Slashdot Mirror
A Breakdown of the Windows 10 Privacy Policy
WheezyJoe writes: The Verge has a piece on Windows 10 privacy that presents actual passages from the EULA and privacy policy that suggest what the OS is capturing and sending back to Microsoft. The piece takes a Microsoft-friendly point of view, arguing that all Microsoft is doing is either helpful or already being done either by Google or older releases of Windows, and also touches on how to shut things off (which is also explained here). But the quoted passages from the EULA and the privacy policy are interesting to review, particularly if you look out for legal weasel words that are open to Microsoft's interpretation, such as "various types (of data)", diagnostic data "vital" to the operation of Windows (cannot be turned off), sharing personal data "as necessary" and "to protect the rights or property of Microsoft". And while their explanations following the quotes may attempt an overly friendly spin, the article may be right about one thing: "In all, only a handful of these new features, and the privacy concerns they bring, are actually in fact new... Most people have just been either unaware or just did not care of their existence in past operating systems and software." Even pirates are having privacy concerns and blocking Windows 10 users.
... you just don't "know" you like it? They did this promotion where they sat old people in front of vista machines asked them to derp around on it and then asked them if they liked it... they all said they did... and MS basically said "everyone saying they don't like vista is wrong/a troll/ignorant/etc"... remember that?
Well... same thing seems to be happening again. Consumers are saying "we have problems with these features and we'd like them fixed"... and MS is again saying "I hear you saying you don't want it but I think you're just saying you want me to tell you about how great they are again until you change your mind.
No.
https://youtu.be/dROwEc4VyJA?t...
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
It's NOT FREE damnit, stop posting this nonsense.
Sent from Windows XP.
Posting anon for obvious reasons.
In a former life, there was some question about what and how far an org could go into customer data that was collected through remote telemetry or use of cloud services. A couple years ago, legal counsel informed us that we could capture, examine, and retain essentially any customer data, because any security-related review fell under the clauses about use of customer data for "enhancement of customer experience", to which the customer consented in the EULA. This is why some entities feel very free to capture any data they want from endpoint computers and effectively lie about it in marketing documents: because end-users consented to a free-for-all in the prior/overriding legal license.
Exactly how vital can they be if the fucking computer still works with no Internet connection?
If you're running automatic updates on 7 or 8 you already have the same "telemetry" components as well. Check for installation of 3035583, 2952664, 2976978, 3021917, 3044374, 2990214, 3022345, 3068708, all of which are windows 10 related components. It seems that the last two are the diagnostics/telemetry ones with the others having more questionable intent.
Microsoft describes these updates (https://support.microsoft.com/en-us/kb/3068708) as honoring the CEIP choice and only doing the spying if the user has opted in. At least at this time however the server that microsoft identifies (vortex-win.data.microsoft.com) will have active connections even on machines where the CEIP choice was set to opt-out.
I'm sure once this gets some more media attention Microsoft will claim that they're storing the data just in case you change your mind, and that they wouldn't think of abusing it until then.
worst advice ever
-]Phreak Out[-
Microsoft, since its only product is software, has to go to great lengths to protect and extend that property base. "Extend" here is Googly data mining.
Apple, on the other hand, makes money by selling you the hardware. The protection is the physical ownership of the device. You might not believe Apple when it says "we don't want your personal information", but you have to respect that they're not depending on either data or software to make the great majority of their revenue.
This may not be a popular opinion, but I trust Microsoft more than Google, Apple -way more- than Microsoft, and the NSA more than any commercial company.
No, I think his point is more like "Never look a gift horse in the mouth while its trying to mount you." Or something like that.
Swiss Pirate Party initiated an inquiry into Windows 10 privacy policy.
The end result of which (if it does not pass Swiss scrutiny) would be an official recommendation to prohibit purchase.
Two articles I found since yesterday that contradict statements in the summary:
* previous versions of Windows now spy on you becuase of recent MS updates: http://www.hakspek.com/securit...
* They still spy on you after you turn the "features" off: http://arstechnica.com/informa...
No! This was explained over and over again, if you upgrade in the first year your Windows 7/8 key becomes a permanent Windows 10 key for that device. You won't have to install Windows 7/8 before installing Windows 10 again.
The advice is to use a possibly compromised operating system over a guaranteed compromised operating system.
Do you have a better suggestion for those who has to use windows?
Nice try Putin.
UPgrade, you moron. You upgrade from Windows 10 to Windows 7!
All this talk about Windows made me rediscover Linux. Tried out latest Mint and was really pleasantly surprised by how well polished the thing is overall. Everything worked right from Live CD. Things that I could never get to work on Ubuntu even a year ago. Bluetooth speaker just connected, Android phone didn't make any components die a quiet death. Skype. All menus are reasonably laid out. Configurations work. Started being productive on it just after two hours of installation/configuration. Breath of fresh air.
Look under Settings/Privacy
There is a switch, which reads 'Send Microsoft info about how I write to help us improve typing and writing in the future'
This the collection of keystroke data. They can do anything they want with this. Definitely makes it even more creepy to log in to someplace else on a Windows 10 box.
Another thing which is standard practice is to list all kinds of serious and unlikely reasons they'll use your data, followed by 'or any other legal purpose' which does not mean for some 'legal' matter, which it's meant to sound like, but for ANY purpose which is not SPECIFICALLY ILLEGAL. Which means anything.
You can turn off the keystroke thing, but Microsoft routinely resets preferences, including privacy preferences, when you run an update. So you have to keep checking it and make sure it's off. However, I doubt very much if it matters. You're sending EVERYTHING to Microsoft and they can use it for any purpose.
Microsoft stores your hardware configuration on their servers as a hash after the free upgrade to Windows 10. After that you can clean install any time you want as long as you have the same motherboard. They call this hardware based digital entitlement. I've already done a clean install of Windows 10 and it activated within a few minutes. When installing cleanly make sure to click on "skip" then it asks for a product key or the install will be borked. Even when MS makes things simple they overly complicate them.
Remove the following updates (if installed already)
KB971033 Description of the update for Windows Activation Technologies
KB2952664 Compatibility update for upgrading Windows 7
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
KB3021917 Update for Windows Customer Experience Improvement Program
KB3022345 Update for customer experience and diagnostic telemetry
KB3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows
KB3068708 Update for customer experience and diagnostic telemetry
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
KB3080149 (update for CEIP and telemetry)
---
run cmd as administrator
sc stop Diagtrack
sc delete Diagtrack
*Task Scheduler Library:
Everything under "Application Experience"
Everything under "Autochk"
Everything under "Customer Experience Improvement Program"
Under "Disk Diagnostic" only the "Microsoft-Windows-DiskDiagnosticDataCollector"
Under "Maintenance" "WinSAT"
"Media Center" and click the "status" column, then select all non-disabled entries and disable them.
*services.msc:
"Remote Registry" to "Disabled" instead of "Manual".
Get a packet sniffer on Windows ten. You can't run calculator without MS knowing.
Seriously. Try it. Every time you run any of the new-style apps, including calculator or the image preview, it opens up a brief encrypted TCP connection to a MS licensing server. I have a video: https://www.youtube.com/watch?...
Just ignore the bit about photoDNA at the end - that was a theory on my part that I've now determined is unlikely. It's not actually reporting on images, it's reporting on every time the image previewer is loaded. Or calculator, or sound recorder, or quite a few other things. I'm not sure that's much better.
I had quite a bit of fun at the weekend with wireshark seeing just what a freshly-upgraded no-software-installed Windows 10 reports, after setting every privacy option I could find to private. The answer is pretty much everything. Even if you disable searching from the start menu, it still executes the search - it just doesn't display the results. It fetches updates for the default tiles on the start menu (weather and news) even after you remove the tiles. It establishes mysterious TLS connections frequently that I can't identify the purpose of - some of them might be checking for updates, but I doubt it check for upgrades every few minutes.
Don't trust in my paranoia. Install wireshark and look for yourself.
The good news is that Windows 10 firewall can be made to block almost everything with a deny rule and a list of IP ranges. The bad news is that it's quite tricky to do so without also blocking windows update, Bing, the Windows store (No great loss) and I suspect a few Azure hosts.
Excuse #1 - Google, Apple..etc are doing it too. This is what 5 year old children say when they get caught doing something they know they shouldn't while their brother (Google) or sister (Apple) does not (this time). If you don't understand why this is a completely nonsensical position try following defense in court.. "yes your honor ... I was drinking and driving but everyone else I was with did it too so its ok."... Go ahead...see what happens.
Excuse #2 - ALL of your data is necessary to provide a feature. Examples like Siri, Cortana, Google voice are often paraded around. They need to rummage through your address book to know who "Frankenstein" is before they can call ... Need to know what's in your calendar and where you are at...right? Well no... your "Intelligent Agent" needs to know. There isn't any reason said agent can't execute locally and provide the same services if user prefers not to upload a list of all of their acquaintances and agendas to Microsoft. These systems are architected the way they are because spying is profitable not because they maximize value to end users. Your phone can know your at the florist without sending your location to Microsoft. Your phone can remind you to pick up flowers when you call someone. It isn't impractical or unrealistic to implement. It just isn't profitable.
Excuse #3 - Browser information leaks... Chrome, Firefox, IE keep thinking up new excuses with mostly negative to users to get a piece of everything you are doing with every revision. Some of this shit is offensive blatant one finger salute ...Sending your searches to bing even when you don't use bing.... Uploading your browsing history to Microsoft...there is no rational excuse for this and I can't believe anything approaching a majority of people want this to happen by "default" for any reason.
Excuse #4 - You can turn it off - Coupled with intentional UX design blurring demarcation between local and internet promoting accidental leakage and turns the leakage spigot to 11 by default knowing most users won't know, care or understand enough to change settings which increasingly are ultimatums or don't actually stop data leakage they purport to stop. Now the pot is really starting to heat up... Now Microsoft is retroactively saying fuck you people we will collect shit and there is nothing you can do about it. That they have the gall to say this to their *customers* I personally find amazing.
--
"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary."
From a meta point of view, what is really happening? If nothing else, there is some kind of breakdown between reasonable expectations of people who use Windows and the actions of Microsoft. Aside from particulars of what exactly is being or not being collected, Microsoft handled this poorly by not anticipating that many people are rightfully highly sensitive to data collection/telemetry/tracking issues, and the fact that it is being disclosed only via EULA legalese doublespeak only damages the situation by orders of magnitude.
Microsoft needs to have a press conference and set up a special page for users concerned about privacy and who want to know more about telemetry/tracking. You do not address users' concerns by blowing them off, but by engaging them.
In this day and age it is reasonable to expect that a complex system such as an OS actually needs to communicate with central servers for reasons related to routine the operation of the system. But what are those routine things?
All we get from EULA's is BS.