In a recent update, Raspberry Pi OS installed a Microsoft repository on all machines running this Raspberry Pi operating system without the knowledge of users or administrators, as I have discovered a user on Reddit who has the name of fortysix_n_2.
Specifically, cybercity.biz publishes that the update comes with a code which refers to the Redmond signature package http://packages.microsoft.com/repos/code/dists/stable/main/binary-arm64/Packages, as you can see in the image below.
With this, "every time a Raspberry Pi OS installation is updated it will ping a Microsoft server. Microsoft will know that you are using Raspberry Pi OS/ owner of Raspberry Pi and your IP address ", has explained fortysix_n_2 on Reddit. He himself remembers that, while many users try to reduce this information as much as possible, they now find that" this is additional data that Microsoft can use to build a profile on you. "
Specifically, Microsoft can identify Raspberry Pi OS users when they access certain services, such as Bing or GitHub (owned by Microsoft), and then build a profile to deliver targeted advertising with that information.
Controversy among Linux users
One of the main software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system released by The Raspberry Pi Foundation. It's been around since 2015 and this recent update with Microsoft software is a game changer. Free software is not the same as proprietary software, and Linux users tend to keep that in mind.
This controversy has led to raspberrypi.org, Linux, org and the Reddit Linux channel different discussion forums have been opened about it in just a few hours.
Reddit user fortysix_n_2 explains that the reason for this update could be to support the integrated development environment (or Integrated Development Environment, IDE) from Microsoft for your Visual Studio Code (VSCode).
However, it seems that this is installed even on devices that use a lightweight image without a GUI. As a result, every time an update is performed on the Pi device, the operating system sends a message to Microsoftsays the mentioned user.
Why is this repository controversial?
"Never, in my two decades of using Debian and Ubuntu, they have modified my sources.list without my consent", is what another user who has commented on this discovery, in the open discussion on Reddit, has commented. First of all, it can always pose a trust problem towards a product when an unwanted software repo is configured and gpg keys are installed secretly.
Also, many Linux and Raspberry Pi users use these tools because they disagree with Microsoft's practices that track user activity. With this repository, they explain from Cibercity that if a user or their family connects to the Microsoft ecosystem (such as Github, Bing, Office / Live), the company could go on to identify that user and track him when he uses the same IP shared public at home.