Slashdot Mirror
A Breakdown of the Windows 10 Privacy Policy
WheezyJoe writes: The Verge has a piece on Windows 10 privacy that presents actual passages from the EULA and privacy policy that suggest what the OS is capturing and sending back to Microsoft. The piece takes a Microsoft-friendly point of view, arguing that all Microsoft is doing is either helpful or already being done either by Google or older releases of Windows, and also touches on how to shut things off (which is also explained here). But the quoted passages from the EULA and the privacy policy are interesting to review, particularly if you look out for legal weasel words that are open to Microsoft's interpretation, such as "various types (of data)", diagnostic data "vital" to the operation of Windows (cannot be turned off), sharing personal data "as necessary" and "to protect the rights or property of Microsoft". And while their explanations following the quotes may attempt an overly friendly spin, the article may be right about one thing: "In all, only a handful of these new features, and the privacy concerns they bring, are actually in fact new... Most people have just been either unaware or just did not care of their existence in past operating systems and software." Even pirates are having privacy concerns and blocking Windows 10 users.
... you just don't "know" you like it? They did this promotion where they sat old people in front of vista machines asked them to derp around on it and then asked them if they liked it... they all said they did... and MS basically said "everyone saying they don't like vista is wrong/a troll/ignorant/etc"... remember that?
Well... same thing seems to be happening again. Consumers are saying "we have problems with these features and we'd like them fixed"... and MS is again saying "I hear you saying you don't want it but I think you're just saying you want me to tell you about how great they are again until you change your mind.
No.
https://youtu.be/dROwEc4VyJA?t...
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
It's NOT FREE damnit, stop posting this nonsense.
Sent from Windows XP.
Posting anon for obvious reasons.
In a former life, there was some question about what and how far an org could go into customer data that was collected through remote telemetry or use of cloud services. A couple years ago, legal counsel informed us that we could capture, examine, and retain essentially any customer data, because any security-related review fell under the clauses about use of customer data for "enhancement of customer experience", to which the customer consented in the EULA. This is why some entities feel very free to capture any data they want from endpoint computers and effectively lie about it in marketing documents: because end-users consented to a free-for-all in the prior/overriding legal license.
Windows 10 Privacy = Oxymoron
Exactly how vital can they be if the fucking computer still works with no Internet connection?
If you're running automatic updates on 7 or 8 you already have the same "telemetry" components as well. Check for installation of 3035583, 2952664, 2976978, 3021917, 3044374, 2990214, 3022345, 3068708, all of which are windows 10 related components. It seems that the last two are the diagnostics/telemetry ones with the others having more questionable intent.
Microsoft describes these updates (https://support.microsoft.com/en-us/kb/3068708) as honoring the CEIP choice and only doing the spying if the user has opted in. At least at this time however the server that microsoft identifies (vortex-win.data.microsoft.com) will have active connections even on machines where the CEIP choice was set to opt-out.
I'm sure once this gets some more media attention Microsoft will claim that they're storing the data just in case you change your mind, and that they wouldn't think of abusing it until then.
Over twenty years ago there was a FreeBSD-hacker with the following signature: "Do not trust an operating system you don't have sources for".
Though I was then a fresh FreeBSD convert myself, the maxim seemed a little too radical to me... Not any more.
If you absolutely must use Windows, get a stripped-down variant via a Russian or Chinese torrent (there are reputable ones, which will not infect you). If you don't want to rob Microsoft, send them a check... But best is to just get an OS, for which sources are also available.
In Soviet Washington the swamp drains you.
I was gonna mod this but instead im going to reply. You go ahead and say whatever you want but the only user base that is going to go downward will be the webmasters sites that block windows 10. People are not going to switch to another OS just to use your site. I have never ever seen this happen once in all my years of tech support. Have a great day you gave me a much needed laugh.
In June, MS shipped a bunch of now-infamous "Telemetry Services" updates to Windows 7 and Windows 8/8.1. I forget what the exact Knowledge Base numbers are, but you can find them pretty easily. These updates were marked as "Important" in Windows Update, and actually have the same general description of "This update fixes some bugs and improves security" that they use for all updates if viewed in the Add/Remove Programs window.
The "Telemetry Update" has been proven to send information to MS, and cannot be controlled short of uninstalling the update and force-stopping the associated services. I was told that the "update" collects all of your keyboard input and ships it to MS for use in "improving" their Auto-Correct and Word Suggestion features, and I have no reason to believe otherwise.
I had to turn off Windows Update entirely on both of my machines in order to stop MS trying to ship this update after I uninstalled it, because it kept trying to push the update even when I specifically said not to install it.
"This water is only one degree hotter now than a few minutes ago," said the frog to his companions.
Microsoft, since its only product is software, has to go to great lengths to protect and extend that property base. "Extend" here is Googly data mining.
Apple, on the other hand, makes money by selling you the hardware. The protection is the physical ownership of the device. You might not believe Apple when it says "we don't want your personal information", but you have to respect that they're not depending on either data or software to make the great majority of their revenue.
This may not be a popular opinion, but I trust Microsoft more than Google, Apple -way more- than Microsoft, and the NSA more than any commercial company.
The article seems to only be telling half the story about previous versions of Windows and about sending data "critical" to the operation of Windows.
A. The Customer Experience Program could be opted out of.
B. Windows 10 only sends data "critical" to the operation of the system in the "basic" telemetry setting. It's funny how you can disable it in enterprise. I guess it must not be so critical, huh? I don't care what they do with home versions, but I take issue with not being able to do this in Pro. An individual cannot buy Enterprise.
C. It's not fair to compare this to Google. Google provides their products free of charge. Despite Microsoft giving out a free update, Windows is not free. You can purchase a retail copy. I'm sorry to criticize your apologist article, Verge, but these are issues that affect the company I work for. I don't care what you do with your personal computer; the government doesn't regulate that.
No, I think his point is more like "Never look a gift horse in the mouth while its trying to mount you." Or something like that.
so, it is keylogging feature. Great ...
File this under "what could possibly go wrong"
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
My computer is not a phone. We need to lock down phones not open up desktops. Otherwise there is no point to encryption at all.
Swiss Pirate Party initiated an inquiry into Windows 10 privacy policy.
The end result of which (if it does not pass Swiss scrutiny) would be an official recommendation to prohibit purchase.
Two articles I found since yesterday that contradict statements in the summary:
* previous versions of Windows now spy on you becuase of recent MS updates: http://www.hakspek.com/securit...
* They still spy on you after you turn the "features" off: http://arstechnica.com/informa...
No! This was explained over and over again, if you upgrade in the first year your Windows 7/8 key becomes a permanent Windows 10 key for that device. You won't have to install Windows 7/8 before installing Windows 10 again.
UPgrade, you moron. You upgrade from Windows 10 to Windows 7!
If you're running automatic updates on 7 or 8 you already have the same "telemetry" components as well.
No, I don't. You see, the great thing about still being on Windows 7 is that I'm not forced to install whatever user-hostile updates Microsoft deems necessary. So I didn't.
By the way, neither did a lot of other people. Many of the professionals I know have been "security updates only" for quite a long time, even on personal use machines rather than work ones. Plenty more joined the fold recently after the Win10 nag message update.
It frustrates me that the casual press keep repeating the dogma that the forced updates in Windows 10 are a good thing because security experts recommend applying all patches immediately or similar, as if Microsoft hasn't been pushing non-security updates for years.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
'It's okay, it's already being done by Google' is NOT reassuring! D:
All this talk about Windows made me rediscover Linux. Tried out latest Mint and was really pleasantly surprised by how well polished the thing is overall. Everything worked right from Live CD. Things that I could never get to work on Ubuntu even a year ago. Bluetooth speaker just connected, Android phone didn't make any components die a quiet death. Skype. All menus are reasonably laid out. Configurations work. Started being productive on it just after two hours of installation/configuration. Breath of fresh air.
Look under Settings/Privacy
There is a switch, which reads 'Send Microsoft info about how I write to help us improve typing and writing in the future'
This the collection of keystroke data. They can do anything they want with this. Definitely makes it even more creepy to log in to someplace else on a Windows 10 box.
Another thing which is standard practice is to list all kinds of serious and unlikely reasons they'll use your data, followed by 'or any other legal purpose' which does not mean for some 'legal' matter, which it's meant to sound like, but for ANY purpose which is not SPECIFICALLY ILLEGAL. Which means anything.
You can turn off the keystroke thing, but Microsoft routinely resets preferences, including privacy preferences, when you run an update. So you have to keep checking it and make sure it's off. However, I doubt very much if it matters. You're sending EVERYTHING to Microsoft and they can use it for any purpose.
Move along, nothing to see here. Microsoft has been trying to get their hooks into everybody just like Google and Facebook. If people don't care about their privacy and allow this kind of data collection in the name of "quality" and "focusing search results and ads.." "blah blah" we'll all become human centipads.
No, don't move on, don't ignore this stuff. Doesn't matter if it's been going on before, it's wrong and is starting to get very bad. We need to be taking a firm stance against this sort of stuff.
I guess maybe you are cool with it because they pay you a fee or something, but I, like other people, are not cool with it.
Be seeing you...
The Swiss data protection agency is now investigating windows 10's data sharing.
(Link in French) http://www.lematin.ch/economie/berne-lance-procedure-concernant-windows-10/story/29192122
No, I think his point is that Windows XP and Vista users aren't eligible to upgrade to 10 for free. And now I've explained the joke and it's no longer funny.
Microsoft stores your hardware configuration on their servers as a hash after the free upgrade to Windows 10. After that you can clean install any time you want as long as you have the same motherboard. They call this hardware based digital entitlement. I've already done a clean install of Windows 10 and it activated within a few minutes. When installing cleanly make sure to click on "skip" then it asks for a product key or the install will be borked. Even when MS makes things simple they overly complicate them.
you've clearly never had to deal with people complaining that their Facebook doesn't work.
Don't try explaining to them that their browser is what's broken, not the website (for various measures of "broken"), they don't give a fuck at the wire gauge used in their talking toaster. They cannot and will not even try to differentiate between hardware and software, cached content and streaming, Telepresence (the Cisco brand) and Skype (the Microsoft brand). Wilful ignorance is the bliss of the average end user for which there is no cure and keeps we nerds in work.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
Remove the following updates (if installed already)
KB971033 Description of the update for Windows Activation Technologies
KB2952664 Compatibility update for upgrading Windows 7
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
KB3021917 Update for Windows Customer Experience Improvement Program
KB3022345 Update for customer experience and diagnostic telemetry
KB3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows
KB3068708 Update for customer experience and diagnostic telemetry
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
KB3080149 (update for CEIP and telemetry)
---
run cmd as administrator
sc stop Diagtrack
sc delete Diagtrack
*Task Scheduler Library:
Everything under "Application Experience"
Everything under "Autochk"
Everything under "Customer Experience Improvement Program"
Under "Disk Diagnostic" only the "Microsoft-Windows-DiskDiagnosticDataCollector"
Under "Maintenance" "WinSAT"
"Media Center" and click the "status" column, then select all non-disabled entries and disable them.
*services.msc:
"Remote Registry" to "Disabled" instead of "Manual".
Get a packet sniffer on Windows ten. You can't run calculator without MS knowing.
Seriously. Try it. Every time you run any of the new-style apps, including calculator or the image preview, it opens up a brief encrypted TCP connection to a MS licensing server. I have a video: https://www.youtube.com/watch?...
Just ignore the bit about photoDNA at the end - that was a theory on my part that I've now determined is unlikely. It's not actually reporting on images, it's reporting on every time the image previewer is loaded. Or calculator, or sound recorder, or quite a few other things. I'm not sure that's much better.
I had quite a bit of fun at the weekend with wireshark seeing just what a freshly-upgraded no-software-installed Windows 10 reports, after setting every privacy option I could find to private. The answer is pretty much everything. Even if you disable searching from the start menu, it still executes the search - it just doesn't display the results. It fetches updates for the default tiles on the start menu (weather and news) even after you remove the tiles. It establishes mysterious TLS connections frequently that I can't identify the purpose of - some of them might be checking for updates, but I doubt it check for upgrades every few minutes.
Don't trust in my paranoia. Install wireshark and look for yourself.
The good news is that Windows 10 firewall can be made to block almost everything with a deny rule and a list of IP ranges. The bad news is that it's quite tricky to do so without also blocking windows update, Bing, the Windows store (No great loss) and I suspect a few Azure hosts.
Actually Windows 10 is a lot more modern than 7.
Power wise there is a HUGE difference between 8.1/10 vs 7 on a laptop. Like double the battery life as MS has tweaked the kernel and services to be more mobile friendly.
Windows 7 was awesome and finally good similar to Windows 2000 in my opinion. However, it is dated now after 6 years. It's EFI mode is terrible and you need to go into the bios and disable it or put on CSM (compability support module) and emulate 1981 technology via the bios to get it to work?!
You can't have more than 4 primary partitions without a hack and more than 2 TB due to 1981 bios technology required. Some new pcs will let you use UEFI partitions via emulated drivers.
It boots slow due to bios limitations and CSM options. With it off on 8 and later your pc will boot in freaking seconds!
Security is much improved. Windows 7 scrambles ram so no injections without guessing where the other .dll files are running as administrator ... however you can still guess with a workaround :-( Windows 10 uses a better algorithm. Windows 10 has secure boot to prevent rootkits. Windows 10 has a better kernel level sandbox for IE, Chrome, and other apps to use and more separation of privileges.
With Onedrive and cloud all my settings are synced with my surface and desktop and Office defaults to save it on Onedrive which means I get all my copies on my Android phone, surface tablet, and pc.
Only problem with 8/10 I see is I find it ugly :-) I am typing this on 8.1 as I needed Hyper-V so 7 had to go. I got used to the lack of aero. Being flat is the new thing regardless of OS as every OS on the planet is following this new thing of turning it into a cell phone. Windows 10 update 1 redstone will have the option to change colors again for the title bar thankfully which I find ridiculous.
Other than that yes it is an upgrade and 7 feels and looks pretty dated now with its skuemorphic UI and slow speeds and bios dependencies.
No I am not a fanboy as I do not have 10 yet due to hyper-V being too different for my exams I am studying for (server 2012) so I am waiting until the holidays to upgrade. I am just saying if you need office work done and a few win32 apps Windows 10 is certainly an upgrade over 7 even if I like the look and simplicity of its UI. I could go on too from a technical viewpoint on using dism /online /cleanup-image /restorehealth instead of doing a re-image but that is another topic
http://saveie6.com/
Way to jeopardize the Net as a whole by teaching people to turn off and never trust updates again.
Go fuck yourself, Microsoft. Fucking idiots.
Excuse #1 - Google, Apple..etc are doing it too. This is what 5 year old children say when they get caught doing something they know they shouldn't while their brother (Google) or sister (Apple) does not (this time). If you don't understand why this is a completely nonsensical position try following defense in court.. "yes your honor ... I was drinking and driving but everyone else I was with did it too so its ok."... Go ahead...see what happens.
Excuse #2 - ALL of your data is necessary to provide a feature. Examples like Siri, Cortana, Google voice are often paraded around. They need to rummage through your address book to know who "Frankenstein" is before they can call ... Need to know what's in your calendar and where you are at...right? Well no... your "Intelligent Agent" needs to know. There isn't any reason said agent can't execute locally and provide the same services if user prefers not to upload a list of all of their acquaintances and agendas to Microsoft. These systems are architected the way they are because spying is profitable not because they maximize value to end users. Your phone can know your at the florist without sending your location to Microsoft. Your phone can remind you to pick up flowers when you call someone. It isn't impractical or unrealistic to implement. It just isn't profitable.
Excuse #3 - Browser information leaks... Chrome, Firefox, IE keep thinking up new excuses with mostly negative to users to get a piece of everything you are doing with every revision. Some of this shit is offensive blatant one finger salute ...Sending your searches to bing even when you don't use bing.... Uploading your browsing history to Microsoft...there is no rational excuse for this and I can't believe anything approaching a majority of people want this to happen by "default" for any reason.
Excuse #4 - You can turn it off - Coupled with intentional UX design blurring demarcation between local and internet promoting accidental leakage and turns the leakage spigot to 11 by default knowing most users won't know, care or understand enough to change settings which increasingly are ultimatums or don't actually stop data leakage they purport to stop. Now the pot is really starting to heat up... Now Microsoft is retroactively saying fuck you people we will collect shit and there is nothing you can do about it. That they have the gall to say this to their *customers* I personally find amazing.
--
"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary."
From a meta point of view, what is really happening? If nothing else, there is some kind of breakdown between reasonable expectations of people who use Windows and the actions of Microsoft. Aside from particulars of what exactly is being or not being collected, Microsoft handled this poorly by not anticipating that many people are rightfully highly sensitive to data collection/telemetry/tracking issues, and the fact that it is being disclosed only via EULA legalese doublespeak only damages the situation by orders of magnitude.
Microsoft needs to have a press conference and set up a special page for users concerned about privacy and who want to know more about telemetry/tracking. You do not address users' concerns by blowing them off, but by engaging them.
In this day and age it is reasonable to expect that a complex system such as an OS actually needs to communicate with central servers for reasons related to routine the operation of the system. But what are those routine things?
All we get from EULA's is BS.
Microsoft,
You failed at the one job you had to do. You need to have people to trust your OS. That is all. But you couldn't resist and loaded it with spyware and possible government back-doors. There is not a corporate account who will even consider this OS now.
I guess the even-number-windows-versions-are-crap rule continues.
Point 6: a whole bunch of semi-colon separated statements with no joining words. Does it mean they'll share the data when required by law, to protect themselves, security of the systems etc. Or do they connect them with ors: required by law, or "we want to" or ... ?
I'm fairly pro-MS and yeah I found this over the top biased towards MS "It's pretty clearly laid out this time. Reiterating it would only serve to be redundant." an ~10 line sentence connected with semi-colons is pretty far from "clearly laid out" to me.
...somebody admitting that Window 10's privacy policy is having a breakdown.
Really? You are comparing Gnome 3/kde 4.x to a modern working start menu?
I'm not comparing Gnome3 to anything; Gnome3 sucks. KDE has a proper "modern" start menu, it's the way the Windows start menu should have been all along. The "menu" (which isn't a menu at all) in Metro is bullshit.
Is it crap because it is inferior?
Yes. It's absolute garbage. It's ugly, it's confusing, it even has two separate control panels for some stupid reason (there's a metro control panel, but it doesn't have much stuff in it, so you have to go find the hidden Win7-style control panel to actually change things). There is nothing good about it. It's obviously designed for tablets, but I'm not using a tablet. And if I were, it'd still be ugly as hell. WTF is with the ugly graphics and colors? It's like the Pontiac Aztek of UIs.
These applets you hate you do not have to use.
You still have to use the Metro interface any time you click on "start", unless you install some 3rd-party workaround software.