[Silhouette]

One of the main reasons we don't want anything to do with most recent Microsoft software at my office is concern that unspecified data we're working with -- which might include information obtained under NDAs, clients' trade secrets, sometimes personal data, etc. -- might get sent up to the mothership when one of the telemetry systems phones home.

People look at me as if we're crazy for worrying about this possibility, even though Microsoft of 2019 is notoriously vague about how any of this works and we could be flagrantly violating multiple laws and contractual obligations if it happened.

[philpem]

This. If they were at least up-front and said what it collects, how, when, and how to turn it off (or better yet, followed privacy best practice and turned it into informed opt-in), I'd be more eager to upgrade.

With that said -- there's still room for due diligence. I've built systems which handle personal data, and we pretty much started with Debian minimal and worked from there. To make damn sure, we stuck them behind a whitelisted firewall. They had access only to things we allowed them to see, and only in the direction we allowed.

[BlueTemplar]

If it was just Microsoft... it also goes for Intel and Ryzen era AMD processors. Maybe IBM's new PowerPCs are safe ?