Windows 11 adds AI agent that runs in background with access to personal folders

Original Article ↗ Hacker News Discussion ↗

Privacy, Surveillance, and Trust

  • Many see the background AI agent as “built‑in spyware” with direct access to highly sensitive documents (tax records, personal writing, IP) and assume it will exfiltrate data to Microsoft or partners.
  • Several recount Windows already silently syncing data to OneDrive or changing settings via updates; their threat model now treats Microsoft as an active attacker.
  • Even if actions are “auditable,” people note you cannot claw back data once uploaded or used for training.
  • Some argue that if you’re on closed‑source Windows at all, you already implicitly trust Microsoft with root-level access; others say this is precisely why they’re leaving.

“Optional & Sandboxed” vs. Inevitable & Coercive

  • The Microsoft documentation describes a separate “agent workspace” with its own account, scoped folder access, and an experimental setting that’s off by default.
  • Supporters frame this as a thoughtful sandbox: better than today, where any app runs with full user privileges.
  • Critics counter that:
    • “Optional, off-by-default” is typically a temporary state; past telemetry and “free upgrade” campaigns are cited as proof features become mandatory or hard to disable.
    • Giving easy, bulk access to entire home folders normalizes broad sharing instead of narrowly scoped, per-file access.
    • Non‑technical users are exactly the ones who’ll be nudged into enabling it.

Accessibility: Locked into Windows

  • Blind users strongly object but say they can’t “just switch to Linux”:
    • NVDA and JAWS on Windows are far ahead of Linux screen readers like Orca.
    • Wayland accessibility APIs are still immature; X11 and desktop support are fragmented and unreliable.
  • macOS accessibility is described as no better or worse, sometimes “AI‑mediated” in ways that distort text.
  • Frustration that proprietary platforms get the best accessibility first, leaving disabled users stuck on systems they increasingly mistrust.

Loss of User Control: Updates, Reboots, and “Agentic OS”

  • Long history of forced updates, telemetry patches, and dark patterns (OneDrive, online accounts) is repeatedly cited; trust is already broken.
  • Debate over forced security updates:
    • One side: automatic reboots improved security for non‑expert users and reduced large‑scale attacks.
    • Other side: they destroy work, disrespect ownership, and alternatives (hotpatching, immutable images) clearly exist and are even sold separately by Microsoft.
  • Many describe modern Windows as “agentic” in the sense that it acts primarily on behalf of Microsoft and partners, not the user.

Agentic AI Use Cases and Misaligned Incentives

  • Travel booking and shopping are mocked as the only examples vendors can articulate; users don’t want bots making expensive, mistake‑prone decisions.
  • Strong suspicion agents will optimize for affiliate fees, ad-tech, and price discrimination, not “best deal for the user.”
  • Some acknowledge local, user‑controlled agents could be valuable, but see big‑tech implementations as fundamentally untrustworthy.

Migration to Linux, LTSC, and Workarounds

  • Many commenters report fully abandoning Windows for Linux (Mint, Fedora, Arch, Bazzite) and find gaming via Proton/Steam now “good enough,” though others note real edge cases and missing titles.
  • Windows 10/11 LTSC (or IoT LTSC) is recommended as the “least hostile” Windows: fewer AI features, less bloat, longer support, but officially restricted to volume customers.
  • Others rely on heavy firewalling, VMs, and VLANs to isolate Windows, or ban it entirely from home networks.

Overall Sentiment

  • Dominant mood is exhaustion and anger at yet another intrusive feature, seen as serving Microsoft’s AI agenda rather than user needs.
  • A minority think the feature itself is technically sensible and over‑hated, but even they acknowledge Microsoft’s trust deficit makes adoption fraught.