Privacy vs Security Recommendations

Privacy is obtained through security controls.

Regardless, this thread is unlikely to change anything.


Not advocating for or against calyx here, but this site does have a history of advocating against privacy for “security”, at the very least during it’s earlier iterations. Remember when this site recommended microsoft office?

1 Like

Privacy is obtained through security. You can’t have any privacy without security controls. It was never an recommendation, just a note that with MDAG you may obtain better security, and thus privacy.

For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint and Excel files from accessing trusted resources. Application Guard opens untrusted files in an isolated Hyper-V-enabled container. The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can’t get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can’t get to your employee’s enterprise credentials.

This security control could mean that you have “better privacy” as a malicious document can’t perhaps execute malware that scans all of the files on your system and reports them to an adversary, as opposed to a vulnerability in an open sourced suite which has no sandboxed security.

The threat model here is that you might trust Microsoft (you’d obviously agree to their EULA/terms). You must be trusting them to some degree if you’re a Windows user (a fair assumption if you’re using MDAG).

That advice wasn’t removed, from the site in the way you think, it will make a reappearance on the Windows guide when that is complete. We should do the same for iWork on macOS.

1 Like

The problem with MDAG for Office is that it’s not available for normal users in the same way MDAG for Edge is. There are some alternatives (custom windows sandbox config, applying ASR rules/security baselines, office web), but I don’t think it’s very actionable to make a note of Office MDAG in the same way it would be to recommend users turn on firmware protection for secured core devices when most people don’t have a device that supports it. That being said if Office MDAG was more accessible I’d definitely be behind recommending it.

1 Like

It would be added when there is an individual guide for it, and further investigation. The note was made by a previous contributor to Privacy Guides.

Anyway this is off topic, so i’m going to hide these comments.

1 Like

I’m sorry but you’re just plain wrong

If you’re using Microsoft Windows, we suggest Microsoft Office as it has support from [MDAG]

It was definitely a recommendation

1 Like

Technically it was just a note, mentioning that it’s suggested for windows because MDAG exists. Similarly iWork was mentioned due to sandboxing on Macs, rather than being an actual proper recommendation like the other (opensource) office suites in the section that got their own actual headings and descriptions


That is not correct. You have the ability to completely delete the advertising ID via Sandboxed Google Play’s settings. It also has no additional access compared to other apps (since they’re sandboxed in the exact same way), so it fundamentally cannot do anything that any other app you’d install is not capable of doing.

I mean as in it’s own product card. That commit is also very clear why it was added, and it will likely be in the Windows guide because it is specific to Windows.

Anyway I think this thread has run it’s course and gone offtopic.