Slashdot Mirror
Test Version Windows 10 Includes Keylogger
wabrandsma writes From WinBeta: "One of the more interesting bits of data the company is collecting is text entered. Some are calling this a keylogger within the Windows 10 Technical Preview, which isn't good news. Taking a closer look at the Privacy Policy for the Windows Insider Program, it looks like Microsoft may be collecting a lot more feedback from you behind the scenes. Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage." This isn't the only thing Microsoft is collecting from Insider Program participants. According to the Privacy Policy, the company is collecting things like text inputted into the operating system, the details of any/all files on your system, voice input and program information.
I shall pray to my new overlord!!! How long till the goverment demands that data to protect our children from terrorists?
~^\-/^|-|^\-/^~ May the force be with me!
All your privacy are belong to us!
STASI style OS is spying on you.
It's an early test program. The entire reason that it exists is to see how people use it, whether the UI decisions make sense, and what the designers overlooked. It is not intended for normal use and it is not intended for production environments.
I am TheRaven on Soylent News
The article mentions that this 'feature' will be turned off once Windows 10 reaches broad distribution. Makes perfect sense actually
First you prove that the back door you've installed in the OS operates as expected. Then you sell key logger access to your user base on a case-by-case basis to the FBI, CIA, NSA or any other agency that is shaking big wads of cash in front of your nose while holding a 'keep it all secret' and 'get out of jail free' card for good measure (see various sections of the patriot act and other anti-terrorism, save-the-children, etc. legislation that have been aggressively 'interpreted').
Thus, encryption and other defensive measures are easily rendered useless as no AV system will detect a key logger 'feature' that is part of the operating system.
More profit for MS, less security for it's users. Brilliant.
The whole intent of this kind of program is to gather data as to how real world users are using the software. What applications are they loading, what settings are they changing, where do they get hung up, do things crash, etc. Bringing people into a focus group or lab setting isn't going to give the same results.
I'm sure MS has a whole regression test suite and a formal QE process that's going to give them some idea that there aren't egregious faults with what they are shipping, but that's not going to entirely cover the semi-random ways which a real human being is going to be using the OS. If someone using the software encounters a problem, it can send a more complete picture of what was going on if it has more data.
I'd expect that this will not be shipping in the real product.
Windows 7 + the NSA.
And that just relegated it to only ever being in a virtual machine, trapped in a cage where it belongs. Sorry MS, a key logger is a few steps too far even for a preview, sure monitor the hell out of it but a privacy destroying key logger is a few steps too far. It's a shame as it does look like a nice OS even caged.
Tell me what larger corporation concerned about information control is going to accept anything close to that?
Don't install the preview version for production purposes then.
This is telemetry from the preview version. You explicitly accept the telemetry when you join the preview program.
If a larger corporation does not like that, even for testing purposes, then they can simply wait for the final (RTM) version.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Windows is a great OS. What they're whining about is what a pre-alpha test version of the software collects. Test versions always deliver far more telemetry than would a retail release, as they should. Windows 10 right now is not for regular daily use or for consumers. It's purely about evaluation and helping designers test the new OS and improve it.
Some of this stuff will probably just concern the free Technical Preview, but there's still a clear trend of Microsoft turning Windows into a datamining platform. It started with Windows 8 where they try to get the user to log into their own computer with a Microsoft account. It seems to be only getting worse.
In Windows 10 you can choose not to use a Microsoft account - just like with Windows 8.
On top op that, Windows 10 will allow corporations to federate their own AD - which means that you will get the device-sync features *without* creating a Microsoft account.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
This is all speculation based on the privacy policy. To my knowledge no one has done any research to find out exactly what data. if any besides Crash Reports, Microsoft is actually collecting.
I would have no qualms about this practice if it were completely up front in it's entirety rather than have to read about it in a blog.
This is quote from the page where you agree to the terms of the preview program (this is the top text - the first you read):
Accept the Terms of Use and Privacy Statement
This should be the most boring step. Accept the Terms of Use and Privacy Statement and we can finish up your registration.
By accepting the Terms of Use and Privacy Statement, you agree that:
* The experimental and early prerelease software and services might not be fully tested.
* You might experience crashes, security vulnerabilities, data loss, or damage to your device.
* Your detailed usage and device data will automatically go to Microsoft and our partners to improve our products and services. See the Privacy Statement for more information.
* You will receive communications about the program and related promotions. Once you’ve joined the program, to stop receiving such communications you must leave the program.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
I don't know about you, but I don't think I could properly evaluate it if I had to avoid browsing to any website where I might need to enter a password, or unzip password-protected zip files, or, well, do anything that would involve me entering a password.
http://windows.microsoft.com/e...
For example, when you:
install the Program, we may collect information about your device and applications and use it for purposes such as determining or improving compatibility,
use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing,
open a file, we may collect information about the file, the application used to open the file, and how long it takes any use it for purposes such as improving performance, or
enter text, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features.
systemd is Roko's Basilisk.
If you read TFA, you'd notice the important bit that say "could include a keylogger", unlike that shitty title states.
Or you can download the ISO, enter the key (it's all over the net), and set up an entirely fake user account.
Well, now it is here too. The key is NKJFK-GPHP7-G8C3J-P6JXR-HQRJR. Microsoft is using this key for all W10TP installations.
The ISO can be grabbed from http://preview.windows.com/ by anyone who needs it.
It's the same key - there's only one. This is handy for people who didn't bother to write it down, screw up the install, and need to re-install without going "where did I put the **** key!" It's not like Microsoft is worried that people are going to pirate something that's free. Quite the contrary - they want to get it into as many hands as possible, since the preview is also a marketing tool.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
in Soviet Russia old joke makes fun of you!
Mod me down, my New Earth Global Warmingist friends!
Why would you want to use a testing version, if you're not willing to participate in the testing?
Conversely, why would any company want you to have access to a test version if you're not willing to participate in the testing?
Vintage computer games and RPG books available. Email me if you're interested.
This is TEST software.
I run test software all the time. Not a single one of them sends back all my keystrokes. Stop making asinine excuses for shitty behavior.
Write, compile and distribute code which bypasses integral security features in the software. What could go wrong?
Mod down people who tell people how to mod in their sigs
If it's a preview and they're using the same key for all the installations, why bother with a fucking key in the first place?
One thing that comes to mind is - perhaps they want to be sure their key logger is functioning properly. Having the user voluntarily type in a known string would do that.
#DeleteChrome
Watch out! Installing this version of Windows disables the recovery partition.
If it's a preview and they're using the same key for all the installations, why bother with a fucking key in the first place?
I'm sure the software phones home occasionally to validate the key. Once they reach commercial release (or maybe even the next major stage of development), they can revoke the key so folks can't just use this alpha release as a free copy of Windows.
I'll just install it on a computer with a BIOS that isn't Y2K compliant. My free copy of Windows 10 will last 86 years!
Get free satoshi (Bitcoin) and Dogecoins
I could get in big trouble for this, they made me sign an NDA but here's the pseudo-code:
function gatherTextData(field) {
if (field.type == "password") {
return ""
I think they've got a patent pending, it's pretty complicated stuff.
Then I would say we all have quite a lot to worry about. One small example many of us SSH into systems all day long and our passwords are not protected by your pseudo code there is no UI element explicitly marked password.
Anyway since your an insider with Microsoft you might want to have your team communicate algorithms and limits associated with collection activity clearly.
As it stands the only information publically available described in the privacy policy states:
"enter text, we may collect typed characters " it does not provide any qualifying limits of any kind on the *collection* activity although it does provide some qualification on *use* "and use them for purposes such as improving autocomplete and spellcheck features"
Why would you use a pre-alpha release of ANY os on your main computer?
So that you can do testing on the computer on which it will actually run. Normally you'd dual-boot the testing OS.
Or you can download the ISO, enter the key (it's all over the net), and set up an entirely fake user account.
But I can't log into any websites (etc.) while I'm using it, because Microsoft gets my keystrokes. So I can only perform superficial testing of that kind. I can't log into my actual network for the same reason.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
So what's your issue? It seems pretty clear.
The fact this is an unacceptable privacy violation is crystal clear.
Who's foolish enough to install a time-limited technical preview as their main OS? I put it in a VM.
That simply won't work. Aside from running old versions of SimCity, I don't really *need* Windows (and I can always run SimCity in an emulator or a virtual machine running my old copy of Win9x or WinXP).
It also won't pass muster with OEMs, who will have to explain to customers that while they're buying a computer, they have to pay a monthly fee for the OS. They'll just sell androidbooks instead.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.