> Microsoft may collect more info about RPi and Linux users as many try to reduce their digital footprint such as your IP address and build a profile about you.
So Microsoft, assuming they want to go the extra effort (these are likely unconnected infrastructure pieces) could build a fingerprint of you to know that.. what, you have a raspberry pi? And they could go to extreme lengths to associate this with your GitHub account to know that yes you, John Smith, have a raspberry pi? What business value is this for them, and how could it be used for “evil”?
In the future, coordination across Github, Linkedin, and other properties of theirs could exist (e.g. Facebook & Oculus). The not-that-nefarious-but-annoying one I can come up with immediately is better targeting for recruiter spam on LinkedIn based on hobby projects, code language, and Linkedin/Github connection graphs. I know they have ads on Bing that could benefit as well, but I don't know if they run their own ad network or how those things might tie together.
I think others could probably give the "evil" part a better take. Mine is just an unfounded guess around business/market research and future competition.
Firstly, I wouldn't underestimate the level of separation between fiefdoms in Microsoft. LinkedIn, Bing, Github... these are all pretty different parts of the company. Secondly, so LinkedIn is better able to target people who own a raspberry pi? I'm not even sure what kind of signal that gives you (could correlated to a wide variety of things), but given it's 1-bit nature... ok so I'm headhunted more or less specifically a tiny bit? I can't imagine this is even worth the engineering time at Microsoft, but if it is somehow, I still don't see the big deal here.
To me it just sounds like a general distrust of Microsoft compared to the Raspberry Pi foundation. I just wish it was more framed as 'I don't like Microsoft, no matter how rational or irrational this fear is.' I'd respect that far more than alluding to some potential tangible harm cross referencing that you own a Raspberry Pi with your github profile. You already declare what you own in your user agent when you use github to begin with -- why is an RPI so different and that much worse?
The private keys are specifically for accessing a repo, which is also easy to disable. No, I wouldn't object if I was downloading software from them: I'd want it to be cryptographically verified. Similarly, I accept an OS with keys from Google and all kinds of people and governments in the form of SSL root certificate trust.
If I was getting software from the CCP/US Gov/Russia then that would also be fine. Here I'm not, it's a repo for VSCode from Microsoft. Context matters.
Can you point me to this 'death' scenario? What did it die of?
Are you worried Microsoft is going to install spyware by overriding something like 'git' in their repo that your pi would download instead? I see I'm getting downvoted, but no one has actually spelled out the potential evil scenario here other than better LinkedIn recruiting.
So Microsoft, assuming they want to go the extra effort (these are likely unconnected infrastructure pieces) could build a fingerprint of you to know that.. what, you have a raspberry pi? And they could go to extreme lengths to associate this with your GitHub account to know that yes you, John Smith, have a raspberry pi? What business value is this for them, and how could it be used for “evil”?