[nexuist]

A perfect encapsulation of why these privacy complaints are next to worthless. You don't trust Microsoft with telemetry but your package.json pulls in 30 packages from completely random Internet strangers who published something that looked cool on GitHub.

There's no coherent threat model here. There are a million different ways to shoot yourself in the foot and compromise your codebase before we even begin to consider what Microsoft can do with the knowledge of what buttons you press sometimes.

[Sanguinaire]

A bit disingenuous I think; people are concerned about security when worrying about random packages, but privacy with Microsoft.

MS have a history of being hostile to open source, but have been able to launder their image somewhat.

[siproprio]

They were 'attempting' to launder their image.

[nexuist]

Privacy and security are the same thing. When one is compromised so is the other. Any untrusted code that runs on your machine has the implicit capability of exfiltrating information that would rip apart your privacy.

[siproprio]

> There's no coherent threat model here.

My threat model is Microsoft selling bogus "productivity enhancement" features to customers, pushing duplicated features, collecting data on costumers to acquire business sensitive information, and using marketshare as leverage to strangle better products.