I read your link, and you need to retake basic literacy if you believe that satisfies any sort of proof. All it says is “Microsoft totally has a keylogger, this setting disables it.” It does not show any evidence of the claim. It does not link to evidence of that claim.

No one’s arguing that they aren’t gathering typing data. I’m arguing that it isn’t a full-on keylogger siphoning passwords.

Please stop fighting a strawman. I’ve not said anything good about Microsoft here. I’ll insist again that I’m more familiar with their rot than most, given my career.

I did Google, with multiple search terms. Check my last post again. There’s a spoiler with plenty under it. It’s the line in a section all it’s own that says “Did my research, I’m not finding the hard evidence.” Tap to expand the multiple paragraphs not only summarizing my findings but also linking specific examples. If you have some specific issue with what I found, let’s hear it.

I’ll state it again and clearly: Everyone should turn off the feature. But hundreds of sites copy pasting the same article, the headline claiming it’s a keylogger, the same instructions to disable predictive text data collection, and nothing else is not evidence. It’s copy paste tech support slop.

If sites claiming things about how Windows worked were reliable, or repetition meant reality, “sfc /scannow” wouldn’t be a meme in the sysadmin world. 90% of the time it doesn’t help. It’s a specific tool for fixing issues caused by corruption to the OS files, not the cure all it’s touted to be by many sources.

So show me some network traffic analysis. Show me a whitepaper. Show me a security reseacher’s write up. Show me process explorer screenshots showing the file lock for the file where the data is stored. Show me someone testing two default Windows installs in VMs, one with keystrokes entered and one without, and the clear difference in network traffic, file activity, anything.

Anything more than simply saying “trust me bro”.

Because headlines can’t be wrong right? The CrowdStrike outage was totally an issue with Microsoft Update, as originally reported far and wide, and not an issue with an update to CrowdStrike software running at kernel level that mirrored the same issue they caused in Linux deployments a few months earlier. People still don’t get that wrong, not at all.

Look. The ball’s in your court. Again, if it’s so easy, prove it. Stop wasting effort trying to rub my nose in it like I’m a bad dog, and just prove I’m wrong.

My research doesn’t show what you insist is so evident it doesn’t need to be sourced. If it’s as you say, spoonfeed me. Prove it. It’ll be faster, and I’ll gladly edit all my previous comments here to say whatever disparaging thing about myself you desire.

Crow is delicious and I look forward to eating it.

Come. On.

Edit: I’m not normally the kind of person to look up who up/downvoted me, but I spent the better part of an hour trying to find evidence in support of this guy’s claim. Apparently it’s easier to downvote than prove me wrong in such a simple way that they claimed I couldn’t have done a google search or I would have found it.

So let’s fucking go. I’ll extend this “bet” to anyone.

Show me evidence that Microsoft is capturing all (or most) keystrokes, specifically including passwords entered across multiple programs, through the setting for predicitve text and handwriting analysis which can be switched off through the settings menu, it is happening on live/prod/general use releases of Windows, not preview builds, and it does not rely on unlikely edge cases like a user somehow accidentally running Calculator with a debugger attached to the process and then typing passwords into Calculator.

Note: Being able to hijack the service and exploit speculative execution shit like spectre to access other areas in memory doesn’t count. This has to be inteded behavior.

If you can prove that for Windows 7, 10, or 11, I will do just about anything you want as a punishment. Want me to speedrun getting banned across the fediverse? Want me to make a video smearing peanut butter on my junk while singing your praises?

No doxxing myself, no physical harm, permanent body modifications, nothing that would get the cops called, make me ill, or jeapordize my job. Monetary cost can’t be over $20. Thinking more like I’d write that you were right on my ass, make it my profile picture here, and edit every comment I made on here (over 4000 at time of writing) to add praises for you and to point to my shame. That sort of thing.

If you can get the instance admins in on it, I’d fully accept old 4chan rules of deliver or suffer permaban.

Just to cover my ass for Microsoft doing something dumb as hell with Recall, that doesn’t count (see specifications about it having to be connected to this predictive text/handwriting thing), and this offer is only valid for the year of 2026.

I highly reccomend Neil Postman’s book, Amusing Ourselves To Death, which that wonderful quote is from.

Have you been on them, or is this an arm chair take?

Not feeling any empathy is horrible, but feeling absolutely god awful about things you can’t do shit about isn’t exactly a virtue.

Just like many people already have it.

And there it is. This is a not so thinly veiled post being highly judgemental about people on anti-depressants and the like.

As you’ve identified:

I’m sure that what me caring does to my mental state is far worse than however good is anything it does to anyone else.

So… if it’s not helping anything, and arguably harming yourself, what is the point?

I promise you that it is possible to be aware of these horrible things going on, accepting that you cannot do anything about them, minimizing of the negative impact on your own emotions and mental state… and to be able to move on with your own life and enjoy what there is to enjoy around you. All at once.

That isn’t a “lack of caring”, it sure as hell isn’t fucking ignorance. I honestly take quite a bit of offense at that.

It’s basic acceptance of what you can and cannot change. The relatively recent idea that if you aren’t emotionally distraught about world events then you don’t care is one of the most toxic and damaging to mental health things in recent time.

Some people will call it stoicism, but it’s not even going that far.

This whole idea of “I have to stay aware of all the suffering in the world, and I have to have strong feelings about all of it!” is just “thoughts and prayers” with a whole bunch of extra steps that people often use as justification to look down upon others who don’t stay as up to date, or who don’t get as emotionally invested.

So to answer your question, no. I wouldn’t take pills that work as you describe.

Thankfully, that’s not how anti-depressants and anti-anxiety medication fucking work! (Unless you’re on far too high a dose or perhaps on anti-psychotics instead)

You can find plenty more shit like this just taking a scroll through the settings app/menu. Anything mentioning “predictions”, “suggestions”, “send data to microsoft”, “help us make your experience better”, “automatic personilazation”, “use your data to improve”, “telemetry” and the like is data collection for Microsoft’s sake with little to no direct impact on the function of the OS or other software.

Cool it with the attitude. If it’s so easy to find this evidence, you could have posted links yourself to it instead of whatever the hell you think this is. Public shaming?

There’s plenty of easily proven reasons to hate Microsoft without pulling stuff out of our collective asses. Like the collection of image thumbnails I already mentioned, which as I said was confirmed (as much as analyzing SSL encrypted web traffic can be without breaking the encryption) by traffic analysis.

I have a decade of experience doing tech work in Windows environments. More than half of that time now in systems administration and infrastructure “engineering”. I’m better versed in Microsoft’s bullshit than the average bear, and I’m definitely not trying to argue they’re great.

Proof of this sort of thing can make a career in infosec, so I don’t have any issues believing that people have been digging deep for any evidence of this. If direct evidence is out there, you’re right that it shouldn’t be hard to find.

So now I’ve danced to your tune. I’ve “done my research”.

If this is so damn obvious, please for the love of all that is holy just link me the damn receipts. I promise I can handle whatever hacker writeups, white-papers, etc that you could throw at me. I want to see them. Please don’t blueball me.

So, it’s easy to point fingers at a scary sounding sub-system and scream, but has anyone done any true analysis of what the feature actually does?

There’s plenty of ways to check this shit. Just off the top of my head, checking the files it accesses using process explorer would be a start. Should be pretty obvious if one of them grows with keystrokes.

Those are some pretty damn big claims for “trust me bro”.

It used to be that with shit like this you could actually find stuff like “Hey, I’ve analyzed network traffic from the PC, and can confirm that once an hour it’s sending encrypted data to a server in Redmond that matches the size of the image thumbnails generated by Explorer in the last hour. If Explorer hasn’t generated thumbnails in that time, no data is sent.” with receipts when someone claimed that MS was collecting everyone’s image thumbnails.

Now it’s just Microsoft bad! Trust me bro!

Regardless of validity though, it concerns me that people use their computers without taking 30 minutes to go through the settings and shut off shit they don’t want.

Whether the implementation of this is a true keylogger or not, I get no benefit out of Microsoft analyzing my typing, and I’m not using any sort of touch screen or stylus so handwriting analysis is a waste too.

I disabled it within the first hour post-install.

Unfortunately with the way you asked, and especially with asking on Lemmy, you’ll get a lot of tech saavy people, and FOSS enthusiasts. You’ll also get a handful of people here who can’t help but talk down to anyone who dares to say that Windows isn’t just the fucking worst.

I’m primarily Windows, with an Ubuntu VM for working with obscure FOSS utilities (like I had to use someone’s college project to recover data off a USB HDD where the enclosure broke, and it turned out the manufacturer used whole disk encryption so you couldn’t just shuck it and go, but it was thankfully trivial with the key stored in a specific sector) and to work with github projects that only provide build instructions for Linux.

I run a personally customized and debloated install of Windows 10 Pro on my desktop, and Windows 10 Ameliorated (someone else’s debloat setup I cribbed a decent amount from) on a laptop that is mostly used as a remote endpoint for the desktop through sunlight/moonlight (whatever the open source version of nVidia streaming is). The debloating took maybe 4 hours (6 if you include the time to figure out how to stream updates and drivers into the install media) and I’ve had no issues with any of the shit people complain about. I’m in control of my own updates (although you can’t delay them indefinitely, you can push them back multiple weeks and prevent auto-restarts), no onedrive, stripped out telemetry shit and blocked through host file and DNS in case any was missed or added later. No updates have reset any settings I’ve set, despite the common insistence that everyone says they do.

But I also have almost a decade in supporting Windows, from intro IT help desk to many years as a sysadmin and IT infrastructure “engineer”. I know what levers Microsoft has built for businesses to use to kill the bullshit, anf I cry at just how ridiculously bad a shit ton of Windows advice online is.

As far as Linux goes, I’m no stranger to it, and have been poking around with it since Knoppix was one of the only options (if not the only) for live-boot. I’m the go to guy on my team for the few Linux based appliances we run that don’t belong to the network team. I want it to be a competitive alternative for corporatized software.

But I bounced off it in the mid-late 00’s as I got tired of how much tinkering it took. By the time I was interested in checking it out again, I was working in IT, and nothing drains you of energy to tinker with computers at home like doing it eight hours a day for work. I wanted my stuff at home to just work, to the point that I even was mostly gaming on console.

I’m out of my burnout now, built a new desktop when I got my sysadmin/infra position, and built up a homelab of VMs to try (and fail to) speedrun studying for the MCSE before MS stopped offering it, since I work in a primarily Windows environment.

Whenever I finally get some free time, I plan to sit down and document customizing Win11 to not suck for the sake of all the people online that insist it simply isn’t possible at all… and to set aside a dedicated drive to try out some more modern Linux distros again.

But I’ll be honest, most Linux troubleshooting stuff still seems to be pretty finicky and still a tradeoff compared to the amount of stuff that “just works” on Windows (nVidia GPUs, HDR, VRR for a few examples). Definitely far better than it used to be, but still not to the point where the OS just gets out of your way. Windows still seems to be able to get to that point more easily.

I hope to proven wrong in my opinions about the current state of things.

Go beat your IT department with hammers. I have roughly a decade in IT with primarily Windows in our environment. There’s no reason for it to suck so bad in a corporate environment. They can disable it entirely very easily, or make it work amazingly well with some effort.

My workplace:

• We redirect/sync My Documents and My Pictures to OneDrive seamlessly. If it’s saved in either of those, autosave is on and it’s the same file locally and on onedrive. Files saved follow to any machine. Viewable in explorer always, actually downloaded locally on the fly as needed. Obvious overlaid icon on every file to indicate if it’s synced, syncing, or not available locally (when you’re offline and can’t connect to one drive). You can right click files and folders to easily adjust if they’re always downloaded up to date locally or just on demand.

• If there are any conflicts it can’t auto-merge (usually only non-office docs) it saves them with the source computer name appended to the end of the file name so you have each version available, and it pops up a notification that stays until it is manually dismissed, so you know it happened.

• If for some reason you’re working on a document outside of the synced folders, office programs do not default to saving in one drive, they default to where the document was opened from or to “My Documents” for new docs, so shit doesn’t get silently moved on you. I can and have had the same doc opened on multiple machines at once, made edits on each, and it worked just like live collaboration with other users.

It doesn’t have to suck, and it’s also easily disableable entirely in enterprise environments if your IT doesn’t want to configure it well. We kept it entirely disabled from our environment until we had our config planned and thoroughly tested with a pilot group for a few months before we let it hit the company as a whole.

I’m not sure what you think your threat model is here. I’m not happy about it either, but my place of residence isn’t entirely private information already. I’m pretty certain it’s available through multiple public information sources. Cameras being able to see me in that vicinity might help someone determine my daily habits and schedule, but there are many other ways of that as well.

Again, I’m not happy about it, but I feel like you need to ask yourself what risk you’re trying to protect yourself against here.

As another commenter pointed out, any of the amazon based ones are part of amazon sidewalk and record nearby bluetooth and wifi devices. Sidewalk is also partnering with flock, so that data is available to law enforcement and possibly corporations that use flock for security to be able to use for advertisement.

But so is your phone’s location data.

So if you’re trying to protect against this sort of thing, you’d need to be taking much more extreme steps. Different dogs at different times with entirely different outfits and rocks in shoes to make different gaits. Face coverings. Multiple burner phones not tied to your identity, and only taken out of farady bags to use in association with different identities.

And then it still would all tie back to the same house/general vicinity.

There’s no perfect privacy options, so you need to identify your threat model. What are you trying to protect against, how important is it, what are the quantifiable risks of failure, and how inconvenienced are you willing to be to achieve this.

It sucks. I’m not happy about it. But you can’t stop your neighbors from using them. So you’ll need to accept it, or come up with alternatives. Feel like moving to someplace more rural?

It’s always going to be a balance.