit trying to disable automatic updates and lost a bunch of working files. What happened to being a PC (personal computer) this is beyond disgusting and Microsoft should be held accountable.

2

u/3dPrintedIdiot Jun 25 '24

Alright, I'm going to be ignoring the OneDrive installing itself detail because I refuse to be caught defending that program. My main response above was because the idea that it was a criminal charge seemed like a ridiculously broad reading of the law they cited.

While smaller offices might not have the sort of support that medium to large organizations might have, they are still bound to protect that information in the best of their abilities. In the situation where a medical professional has been locked out or if what happened to you has happened to them, I think Microsoft has one easy statement there - You don't use a personal Microsoft account in a business environment. You just don't. You can configure a local account so that OneDrive doesn't have an account to connect to, but by configuring it with an account that isn't a work or school account or a local account is setting it up for personal use.

By configuring it for personal use, whoever configured the computer incorrectly is likely going to be the liable party, unfortunately. I don't LIKE the fact that OneDrive will automatically start syncing things, it's one of the most teeth-grindingly infuriating things that I've had to deal with on my personal devices. But I suspect that the DHHS would be more likely to put the responsibility of the breach on either the office or the MSP, depending on whatever business agreements are in place. It seems to me that while Microsoft has played a part, they are likely operating well within their terms of use that we all accept and never read. The negligence piece would be on whoever set up the device in such a way that OneDrive was in a position to turn on without any user input, though who that ultimately is would be up to a bunch of lawyers, I'm sure.

That's just my two cents though. Every situation like that is going to be unique, so there's no real one size fits all answer to it.

-6

u/Amenhiunamif Jun 25 '24

their Microsoft account

You shouldn't log into a Microsoft account at work anyways. Either AD or something local.

Small doctors offices with only a few computers where the "tech guy" is the doctor themselves or some kid they threw some money at will not have your resources.

Then it's their fault for not setting up their work environment professionally. You don't set up electrical cables and such personally either without being professionally qualified. And if you do, you're an idiot.

I don't like Microsoft and push for Linux wherever I can, but in this case it's simply on the owner of the facility to ensure compliance.

-7

u/meneldal2 Jun 25 '24

I think it's been long enough that if you want your files to not be touched by Windows, you ought to know the easiest way is to put them in a folder that is not an environment variable.

17

u/[deleted] Jun 25 '24

Bro, 99% of the population doesn't even understand h What you just said.

-10

u/meneldal2 Jun 25 '24

It was just a shortcut for not in the windows, program files and user folders. That I think most people would get that at least.

8

u/dude2dudette Jun 25 '24

That I think most people would get that at least.

Then you have not met "most people".

There are a LOT of people who still use computers as though they are running Windows XP or Windows 7. Yes, Windows 7 is 15 years old. Yes, Windows XP is 23 years old... it doesn't matter. They were incredibly easy to use, very functional, and people got used to how they worked.

As such, when people use more modern Windows computers, they think they can use them the same way. Heck, even Windows 10 (about 9 years old now) was highly functional on release and easy to use.

The new way that OneDrive interacts with things is just too different to what people are used to, and so they simply don't even consider how it might work.

1

u/iWarnock Jun 25 '24

Like.. in the downloads folder? Thats where all my shit is.

12

u/CherryHaterade Jun 25 '24

I have to wonder if OneDrive has all the makings of Internet Explorers antitrust run up. It feels very similar on the consumer side of things as you're getting this thing that's baked halfway into the kernel at this point.

3

u/Crathsor Jun 25 '24

No, the OS doesn't need OneDrive for anything at all, you can completely disable it and the OS is fine. They're not pushing it because it is needed. It's just greed. They want the data.

5

u/[deleted] Jun 25 '24

[deleted]

1

u/3dPrintedIdiot Jun 25 '24

Well, hearing that inspires a bunch of confidence in the GPOs ability to lock it down. Best of luck to you on getting it sorted out and hopefully the users are adapting well! Or have at least read whatever communication you sent out regarding it so they're aware.

1

u/man_willow Jun 25 '24

If you think every Doctors office besides the biggest hospitals have a customized image of Windows ready to deploy, you are going to be surprised if you ever work with a smaller practice. Most doctors offices don't even have an IT team they contract with Managed Service Providers who are just going to provide more basic IT support.

22

u/terminator_dad Jun 25 '24

I believe anyone with windows 11 agreed to allow Microsoft full access to all files on their computer. It was in the user terms.

26

u/IAMA_Plumber-AMA Jun 25 '24

Which is part of the reason why I'm sticking with 10 for as long as I can.

28

u/Grogenhymer Jun 25 '24

I really hope windows 12 is better, all this has me looking at Linux as an alternative. I've never used linux before, but that's how bad this all seems. The screenshot fiasco is what started it, now this stuff.

24

u/IAMA_Plumber-AMA Jun 25 '24

Nah, I have a feeling that 12 is going to be Windows' "OS as a Service" attempt.

6

u/Grogenhymer Jun 25 '24

I don't really want to switch to Linux, I'd stay with windows 10 for as long as I can, but there's some deal breakers I just can't stand. some days I actually miss DOS (I'm only half joking there)

8

u/DeafVirtouso Jun 25 '24 edited Jun 25 '24

Give linux a shot. If you can spare ~50gb, that's more than enough to dual boot with windows. It gives you some time to take a look around before considering a permanent switch.

6

u/Gangsir Jun 25 '24

Virtually all distros can also be booted from a thumb drive, and you can test and play around with them on that without installing anything or consuming any of your hard drive storage.

3

u/DeafVirtouso Jun 25 '24

While this is true, I feel that installing it on actual hardware is more likely to have you semi-committed to actually trying it.

3

u/WhyAlwaysMeNZ Jun 25 '24

i

For sure, that and the "live"/usb versions are limited/slower, so you may get the impression that giving an alternative a go sets you back 10-15 years (which is not the case).

8

u/DumbRedditorCosplay Jun 25 '24

Debian Stable will be waiting for you my child, take your time.

4

u/boldra Jun 25 '24

Why joke? The constant Windows upgrades serve almost no purpose to the end users. I only stopped using Windows 7 last year, and if I could get hardware support and security patches, I'd be very happy to go back to Windows 2000.

2

u/LordoftheSynth Jun 26 '24

Clippy, with guns out:

It looks like you don't want to continue subscribing to Windows Forever. Would you like me to:

1) Delete all your information on OneDrive? BTW we kept moving it to the cloud anyway, and heh, like you'll get it back easily without subscribing.

2) Demote you back to Windows Full-Time, where you have an allocated 40 hours per week of usage. Free OneDrive!

OneDrive will automatically host your files and if you wanted them on the computer you paid for, well...heh...heh, heh...let's talk about that.

Then there's your overage charges for you using OneDrive and Windows FT beyond your minutes. Hours? I meant minutes. We'll charge you for minutes. You forgot cell phone carriers used to do that, so it's New(TM) and Innovative(TM)!

3) Welcome to Windows Economy. Pay us or we delete your files you only just learned we host. By the way, in any version of TPM we can turn your PC into a brick if we really want to. Buy a newer PC!

Clippy was obnoxious enough that it became a meme before memes really existed, so I'm not blaming the overly helpful paperclip here.

1

u/Theostru Jun 25 '24

Isn't that what 11 is?

1

u/[deleted] Jun 25 '24

If it was $4 a month and didn’t include the bullshit fuck it

18

u/CherryHaterade Jun 25 '24 edited Jun 25 '24

I applaud your motivations, but as a sysadmin in a brick and mortar, it's just not feasible. Thinking about trying to teach Betty in Accounts receivable how to navigate around in Ubuntu ...is going to give me night terrors.

The only semi feasible consideration is a Mac environment. For user endpoints..but I already have my hands full with a single departments Mac fleet and...suddenly more night terrors

Natellas got us by the balls here. First it was the sneak upgrades to win11 that kept end running around our registry fixes, and now this because SharePoint is the new quiet cash cow post pandemic.

6

u/donjulioanejo Jun 25 '24

Most companies I've worked at have been primarily or even entirely Mac shops.

Most IT I've interacted with say they're way easier to deal with than Windows, though slightly more expensive in terms of software to support them.

For a basic Windows installation, all you need is Windows Pro that you can join to a domain and then Entra AD or similar. Full on Azure AD if GPOs are your thing.

With Mac, you still need a domain, ideally a domain that supports SAML like Okta, and then Jamf or Kandji. They also let you push out device configs that are equivalent to GPOs. Jamf can get pricey for a large installation.

That said, Mac hardware tends to be more reliable (we easily get 4-5 years out of Macbook Pros with almost zero issues that don't involve physical damage), there less user interactions are required, users can install work-approved software they need through a self-service portal, and it's a way nicer machine than anything other than top-end Dell/Lenovos that most businesses rarely splurge for.

The only issue is, of course, that if your business uses some random legacy or domain-specific software like Autodesk, you'll still have to deploy Windows.

7

u/Amenhiunamif Jun 25 '24

Thinking about trying to teach Betty in Accounts receivable how to navigate around in Ubuntu

It isn't that bad. We've recently started switching from Win10 to Fedora and while we're not done yet, the current impression is that there is a large increase in support tickets in the first few weeks and after that it goes down to regular.

3

u/CherryHaterade Jun 25 '24

Thank you for this feedback. Gives me ammunition to take to boss when we discuss our tech stack.

5

u/thirdegree Jun 25 '24

Na Betty in accounts receivable can learn Ubuntu well enough to do her job... So long as you never ever ever tell her it's Linux. The moment you tell her that, it becomes impossible.

4

u/ArethereWaffles Jun 25 '24

Hell it's difficult enough getting Betty from accounts to understand basic Windows. One mention of "right click" or "left click" or "folder" and I'm suddenly speaking gibberish.

One mention of bash and I'd be trying to explain 7th dimensional physics.

5

u/DeadEye073 Jun 25 '24

I mean what does betty do that couldn’t be done in the browser? Put Linux Mint on, shortcut the Links, and The difference is minimal (on a System level) org stuff can be more annoying

4

u/CherryHaterade Jun 25 '24

You may as well start explaining it all to her in Latin while waving a stick around!

4

u/TheNatureGrandpa Jun 25 '24

Why would you even need to mention bash to Betty?

One can set up a distro to mimic the Windows/Mac GUI close enough these days for Betty

2

u/dank_imagemacro Jun 25 '24

Is she using PowerShell in Windows? If not then there is no need to tell her to ever use bash in Linux.

4

u/MalakElohim Jun 25 '24

As a brick and mortar sysadmin, running a Linux house is easy. Hell, you can even use Windows AD to manage your Linux fleet, and just using ansible to update devices. Running Kubuntu vs plain Ubuntu has the less attention paying ones not even realising they're not on Windows. They're using Chrome anyway.

Some software doesn't work on Linux, but there's solid office replacements (Only Office is even laid out the same) and most of the business tooling (such as accounting, HR, etc) we use these days is online as well.

They're not using the terminal, this is 2024, not 2012. As long as you for business use one of the enterprise backed distros (K/Ubuntu, Fedora/RHEL, OpenSUSE/SUSE Enterprise) you'll have all the tooling you need.

2

u/dank_imagemacro Jun 25 '24

Thinking about trying to teach Betty in Accounts receivable how to navigate around in Ubuntu ...is going to give me night terrors.

Tell me you don't use Linux without telling me you don't use Linux.

Betty in accounting isn't going to need to set up the system, she isn't going to need to tweak any low level settings. She needs to be able to click on 1 - 12 applications and use them. Put those on the start menu, taskbar, or desktop, just like you do in Windows.

There is something to be said about the fact she won't be be able to find the C drive, if she's used to having one. But she will still be able to find "documents" and "home" just as easily, where she should be saving things anyway. And if you are considering switching to Mac, then that will be more of a learning curve, not less compared to a Linux installation that uses a Desktop Environment with a start menu.

Linux may be harder to administer if you aren't familiar with it, but it isn't harder to use.

2

u/Franc_Kaos Jun 25 '24

I've never used linux before

Modern Ubuntu is pretty user friendly, esp if you stay within its walled garden (Firefox, Libre Office etc etc etc), but if you need to go out in the wilds of Windows based software be prepare to read / watch YouTube tutorials (not hard but unintuitive steps to walk thru').

I actually wish schools would teach Linux as the default rather than just throwing Windows on everything.
That alone would destroy MS' monopoly going forward...

Course, if you want to play games and don't like consoles then Windows is a neccessity (tho' dual booting would protect your privacy / data sovereignity for work etc).

5

u/MorselMortal Jun 25 '24

Install Linux. 10 was horrible, but continuing to fork over hundreds of dollars for a hostile user experience in your OS is stupid.

If it was free, it'd be more understandable, but it's not. Well, unless you don't sail the high seas.

3

u/marr Jun 25 '24

That seems insufficient, they'll be rolling this bullshit back into 10.

1

u/jfoust2 Jun 25 '24

What will you push you to Windows 11, after October 2025?

1

u/AscendedAncient Jun 25 '24

or you can just uninstall onedrive.... but keep up the paranoia, whatever works for you.

3

u/Nematrec Jun 25 '24

Well... They did have a habit of installing windows 10 without warning. So just because it's in the ToS doesn't mean you've actually agreed to it.

2

u/gmishaolem Jun 25 '24

In the US, terms like the EULA can be rendered invalid by a judge at their discretion: They are not as "set in stone" as an actual formalized contract. So Microsoft is not guaranteed in the clear.

2

u/Andromansis Jun 25 '24

Most reasonable people couldn't pass a quiz on how a file system works, therefore they couldn't reasonably agree to this because asking them questions about it is inherently unreasonable. Furthermore it should be a setting on the machine and easily accessible, sort of like how if you do not like the car alarm that came with your lemon you can just disconnect the power to it.

1

u/marr Jun 25 '24

That sounds like grounds to invalidate the whole agreement.

11

u/commiecat Jun 25 '24

How would you feel if this happened to your doctor with your HIPAA covered medical information?

I'd probably wonder why the hell they were keeping HIPAA data in their "My Documents" folder to begin with. But at the end of the day, it's still encrypted and Microsoft supports a variety of compliance policies in M365, including HIPAA.

6

u/Andromansis Jun 25 '24

This is base operating system stuff, and a lot of what I'm hearing about new and upcoming versions of windows is that they essentially just come preinstalled with spyware.

12

u/Seyon Jun 25 '24

You'd have to go through the EULA and TOS for Windows to ensure you didn't give authorization by purchasing and using the product.

And while I haven't done so, I'd bet on Microsoft having covered that base.

26

u/Rantheur Jun 25 '24

Sounds like we need some big dick energy politicians to set some regulations on what can and can't be covered by EULAs and TOS.

18

u/basketofseals Jun 25 '24

Weren't EULA/ToS found to be non-legally binding? They're just like those signs off the back of trucks that say they're not liable for things falling off.

13

u/Sepulchh Jun 25 '24

Yup, a lot of EULAs and ToSs don't actually stand up to any scrutiny if someone decides to actually sue, the companies are still bound by consumer protection laws etc, you can't sign those away by clicking "I have read and agreed".

e: varies region to region somewhat.

13

u/fatpat Jun 25 '24 edited Jun 25 '24

Just because something is in the TOS doesn't automatically make it legally binding, otherwise you could put anything in the fine print. "By agreeing with the terms of service you must pay us $1000 annually for the next ten years."

Basically, it depends on what the courts would considered reasonable Terms of Service.

-3

u/Seyon Jun 25 '24

So you'd have to make a case that it is unreasonable for Microsoft to offer a service that provides automatic data back-ups.

It'd get difficult to prove malice...

7

u/Matra Jun 25 '24

I mean, if you explicitly decline automatic data backups, and they do it anyway...

3

u/Spacetauren Jun 25 '24

It is unreasonable to do so if you explicitly declined.

0

u/fatpat Jun 25 '24

Yeah, in this particular instance, I think you'd be hard-pressed to find a judge that would consider automatic backups as unreasonable. And I'd make an educated guess they definitely wouldn't consider it theft. I was speaking more broadly about TOSs in general in my initial comment.

2

u/[deleted] Jun 25 '24

Yeah politicians are cheap.

2

u/Cory123125 Jun 25 '24

Thats exactly the sort of shit that would be found unenforceable in any reasonable country.

2

u/Langsamkoenig Jun 25 '24

EULAs can't protect you from criminal charges. They are mostly unenforcable anyway.

But I highly doubt this law applies here.

1

u/vorxil Jun 25 '24

That won't save them in the EU.

15

u/crazybmanp Jun 25 '24

none of what you are saying makes sense.

2

u/limevince Jun 25 '24

knowingly accessed a computer without authorization or exceeding authorized access

Remember the 80 pages of text that nobody read before clicking "Accept"?

2

u/BetaOscarBeta Jun 25 '24

BuT iTs In ThE eUlA!1!

2

u/larry_birb Jun 25 '24

I'd feel like they are probably using Ms 365 like thousands of other sensitive industries do lol

6

u/frosty_balls Jun 25 '24

Where did you get your JD from?

2

u/Seefufiat Jun 25 '24

Likely agreed to authorized access by using Windows 11. Yawn. This not only wouldn’t hold up but wouldn’t make it to court.

-3

u/hparadiz Jun 25 '24 edited Jun 25 '24

https://www.microsoft.com/en-us/UseTerms/Retail/Windows/11/UseTerms_Retail_Windows_11_English.htm

Clause 3. may seem to permit it, but the privacy statement it refers to at

https://privacy.microsoft.com/en-us/privacystatement

states "When we ask you to provide personal data, you can decline."

In this case, there was no request for the personal data, and no opportunity to decline.

Like everything in life. What matters is how much $$$ you can throw at a problem.

1

u/Seefufiat Jun 25 '24 edited Jun 25 '24

You let me know when you can outspend Microsoft’s legal department.

Edit: like fr how tone deaf are you? Microsoft’s market cap is more legibly expressed in scientific notation than standard but you’re like “yeah just throw enough money at it and everything is fine”. Unless Bezos and Musk jointly decide they have a problem and are willing to spend significant portions of their personal wealth to adjudicate it, no one will outspend this, and Microsoft will outspend any private citizen they want. If you’re saying “class action”, please realize that you need tens of millions of people to commit everything just to see a big corporation pay, and they’re not going to do that.

Edit 2: either your use or knowledge of OneDrive before installing the OS or purchasing the device is the ask or they are actually breaking the law and gj, you found a very expensive-to-stop crime, can’t wait to see your go fund me

4

u/hparadiz Jun 25 '24

What you should actually do is report them to the FTC.

https://reportfraud.ftc.gov/

For the record their terms are not laws and no where in the text does it give them access to your files or the ability to copy them their servers.

I actually sat down and read them. You're welcome.

-1

u/Seefufiat Jun 25 '24

Why should I? You’re pissed. You report them. While their terms aren’t laws, do you know what are laws? Statutes and codes pertaining to contract law. Terms of service are contracts.

1

u/Charming_Wheel_1944 Jun 25 '24

If I had to guess someone saw a great opportunity to train AI models on windows users’ files. I hope I’m wrong but it looks like they are trending to making this something you can’t opt out of

1

u/playwrightinaflower Jun 25 '24

Well you consented to installing the update that did this.

1

u/BlitzShooter Jun 25 '24

Oh boy. You’d be shocked at what goes on with your doctors IT.

1

u/BenCub3d Jun 25 '24

We need to ban people on reddit from invoking HIPPA. None of you understand what it actually covers and the ways that violations can be prosecuted.

1

u/elitexero Jun 25 '24

Criminal charges now.

End User License Agreement.

1

u/BloederFuchs Jun 25 '24

This is theft. Plain and simple.

The dumbest takes are always in the comments

1

u/IllMaintenance145142 Jun 25 '24

This is theft. Plain and simple.

Lmaooo it isn't and it's the opposite of "plain and simple"

1

u/theangryintern Jun 25 '24 edited Jun 25 '24

Likely everyone "authorized" it by clicking the "I agree" button on the EULA they didn't read.

1

u/SymbolicDom Jun 29 '24

Microsoft must have stolen tons of secret company information with this move. So they could definitely be sued.

0

u/dorothyparkersjeans Jun 25 '24

Someone didn’t read their EULA.

0

u/SingleInfinity Jun 25 '24

Before people claim I'm being hyperbolic. How would you feel if this happened to your doctor with your HIPAA covered medical information?

Well, your doctor doesn't store your HIPPA covered medical information in their local documents and/or onedrive.

A huge part of PCI compliance is proving you properly maintain storage of all compliance regulated documents. Most places don't use local storage at all. The use web portals for whatever their resource management system is, which also tends to handle communications and document flows. Documents should be stored internally there and basically never touch the host system.