Lumia Phones Leaking Private Data To Microsoft

New submitter Albietta writes "Two independent sources inside Nokia have confirmed that Nokia Lumia phones send private information to Nokia and Microsoft servers around the world. Location data, SMS-messages and browser identification is uploaded. The Nokia leadership has known about the privacy violation since 2011 when the Lumia phones were introduced. In spring 2013, after suspicions of leaks and during the negotiations for selling off the mobile phone branch to Microsoft, the Finnish state communications department sent an inquiry to Nokia regarding leaking of private data, asking Nokia to assure that users' private data is not leaked. Nokia did not want to (or could not) provide an assurance due to the delicate business negotiations. After two more inquiries with narrower demands, Nokia assured that the phone, excluding third-party software such as the operating system, did not violate Finnish privacy laws. Microsoft is apparently also following Lumia user accounts. On one occasion a parent's Lumia account was closed without warning when they uploaded pictures from the phone displaying their kids playing naked on the beach at their summer cottage."

More "Microsoft helps the NSA"

[poetmatt]

Considering how this information is sent, it may be trivial for the NSA to capture such information by definition.

Way to go, Microsoft.

Re:More "Microsoft helps the NSA"

[fuzzyfuzzyfungus]

Why bother with tedious 'capture' when Microsoft has it all nicely aggregated on their servers for you?

This is why Glorious Free Enterprise will always beat the commies at dystopian surveillance: Commies engaged in surveillance for political repression, and had to fund it from the proceeds of their other-than-efficient economies. Here in the Free World, the surveillance pays for itself, thanks to demand from advertisers and analytics weasels, and the clandestine services can get a copy for almost no additional cost! Take that, Ivan!

Re:More "Microsoft helps the NSA"

[cheesybagel]

They killed my Poppy!

Microsoft doesn't like nudists. Move along, move along.

Re:More "Microsoft helps the NSA"

Of course they're spying on you for the NSA.

Which part of "Microsoft Product" did you not understand?

Re:More "Microsoft helps the NSA"

[AlphaWolf_HK]

The difference is that in the capitalism, the spying is done because they want to know what kind of clothes and other goodies they should make to get you to want to give them money.

In communism, the spying is done because they want to know whether or not they need to make you mysteriously disappear without a trace one day on the off chance that you might be or might become a political opponent that they would *gasp* have to compete with.

Re: More "Microsoft helps the NSA"

Too many stereotypes in this comment.

Re:More "Microsoft helps the NSA"

[fuzzyfuzzyfungus]

Eh. Communism has a reliable track record of authoritarianism; but absolutely nothing precludes the combination of capitalism and authoritarianism (indeed, our Cold War buddy list provides more than a few examples). There is some structural tension, because the existence of highly concentrated state power makes regulatory capture a dangerously attractive strategy; but this doesn't seem to be insoluble in practice.

Re:More "Microsoft helps the NSA"

[AlphaWolf_HK]

Communism invariably ends up authoritarian if it isn't already, either that or it just falls apart. Every. Single. Time. Marx was predicting that communes would start authoritarian and move on to democracy, but that has NEVER been the case. Even in communes that are run by elected members and don't have an official government end up resorting to a command structure (see the Icarians in Nauvoo, IL, whose system gradually required more and more strict controls until finally a command system had to be in place, and then it disbanded when nobody wanted to be ruled by an authoritarian system. When this happens on a national scale, there is no option to leave, so authoritarianism is the guaranteed result.)

Capitalism is generally agnostic of the government that runs it, though fewer government controls tend to lead to more entrepreneurism (people are more likely to take risks in new ventures if they are confident that the government won't just one day take over their business,) which tends to lead to stronger economies. (Mind the distinction between economic controls and laws - for example, you still need laws to make sure that e.g. the mafia can't take over your business either.)

That doesn't sound like a "leak".

That looks like it is deliberate.

Had it only gone to Nokias servers then it could have been an accident - not removing certain debugging code for instance used to tracing.

But sending to Microsoft servers as well as Nokia servers... that is more like a deliberate action.

Re:That doesn't sound like a "leak".

Yes, deliberate action by the user uploading pictures to SkyDrive automatically.

Re:That doesn't sound like a "leak".

[SQLGuru]

I wonder whether it's FUD around the option (probably defaulted to opt-in) to participate in Microsoft's "feedback" program. Google and iOS have the same type of feature. It's basically how traffic data is captured for the various maps. There are other "user experience" data points that are captured, too.

Re:That doesn't sound like a "leak".

No one sets up a function and software on phones and then maintains and supports the infrastructure on the back end for a week, month, or years to collect and store this data "by accident". This takes multiple levels of support and structure inside a business to get this rolled out and working. Just like CarrierIQ. That was no accident. Every company wants user info and as much as they can get. Either to sell or for their own uses for marketing and trends to give them an edge. That chessy little block stacking app game would work fine without access to my contacts, phone state, GPS location, and call history.

Re:That doesn't sound like a "leak".

Yes, we Microsoft Users (tm) agree to send our privates to Microsoft servers as we participate in various feedback programs and send error reports. If Microsoft would apply privacy regulations and law automatically to the information country vice, no average civilian consumer should have an issue with it. But of course they don't, because they don't wanna. Doing the obvious right thing is probably exhausting for any overcompensated manager. The weight of the money, it is bringing them down!

Re:That doesn't sound like a "leak".

There's a difference between uploading stuff deliberately or having you messages and location ending up on MS servers without you knowing.

From the article: "Nokia’s top management has known since spring 2011 that Lumia’s operating system transmits a great deal of information about the phone’s user to Microsoft. The company, however, has kept quiet about it, because the matter is embarrassing".

Obivously we are not talking about users uploading stuff but something happening in secret.

It seems that by default the Lumias send a lot of stuff to Nokia/MS also and not just communicate over the GSM network point-to-point as the user would assume. As private companies Nokia/MS should not have anything to do with the users private data unless it is explicitly sent to them.

Re:That doesn't sound like a "leak".

[WaffleMonster]

I wonder whether it's FUD around the option (probably defaulted to opt-in) to participate in Microsoft's "feedback" program.

I don't think there is anything that is overblown.

If you associate your Windows phone with an account (Required to load software from the only source permissible the windows app store) the phone also periodically and on demand of Microsoft uploads your location to a Microsoft server and there is **NOTHING** you can do about it and no way you can turn it off short of wiping the device and never associating an account which means not using the app store paying a hefty premium to use what is then essentially a "feature phone"

Microsoft's WP does not respect your privacy by default and there is no lever you can pull that changes this.

Re:That doesn't sound like a "leak".

[FuegoFuerte]

I have a Lumia 925. I read all the warnings and things I had to click "Allow" or "OK" on when setting up the phone. I also just went and read the article. To summarize, it boils down to "the phone is uploading and transmitting exactly what I agreed to when I clicked 'Allow' when setting up the phone."

It uploads my text messages... obviously, because I turned on text message backup.
It uploads my pictures... well yes, I turned on backup/auto-upload of my pictures to OneSkyDriveWalkCrawl.
It uploads my location... when I have it attached to my pictures, or when I turn on the "find my phone" feature, or use mapping and location services.
It uses a MSFT proxy for web stuff, if I turned on the "speed up my browsing by using a proxy service" option. It asks on initial setup if I want to use this service.

In essence, *yawn*.

Re:That doesn't sound like a "leak".

[cheater512]

Did it also say that someone would be friendly enough to sit there reading your messages and looking at your pictures of your own kids naked?

Re:That doesn't sound like a "leak".

[recoiledsnake]

I wonder whether it's FUD around the option (probably defaulted to opt-in) to participate in Microsoft's "feedback" program.

I don't think there is anything that is overblown.

If you associate your Windows phone with an account (Required to load software from the only source permissible the windows app store) the phone also periodically and on demand of Microsoft uploads your location to a Microsoft server and there is **NOTHING** you can do about it and no way you can turn it off short of wiping the device and never associating an account which means not using the app store paying a hefty premium to use what is then essentially a "feature phone"

Microsoft's WP does not respect your privacy by default and there is no lever you can pull that changes this.

And how is that different from iOS or Android? Don't they do exactly the same if not worse? Also, you can turn off location services in Windows Phone.
Atleast they don't seem to be spying on which physical stores you visit unlike Google is. http://digiday.com/platforms/g...

Re:That doesn't sound like a "leak".

[FuegoFuerte]

I generally assume anything I allow on a network will be read or looked at by someone. I'd imagine all photos uploaded to most online services are scanned/flagged by some automated process looking for kiddie porn, and then anything flagged is reviewed by a human, and true violators reported to LE.

Is it an invasion of privacy? Fair question. It's probably somewhere in the EULA for OneSky, I didn't read the whole thing though so I'm not sure. Was it obnoxious and extreme to kill someone's account because they had nude pictures of their kids uploaded? Yes.

Re:That doesn't sound like a "leak".

Aka the Ballmer squirt...

Re:That doesn't sound like a "leak".

[WaffleMonster]

And how is that different from iOS or Android?

Sorry I don't know anything about iOS. Google is optional on Android, you can load applications on your device without google play and even use a number of alternate stores.

Turning off "location services" does not resolve the problem.

Atleast they don't seem to be spying on which physical stores you visit

At least .... at least Microsoft is not run by Hitler.. so there is that...

Re:That doesn't sound like a "leak".

[cbhacking]

Turning off "location services" does not resolve the problem.

Source, please? I very much doubt this is true. There are a number of options which will cause your location to be sent to MS (for example, the Find My Phone feature, or the "Send information about WiFi networks near me to Microsoft to improve location services" feature) but each one of them explicitly calls out that they will send your location. Turning off Location Services is supposed to completely disable the GPS and WiFi-hotspot-based location features as well (hypothetically the latter could be re-implemented in other code, but I've seen no sign of this).

The only "location data" that is sent to MS simply as an integral part of being signed into your account on the phone is your IP address, so far as I know (and I've done some research in this area, including reporting some unrelated privacy risks to MS, none of which were nearly this blatant). Anything much more specific would get them in hot water, legally speaking, here in the US as well as in Europe. It's possible my test device (which is a Samsung, not a Nokia) is missing some Nokia-specific issue, but you strongly imply this is an aspect of the Microsoft codebase, unrelated to the OEMs. So yeah, [citation needed].

Oh, and for the record, sideloading is possible on WP as well as on Android. It's definitely more restrictive (you need a PC) but it's possible.

Re:That doesn't sound like a "leak".

[WaffleMonster]

Source, please? I very much doubt this is true. There are a number of options which will cause your location to be sent to MS (for example, the Find My Phone feature, or the "Send information

I know because I've seen it in action myself. If it is not using the GPS it is uploading tower data to get a rough position for the find my phone option.

about WiFi networks near me to Microsoft to improve location services" feature) but each one of them explicitly calls out that they will send your location. Turning off Location Services is supposed to completely disable the GPS and WiFi-hotspot-based location features as well (hypothetically the latter could be re-implemented in other code, but I've seen no sign of this).

How do you use your devices GPS for a local mapping application without also participating in Microsoft's crowdsourcing? It seems to be all or nothing which is unacceptable.

Oh, and for the record, sideloading is possible on WP as well as on Android. It's definitely more restrictive (you need a PC) but it's possible.

You need to developer unlock your device to sideload... this requires a Microsoft account and a developer account.. which means find my phone is then not optional.

Re:That doesn't sound like a "leak".

[mjwx]

That looks like it is deliberate.

Had it only gone to Nokias servers then it could have been an accident - not removing certain debugging code for instance used to tracing.

But sending to Microsoft servers as well as Nokia servers... that is more like a deliberate action.

And hidden somewhere in the T&C you agreed to when you turned the phone on is a line that says something like:
"by accepting this agreement you agree to join the Microsoft Customer Service Experience(TM) feedback program and agree to transmit data to Microsoft which may be shared with select Microsoft Partners".

And if you think Apple's not doing the exact same thing, I have a bridge to sell you.

Google cops a lot of crap for admitting that it's collecting some data, but unlike Apple and Microsoft, they're admitting it, they're telling you what they're doing with it and demonstrating that it's sanitised of personally identifiable information. Google should be scrutinised, it keeps them on their toes but you've got to be delusional to think that Apple and Microsoft aren't doing the same thing, they're just not being honest about it (nor do we know if they're sanitising the data).

Re:That doesn't sound like a "leak".

[mystikkman]

If it is not using the GPS it is uploading tower data to get a rough position for the find my phone option.

So you want Microsoft to be able to find your phone without being able to know where your phone is.

How do you use your devices GPS for a local mapping application without also participating in Microsoft's crowdsourcing? It seems to be all or nothing which is unacceptable.

Perhaps it is, but AFAIK both iOS and Android do the same thing. Google even killed Skyhook and is facing a lawsuit in order to get hold of location data.
http://www.theverge.com/2011/0...
Why is such a stink raised over Microsoft doing it?

You need to developer unlock your device to sideload... this requires a Microsoft account and a developer account.. which means find my phone is then not optional.

That doesn't make any sense. You can turn off find my phone even if you have a MS and dev account and dev unlock your device.

Re:That doesn't sound like a "leak".

[WaffleMonster]

So you want Microsoft to be able to find your phone without being able to know where your phone is.

The issue is users are denied the option of preventing their phones location to be
periodically uploaded to Microsoft. I don't want Microsoft anyone at Microsoft or anyone who may compel Microsoft to produce the information to track me.

Perhaps it is, but AFAIK both iOS and Android do the same thing. Google even killed Skyhook and is facing a lawsuit in order to get hold of location data. Why is such a stink raised over Microsoft doing it?

Hello officer, why such a stink over robbing the blind mans collection of wind chimes? My neighbors did it too!

That doesn't make any sense. You can turn off find my phone even if you have a MS and dev account and dev unlock your device.

There is no way to turn off the find my phone option on the device. This is part of the problem the way the UI is constructed people think they can turn it off when they really can't. Get ahold of a windows phone, turn off "find my phone" and then see if your location is still not reported on the web site.

Once you associate an account there is no way to unassociated it without wiping the device. Wiping the device also resets the unlocked status of the device.

Re:That doesn't sound like a "leak".

[mystikkman]

The issue you're talking about might be a bug...
http://forums.wpcentral.com/no...

But...

Hello officer, why such a stink over robbing the blind mans collection of wind chimes? My neighbors did it too!

That analogy would make more sense if one of your neighbors stole wind chimes from 60 people in plain sight with hundreds of witnesses that would testify, and another one did the same from 37, but you stole from 3 people, and the police come after only you with a SWAT team while the others watch the raid while lounging on their front lawn. Your OP in this thread sounds exactly like that given the marketshare numbers.

Re:That doesn't sound like a "leak".

[WaffleMonster]

That analogy would make more sense if

There is no defense for asserting "but they did it too" .. two wrongs don't make a right. Stop digging.

Re:That doesn't sound like a "leak".

[mystikkman]

So if the thief that was arrested was of a different skin color(analogous to how Slashdot treats MS compared to Google/Apple) would you still say the same thing? If someone is criticizing how 3% of the market does things, it sure helps to understand what the other 97% is doing differently to put things in perspective.

Re:That doesn't sound like a "leak".

[WaffleMonster]

So if the thief that was arrested was of a different skin color(analogous to how Slashdot treats MS compared to Google/Apple) would you still say the same thing? If someone is criticizing how 3%
of the market does things, it sure helps to understand what the other 97% is doing differently to put things in perspective.

I'm not a fanboy for any vendor. I only care about what is best for users. I was referring to Microsoft specifically ( AKA topic of conversation). It is unnecessary for me to conduct a survey of what all everyone else is doing when commenting on the actions of a specific vendor. What others may or may not be doing is irrelevant to the fact that Microsoft is in the wrong for doing it. The color and or shape of their corporate logo is as irrelevant as "but they did it too".

Wow...

[Farmer+Pete]

Nokia assured that the phone, excluding third-party software such as the operating system, did not violate Finnish privacy laws.

How much non-3rd party software does a Nokia phone ship with? I mean, if you aren't including the OS on the phone as Nokia's responsibility, than what exactly are they responsible for?

Re:Wow...

[vyvepe]

Hardware and firmware? They proabably wanted to tell: "Our phones do not snoop at the hardware and firmware level. Anything at the higher levels is not our business."

Re:Wow...

[cbhacking]

Drivers and services that they added to the OS.
Nokia-authored apps that come pre-installed (such as their custom camera "lens" that gives more control over the camera behavior than the stock camera app).
Nokia-authored apps downloaded from the store (including updates to pre-installed apps).

In total, actually, not much - WP8, unlike Android, discourages OEMs from tinkering too much - but it would only take very little. A single thread in a driver or service could do this all day long, easily...

Re:Wow...

Well, that means I can get a Nokia phone without that bothersome 3rd party software called "Windows Phone" => instead one gets all the programming manuals that are necessary to use the phone that I've bought?

Re:Wow...

[hydrofix]

I mean, if you aren't including the OS on the phone as Nokia's responsibility, than what exactly are they responsible for?

This is indeed absolutely ridiculous and priceless statement.

To understand why they gave such a statement, we must know some background. The whole debacle started in 2012 when the Finnish government's IT department had a meeting with Nokia, where Nokia's management assured them that Nokia's Lumia phones had superior security and user privacy to both iPhone and Androids. Consequently, the government bought several Lumia phones for top officials who engage in sensitive communication, like the Prime Minister. Thanks to Snowden leaks, the government in 2013 then received contrary information: that Lumia phones were just as hackable as other smartphones through the inclusion of the Microsoft operating system.

Consequently, the Finnish Communications Regulatory Authority (FICORA) made an officially actionable inquiry to Nokia regarding whether the devices they sold indeed revealed the user's confidential communications, location information and other private information without the user's authorization. The authority warned that if the corporation had knowledge that the phone was leaking such data, and did not answer truthfully, it could be held liable under the criminal law for false statement in official proceedings and failing to report a serious offence.

The company then replied, that they were unable to officially give such an assurance (i.e. they probably knew that the device was leaking private data). Then, FICORA made another official inquiry, asking for even a smaller set of privacy assurances. Nokia was again unable to give an official assurance of privacy of its devices, so in August 2013 officials from FICORA and Nokia had an informal meeting where they tried to find common ground: what kind of privacy assurances Nokia could actually give about its devices. Turns out, Nokia could only go as far as to assure that it had not installed any additional spying modules – and only to those devices that it was selling in Finland, anyway.

So they delimited the official assurance that Nokia should give to only concern the hardware and software it had itself made and was selling in Finland, excluding actions of their subcontractors and business partners (like Microsoft). Well, Nokia was able to give such an assurance, even if it is obviously of no value to consumers. But the company had something to show for FICORA: at least Nokia itself takes Finnish and EU privacy regulations seriously, even if it is in partnerships with other corporations for which it can not make equal assurances.

Re:Wow...

[Farmer+Pete]

Without any assurances from Microsoft, it seems like one couldn't even guarantee the security of the Nokia apps and drivers running on Windows Mobile.

Excluding third-party software, as the O.S.

[malvcr]

mm .. a "smart" phone without the operating system is basically ... nothing.

Re:Excluding third-party software, as the O.S.

It'd be a bootloader which could install an OS of choice from the sd card.

I'd actually buy one of those.

Re:Excluding third-party software, as the O.S.

[cbhacking]

They mean excluding code written be companies that aren't Nokia (for example, most of the OS and some of the built-in apps on each Lumia are Microsoft code, they also come with Angry Birds pre-installed, and that's Rovio code... you get the idea). Nokia's contributions will mostly be some drivers, some services that run in the background (apps aren't generally allowed to do so), some "settings" apps to control those drivers and services, some "normal" apps to add features that aren't built into the OS (for example, Nokia recently copied the Samsung WP8 "App Folders" app, which lets you create live tiles that contain tiles from other apps, creating a folder-like system), and possibly some fluff apps (dumb stuff like a horoscope app or a notepad app seems to be very common from OEMs).

Re:Excluding third-party software, as the O.S.

[ChristW]

http://www.gta04.org/ or http://neo900.org/

Re:Excluding third-party software, as the O.S.

[yacc143]

Well, they produce the mobiles, so I guess that they should have included some items in the contract for the software they've licensed that MS will comply with local laws.

So does this make Microsoft MicroScrooGoogled now?

Any comments from the closed source crowd? Any comment from the MicroShaft execs? Exactly, now you know why I stopped using Windows 10 years ago.

CP hysteria

[tepples]

On one occasion a parent's Lumia account was closed without warning when they uploaded pictures from the phone displaying their kids playing naked on the beach at their summer cottage.

This says more about the hysteria in certain industrialized markets where all nudity is considered sexual for the purposes of zero tolerance regulations against production of alleged child porn. See also prosecutions of parents who photograph their children in the bathtub.

Re:CP hysteria

[cbhacking]

Yyyep. Don't store your pictures in the cloud, folks. There's automated scanning (not just of Sky/OneDrive, but of others as well) that looks for anything it thinks is nudity, and flags it for human review. If said human decides it's nudity, or even if it could be considered erotic / is too risqué, they can and often will shut down your account. This has happened before. I admit I've never heard of it happening to related accounts owned by other companies (i.e. Microsoft killing somebody's Nokia account as well as their Microsoft account) but it's possible, I suppose. Or maybe Nokia flagged the images themselves. Or maybe the article author is confused and meant the Nokia user's Microsoft account is the one that got blocked (WP supports automatic picture uploads to what it still calls SkyDrive).

And yes, the whole thing is bloody ludicrous. I don't even think it's a CP issue, really.. just general prudishness and puritanism turned up to 11.

Re:CP hysteria

[OzPeter]

This says more about the hysteria in certain industrialized markets where all nudity is considered sexual

Last week there was a "beat up" story on the local news as to how there is this church and worshippers who have services in the nude. The teasers didn't bother to mention that this church was in the middle of a nudist club.

"Leaking"

[FuzzNugget]

A sieve doesn't leak, it does what it's designed to do

Sources?

[adycarter]

Seems a little light on actual proof there, even the source doesn't have a source for the magical "Lumia account closed as the user is a paedo" comment

Re:Sources?

Here's an article regarding a german user: http://wmpoweruser.com/microsoft-monitoring-censoring-skydrive-uploads/
Original in german: http://www.aachener-zeitung.de/news/digital/wie-ein-handy-fan-von-wolke-sieben-fiel-1.372632

Apparently nudity is an issue for MS.

I call it a bull

I recall that it was stated in clear language that SMSes will be uploaded if I choose some option during initial setup for my Lumia.

And if they mean skydrive onedrive account as "Lumia user account", then I wouldn't be surprised that Microsoft screens uploaded (public?) pictures. Similar like Google screens youtube videos.

Re:I call it a bull

[cbhacking]

Specifically, the option for SMS backup (it can be set up after initial boot, of course). Obviously, this requires sending your SMS. Now, they can (and should) be encrypted, but it still must send them. If they're inside an SSL tunnel (and nobody goofed their cert validation, the way Apple has apparently been doing...) then they should be secure in transit, at least.

Corporate crimes won't stop until CEOs are jailed

[ffkom]

It has become quite obvious following the news that corporations are spitting on laws and won't stop committing crimes that increase their profits, until some actual individuals in charge are jailed for significant time.

Puny fines, often not even exceeding the extra profits made from the crime, won't stop anything. They are just like a gamble CEOs are ready to take - if they are not caught, their personal bonus increases with the extra profit. If they are cought, the company or some insurance will cover the cost, with no consequence to the CEO.

Compulsory Caveat

[rmdingler]

"...a parent's Lumia account was closed without warning when they uploaded pictures from their phone displaying their kids playing naked..."

I think you know it's for the children.

Re:Compulsory Caveat

[M1FCJ]

And I'm sure no one is hoarding the naked selfies... At least, I can be sure, mine...

Let the....

.... Microsoft bashing begin.... Google and Apple's business are running on this, but it is really bad when Microsoft does it!
Can we all just fucking accept that companies get rich at your cost and there is no large company that does not do shit they should not do!
If you sum it up in the end...... Google and Apple penetration and data collecting surpasses that of MS, so all ignorant Google and Apple lovers...... SHUT UP!

Business is getting rich at the cost of others, that is fucking it! Most countries would not have such big financial problems if all these companies did not abuse bugs in tax systems, etc....... but heej...... I am talking to a bunch of smart ignoramusses! They got their comment ready before thinking about facts, since a personal opinion is so much more!

Re:Let the....

It is only so bad for Microsoft because they are the ones trying to put all the intrusive data collection on others...

And yet, we all know they do it.

The difference is that the others tell us up front.

Microsoft hides it.

Re:Let the....

LOL, you're joking right?

APL hides practically everything they have. Last I checked, if you wanted to opt out of targeted advertising, you had to visit a website completely off the device to turn it off.

Add to that most of their users are too ignorant and / or blinded to care anyway.

Re:Let the....

[cristiroma]

I remember reading just yesterday Microsoft Killed My Pappy (isn't that cute?). Hey Scottie, what do you have to say about this? Or this, the day before yesterday? Yeah, M$ really changed, it got worse. What a load of c**p ...

Re:Let the....

Remember capture wireless data (since it is the best example.... how long did they deny and create BS reasons) Just saying.... that is not even the tip of the iceberg.... I kinda know.... since I was the one of the people making sure your data could be safely collected and processed (there is nothing good about Google, besides that they make your life a bit easier at the cost of you and a lot of others)!

Re:Let the....

[WaffleMonster]

Can we all just fucking accept that companies get rich at your cost and there is no large company that does not do shit they should not do!

Never, they care when nobody buys their shit. It is the users responsibility to reign in corporations when they get too greedy by forcing change.

All of these technology companies are banking on not enough people caring.. while it is increasingly clear there actually is a non-trivial chorus of people who actually give a shit.

location of folks who let their kids run naked

just don't say camps.. it's more like re-indoctrination. if we let the kids run naked the grownups will soon want to do the same. see now where the trouble starts? thank goodness; Slashdot only allows anonymous users to post 10 times per day (more or less, depending on moderation)., & you're it

EQUALITY

So now that the US Supreme Court has decided that corporations are people I will assume that the law will treat Microsoft and Nokia just as it would treat me. They will surely have all of their assets seized and be thrown in a cell for decades. Or I may assume that since they are free to do this sort of thing, that I, being their equal before the law, am free to install covert software that spies on people anywhere that I wish..
                      Or maybe we should just rename the Constitution of the United States with the new moniker BULLSHIT.

Re:EQUALITY

[TheCarp]

I think you miss what they mean when they say people. See, when the NSA spys on nameless faceless Americans, that, is surveillance. Its not victimizing people. However, when they spy on someone like Angela Merkel; that is an outrage, because she is a real person with a face and a name....she is someone who matters.

Corperations are people like Angela Merkel is a person. They are real, they matter. They are not you, some nameless faceless peon; barely fit to eat the scraps a real person drops from their table.

Who ya gonna believe commie FINNs or MICROSOFT?

I think the answer is too obvious so I won't belabor the point. But for those who need to be told: USA! USA! USA!

Re:Who ya gonna believe commie FINNs or MICROSOFT?

[amiga3D]

Commie Finns? There is a fine line between funny and stupid and you plopped down way over on the stupid side.

Re:Who ya gonna believe commie FINNs or MICROSOFT?

[cbhacking]

Something a lot of Americans don't know: there's a ton of bad blood between Finland and Russia, to the point that they sided with Germany during WW2...they wanted help keeping the Russians out.

Re:Who ya gonna believe commie FINNs or MICROSOFT?

[amiga3D]

Yes. I saw that on the History Channel. Finland put up a hell of a fight.

Re:Who ya gonna believe commie FINNs or MICROSOFT?

There were those communist alternative lifestyle communities in the US during the fifties if I remember correctly, some of them founded by an immigrant from Finland. Then there was always Gus Hall, running against Reagan. From that perspective, the AC's outburst is understandable.

Re:So does this make Microsoft MicroScrooGoogled n

Idiot.

In other news

[jones_supa]

There's also a side story in this scoop which involves Nokia allegedly handing over user data to Finnish police without a warrant.

YLE Uutiset - Police chief to look into Nokia phone spying claims

Hang on a minute

[RMH101]

This looks like a mountain being made out of a molehill. From TFA: "Lumia phones do not ensure the user’s privacy – at least no better than the phones of other big manufacturers"
When you use a WP8 device, you are signed in using a Microsoft Account. Features like SMS backup, location services such as "Find My Phone" etc need to send data back to MS in order to work. In fact when you first sign into a phone this is made explicitly clear, as it is during the install of any apps on the phone that require, say, location based services. So whilst the implication of this article appears to be that there's something shady and underhand going on, until someone shows me a wireshark trace that shows it, I'm calling BS.

Re:Hang on a minute

[Farmer+Tim]

I'm calling BS.

More secure than texting BS...

Re:Hang on a minute

Righto. There's a lot of Android shills out here donning pundit masks and trouncing Nokia. I don't work for MSFT, but I love everything (well, almost everything) about Win 8. So unless you are going to speak with hard data, STFU shills.

Re:Hang on a minute

[RMH101]

Full disclosure: I do work for MS, but miles and miles away from any of this kind of thing so I don't have any insight other than Occam's Razor. When you read TFA, there isn't any data in there. It doesn't actually SAY anything.

Re:Hang on a minute

This looks like a mountain being made out of a molehill. ... When you use a WP8 device, you are signed in using a Microsoft Account. Features like SMS backup, location services such as "Find My Phone"

Why on earth do you think that anyone would make up a story about leaking private information if the issue was Microsoft Account, SMS backup and other services where people deliberately upload stuff?

Re:Hang on a minute

[MrNemesis]

As an aside, and speaking as a luddite who still uses a Nokia E6 because it's got an amazing QWERTY keyboard, does windows phone mandate signing up for account, or is it optional?

It seems that both the iphone and android are both nearly useless without signing up for an account (although you can have an android ROM without the gapps loaded, it will apparently severely restrict what you can run on your phone) and I'm of the opinion that any device that requires an account in order to function essentially has unfettered almost-always-on access to your phone as well as trying to lock you in to some service or other (having all your personal data held ransom by a third party is a great bargaining chip).

Looking for information on whether devices require accounts or not seems moot too, since most people don't consider it to be a problem. I couldn't even find out if a Jolla has a compulsory account or not...

At this rate I'll need to build my own phone out of toothpicks and silk-wrapped wire.

Re:Hang on a minute

More secure than texting BS...

Unless, of course, some MS drone in the bible belt finds your sexting or call content objectionable where upon you might find yourself the recipient of a free gitmocation.

Re:Hang on a minute

[RMH101]

Because it happens all the time - people like to read sensationalist news, people like to be outraged and site owners love page clicks. Go and read TFA. There is zero content in it. It's not even a theory, it's a vague bit of sensationalism and until it's backed up with data it should be treated as such.

Re:Hang on a minute

[RMH101]

It's mandatory to have a Microsoft account with Windows Phone, much like it's mandatory to have a Gmail account for Android and an Apple ID for iOS. You don't have to use the services though, and WP8 is pretty good at explicitly telling you what data it would like and giving you the option of opting out.

Re:Hang on a minute

Strictly speaking, you DON'T have to have a Gmail account for any Android phone, only the ones with stock ROMs. An AOSP ROM (like Cyanogenmod) can be used without a Google account; one can get apps from the Amazon App Store or Aptoide, or even F-Droid if you want to stay as close to open source as possible.

But yes, Windows Phone devices are pretty much useless without a Microsoft account, as that is the only straightforward way to get apps onto the phone. You can always sign up as a WP developer and sideload apps, but that requires $99/year and, you guessed it, a Microsoft account.

Re:Hang on a minute

You don't have to use the services though, and WP8 is pretty good at explicitly telling you what data it would like and giving you the option of opting out.

This is one of many reasons I prefer WP to iOS or (stock) Android: You have a surprising level of control over the phone for such an otherwise closed ecosystem. I've had Android devices that had to be rooted to be able to delete carrier bloatware, and sometimes deleting those silly, useless apps would render the phone unstable. On the two Windows Phone devices I've owned, deleting bloatware is as simple as long press -> Uninstall. The only apps you can't remove are the basic apps that Microsoft ships, which are equivalent to the basic apps that come with a fresh iOS install or AOSP Android.

Re:Hang on a minute

Why on earth do you think that anyone would make up a story about leaking private information if the issue was Microsoft Account, SMS backup and other services where people deliberately upload stuff?

You must be new here. Welcome to Slashdot!

Re:Hang on a minute

The government asked Nokia if they added any hardware backdoors, or any software backdoors on top of but not including built into the existing OS. Nokia said "no".

Why is it you say that claim is bullshit, simply because Microsoft offers some service to backup SMS?

Re: Hang on a minute

[RMH101]

Jees, does no one READ anymore? This is why I gave up on Slashdot. Nokia alleged to say no backdoors in their hardware, someone claims data being sent to MSFT from handsets regardless. No shit,Sherlock. In the absence of any details, let alone evidence or proof, this looks bloody spurious to me. I would expect the MS services on the phone to talk to Redmond exactly as they tell you they will when you agree to it for basic services e.g. location services. The article itself is classic FUD with zero content. Read it again. And don't post AC.

Re:Hang on a minute

[swillden]

Strictly speaking, you DON'T have to have a Gmail account for any Android phone, only the ones with stock ROMs.

This is, perhaps, a bit pedantic, but you don't need a Gmail account even then. You need a Google account, but you can set up a Google account using any e-mail address. In general this is a distinction without a difference, since the only difference is Google is handling the e-mail, and you can always create a Gmail account that you don't use for e-mail.

Re:Hang on a minute

[cbhacking]

Strictly speaking, the Microsoft account is optional (you can choose "not at this time" when it asks you to sign in, and just never get around to actually doing so). You won't be able to access many of the phone's features until you sign in, but the basics (calls/messaging/voicemail/web browsing/taking pictures/accessing WiFi/running built-in apps like calculator/etc.) will work fine. You may even be able to add email accounts that will sync to the phone (I never tried) before setting it up.

The big problem is the lack of access to the app store. You can developer-unlock a phone that has no associated MS account, and then sideload some apps, but WP8 restricts sideloading a lot more than Android does so it's not really a viable option unless there's only a couple specific apps you need.

Re: Hang on a minute

This is why I gave up on Slashdot.

...

And don't post AC.

Sounds like you haven't given up on it at all. That's a pretty fanboyish attitude, hypocritical as it tries to be.

In other news....

[Ex-MislTech]

Snowden reveals that NSA reveals user opinions on corporations to said corporation
in great piece of Irony that taxpayers are paying to be spied on for corporations that
want to use the NSA as their private orwellian invasion of privacy.

Great irony there, getting the sheeple to pay to be spied on, bravo !!!

Orwell, Quigley, and Huxley were prophets...

Impeccable timing

... for such a FUD story - it is afterall MWC time.

My solution

Just buy a Jolla and get over it...
http://www.jola.com/

Lumia - not intentional

[maxrate]

If the 'leak' is true, I doubt it's intentional and they will correct. I have this phone and I've opted to have them back up my stuff, including SMSs, etc.

The US should extradite those pedos

Some Finnish pedos taking pornographic pictures of their own children with uncovered genitals in a beach setting? Better extradite them.

Re:The US should extradite those pedos

[koan]

One of the 4 horsemen of the infocalypse...

Four Horsemen of the Infocalypse: terrorists, pedophiles, drug dealers, and money launderers.

And that's how they take away your rights.

List of WP8 security and privacy fails

[WaffleMonster]

1. Find my phone option can't be opted out of there is no way to not have the device send location to Microsoft and still be able to use the device in even a remotely meaningful way.

2. It is not possible to not be complicit in Microsofts skyhook WiFi location mapping system.

3. When your device connects to a WiFi network it sends unique device identifiers in the clear over the network there is no way to stop it.

4. Wireless security 100% completely utterly insecure by design due to total failure of device to validate certificate chain.

5. Impossible for mortals to perform basic functions available as standard features on decades old "feature phones" such as contact synchronization without having to upload all of your contact information to Microsoft. My contacts are none of Microsoft's goddamn business.

Windows phone 8 is designed to violate your privacy at every turn while locking you into their curated app store.

Re:List of WP8 security and privacy fails

[Anomalyst]

Windows phone 8 is designed to violate your privacy at every turn while locking you into their curated app store.

How well is their cancer cure rated?
Can I still work on the C-123 I bought at a Military surplus auction and stay healthy?

Why do you keep callign them phones?

[koan]

They are tracking and data rape devices, with a phone built in... kind of like a clock in the stomach of a statue of Buddha.

Light on evidence, heavy on conjecture

[JamieKitson]

TFA reads like a gossip column. I see no evidence to back up any of the claims, in fact the claims themselves seem to be pretty woolly. There's no mention of what's being uploaded and why, could it be a backup option? Local search results, etc? As a Lumia user I would love to read an article by a techie with some experimental results. In fact if this is true I'm surprised that no one's done these tests already, it surely would have got out there by now.

Re:Light on evidence, heavy on conjecture

Maybe someone out there is so afraid Microsoft might actually start selling more WP phones with the looming 8.1 release, that they resort to an old Microsoft style tactic: FUD. As you said, there are zero links backing up the claims. If this article were on Wikipedia it would be nuked so fast the author's virtual head would spin for days.

The article seems to be targeting Nokia's practices and looping Microsoft into it by happenstance, but everyone in the tech world knows Microsoft is buying Nokia, so this is a backhanded way to claim Microsoft is doing this on purpose. There's even a paragraph that not-so-subtly implies Microsoft is happily doing this at the behest of the US government. Anyone with a clue knows that Microsoft, Google and Apple all fought the government to varying degrees over user data privacy. That's not to say the government doesn't already have all of the data from all Lumia devices, but if so they also have it from all iPhones and Android devices too.

My poor, neglected N900 is looking better and better lately...oh wait, Nokia made that too!

Apps stealing your data

Look at permissions requested by apps available for download. Many apps are requesting access to read and write SMS messages on your phone and read / write access to SD cards. Most apps would not need access to read and write SMS messages so why do they request access? Because people/companies pay for that type of information. It is sickening to think about how that data is or will be used.

Re:Apps stealing your data

[cbhacking]

I assume you're talking about Android... on WP8, third-party apps are not allowed to request write access to the SD card, or *any* access to SMS. (OEM apps, considered "second-party", are allowed to request SMS access which is useful for things like SMS blockers). Third-party developers can't even compile apps with those capabilities requested unless they modify their VS configuration files, can't install those apps to their phone unless they hacked the phone a bit, and if they try submitting those apps to the store Microsoft will reject them or at least strip out the restricted capabilities. Even if somehow they made it onto the store with those capabilities in place, people's phones wouldn't install the apps because they have capabilities that only OEMs (and Microsoft) are allowed to have, and the app wouldn't have an OEM signature.

It's actually kind of annoying. Independent developers are *extremely* restricted in what capabilities they are allowed to request for their WP apps.

Re:Apps stealing your data

What you call annoying, I call assurances that some app won't hijack my info, or worse, install a trojan that will do all sorts of nasty things to my phone or data. Windows Phone may be restricted on a level with iOS, but it's a valid choice for those who want a safer phone without Apple's ecosystem. Android is powerful, modular, open to a certain extent, and ubiquitous, but unfortunately all of those normally positive qualities lead to huge holes that hackers and scammers can use to steal your info or just plain fuck with you.

And I get that it's mostly a social engineering issue; almost no one reads the list of privacy violations they are presented with when installing Android apps. The malicious app makers are banking on that laziness. The fact that a Linux based mobile OS is the most susceptible by far to malware and hacking is quite simply pathetic, but that won't change unless Google chooses to change it. Given their track record with privacy, I doubt it will happen any time soon.

kdz

Oh dear, why am I not surprized?

"Lumia user accounts"
There are no Lumia user accounts only Microsoft accounts! Lumia devices = Windows Phone devices and WP devices are locked tight into M$ cloudspace no matter what brand or nomenclature used.

"did not violate Finnish privacy laws" ...which in essence shows how bad Finnish piracy laws are with regards to preserving consumers privacy data.

"...On one occasion a parent's Lumia account was closed without warning..." ...this is real problem here. That corporations do this WITHOUT warning! If corp. X don't like my data on their cloud they might as wel ASK POLITELY to remove the stuff. It's the least bit of respect you can have for your consumers. But it seems that all those companies, with all that communications-technology at their disposal, have severe problems communicating with their customers.

Perhaps we should ask ourselves: Do we really need a Microsoft in 2014?

Re:Oh dear, why am I not surprized?

[Kalriath]

Well, yes, I can imagine Finnish piracy laws don't do much to protect consumer privacy. It's a bit like trying to use murder legislation to prosecute someone for stealing a loaf of bread.

Scroogled!

[flabordec]

Did you know that when you buy an app in the Google Play Store, Google sends the neighborhood where you live to the app developers? That is why I prefer the Lumia phones with Windows, because Microsoft respects your privacy.

Also, Microsoft only wants to know your location so that they can protect you. If something were to happen to you they would send an SMS to people you trust (they would get their numbers from your SMS history) and they would send an ambulance to your location (that's the only reason they got it).

You see? Microsoft is actually amazing and really cares about your privacy! =D You can get more information about how Microsoft is totally not stealing your data at http://www.scroogled.com/

You can tell I am serious and trustwrothy because I am using a smiley face: =D

Re:So does this make Microsoft MicroScrooGoogled n

Shill.

Re: So does this make Microsoft MicroScrooGoogled

SQUIRREL!

Lumia 920 massive data usage...

SO I got a Lumia 920 when they first came out, but was stymied by the fact that AT&T kept billing me for about 11GB of data usage per month, even though the thing spent most of the day on my desk, in Wi-Fi, doing what I thought was "nothing". AT&T couldn't resolve. Nokia couldn't resolve. An email to Mr. Elops didn't help (he had some pseudo-tech try to help). After turning off pretty much anything on the phone that could be turned off (prevented from using over the air data), usage didn't drop. And of course we tried swapping phones. Same massive data use. So I switched to a Samsung Galaxy S3 and what-do-you-know, my monthly data use is often under 1 GB, and always under 2GB. With the same email accounts and even Facebook. I really wanted to try and packet sniff on the Lumia and see what the hell was transmitting... I should have, dammit.

Re:Lumia 920 massive data usage...

Bullshit, or else you had a defective phone with wifi issues. I've been using WP since late 2011 and I've never gone over 1GB of data use. I started out on an HTC WP7 device and now have a WP8 Lumia. The only time I break the 1GB barrier is when I do a lot of music streaming in my car. Even then, I never get above 2GB, because I'm always on wifi otherwise.

kdz