Slashdot Mirror
Test Version Windows 10 Includes Keylogger
wabrandsma writes From WinBeta: "One of the more interesting bits of data the company is collecting is text entered. Some are calling this a keylogger within the Windows 10 Technical Preview, which isn't good news. Taking a closer look at the Privacy Policy for the Windows Insider Program, it looks like Microsoft may be collecting a lot more feedback from you behind the scenes. Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage." This isn't the only thing Microsoft is collecting from Insider Program participants. According to the Privacy Policy, the company is collecting things like text inputted into the operating system, the details of any/all files on your system, voice input and program information.
I shall pray to my new overlord!!! How long till the goverment demands that data to protect our children from terrorists?
~^\-/^|-|^\-/^~ May the force be with me!
All your privacy are belong to us!
It's an early test program. The entire reason that it exists is to see how people use it, whether the UI decisions make sense, and what the designers overlooked. It is not intended for normal use and it is not intended for production environments.
I am TheRaven on Soylent News
The article mentions that this 'feature' will be turned off once Windows 10 reaches broad distribution. Makes perfect sense actually
First you prove that the back door you've installed in the OS operates as expected. Then you sell key logger access to your user base on a case-by-case basis to the FBI, CIA, NSA or any other agency that is shaking big wads of cash in front of your nose while holding a 'keep it all secret' and 'get out of jail free' card for good measure (see various sections of the patriot act and other anti-terrorism, save-the-children, etc. legislation that have been aggressively 'interpreted').
Thus, encryption and other defensive measures are easily rendered useless as no AV system will detect a key logger 'feature' that is part of the operating system.
More profit for MS, less security for it's users. Brilliant.
And that just relegated it to only ever being in a virtual machine, trapped in a cage where it belongs. Sorry MS, a key logger is a few steps too far even for a preview, sure monitor the hell out of it but a privacy destroying key logger is a few steps too far. It's a shame as it does look like a nice OS even caged.
Tell me what larger corporation concerned about information control is going to accept anything close to that?
Don't install the preview version for production purposes then.
This is telemetry from the preview version. You explicitly accept the telemetry when you join the preview program.
If a larger corporation does not like that, even for testing purposes, then they can simply wait for the final (RTM) version.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Windows is a great OS. What they're whining about is what a pre-alpha test version of the software collects. Test versions always deliver far more telemetry than would a retail release, as they should. Windows 10 right now is not for regular daily use or for consumers. It's purely about evaluation and helping designers test the new OS and improve it.
This is all speculation based on the privacy policy. To my knowledge no one has done any research to find out exactly what data. if any besides Crash Reports, Microsoft is actually collecting.
I would have no qualms about this practice if it were completely up front in it's entirety rather than have to read about it in a blog.
This is quote from the page where you agree to the terms of the preview program (this is the top text - the first you read):
Accept the Terms of Use and Privacy Statement
This should be the most boring step. Accept the Terms of Use and Privacy Statement and we can finish up your registration.
By accepting the Terms of Use and Privacy Statement, you agree that:
* The experimental and early prerelease software and services might not be fully tested.
* You might experience crashes, security vulnerabilities, data loss, or damage to your device.
* Your detailed usage and device data will automatically go to Microsoft and our partners to improve our products and services. See the Privacy Statement for more information.
* You will receive communications about the program and related promotions. Once you’ve joined the program, to stop receiving such communications you must leave the program.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
I don't know about you, but I don't think I could properly evaluate it if I had to avoid browsing to any website where I might need to enter a password, or unzip password-protected zip files, or, well, do anything that would involve me entering a password.
http://windows.microsoft.com/e...
For example, when you:
install the Program, we may collect information about your device and applications and use it for purposes such as determining or improving compatibility,
use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing,
open a file, we may collect information about the file, the application used to open the file, and how long it takes any use it for purposes such as improving performance, or
enter text, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features.
systemd is Roko's Basilisk.
If you read TFA, you'd notice the important bit that say "could include a keylogger", unlike that shitty title states.
Or you can download the ISO, enter the key (it's all over the net), and set up an entirely fake user account.
Well, now it is here too. The key is NKJFK-GPHP7-G8C3J-P6JXR-HQRJR. Microsoft is using this key for all W10TP installations.
The ISO can be grabbed from http://preview.windows.com/ by anyone who needs it.
It's the same key - there's only one. This is handy for people who didn't bother to write it down, screw up the install, and need to re-install without going "where did I put the **** key!" It's not like Microsoft is worried that people are going to pirate something that's free. Quite the contrary - they want to get it into as many hands as possible, since the preview is also a marketing tool.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
in Soviet Russia old joke makes fun of you!
Mod me down, my New Earth Global Warmingist friends!
Why would you want to use a testing version, if you're not willing to participate in the testing?
Conversely, why would any company want you to have access to a test version if you're not willing to participate in the testing?
Vintage computer games and RPG books available. Email me if you're interested.
Watch out! Installing this version of Windows disables the recovery partition.
I could get in big trouble for this, they made me sign an NDA but here's the pseudo-code:
function gatherTextData(field) {
if (field.type == "password") {
return ""
I think they've got a patent pending, it's pretty complicated stuff.
Then I would say we all have quite a lot to worry about. One small example many of us SSH into systems all day long and our passwords are not protected by your pseudo code there is no UI element explicitly marked password.
Anyway since your an insider with Microsoft you might want to have your team communicate algorithms and limits associated with collection activity clearly.
As it stands the only information publically available described in the privacy policy states:
"enter text, we may collect typed characters " it does not provide any qualifying limits of any kind on the *collection* activity although it does provide some qualification on *use* "and use them for purposes such as improving autocomplete and spellcheck features"