Honestly, Microsoft is one of the most active participants in the shitty fascist dystopian surveillance shitshow in the us right now. It’s not that it “might not be better”, they are literally one of the worst.

Open source doesn’t work on trust, it works on scrutiny. Which is much easier to do when everything is open and therefore auditable. The threat model is very different, and the mitigation process is much faster since thousands of companies, including the biggest ones, need a secure Linux to run all their servers.

Open source software security issues comme mainly from :

• plain old bugs like everything else
• supply chain attacks (Example), which are actually very difficult to pull off since they tend to actually fail because of said scrutiny

What open source software won’t do because doing so would immediately kill a project:

• deliberate backdoors “for law enforcement” like most commercial platforms
• invasive telemetry/spyware
• Microsoft Recall that literally records and stores indefinitely absolutely every single interaction you have with your computer
• basically everything that’s deliberately harmful to privacy and/or security
• enshittification to maximize profit since there is basically no financial incentive and no venture capitalist behind distros

If you’re trying to avoid forced telemetry and similar tracking, you’re generally safer with most of the big Linux distros. Most of them don’t collect data at all, and if they do, it’s usually easy to opt out with just a click.

Going for lesser-known distros does increase your risk a bit, but the fact that they’re open source helps deter some bad actors, since the code can be inspected by others.

And if you’re worried about super-sophisticated backdoors, keep in mind you’re not exactly safe with Microsoft either. A rogue employee could still cause harm, and because it’s closed source, any malicious changes might take way longer to catch.