I read your link, and you need to retake basic literacy if you believe that satisfies any sort of proof. All it says is “Microsoft totally has a keylogger, this setting disables it.” It does not show any evidence of the claim. It does not link to evidence of that claim.

No one’s arguing that they aren’t gathering typing data. I’m arguing that it isn’t a full-on keylogger siphoning passwords.

Please stop fighting a strawman. I’ve not said anything good about Microsoft here. I’ll insist again that I’m more familiar with their rot than most, given my career.

I did Google, with multiple search terms. Check my last post again. There’s a spoiler with plenty under it. It’s the line in a section all it’s own that says “Did my research, I’m not finding the hard evidence.” Tap to expand the multiple paragraphs not only summarizing my findings but also linking specific examples. If you have some specific issue with what I found, let’s hear it.

I’ll state it again and clearly: Everyone should turn off the feature. But hundreds of sites copy pasting the same article, the headline claiming it’s a keylogger, the same instructions to disable predictive text data collection, and nothing else is not evidence. It’s copy paste tech support slop.

If sites claiming things about how Windows worked were reliable, or repetition meant reality, “sfc /scannow” wouldn’t be a meme in the sysadmin world. 90% of the time it doesn’t help. It’s a specific tool for fixing issues caused by corruption to the OS files, not the cure all it’s touted to be by many sources.

So show me some network traffic analysis. Show me a whitepaper. Show me a security reseacher’s write up. Show me process explorer screenshots showing the file lock for the file where the data is stored. Show me someone testing two default Windows installs in VMs, one with keystrokes entered and one without, and the clear difference in network traffic, file activity, anything.

Anything more than simply saying “trust me bro”.

Because headlines can’t be wrong right? The CrowdStrike outage was totally an issue with Microsoft Update, as originally reported far and wide, and not an issue with an update to CrowdStrike software running at kernel level that mirrored the same issue they caused in Linux deployments a few months earlier. People still don’t get that wrong, not at all.

Look. The ball’s in your court. Again, if it’s so easy, prove it. Stop wasting effort trying to rub my nose in it like I’m a bad dog, and just prove I’m wrong.

My research doesn’t show what you insist is so evident it doesn’t need to be sourced. If it’s as you say, spoonfeed me. Prove it. It’ll be faster, and I’ll gladly edit all my previous comments here to say whatever disparaging thing about myself you desire.

Crow is delicious and I look forward to eating it.

Come. On.

Edit: I’m not normally the kind of person to look up who up/downvoted me, but I spent the better part of an hour trying to find evidence in support of this guy’s claim. Apparently it’s easier to downvote than prove me wrong in such a simple way that they claimed I couldn’t have done a google search or I would have found it.

So let’s fucking go. I’ll extend this “bet” to anyone.

Show me evidence that Microsoft is capturing all (or most) keystrokes, specifically including passwords entered across multiple programs, through the setting for predicitve text and handwriting analysis which can be switched off through the settings menu, it is happening on live/prod/general use releases of Windows, not preview builds, and it does not rely on unlikely edge cases like a user somehow accidentally running Calculator with a debugger attached to the process and then typing passwords into Calculator.

Note: Being able to hijack the service and exploit speculative execution shit like spectre to access other areas in memory doesn’t count. This has to be inteded behavior.

If you can prove that for Windows 7, 10, or 11, I will do just about anything you want as a punishment. Want me to speedrun getting banned across the fediverse? Want me to make a video smearing peanut butter on my junk while singing your praises?

No doxxing myself, no physical harm, permanent body modifications, nothing that would get the cops called, make me ill, or jeapordize my job. Monetary cost can’t be over $20. Thinking more like I’d write that you were right on my ass, make it my profile picture here, and edit every comment I made on here (over 4000 at time of writing) to add praises for you and to point to my shame. That sort of thing.

If you can get the instance admins in on it, I’d fully accept old 4chan rules of deliver or suffer permaban.

Just to cover my ass for Microsoft doing something dumb as hell with Recall, that doesn’t count (see specifications about it having to be connected to this predictive text/handwriting thing), and this offer is only valid for the year of 2026.

I highly reccomend Neil Postman’s book, Amusing Ourselves To Death, which that wonderful quote is from.

Have you been on them, or is this an arm chair take?

Not feeling any empathy is horrible, but feeling absolutely god awful about things you can’t do shit about isn’t exactly a virtue.

Just like many people already have it.

And there it is. This is a not so thinly veiled post being highly judgemental about people on anti-depressants and the like.

As you’ve identified:

I’m sure that what me caring does to my mental state is far worse than however good is anything it does to anyone else.

So… if it’s not helping anything, and arguably harming yourself, what is the point?

I promise you that it is possible to be aware of these horrible things going on, accepting that you cannot do anything about them, minimizing of the negative impact on your own emotions and mental state… and to be able to move on with your own life and enjoy what there is to enjoy around you. All at once.

That isn’t a “lack of caring”, it sure as hell isn’t fucking ignorance. I honestly take quite a bit of offense at that.

It’s basic acceptance of what you can and cannot change. The relatively recent idea that if you aren’t emotionally distraught about world events then you don’t care is one of the most toxic and damaging to mental health things in recent time.

Some people will call it stoicism, but it’s not even going that far.

This whole idea of “I have to stay aware of all the suffering in the world, and I have to have strong feelings about all of it!” is just “thoughts and prayers” with a whole bunch of extra steps that people often use as justification to look down upon others who don’t stay as up to date, or who don’t get as emotionally invested.

So to answer your question, no. I wouldn’t take pills that work as you describe.

Thankfully, that’s not how anti-depressants and anti-anxiety medication fucking work! (Unless you’re on far too high a dose or perhaps on anti-psychotics instead)

I’ve not seen womens pants available with larger pockets and non-form fitting. I’m not sure you can say it’s just a choice issue when the choice would be to just buy mens pants instead.

You can find plenty more shit like this just taking a scroll through the settings app/menu. Anything mentioning “predictions”, “suggestions”, “send data to microsoft”, “help us make your experience better”, “automatic personilazation”, “use your data to improve”, “telemetry” and the like is data collection for Microsoft’s sake with little to no direct impact on the function of the OS or other software.

Cool it with the attitude. If it’s so easy to find this evidence, you could have posted links yourself to it instead of whatever the hell you think this is. Public shaming?

There’s plenty of easily proven reasons to hate Microsoft without pulling stuff out of our collective asses. Like the collection of image thumbnails I already mentioned, which as I said was confirmed (as much as analyzing SSL encrypted web traffic can be without breaking the encryption) by traffic analysis.

I have a decade of experience doing tech work in Windows environments. More than half of that time now in systems administration and infrastructure “engineering”. I’m better versed in Microsoft’s bullshit than the average bear, and I’m definitely not trying to argue they’re great.

Proof of this sort of thing can make a career in infosec, so I don’t have any issues believing that people have been digging deep for any evidence of this. If direct evidence is out there, you’re right that it shouldn’t be hard to find.

So now I’ve danced to your tune. I’ve “done my research”.

If this is so damn obvious, please for the love of all that is holy just link me the damn receipts. I promise I can handle whatever hacker writeups, white-papers, etc that you could throw at me. I want to see them. Please don’t blueball me.

So, it’s easy to point fingers at a scary sounding sub-system and scream, but has anyone done any true analysis of what the feature actually does?

There’s plenty of ways to check this shit. Just off the top of my head, checking the files it accesses using process explorer would be a start. Should be pretty obvious if one of them grows with keystrokes.

Those are some pretty damn big claims for “trust me bro”.

It used to be that with shit like this you could actually find stuff like “Hey, I’ve analyzed network traffic from the PC, and can confirm that once an hour it’s sending encrypted data to a server in Redmond that matches the size of the image thumbnails generated by Explorer in the last hour. If Explorer hasn’t generated thumbnails in that time, no data is sent.” with receipts when someone claimed that MS was collecting everyone’s image thumbnails.

Now it’s just Microsoft bad! Trust me bro!

Regardless of validity though, it concerns me that people use their computers without taking 30 minutes to go through the settings and shut off shit they don’t want.

Whether the implementation of this is a true keylogger or not, I get no benefit out of Microsoft analyzing my typing, and I’m not using any sort of touch screen or stylus so handwriting analysis is a waste too.

I disabled it within the first hour post-install.

Now that’s what I call shitposting!

Unfortunately with the way you asked, and especially with asking on Lemmy, you’ll get a lot of tech saavy people, and FOSS enthusiasts. You’ll also get a handful of people here who can’t help but talk down to anyone who dares to say that Windows isn’t just the fucking worst.

I’m primarily Windows, with an Ubuntu VM for working with obscure FOSS utilities (like I had to use someone’s college project to recover data off a USB HDD where the enclosure broke, and it turned out the manufacturer used whole disk encryption so you couldn’t just shuck it and go, but it was thankfully trivial with the key stored in a specific sector) and to work with github projects that only provide build instructions for Linux.

I run a personally customized and debloated install of Windows 10 Pro on my desktop, and Windows 10 Ameliorated (someone else’s debloat setup I cribbed a decent amount from) on a laptop that is mostly used as a remote endpoint for the desktop through sunlight/moonlight (whatever the open source version of nVidia streaming is). The debloating took maybe 4 hours (6 if you include the time to figure out how to stream updates and drivers into the install media) and I’ve had no issues with any of the shit people complain about. I’m in control of my own updates (although you can’t delay them indefinitely, you can push them back multiple weeks and prevent auto-restarts), no onedrive, stripped out telemetry shit and blocked through host file and DNS in case any was missed or added later. No updates have reset any settings I’ve set, despite the common insistence that everyone says they do.

But I also have almost a decade in supporting Windows, from intro IT help desk to many years as a sysadmin and IT infrastructure “engineer”. I know what levers Microsoft has built for businesses to use to kill the bullshit, anf I cry at just how ridiculously bad a shit ton of Windows advice online is.

As far as Linux goes, I’m no stranger to it, and have been poking around with it since Knoppix was one of the only options (if not the only) for live-boot. I’m the go to guy on my team for the few Linux based appliances we run that don’t belong to the network team. I want it to be a competitive alternative for corporatized software.

But I bounced off it in the mid-late 00’s as I got tired of how much tinkering it took. By the time I was interested in checking it out again, I was working in IT, and nothing drains you of energy to tinker with computers at home like doing it eight hours a day for work. I wanted my stuff at home to just work, to the point that I even was mostly gaming on console.

I’m out of my burnout now, built a new desktop when I got my sysadmin/infra position, and built up a homelab of VMs to try (and fail to) speedrun studying for the MCSE before MS stopped offering it, since I work in a primarily Windows environment.

Whenever I finally get some free time, I plan to sit down and document customizing Win11 to not suck for the sake of all the people online that insist it simply isn’t possible at all… and to set aside a dedicated drive to try out some more modern Linux distros again.

But I’ll be honest, most Linux troubleshooting stuff still seems to be pretty finicky and still a tradeoff compared to the amount of stuff that “just works” on Windows (nVidia GPUs, HDR, VRR for a few examples). Definitely far better than it used to be, but still not to the point where the OS just gets out of your way. Windows still seems to be able to get to that point more easily.

I hope to proven wrong in my opinions about the current state of things.

That gives me vague ideas for a fun short story: The AI “revolution” has occurred, but due to training data issues it’s all optimizing for some random specific boring schlub. Harold from Oklahoma or something.

Had to argue my case to the transit overseer AI about how me getting to work is vital for Harold’s quality of life again. So fucking demeaning.

Harold posted something to social media 15 years ago about having a bad experience at the restaurant chain I worked at. Overseer shut the while chain down and now we’re all on the run from enforcers that want to kidnap and make us personally apologize to him. I worked on the other side of the country.

Trying to get a new car but all that’s on the market are ridiculous scaled up hotwheels the guy liked as a kid, a shitbox he made teenage memories in, or some generic suburbanite thing that lasted him the longest.

New fashion trend: White t-shirt and green plaid boxers are out, jeans and a grey t-shirt are in!

You can’t seriously be suggesting that lying to people about the sitaution is in any way helpful.

Fuck off and sow FUD elsewhere.

Lol, lmao even. That’s some careful word play for the sake of unneccesary hyperbole.

They have shot innocent white American citizens. In some other places they have gone door to door. Those are independent actions, not a combined reality. We can all agree they’re god awful as a massive understatement without lying about door to door murder squads.

Inb4 “if you have to make that kind of distinction you’re already fucked” yeah, we are, but accurate information about the ground situation is vital for any forward movement.

Lol, same. I spend more time writing guard rails, setting up verbose debugging output/logs, figuring out how I can test without blowing up shit, backing up data before, backing up what it’s going to do, and then trying to set up automated confirmation of success or failure than I do coding the purely functional parts.

I’ve run the “person has quit, yeet their access” script I made on people days early more than I should admit. Had to put in a lot of extra checks on that.

If you’re at a place still using VMWare, a tip: if you’re trying to automate shutting down all the VMs for some hardware moves (get list of VMs, send Guest OS shutdown command, wait a certain amount of time, if VM still showing online force shutoff), VSphere will return the VM management devices/servers/whatever they’re called (what vSphere runs on) in the list of VMs, and it will accept Guest OS shutdown commands sent to the thing hosting VM management/vSphere. Halfway through shutting it all down for a move I started getting “cannot reach VSphere” errors. Added an extra hour or two to that weekend project as we had to get into things through some other back end shanigans to finish shutdowns manually.

I don’t disagree, but corps are going to push the settings in their software and products that makes them the most money. It sucks but should be expected.

It’d be better if there were competitve open source options with the same ease of use, of implementation at scale, and ease of management at scale, but unless you’re willing to do custom forking and dev work, most of the time it’s easier to go with whatever is the overwhelming standard is and work around the rough spots, as at least then you’ll almost never be in completely uncharted waters.

I spent a few years building a custom solution for integrating a semi-popular but still relatively new HRIS system with a hybrid AD/Entra environment with a somewhat unique hybrid Exchange (email) setup. Doing it live, no real documentation to speak of because the few other places that had done it turn out to be consulting groups that sell their solutions for ridiculous amounts of money. My workplace has now hired an entire team and spent at least half a mil on a new software suite that will replace my solution eventually, after more dev work by this new team.

That was after I burned a year trying to figure out how in the hell I could programatically try to clean up a horribly misconfigured and mismanaged old SolarWinds Orion setup that had accumlated tech debt for years, only to be stymied because they don’t allow public discussion of their fucking database structure, and what I found out myself was batshit. Don’t trust software that use their own custom bastardization of SQL.

After those experiences I’m pretty damn content to stay in the land of “well documented and popular” and just work around the rough edges. Keeping up with patch and update news and delaying updates a little usually gives plenty of time to effectively opt-out by changing the settings before it hits our environment at large.

Fuck Microsoft’s bullshit, but at some point it’s the enemy you know, especially in a corporate environment. I’m no stranger to masochism through tech work, but I’ve gotten used to MS’s brand of fuckery, as a lot of us have.

No… then they don’t do what I’m talking about. I’m sorry you deal with the suck, but your IT team still gets hammers.

My workplace backs up to OneDrive itself. No requirement of work VPN, just sign in on a work machine with internet connection and confirm the MFA prompt.

Technically OneDrive is some unholy patchwork on top of Sharepoint Online, as evidenced by a ton of back end settings going through the SharePoint admin UI, but that’s not relevant to the discussion.

I didn’t even know it was possible to hijack Onedrive to point to SharePoint Server. For that matter who in the absolute fuck is still using Sharepoint Server? It went out of support two years ago, and extended support (at significantly extra cost) ends July 14th.

There is technically another On-Prem version past 2019, but it’s obvious bare minimum life support.

Plus, Microsoft locks so many of their security and other features baked into Azure behind Office 365 E5 licenses that most places are just using those for Office etc, and those come with a shit ton of storage per-user in OneDrive and SharePoint online.

We also don’t have auto-deletion turned on (yet). I’ve already done what I can to talk my boss out of it, but we will have options to prevent it on specific files and folders, as we already do with email (auto delete past certain age, unless it’s in the archove folder. you can set up auto archive rules if you need, but there’s rules on max space).

TL;DR- Your workplace does not in fact do “essentially what I described”, which is a large contributor to the issues you’ve seen. Go get hammers and beat your IT staff with them.

Especially the Sharepoint Server shit. That’s horrifying. No one should have to even think about touching that. Ewwww.

Depends entirely on the implementation. If it’s wired right into the power line for the camera/mic, then it comes on when power goes to that hardware, but without extra engineering you could just pull off the LED and solder over the gap in the trace/wire.

And I have to apologize, I had forgotten that there are already third party companies advertising services to bypass/disable it on the meta glasses. Have to edit my last comment.

I’m sorry, that sucks. It really only takes about ten minutes to search up the settings to turn off the saving redirection in Office programs and toss it in the default Group Policy settings, but I’m sure that at a huge org that would end up stuck in absurd change review hell that IT folk seem to try and avoid.

The meta glasses supposedly are designed with a bright led on the front that comes on when the camera or microphone is recording.

Edit: I had forgotten when I wrote this that there are companies already offering services where you can send in your meta glasses and they claim they will somehow disable/bypass the LED indicator.