From what (little) I've seen on the topic, the concern arises both from who that repo belongs to (many haven't rebuilt that trust) as well as that repo having general activity data from the update/install pings.

As someone who has a couple, I'm not thrilled about it but I'll just quietly disable it with a guide every time I install or update one. If they keep going in this direction, competition does exist.

>the concern arises both from who that repo belongs to (many haven't rebuilt that trust)

What's the concern? One of the largest Linux contributors is going to start pushing malware in their repos? If you don't trust MS, why would you be using Linux in the first place?

>that repo having general activity data

Literally the only thing you can determine from this activity is that someone at your IP address has an arm64 device running apt.

>install pings Only if you install something from that repo, so that's a very limited set of software.

Now suddenly data flows between my computer and Microsoft. Without me ever agreeing to that.

And if I install the wrong application - BOOM - Code by Microsoft is executed on my machine.

If you're using Linux there's code by Microsoft being executed on your machine, MS is one of the largest contributors to the Linux kernel. This is a really bizarre thing to object to.

>Now suddenly data flows between my computer and Microsoft.

So what? Data probably flows between your computer and NTP pool servers operated by completely random parties too.

It's like if you let the key to your house to a friend you trust, then that friend let your key to someone else without asking you. It is not okay.

And that someone they lent it to is a well known bad guy.

That analogy is incorrect. Only when you install software from the repository, I can see the point.