Raspberry Pi OS has turned into spyware for M$:
And yes, they add M$'s repository key to APT's trusted database and add their repo to APT's repo list.
Or informing you via a NEWS file.
So now every time you do "apt[itude] update", M$ will know about it.
See the toot I linked earlier.
The RPF should've done a 'rebranding' from the start, because before that, raspbian referred to various different things.
The majority of software in RaspiOS still comes from raspbian.org and there's absolutely nothing wrong with that.
Some software package do come from raspberrypi.org and that's where the problem lies, including what I reported in OP.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!