Hacker News new | ask | show | jobs
by senfiaj 5 hours ago
>> Windows 11 requiring TPM, Secure Boot and being all react wasn't great.

For me a bigger concern is that Windows 11 requires MS account, and making harder and harder to bypass it. This is a disrespect for my freedom and privacy. The hardware is not the biggest issue because it might catch up eventually. https://waspdev.com/articles/2026-03-12/i-ll-probably-never-...
4 comments
RachelF 4 hours ago
And in order to get the Windows 10 updates in the article, you need to sign up for an MS account, or pay them $30 a year not to spy on you.
link
layer8 2 hours ago
You can bypass the account requirement using https://github.com/abbodi1406/ConsumerESU. Of course that isn’t endorsed by Microsoft.
link
palmotea 3 hours ago
> And in order to get the Windows 10 updates in the article, you need to sign up for an MS account, or pay them $30 a year not to spy on you.

Can you elaborate on the "or pay them $30 a year not to spy on you" part?

Ctrl-F isn't finding any mention of that in either https://www.neowin.net/news/windows-10-quietly-gets-one-more... or https://waspdev.com/articles/2026-03-12/i-ll-probably-never-....

link
mkl 2 hours ago
It's in the linked Neowin article on how to get the updates: https://www.neowin.net/guides/how-to-get-one-more-year-of-wi...
link
martinjc 2 hours ago
The average consumer doesn't care about signing up for an account, so that's an easy win for getting them in the email system and thereby tie all the telemetry events to an easily recognizable account. Imagine how valuable this information is.

Now you have system level events tied to a user, that might also purchase an office product and pump out more events.

link
senfiaj 2 hours ago
Well, they might still do it but less aggressively. For example, only when using MS Store or only some specific services. Apple uses a similar strategy with MacOS. Online accounts can also be convenient with with service integrations, provided they are optional. Also, I slightly disagree that average users don't care at all. Even setting aside ideological reasons, mandatory online accounts are terrible if there is no internet or the system must be preinstalled for another person (although the person who installs is not that average user). The system should be functional in offline mode.
link
martinjc 1 hour ago
To download apps on an iphone, you need an apple id. This is just something every apple user has accepted since its inception. I would also be surprised if the majority of macOS/OSX users didn't have an apple id/icloud account.

This is not a new concept. What's new is that microsoft is enforcing it. But making it less obvious on how to disable the requirement when you install the OS. Or in most cases require hacks to do so.

link
senfiaj 1 hour ago
>> To download apps on an iphone, you need an apple id.

iOS is worse than MacOS. I was only talking about MacOS.

link
lazide 5 hours ago
Also the constant turning on despite my prior explicitly disabling of spyware (memory ‘live sampling’ to the cloud for ‘virus protection’, one drive ‘auto backup’), and features I’ve explicitly disabled like copilot.

It’s creepy as fuck, and for no real benefit to me that I can tell.

link
Terr_ 4 hours ago
> spyware

The privacy-destroying "telemetry" continues to transmute from a theoretical problem to a realistic concern too.

For example, many printers puts forensic marks onto pages identifying their serial number, while MS/Apple log all your device serial numbers, which in turn is subject to seizure/threats/theft.

The upshot is you can't print an "anonymous" flyer stating I Dislike The Regime without the risk that thugs of said regime will be outside your door later.

> memory ‘live sampling’

"Citizen, the signature of a Wrongthink picture was detected in your telescreen..."

link
gadflyinyoureye 3 hours ago
I'm. Lt sure why this is down voted. ICE showed up at a woman's door trying to force her to take down a benign social media post.

What is stopping similar authoritarians from cracking down using these kind of features and registrations?

https://newrepublic.com/post/212340/ice-poll-worker-election...

link
Grombobulous 2 hours ago
The printer thing seems pretty unrelated, and I don’t think there’s much evidence that simply logging in to your system with your Microsoft account has anything to do with telemetry of the actual content of your computer.

You can obviously send a lot of personal data through Microsoft services that use that account, but merely logging in that way doesn’t seem to just upload your life to Microsoft, either.

link
Terr_ 1 hour ago
> The printer thing seems pretty unrelated

It's a simple example of how the arcane telemetry they demand is actually far more dangerous to you than it first appears.

This is incredibly common when it comes to security and privacy issues, where it's not immediately obvious how things can be abused. (The truly obvious things tend to get fixed, after all.)

> I don’t think [...] your Microsoft account has anything to do with telemetry

My brother in tech, I think you're blinding yourself out of forlorn hope here.

Microsoft has spent over a decade increasing the mandatory "telemetry", which contains a complete profile all your computer hardware with serial numbers plus all the software you run and when you run it [0]. The same company has consistently made it harder and harder for anyone to not sign up for an account in order to even install the OS.

They already collect the data in a very deliberate and strategic way. What you ought to be seeking is evidence they don't keep it.

[0] https://arxiv.org/abs/2002.12506

link
Grombobulous 1 hour ago
I appreciate the fact that you sent over a very good paper.

After reading it, I am still not sure I see how this is particularly alarming information. I can see how it would help a forensic investigator who has physical access to the device.

The most personal aspect seems to be the list of installed and removed programs, which I would agree is stepping across boundaries of privacy.

The paper notes that this whole studied telemetry package is part of the telemetry service you can opt out of.

The rest seems to be device identifiers and connected devices. They mention that the device identifiers could lead to having part of an encryption key but that part of the paper seemed really vague. My takeaway from that section was that maybe it could lead an investigator to knowing which specific piece of hardware to use in order to decrypt something, but they’d likely need physical access to that hardware.

I get the impression is that the intent here is for an IT department or Windows developers to be able to respond to cyberattacks and deal with malware and the like. The paper you linked made that aspect pretty clear.

The printer thing is a good example, but again, just too unrelated to this particular subject. At least, in my opinion.

link
mawadev 1 hour ago
I left 2 licenses of copilot in my car, someone broke into my car and left 4 copilot licenses there. The world is a dangerous place honestly, you cannot be protected enough..
link
Grombobulous 3 hours ago
Yeah, TPM and secure boot aren’t a big deal at all. I use them on Linux as a security enhancement.

I really don’t know how a no-brainer security implement like that became such a lighting rod.

As far as React being used in the OS, well, if we are arguing about underlying technology there are plenty of flawed implementations to be found on a number of platforms. I don’t think the end user is concerned.

I say all this as someone who does not recommend Windows and no longer uses it, to be clear.

link