Microsoft logo projected on a stage with a laptop in the foreground
microsoftwindowsantitrustprivacytech

Microsoft: Same Old Tricks, Bigger Stage

David Published 19 May 2026 13 min read

I recently tried to create a new Microsoft account using a custom domain email address to access Teams. I tried Firefox on Linux. The Teams desktop app on Linux. The Teams app on Android. Firefox on Windows 11. A fresh Edge install on Windows 11. Every single attempt was rejected by a CAPTCHA that apparently found me suspicious regardless of platform, browser, or device. I tried their support — which, in a neat piece of irony, requires a Microsoft account to contact. At one point I opened Microsoft’s own Copilot and explained the problem. It suggested a few things that didn’t work, then told me there was no way to create an account and I should call their helpline.

What eventually worked was a hidden menu inside Outlook on Windows 11 that presented a different CAPTCHA entirely. One that actually let me through.

This is not a story about a broken CAPTCHA. It’s a story about a company that has spent thirty years making things deliberately difficult for anyone operating outside its preferred system, while claiming to make things easier for everyone.

They’ve done this before — literally

In 1998, the U.S. Department of Justice and twenty state attorneys general sued Microsoft for illegally maintaining a monopoly. The central allegation was that Microsoft had bundled Internet Explorer with Windows, used its dominance in operating systems to crush Netscape’s Navigator browser, and taken active steps to prevent competitors from getting a foothold. Judge Thomas Penfield Jackson found that Microsoft had “maintained its monopoly power by anticompetitive means” and had attempted to monopolize the browser market in violation of the Sherman Antitrust Act.1

The remedy was supposed to be a breakup. Microsoft would be split into two separate companies, one for the operating system and one for everything else. That didn’t happen. The breakup ruling was overturned on appeal after Jackson was removed from the case for speaking to reporters before his final decision. The parties eventually settled in 2002. Microsoft had to submit to a compliance program, open some of its APIs to competitors, and accept oversight — but it remained intact.2

Bill Gates, who was called “evasive and nonresponsive” at his own deposition, stepped down as CEO two months after the initial ruling.2 The stock dropped and stayed depressed for years. The settlement is widely considered a slap on the wrist, though the compliance period did force Microsoft to open APIs and limit exclusionary practices during the exact years Apple and Google were growing into viable competitors.3

Microsoft emerged from the 2000s humbled, distracted, and late to mobile. The lesson it apparently took from all of this was: be more careful, not more competitive.

Teams: The Second Act

Fast forward to 2020. A global pandemic forces the entire world to work remotely. Microsoft Teams, which had been bundled into Office 365 for free since 2019, suddenly has 75 million daily active users. Slack, which had been growing steadily and had built a better product by most accounts, was being undercut by a competitor that came pre-installed on every Office subscription.

Slack filed a formal antitrust complaint with the European Commission in July 2020, alleging that Microsoft had “illegally tied its Teams product into its market-dominant Office productivity suite, force installing it for millions, blocking its removal, and hiding the true cost to enterprise customers.” Slack’s general counsel described it plainly: “Microsoft is reverting to past behavior.”4

It took the EU five years to act. In September 2025, Microsoft reached a settlement that required it to widen the price gap between Teams-included and Teams-excluded licensing tiers. The mandated differential for enterprise plans was set at $8.55 per user per month.5 On November 1, 2025, the same month those terms came into effect, Microsoft reintroduced Teams-bundled packages at their original price points globally while simultaneously lowering Teams-excluded pricing. Technically compliant. Practically identical to what it was before.5

The DOJ sued Microsoft over Internet Explorer in 1998. The EU investigated Microsoft over Teams in 2023. The playbook is the same. Only the product names changed.

Recall: A Screenshot of Everything You’ve Ever Done

In May 2024, Microsoft announced a feature called Recall for Windows 11. The idea was to give your PC a “photographic memory” — taking a screenshot every few seconds, running it through optical character recognition, and storing everything in a searchable local database. Every email, every document, every website, every private message. Searchable by natural language.6

Security researcher Kevin Beaumont examined the initial implementation and found the database was stored in an unencrypted SQLite file. “This database file has a record of everything you’ve ever viewed on your PC in plain text,” he wrote.7 Credit card numbers. Passwords. Private conversations. Beaumont’s findings were widely covered, and the backlash was immediate. Microsoft pulled Recall before it shipped, claiming it needed more testing.

A year later, Recall returned with security improvements: encryption, Windows Hello biometric authentication, tighter access controls. Microsoft said it had addressed the concerns. Researcher Alexander Hagenah then released a tool he called TotalRecall Reloaded, demonstrating that he could still extract and read Recall’s data after authentication. As of March 2026, Hagenah had reported a second set of vulnerabilities to Microsoft and was awaiting their response.8

Signal, whose users include human rights workers, journalists, and governments, responded by enabling screen security on Windows 11 by default, which uses DRM to prevent Recall from capturing Signal’s content. In their blog post, Signal wrote that implementing “one weird trick” to protect users from their own operating system was not how this should work, and called on Microsoft to provide proper developer tools for apps to protect their content from OS-level capture.9

The original Recall implementation stored your passwords and banking screens in an unencrypted database. Microsoft’s fix was criticised as incomplete. The fix to the fix was found to be bypassable. At some point the question stops being about implementation details and starts being about whether anyone at Microsoft thought seriously about what this feature would mean in the hands of an attacker.

Windows 11 and the Hardware Wall

When Microsoft launched Windows 11 in 2021, it introduced a hardware requirement that surprised a lot of people: TPM 2.0, a security chip that older machines don’t have. Microsoft called it “a non-negotiable standard for the future of Windows.”10

Industry surveys at the time suggested that over half of business PCs in active use couldn’t meet Windows 11’s requirements, despite being perfectly functional machines. Many of them were four to six years old.11 Windows 10 reached end-of-life in October 2025, leaving users of incompatible hardware with a choice: buy new hardware, pay Microsoft $30 per year for Extended Security Updates, find a workaround, or switch to something else.

There is a legitimate security argument for TPM 2.0. The chip provides hardware-level encryption for keys and credentials and is genuinely harder to attack than software-only implementations. The question is whether the requirement was calibrated to security or to hardware refresh cycles. OEMs sell new PCs. Microsoft sells Windows licences and, increasingly, Microsoft 365 subscriptions. A forced upgrade cycle benefits both. Hundreds of millions of functional computers became officially unsupported not because they couldn’t run the software, but because they lacked a chip that was often already present but disabled by default in firmware.11

Microsoft patched several workarounds that allowed users to install Windows 11 on unsupported hardware. It also released full-page pop-up advertisements inside Windows 10 pushing users to upgrade.10 Running ads inside a paid operating system while simultaneously blocking the workarounds people found is a particular kind of experience.

Telemetry: The Data You Can’t Turn Off

Windows 11 collects telemetry by default. Microsoft’s own documentation divides this into “Required” and “Optional” categories, but the distinction is less meaningful than it sounds. Required telemetry cannot be disabled on consumer Home and Pro editions. Microsoft’s data collection summary states plainly that required data “is necessary to keep our products up to date, secure, and working as expected” and that consumers cannot opt out of it.12 What required diagnostic data actually includes, per Microsoft’s own Learn documentation: device configuration and hardware specifications, system stability and error reports, app and driver performance data, and crash dumps that may include memory state at the time of the crash, which can contain fragments of files that were open.13

Optional telemetry, which includes browsing history from Microsoft browsers, typing and inking samples, and more granular usage signals, can be reduced through Settings but not eliminated. The practical ceiling for a consumer running Windows Home is required data always on, optional data reducible but not fully removable. Enterprise and Education editions can enforce stricter limits via Group Policy. That option does not exist in the consumer SKUs most people run.14

Microsoft’s optional diagnostic data documentation lists items that most users would not assume their operating system is tracking: “caret location or position within documents and media files,” “purchasing subtype: information about purchases made on the device,” and browsing activity including search history in Microsoft browsers.15 These are not leaked disclosures. They are in Microsoft’s published documentation, available on their own website.

Windows 11: An Operating System Eating Itself

While all of the above was happening, Microsoft was also making a different kind of mess inside Windows itself. Rather than addressing longstanding complaints about reliability, taskbar customisation, and basic UX regressions, it spent 2024 and 2025 adding AI features to apps that didn’t need them. Users started calling the result “AI slop.”

Starting in 2024, Microsoft began pushing Copilot into every corner of the operating system it could find. A dedicated taskbar button. Integration in File Explorer. Prompts in the Settings app. An “Ask Copilot” button in the Snipping Tool. An “Ask Copilot” button in the Photos app. Copilot suggestions planned for the notification centre. In November 2025, Windows president Pavan Davuluri posted that Windows was “evolving into an agentic OS,” generating thousands of overwhelmingly negative replies. He turned off replies on the post.16

Windows Central’s Zac Bowden, one of the most closely sourced Microsoft reporters, used the word “enshittification” to describe the strategy. The Register’s assessment was blunter: “Rather than fixing problems, Microsoft instead focused on adding AI to Notepad and Paint. Users cried out for the return of seemingly minor functionality, such as the ability to move the taskbar, but Microsoft instead offered widgets and more Copilot.”17

The AI push coincided with a string of damaging update failures. In October 2025, the mandatory cumulative update KB5066835 broke localhost functionality across Windows 11 — severing the loopback address that developers rely on to run local servers and debug applications. The bug, traced to a regression in the HTTP.sys kernel component, affected Visual Studio debugging sessions, ASP.NET builds, and enterprise authentication tools. Microsoft confirmed the issue on its own support forums and via statement to BleepingComputer: “Server-side applications that rely on HTTP.sys may experience issues with incoming connections.” Users who needed to keep working had to uninstall a security patch to do so.18 The same patch cycle also broke the Windows Recovery Environment, leaving affected users with no keyboard or mouse input during system recovery, and broke the Windows Media Creation Tool the day before Windows 10 reached official end-of-life.19

In March 2026, Davuluri published what The Register described as a post “long on promises that things will get better, but short on words like sorry, apologize, or even the Americanism ‘our bad.’” He announced Microsoft would reduce “unnecessary Copilot entry points” in Snipping Tool, Photos, Widgets, and Notepad. The Register noted the phrasing’s implication plainly: “This implies that, up to now, the changes have not been intentional.”17 The Copilot button in Notepad. Gone. The one in Photos. Gone. The one in the Snipping Tool. Gone. Microsoft called this a quality reset. Others called it what it was: shipping features nobody asked for, breaking things in the process, then reversing course a year later and presenting the reversal as a commitment to quality.20

At this rate, Windows 12 will probably just be a Linux kernel with Wine installed and a Copilot button on the desktop. At least it would boot.

What This Looks Like From the Outside

Each of these stories is individually explainable. The Teams bundling was aggressive but not unprecedented for enterprise software. The TPM 2.0 requirement has a real security rationale. Recall had good intentions. The telemetry helps with product development.

But the pattern across thirty years is hard to explain away individually. Microsoft used bundling and platform leverage in ways the court found anticompetitive toward Netscape, was found to be an illegal monopolist, and settled without being broken up. Microsoft bundled Teams to undercut Slack and structured its EU settlement compliance to change as little as possible. Microsoft shipped Recall with a plaintext database of your passwords, delayed it after public outcry, and shipped a revised version researchers found bypassable within months. Microsoft rendered half the PC install base ineligible for Windows 11, ran ads inside Windows 10 to pressure upgrades, and patched workarounds users found.

In none of these cases did Microsoft do something obviously illegal and simply get away with it. In all of them, the response to accountability was calibrated to change as little as possible.

Going back to where this started: I needed a Microsoft account to use Teams. Creating one required defeating a CAPTCHA that rejected every standard browser and device combination I tried. Support required a Microsoft account. The one thing that worked was a hidden menu inside a Microsoft app that presented a different system entirely.

That’s not a bug. That’s what a company looks like when it has spent long enough not having to make things easy for people outside its preferred system.

Footnotes

  1. United States v. Microsoft Corp. (2000) — Wikipedia / Justia

  2. Microsoft Antitrust Case History — Seattle Times 2

  3. Microsoft Case Legacy — NPR

  4. Slack EU Antitrust Complaint 2020 — Computerworld / GeekWire

  5. Teams EU Settlement and Reintroduction — UC Today / Fortune Europe 2

  6. Microsoft Recall Announcement — The Hacker News / nGuard

  7. Kevin Beaumont on Recall Security — DoublePulsar / Computing.co.uk

  8. TotalRecall Reloaded — GovInfoSecurity, March 2026 / Tweaktown, April 2026

  9. Signal on Recall — Signal Blog

  10. Windows 11 TPM 2.0 Non-Negotiable — Windows Central / Tom’s Hardware 2

  11. TPM 2.0 and Hardware Exclusion — System Plus / Windows Forum 2

  12. Microsoft Data Collection Summary — Microsoft.com

  13. Required Windows Diagnostic Events — Microsoft Learn / Windows Forum: Telemetry Explained

  14. Consumer vs Enterprise Telemetry Controls — Microsoft Learn: Configure Diagnostic Data / Neowin

  15. Optional Diagnostic Data Documentation — Microsoft Learn: Optional Diagnostic Data / PCWorld

  16. Davuluri “Agentic OS” Post and Backlash — Windows Central, January 2026 / Windows Latest, January 2026

  17. The Register on Windows 11 Quality and Enshittification — The Register, March 2026 / The Register Kettle Podcast, May 2026 2

  18. KB5066835 Localhost Bug — BleepingComputer, October 2025 / The Register, October 2025 / Microsoft Q&A

  19. Recovery Environment and Media Creation Tool Failures — Windows Central, October 2025

  20. Copilot Removal and Quality Reset — Windows Latest, May 2026 / Davuluri Blog Post, March 2026