not sure about win/mac, but for android yes they do keep record of stuff like what apps are being launched and upload/sync to google account. it’s not hidden though… it is(was) literally available on google account history or something (was about 7 years ago)

regarding keystrokes there was a case of a famous chinese keyboard app doing dubious stuff. not sure if i can say it’s on a os level but i’m pretty sure more than a few chinese phones ship with that. https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/

Aside from the Ars Technica article in the xpost, there’s a lot of “it depends.”

It depends on not just the OS, but if it’s a custom image built for Dell or HP or Asus etc. computers, what settings are on, what settings were on by default, what bloatware is pre-installed, etc.

Typically, all MS or Apple really want are to know what apps you have installed, zip code, email address, IP address, crash reports, and possibly keywords they can associate with advertising. That’s their baseline wish list, which is all advertising fodder, and depending on your settings, that can quickly expand to “anonymized” (it’s not) cookie use, tracking of websites visited, etc.

If you have a custom image (i.e. a Dell specific version of Windows) the laptop manufacturer will look for access to roughly the same data.

With the whole Copilot fiasco, recording things like keystrokes and screenshots really are potentially in play now. But, again, only if you have foolishly installed Copilot and turned that stuff on. And that only after huge public outcry. So there’s always a non-zero risk of that, but do your due diligence to know you settings.

Can you strip out bloatware and tighten down Windows to a reasonable degree? Sure. But because MS can and does change system settings without your consent, you might find in 6 months an article about a setting you turned off, that they turned back on and you had no idea.

Since they are closed source, we can’t know. We can find out that messages are being sent at certain moments, but not what data is being contained in the messages, communications carrying this sort of data are always encrypted (for obvious reasons).

For legal reasons they often include some vague allusion in the terms of service about collecting information… but they are never very clear on what data exactly they take when and how, so it’s left up to interpretation.

There is so so so much, and they do get caught, and when they do we keep a peek into how invasive they are. As someone who has had to worry about being targeted by intelligence agencies and nation-states, I was completely blindsided by corporate/capitalist surveillance.

for example, look at this action by Meta, where they broke out of security sandboxes and exploited protocols in order to tie your browsing history (even private browsing) back to your identify saved in their databases back in meta land

https://www.theregister.com/2025/06/03/meta_pauses_android_tracking_tech/

the amount of data that is being harvested and sold, and resold, is absurd, and the greater threat is not just that they are exploiting you, its that they dont care who the data gets sold to. Bad actors (criminals, etc) can and will purchase information they can use against you.

So, consider the unintentional ramifications of all that info being harvested and available in addition to the intentional ramifications of hyper greed, and couple that with the amount of available compute and you will see that you do not need to be a person of interest, everyone is a data point that can be and will be exploited.

I would encourage everyone to take their privacy seriously.