| HN Mirror

One would hope they got their crypto right (I'd assume it's done via ssl with a pinned cert, but I haven't checked). More worrisome is what they do at their data centers - officially they might paint one picture of how well they have secured their system both technologically from outsiders and from employee insiders but behind this pretty picture could be a total shitshow behind the scenes and we wouldn't know. A rogue employee could socially engineer his way to data and dump it on the internet - similar to what happened to OkCupid. They could be infiltrated by Chinese with their infinite budgets and then you take a "voluntary" trip to China. They could be forced by USG to reveal data, and I'm all for nabbing terrorists, but USG has proven that they aren't any better at securing their stuff so China scenario again applies. Or Microsoft is after a few years pushed into corner even more and become really evil and start monetizing data to everyone with a dollar and it turns out they consulted lawyers to arrive at minimal method of data anonymization that would still be accepted by courts.

In the end, it's customers who have bought their computers and should retain ultimate agency over their hardware and what Microsoft is doing isn't necessarily in their customers' best interest because it puts undue, poorly communicated risks on them. Most users aren't equipped with necessary background knowledge to evaluate these risks so aren't even capable of consciously accepting them.

edit: oh it's you ryan. I'm sure you already know all this. :)