[MaulingMonkey]

> This is a lose-lose scenario. If you don't trust a closed operating system in the first place

I don't trust open systems either. I don't have the time to audit them. If I did, I wouldn't trust myself to catch everything. I don't trust "enough eyes make all bugs shallow" either.

Case in point: Canonical written "features" in Ubuntu, and OpenSSL bugs in general.

> why would you then, after performing these steps, trust the system that it really does what it says it does.

Don't trust: verify with wireshark? Alternatively, trust the people who wrote this to have run wireshark. Alternatively, "Trust but verify."

I generally trust Microsoft and FOSS to not be actively malicious on their own behalf.

I trust neither Microsoft nor FOSS to do their privacy due diligence, write perfect software, to be free of capitalistic or engineering pressure to add privacy harming features, nor to be free from subversion by state actors (NSA etc.)

What's your superior counter-proposal, under these conditions?

> The point is that you don't know, and you can never be sure.

Fundamental truth of computing, not "windows 10". I can't even trust the code I write myself to be free of security or privacy issues due to my own mistakes or lack of consideration.

> The solution is to either trust or not, switch or stay, there is no middle path, because any middle path implies some amount of non-trust.

I reject the thesis that trust is binary. Were I to accept it, I trust nobody - everyone is vulnerable to being subverted by blackmail, intimidation, making mistakes, etc.

Trust of system is also not the only factor influencing my use of a system. I trust a deeply buried cement brick more than any computer, but I can't use the web with it. I have very different trust needs for my bank servers, my workstation, my catstation, and my gaming console.

[Beltiras]

You are making an apples and oranges comparison. On the one hand you have something that theoretically (and sometimes provably) is checked by people besides the project maintainers. You are absolutely right, but even taken your framing OSS OSs are orders (yes, plural) of magnitude more trustworthy than even older versions of Windows than 10. The privacy violations in 10 are large enough to make the system unusable by anyone that works with sensitive data (be it code, medical records, personal information, proprietary information etc).

[ekianjo]

> Canonical written "features" in Ubuntu

Oh come on. Canonical did not hide what they were doing, and enabled an option to disable it in the first place. You could try finding better examples than that.

[MaulingMonkey]

> Canonical did not hide what they were doing,

Did Microsoft? This is news to me if so, and I'd be interested in reading up on any sources for this you might have.

> and enabled an option to disable it in the first place.

Microsoft added several options to disable things. While I certainly agree that those options have some gaps and/or are outright bugged, I'm not convinced there's any difference in intent or motivation, which is the bigger factor to me when it comes to trust of character.

[bigbugbag]

basically what microsoft did with windows 10.

[r3bl]

> I generally trust Microsoft and FOSS to not be actively malicious on their own behalf.

Yup, I completely agree. I trust both of them.

But I don't trust third-party programs made for Windows because I always have to un-check something just to not get some junk program attached to its installation. I've never encountered with a single such request since I made the switch to Linux two or three years ago.

[pdkl95]

While there are serious issues with Canonical, Mozilla, and other people in the "open source" community[1], there is a huge difference in both magnitude and intent between the problems with Canonical/Mozilla and what Microsoft is doing in Windows 10.

[1] That's one of the reasons some of us promote Free Software instead of Open Source.

[cautious_int]

I don't trust open systems either.

Don't put words in my mouth please.

I reject the thesis that trust is binary. Were I to accept it, I trust nobody - everyone is vulnerable to being subverted by blackmail, intimidation, making mistakes, etc.

You seem to be using a different definition of the word trust than I did. Everyone is vulnerable, does that mean you cannot trust anyone? No, you certainly can, that is the whole point of trust.

[MaulingMonkey]

> Don't put words in my mouth please.

It's not my intent to. I'd ask that you clarify exactly how I have, if I have.

>> I reject the thesis that trust is binary. Were I to accept it, I trust nobody - everyone is vulnerable to being subverted by blackmail, intimidation, making mistakes, etc.

> You seem to be using a different definition of the word trust than I did.

Did any of the earlier discussion about what I do and don't trust Microsoft & FOSS with seem on the right track?

> Everyone is vulnerable, does that mean you cannot trust anyone?

It means I cannot trust in an absolute, binary fashion, of 100% certainty that it will not be misplaced. I can only trust that they'll probably do the right thing (tm).

> No, you certainly can, that is the whole point of trust.

EDIT: Added context now that new lines have shown up. Also added replies.

[chrisoverzero]

This is a misreading of "either," I think. Read not as "You and I both distrust open systems," but as "I distrust both closed and open systems."

[MaulingMonkey]

I think you're right! Thanks for helping clarify.