The parent comment that I replied to was asking about transparency and I tried my best to answer.
> Why doesn't MS just stop forcibly collecting data from my machine?
Updates.
At the minimum data collection level for client SKU (set via user settings), MS asserts that only data needed to keep the machine running and secure is collected (i.e, updates). They really do try hard to honor this assert, although I understand I'm not going to be able to entirely eliminate skepticism.
You can argue that you should be allowed to disable telemetry for updates, but I think that's a different conversation. MS didn't want Windows reputation to suffer due to undeployed fixes (this was a big problem prior to win8), and they took a hard line on the updates.
Enterprise SKUs have a zero exhaust option (no telemetry), but alas, it's not free.
> MS asserts that only data needed to keep the machine running and secure is collected (i.e, updates)
I think this phrase is going to be a contentious point anyway. Microsoft doesn't need any telemetry to "keep the machine running" - as trivially evidenced by me pulling out the Ethernet plug, disconnecting the wireless adapter, and booting up Windows 10. The OS will run just fine. As for keeping it secure, it depends on how much you stretch the word "secure". I can't see any reason why telemetry would be needed to deliver updates (Windows could just download the list of available updates and request the ones it needs). You could argue telemetry is needed for malware detection and mitigation, but that can be stretched to justify everything up to and including uploading snapshots of your hard drive.
I'm guessing "needed to keep the machine secure" is how we've arrived at the rather absurd situation in which Windows Defender is automatically uploading executables it finds on the machine, to have them tested on Microsoft servers - which has been demonstrated to be a neat vector for exfiltrating data from secure corporate networks: the malware can just encode the data it collected into an executable and write it out to the file system, at which point it gets picked up by Defender and uploaded to Microsoft (which corporate firewall will most likely allow), where upon execution it connects to the attacker's server and delivers collected data.
Linux distributions manage to provide updates (and keep the machine running and secure) without telemetry. They were already doing this before Microsoft implemented automatic updates in Windows. (And, in fact, Windows had updates before it had telemetry.)
This is not entirely correct: for as long as MS has offered updates via the internet, the update service has required some information from the users machine. If we went back to 2003 with the same legal definitions and awareness that we have today, we could have called this information 'telemetry'. The legal definitions and public awareness of the data gathering has changed a lot since then, but the use of 'telemetry' (for lack of a better word) hasn't.
You'll have to forgive my ignorance about Linux because I haven't used it in a long time: I just fundamentally don't see how any update manager (be it chocolatey, nuget, windows, or linux etc) can efficiently update a client without knowing what's already on the client. If any installation information is sent from the client to an external entity, it may be considered 'telemetry' and subject to certain laws. Doesn't sudo send such information? (again, forgive my ignorance on the Linux implementation).
> I just fundamentally don't see how any update manager (be it chocolatey, nuget, windows, or linux etc) can efficiently update a client without knowing what's already on the client.
Pretty simple. Instead of sending information about what's on the machine to the update server, the client would download the list of available updates from the server, use that list to determine what updates it needs, and request those specific updates from the server.
That's e.g. how apt - the Debian family package manager - works. You `apt update` to update the local cache that lists available packages and their versions; then, you `apt upgrade` to download and install any or all packages that need updating.
The client downloads the list of packages from the update servers, compares the available versions to the installed versions and offers (if the user so chooses) to download and install the newer versions (or a subset). (And there is some additional logic around resolving conflicts, all on the client, using metadata downloaded from the servers.)
You might argue that this is not "efficiently", but it works great and in my personal experience a lot faster, more reliably and more predictably than Windows Update.
(As for sudo: No, unlike e.g. the .NET Core CLI and winget, system utilities don't normally contain extra unrelated functionality to silently collect user data and send it off somewhere. Perhaps one reason Microsoft don't hear more complaints about it from developers is that nobody imagines that you would do such a thing. It's normally not done.)
Yeah, to extend the thought about sudo - which, for clarity, is a command you use to execute something as a superuser on your system; it's not a package manager, but something you often prefix when interacting with one.
So sudo, depending on system configuration, does log interactions, but does it locally. The rationale behind this is that Linux heritage is one of multi-user systems, so you want to have the owner/sysadmin of that system to be able to audit the use of superuser privileges by regular users, in particular when they break something. In a Linux system installed on a desktop, or a server you admin yourself, the user is the only person who can access these logs anyway, so it's no different than any other system log.
That these logs would be automatically sent to third parties is unthinkable - in the sense that nobody would even think an operating system would dare send sensitive information out like that.
> Why doesn't MS just stop forcibly collecting data from my machine?
Updates.
At the minimum data collection level for client SKU (set via user settings), MS asserts that only data needed to keep the machine running and secure is collected (i.e, updates). They really do try hard to honor this assert, although I understand I'm not going to be able to entirely eliminate skepticism.
You can argue that you should be allowed to disable telemetry for updates, but I think that's a different conversation. MS didn't want Windows reputation to suffer due to undeployed fixes (this was a big problem prior to win8), and they took a hard line on the updates.
Enterprise SKUs have a zero exhaust option (no telemetry), but alas, it's not free.