ZDNet Writer Downplays Windows 10's Phoning-Home Habits

jones_supa writes: Gordon F. Kelly of Forbes whipped up a frenzy over Windows 10 when a Voat user found out in a little experiment that the operating system phones home thousands of times a day. ZDNet's Ed Bott has written a follow-up where he points out how the experiment should not be taken too dramatically. 602 connection attempts were to 192.168.1.255 using UDP port 137, which means local NetBIOS broadcasts. Another 630 were DNS requests. Next up was 1,619 dropped connection attempts to address 94.245.121.253, which is a Microsoft Teredo server. The list goes on with NTP, random HTTP requests, and various cloud hosts which probably are reached by UWP apps. He summarizes by saying that a lot of connections are not at all about telemetry. However, what kind of telemetry and data-mined information Windows specifically sends still remains largely a mystery; hopefully curious people will do analysis on the operating system and network traffic sent by it.

Microsoft apps it!

The list goes on with NTP, random HTTP requests, and various cloud hosts which probably are reached by UWP apps.

See? Microsoft knows that ONLY apps can app apps, which is why these apps are apping other apps while apping apps!

Apps!

Re:Microsoft apps it!

[Killall+-9+Bash]

See? ZDnet knows that only HTTP uses port 80, and HTTP traffic only flows one way.

What about

[NotInHere]

Adding [forbes.com] to forbes links on the front page?

Re:What about

Comments do it. Stories should too. That's a good idea.

Re: What about

[jxander]

Have you been to that sure recently? Conveniently forgetting to link it is an act if kindness.

Re: What about

[jxander]

Site*

Hey new ownership ... How about a preview function for mobile.

Re:What about

[BitZtream]

Thats probably a violation of the slashdot contract with Forbes.

Also amusing is that this article doesn't show the link next to the headline ...

I'd blame the new owners, but this is another timothy story, so you just have to assume its because he's a fucking idiot.

Not only am I bothred by the phone-home,

I am bothered by the explicit policy of tracking everything I do within my OS. That is the real issue. That is why I am leaving Windows forever.

Re:Not only am I bothred by the phone-home,

Bye.

Re:Not only am I bothred by the phone-home,

[BarbaraHudson]

And what business is of theirs what software I'm running and how often I'm using it? It's not their computer. Also, the article writer attempted to minimize the consequences by saying that you can greatly limit the amount of requests in Windows Enterprise. The majority of users are not using the Enterprise edition.

What an obvious apologist/shill.

Re:Not only am I bothred by the phone-home,

[Austerity+Empowers]

Let's even assume these are benign and not conveying any big brother information at all (which I doubt). What are these things doing and why? Don't spin it, explain it.

DNS - Well understood network fundamental (for most of us, anyway)
NetBIOS - Well understood network fundamental (mostly)
NTP - Well understood, totally optional

Spurious HTTP accesses by "probably UWP apps"? That's probably not ok, more info required.
Attempts to access a Microsoft Teredo server (and sometimes failing)? That sounds broken, turn it off.
Various cloud hosts? That's probably not ok, more info required.

That the machine is making unbidden accesses to the network at large without asking me is wrong (and OS X and most Linux distros do some of this too, although in the latter cast it is USUALLY to an update server, which I would approve but should have been asked first).

Re:Not only am I bothred by the phone-home,

[Lunix+Nutcase]

Attempts to access a Microsoft Teredo server (and sometimes failing)? That sounds broken, turn it off.

They were failing because the person doing this test made it impossible for Windows 10 to reach it.

Re:Not only am I bothred by the phone-home,

[Alumoi]

Gotcha!
The telemetry means only basic things like how many times you have started specific UWP apps, visited a specific site, emailed a specific person, listened to a specific melody, watched a specific movie and so on.
Hey, if you've got nothing to fear you've got nothing to hide, rigt?

Re:Not only am I bothred by the phone-home,

[F.Ultra]

True that Ubuntu did it by default before (they have since disabled it) but you could easily disable it via the GUI settings. I disabled it and unless I actively do something with the network like surf the web with Firefox or stream music then a "sudo tcpdump -nvpi eth0" on my Ubuntu shows absolutely no connection attemps from my machine what so ever, all that I see is some other machine on the network sending broadcast ARP requests for the MAC of the defautl gateway.

f.ultra@ubuntu:~$ sudo tcpdump -nvpi eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:49:51.946496 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:49:53.996275 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:49:56.054219 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:49:58.136104 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:00.221756 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:02.276667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:04.353056 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:06.431986 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:08.520302 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:10.584220 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:12.625328 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:14.712258 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:16.782389 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:18.856272 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46

And it goes on and on like that for hours, so no most Linux distros does not do some of this too.

Re:Not only am I bothred by the phone-home,

[bfpierce]

It's their business for as long as you use the software I suppose. It's free so you're not out of any money by rolling it back.

Re:Not only am I bothred by the phone-home,

[Anon-Admin]

Ok, so Windows == Microsoft owns the OS and can collect anything they want about you and your computer.

Linux == Free and no one gives a shit what you run on it. It is your computer and your OS to do with as YOU see fit.

Got it!

Re:Not only am I bothred by the phone-home,

[The-Ixian]

Yeah, and when I read about this test for the first time this was my criticism exactly.

If you have a machine that is phoning home, you are only going to generate more connections as the software re-queues and retries the failed connections.

If you want to do a real analysis, you would allow all the connections and count/trace those.

To block everything and then count/trace, you are being inaccurate at best and disingenuous at worst.

Re:Not only am I bothred by the phone-home,

[Ravaldy]

And what business is of theirs what software I'm running and how often I'm using it?

It is their business when their business depends on it. The common complaints users have with Windows have led them there. The large amount of hardware, software variations coupled with the different user types makes it difficult to have something universal that just works 100% of the time.

My only beef with them is that they won't tell us what they collect and what are the triggers. I'm all for letting them grab data on my usage and the condition of my system. After all, it's in my best interest to help them improve the OS.

MS in has recently shown interest in listening to the community and it's important we keep prying them for that information so that we can eventually feel at ease about what's happening.

Re:Not only am I bothred by the phone-home,

[nairnr]

No only that, some requests are "Am I connected to the Internet" types which are all about determining the status of your machine rather than calling big brother to report something.

The true measure would be to allow it and packet dump/trace it.

Re:Not only am I bothred by the phone-home,

Since it would be different for every system, it's not as easy to just "explain it". MS has been pretty clear about their intentions and they have specifically stated they aren't collecting user data for any purpose other than to provide functionality to the user (for example, Cortana parsing email to notify user's of flight info or packages), but the conspiracy theorists can simply post a long list of IP addresses from their system and claim it as proof of spying if each individual connection isn't explained by an MS representative (in some random forum or article comments section). If there is any spin taking place, it's from all the people that claim that if a conspiracy theory can't be disproven then it must be true. It's basically the same tactic that is used to claim the Lizard people are running the earth via chemtrail mind control.

Something as simple as clicking on a single webpage can cause a system (any system) to talk to dozens of different servers in order to resolve and download the full contents of that webpage and all of it's ads (which are probably Google ads, a company that really is trying to track everything you do as their actual business model).

"Spurious HTTP access by UWP apps" can be fixed by uninstalling those default apps (god forbid that app downloads the latest weather data).
The Teredo server is related to IP4/IP6 compatibility. I doubt it's "broken", but regardless it falls under basic network functionality.
"Various cloud hosts" is basically the same as the spurious HTTP access by first party or third party apps. Those would have to be evaluated on a cases by case basis for each system which is not really feasible and opens the door for the conspiracy theorists.

It's getting kind of old hearing people say, "I opted out of all of those 'spying' options and Windows still connected to some IP address somewhere." It's especially annoying when those IP addresses end up being DNS, NTP, Windows Update, local network traffic, or just some server that is being accessed by the user or by a program installed by the user.

Re:Not only am I bothred by the phone-home,

[Raenex]

MS in has recently shown interest in listening to the community

They've been paying lip service to the community for years, have taken half-hearted steps to open source, etc, but at the end of the day they always act like corporate assholes.

it's important we keep prying them for that information so that we can eventually feel at ease about what's happening

Or you can just not run their shit since they are such aggressive assholes.

Re:Not only am I bothred by the phone-home,

Fair enough, but most Linux distros out of the box don't do much of anything (which is fine) and most aren't very user friendly either (relatively speaking). Linux is a fine OS for computer enthusiast that are willing to go through every configuration detail manually, but it's generally not well received by the typical user. Therefore, it makes sense that most Linux distros don't make a lot of background network connections out of the box, while more consumer oriented OSes like Windows, OSX, iOS, and Android would be more likely to have "automagic" maintenance and user features enabled. System time sync, OS updates, app updates, synching browser favorites across devices, "am I connected to the internet?" checks, error reporting, etc.

Re:Not only am I bothred by the phone-home,

[Alumoi]

You're just adding more FUD. There's no proof that Windows sends info about visiting websites, persons e-mailed, listened songs or watched movies.

Have you ever bother to read Microsoft privacy statement? Especially regarding Cortana or input personalization?
Let me give you some quotes:

"For example, to provide personalized speech recognition, we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames. This additional data enables us to better recognize people and events when you dictate messages or documents.

Additionally, your typed and handwritten words are collected to provide you a personalized user dictionary, help you type and write on your device with better character recognition, and provide you with text suggestions as you type or write. Typing data includes a sample of characters and words you type, which we scrub to remove IDs, IP addresses, and other potential identifiers. It also includes associated performance data, such as changes you manually make to text as well as words you've added to the dictionary."

Care to provide solid evidence that when you turn this off they stop collectiing AND transmitting them?

Re:Not only am I bothred by the phone-home,

[WaffleMonster]

Eeh. Let's not overblow this once again. It does not track everything that you do. The telemetry means only basic things like how many times you have started specific UWP apps and so on.

The following statement cannot be overblown: None of Microsoft's business what I do with my computer. If they refuse to respect their customers it won't be long before they have none.

Re:Not only am I bothred by the phone-home,

[F.Ultra]

Of course you will have time syncs and os updates, but those things can hardly bee seen as unsolicited traffic like the telemetry that people are discussing. If the Windows 10 users are complaining about time syncs and os updates then they are completely crazy.

Re:Not only am I bothred by the phone-home,

[HideyoshiJP]

It's free*, not free. Every new Windows PC (with some exceptions) still pays for a license. On point, it's only their business if an end-user lets it be their business. Many will; I won't.

Re:Not only am I bothred by the phone-home,

You would think logically that it would work that way but it doesn't. Most people think "Linux is a pain in the ass, and I'm not doing anything wrong so let Microsoft collect all my data. Why should I care?"

Honestly, we're in the minority. Look how many people give up their privacy to indulge their narcissistic tendencies on Facebook.

Re:Not only am I bothred by the phone-home,

[Ol+Olsoc]

It is their business when their business depends on it. The common complaints users have with Windows have led them there.

Bullshit. Microsoft's wholesale spying, backdoors and keylogging sure as Jerry Sandusky boinks little boys is just wrong. It's no solution, as witnessed by the wonderful breakage that W10 has inflicted upon users. All the phoning home hasn't changed that a bit.

Since I have exactly one program that I need Windows for, I have a Windows 10 machine. The machine sits by itself, with only that program running, and nothing else. No email, no browser, only that program. It wouldn't even be connected to a network if it didn't have to use IP to a piece of hardware. So it can phone home that boring shit all it wants.

If the price of using Microsoft is them having every bit of data they want on all user's computers, screw 'em, along with the websites that insist I have to allow them to install maladware on my computer.

But tell me. Since I have isolated my W10 computer form the others, does Microsoft need to know what is on my other computers as well? Do I need to install a phonehome program for OSX and Linux to report to Redmond and anyone else they and you demand?

Re:Not only am I bothred by the phone-home,

[Ol+Olsoc]

You're just adding more FUD. There's no proof that Windows sends info about visiting websites, persons e-mailed, listened songs or watched movies.

Have you ever bother to read Microsoft privacy statement? Especially regarding Cortana or input personalization?

No they don't. They are living in a bubble, and cannot accept the truth.

A couple key points:

As you note, Microsoft upfront tells you that they are performing surveillance on you.

furthermore, does it make any sens at all to reject what Microsoft is telling you they do, or if accepting that they do, insisting its just unimportant stuff? They installed the surveillance to collect useless information?

I always wondered who does the "scrubbing" they do to the personally identifiable information your computer sends them. Hint, Microsoft bubbleshills they have to have your personal info to remove it.

Re:Not only am I bothred by the phone-home,

[Tharkkun]

And what business is of theirs what software I'm running and how often I'm using it?

It is their business when their business depends on it. The common complaints users have with Windows have led them there. The large amount of hardware, software variations coupled with the different user types makes it difficult to have something universal that just works 100% of the time.

My only beef with them is that they won't tell us what they collect and what are the triggers. I'm all for letting them grab data on my usage and the condition of my system. After all, it's in my best interest to help them improve the OS.

MS in has recently shown interest in listening to the community and it's important we keep prying them for that information so that we can eventually feel at ease about what's happening.

If you don't like it then disable the services that use those ports. I'm sure these ZDNET writer is on a domain so that 100% explains the port 135 requests. The others are probably applications that are installed. Turn them off.

Re:Not only am I bothred by the phone-home,

[Ol+Olsoc]

Fair enough, but most Linux distros out of the box don't do much of anything (which is fine) and most aren't very user friendly either (relatively speaking). Linux is a fine OS for computer enthusiast that are willing to go through every configuration detail manually, but it's generally not well received by the typical user.

Christ AC, 1999 was over a long time ago. Especially for typical users it is install and go. Immensely easier than installing Windows, and the only tweaking is the same thing you have to do with any install.

Software repositories are in the web, you Choose what you want, and it asks you if you want to install the dependencies, you click yes, and it installs it. About as seamless as you can get.

Heck, even if you compile your programs yourself, it has come a long way from the cursesware Linux used to be.

You might give it a try sometime. Linux Mint is preferred by Grandmas everywhere.

Therefore, it makes sense that most Linux distros don't make a lot of background network connections out of the box, while more consumer oriented OSes like Windows, OSX, iOS, and Android would be more likely to have "automagic" maintenance and user features enabled. System time sync, OS updates, app updates, synching browser favorites across devices, "am I connected to the internet?" checks, error reporting, etc.

Good heavens - you know very little about modern Linux.

Re: Not only am I bothred by the phone-home,

[kuzb]

Last I checked, the burden of proof was on the accuser not the accusee. If you're going to run around making grand claims, you should be prepared to back it up with grand evidence.

Re:Not only am I bothred by the phone-home,

[thegarbz]

No what this specific user was complaining about was his own lack of knowledge. He dropped all requests to Microsoft IPs. ALL of them and logged them.

I'm pretty sure if I boot up a Windows XP machine and did the same thing I'd get the same log results he did. That's expected behaviour for a system which has an unknown fault to retry. I just booted up. Let me check if updates are available. Hmmm can't get to the server. But my eth0 link is up and I can see the internet. Retry server. Nope? Try next pool IP. Nope? Try next pool IP, rinse repeat until either the internet is confirmed as down or till I eventually reach my server.

NTP is much the same, I'm sure he blocked blocked the windows time servers too which would have resulted in endless requests to check the time.

Re:Not only am I bothred by the phone-home,

[Ol+Olsoc]

The true measure would be to allow it and packet dump/trace it.

That might not give the results the ZDnet writer was told to get.

Re:Not only am I bothred by the phone-home,

[kuzb]

How exactly to you envision a personal digital assistant working without looking at the information you'd want it to act on? Are you really that stupid?

If you don't want to use Cortana, just turn it off. Problem solved.

Re:Not only am I bothred by the phone-home,

[Calydor]

So if I buy a TV made by, say, Samsung or Philips, that gives them carte blanche to record and store everything I say or do in my living room?

Re:Not only am I bothred by the phone-home,

[Ol+Olsoc]

So inaccurate alarmist hysteria is truthful reporting, but the healthily sceptical follow-up is part of a conspiracy to hide the truth?

Right.

So everyone is wrong but this guy?

In the end, I am comfortable to take Microsoft at their word regarding the telemetry. That is enough. In addition, Microsoft has already ignored my requests to delay updates, and reset my privacy settings in several updates, downloaded Windows 10 without permission on a imac I have control of that is running Windows 7, but won't even run the Bootcamp version needed for W10.

Yes, no FUD at all. Merely a users opinion that I believe them when they say they are watching that Windows ten machine, and since they already do things they were not given permission to to, It's not outlandish to decide they are are doing it all.

Re:Not only am I bothred by the phone-home,

[BarbaraHudson]

Microsoft Windows is not sold at a heavily subsidized price point. The cost of each additional copy after the first is almost nothing. They only had to resort to the free-to-tablets oem pricing for 10, and free-for-7-8.x to get it accepted because they know the lock-in will continue to generate revenue. Otherwise people would have just stuck it out with 7, same as many did with xp.

Re:Not only am I bothred by the phone-home,

[rtb61]

Yeah bye, snigger, snigger because an internet where you only communicate with yourself is not internet at all. So if you communicate with a windows 10 computer, well guess what both sides of the not so private chat are still up for grabs. All that data on your computer had to come from somewhere, so their idea, no matter what the fuck you do they are planning to track and record as much as they possibly can do why, because they are pervs http://www.urbandictionary.com... , that's why (plus of course insider business knowledge is monumentally profitable, can't hack the business, then hack all and I mean all of the employees when they get home). Overall pretty naught stuff and the reason why they are able to get away with it without the government (except Russia) complaining (super wide open gaping great back doors, except Russia ;D ). Warrant, pashaw you don't even need a letter, just the cheque will be fine, made out to the Ireland or the Bahamas or the Switzerland office, you know the game.

Re:Not only am I bothred by the phone-home,

[BarbaraHudson]

8.1 was not *free* on this laptop (which will, of course, get wiped in due course). The whole bit about microsoft forcing manufacturers to include windows was to make sure that people thought like you - "why should I pay to switch to another OS when this one is free?" If they had gotten bitch-slapped for that the first time, we would have plenty more OSes (paid and free) than we do today.

Also, there are plenty of users who are reporting that they tried the update, went to revert back to their old version within the 30-day period, and *poof*.

Re:Not only am I bothred by the phone-home,

[BarbaraHudson]

Most versions of 10 won't let you turn everything off - and that's being backported to previous versions as well. Additionally, people are reporting that stuff they turned off gets turned back on in the next update. Facebook's mobile app does the same thing if you restrict background data - when it updates, it's back on. Kind of annoying if you don't even use the app.

Re: Not only am I bothred by the phone-home,

No, the burden of proof lies with the accuser only in a court of law. In the court of public opinion, quite the opposite is true. Fair or not, Microsoft (and Apple, Adobe, Facebook and Google) should consider this fact as public opinion, as far as I've noticed, has been swinging away from their favor.

Perhaps there should be a backdoor so the public can decrypt all that traffic. Currently, it is not possible to actually obtain evidence beyond metadata. Corporations are just like people and law enforcement is hard you know.

Congress should be all for it - they all seem to drool over the idea of a backdoor when other 'people' encrypt their data.

Re:Not only am I bothred by the phone-home,

[HiThere]

How about "both guys are basically right, but only telling a part of the story"?

Similarly for linux, some window managers (I think it's the window managers) seem to check for updates. I may have told them to, since if I were asked I would have asked that they do so. Others don't (or didn't a year ago). And I've never had a linux machine fail when disconnected from the desktop, but you could certainly state that "some of the functionality was broken". Guess what I mean. Then read the next paragraph.

.

.

When disconnected from the internet NTP doesn't properly reset the system clock for drifting. But if I didn't mention WHAT functionality was broken, you might fill in something rather different.

Re:Not only am I bothred by the phone-home,

[HiThere]

MS may have been explicity about their purposes, but saying that they've been clear about their intentions requires that you believe them. And even if that's true, what their intentions are this week doesn't speak to what their intentions will be next year.

So the question is "What personal information could the current system by coerced to reveal (without additional software 'upgrades')?". I must admit that I don't find the answer clear. The ZDNet article wasn't all that reassuring.

OTOH, as I do not have or use any MSWind installs, this is sort of academic. Many third parties are already so lax about their security that I should presume that any information about me they hold will be clandestinely copied. Just consider the recent story about pins being "stolen" from the IRS.

P.S.: Stolen is a very poor term for the process, as the original is (presumably) left in place. OTOH, "clandestinely copied" is too long and clumsy. What's needed is something short and pithy that falls easily off the tongue like, e.g., "snarfed". You are free to use my suggestion if you want to, but you'll need to use context to make your meaning clear until it enters common usage.

Re:Not only am I bothred by the phone-home,

[barc0001]

Yeah well, some people thing Wireshark is crazy scary to use so they prefer the simple (incorrect) approach.

Re:Not only am I bothred by the phone-home,

[ngc5194]

MS in has recently shown interest in listening to the community and it's important we keep prying them for that information so that we can eventually feel at ease about what's happening.

I approve of modding this to +5, but only in the category "Funny".

Re:Not only am I bothred by the phone-home,

[gl4ss]

actually with windows 10 you would need to start blocking them one by one and first block at hosts/dns resolve level and then ip..

because it tries, oh it tries so much. it has backup connections on backup connections to make it happen and it just needs one, really.

not to mention that they change when it gets updated.

the zdnet writer should be ashamed though. "various cloud hosts". if he can't tell which addresses to block to shut down telemetry then he shouldn't be fucking writing about not to be worried about the telemetry!

Re:Not only am I bothred by the phone-home,

[clancey]

The fact that my computer is trying desperately to contact anyone, without my knowledge or authorization, is a definite problem.

Re:Not only am I bothred by the phone-home,

[epyT-R]

It should still be optional.

Re:Not only am I bothred by the phone-home,

[Jack+Griffin]

Ok, so Windows == Microsoft owns the OS and can collect anything they want about you and your computer.

Linux == Free and no one gives a shit what you run on it. It is your computer and your OS to do with as YOU see fit.

Got it!

Unless you want some sort of standardisation, then good luck.

Re:Not only am I bothred by the phone-home,

[Jack+Griffin]

The following statement cannot be overblown: None of Microsoft's business what I do with my computer. If they refuse to respect their customers it won't be long before they have none.

Well you say that, but the Facebook example says otherwise...

Re:Not only am I bothred by the phone-home,

[wootcat]

It gives me pause to see "for example" in a privacy statement. They should be explicitly stating every piece of information they collect and what it will be used for. It makes me think they are collecting much more than their "example".

Re: Not only am I bothred by the phone-home,

[BarbaraHudson]

Apple is a walled garden, and Microsoft is trying to turn Windows, as much as possible, into the same thing.

Google has no information on an android phone if you disable data, since it will never talk to the network. It also tells you what each app is asking to share if you do. And you can always side-load.

Re:Not only am I bothred by the phone-home,

[iampiti]

It's fine if that were optional. It's not fine that I'm not allowed to disable all data connections with Microsoft.
Firefox also collects telemetry data but informs you upon installation and allows you to disable it. That's the way
Also, they pretend they listen. They've made a few changes requested by people but nothing that clashes with their goals of trying to turn Windows into a data-gathering system similar to what Android does.

Re:Not only am I bothred by the phone-home,

[Insanity+Defense]

However, that "computer" doesn't compute much when it's sitting devoid of an OS, which they do own.

NO THEY FUCKING DON'T!. They SOLD THAT COPY. They own only the COPYRIGHT. Every copy of Windows I ever bought I got a BILL OF SALE not a license agreement. They try and impose the license nonsense retroactively. Just as the copyright holders on the book you bough don't own that copy.

Re:Not only am I bothred by the phone-home,

[doccus]

Eeh. Let's not overblow this once again. It does not track everything that you do. ...

That's right... The webcam was unable to track your morning pee... AFAIK.. that's the only thing it missed...

Re:Not only am I bothred by the phone-home,

[Ol+Olsoc]

I was coming here to say that. Thanks.

People should really try linux before talking about it. And they also should try reinstalling a windows and a linux and compare which one was easier, and on which one they had fun manually hunting for and installing all the drivers.

My next comment for the Linux haters, is that if they insist on comparing contemporary versions of Linux to those of 15 -20 years ago, we need to define Windows by the capabilities of Windows 1, so whne they talk about how hard it is to install and use, I get to complain about Windows 1 not actually working.

I'll be the first to note that years ago, it was kinda a nuisance, and compiling programs isn't for grannmy unless she's into geek

And the peripheral/driver support on Linux is actually better than Windows, because they don't abandon perfectly good equipment just because of - hell I don't know. My favorite example of that is I was setting up a dual boot Vista and Mint machine a few years ago that used a USB-RS232 adapter on both sides. Setting up Linux first, everything worked fine. Move to the Vista side - adapter didn't work. Research showed that it was an older driver, and no support was availble, and none would be. Turned out that the freaking adapter was for a Palm Pilot! But worked 100 percent on the Linux side.

Oh, and one more for the Winders boyz and girlz, when you install windows and spend days getting it updated? Certainly the versions of Linux I''ve installed in the last few years install the latest software the first time I install it.

I do think that in today's world, if a person has trouble with Linux, it's because they try to force Windows on a Unix system. Either that, or they are just regurgitating ancient memes from the 90's.

Re:Not only am I bothred by the phone-home,

[beastofburdon]

We need a "sad, but true" tag badly for things like this.

Re: Not only am I bothred by the phone-home,

[beastofburdon]

The power button.

Re:Not only am I bothred by the phone-home,

[Ravaldy]

Also, they pretend they listen.

Agree to disagree. When a company is showing signs of wanting to improve I can but give them a chance.

They've made a few changes requested by people but nothing that clashes with their goals of trying to turn Windows into a data-gathering system similar to what Android does.

Who's fault is this really? I say the consumer. Advertisement backed products is where we sit right now. People are willing to deal with the nonsense so they don't have to pay. I blame Google for forcing everyone in that direction by leveraging their large share of online advertising. Don't take me wrong, if not Google, it would have been someone else.

People have to understand that FREE is not FREE.

Re:Not only am I bothred by the phone-home,

[Ravaldy]

I agree.

Option 1: Deal with our data collection
Option 2: Pay up

Why not capture with wireshark and analyze?

[ArmoredDragon]

Sure, traffic is probably encrypted, but since your system is encrypting it, surely there's a way to discover the keys and find out exactly what data is being sent.

I personally don't have either the time nor the kernel hacking skills to pull it off, but I'm sure somebody could.

Re:Why not capture with wireshark and analyze?

[LichtSpektren]

Sure, traffic is probably encrypted, but since your system is encrypting it, surely there's a way to discover the keys and find out exactly what data is being sent.

I personally don't have either the time nor the kernel hacking skills to pull it off, but I'm sure somebody could.

Your system encrypts it with Microsoft's public key before it is send out. Microsoft accepts the information and decrypts it with their private key.

If you could know what the OS was doing with the info before it is encrypted, you could find out what's being sent out; but (to my knowledge) that's impossible to know.

Re:Why not capture with wireshark and analyze?

I'm surprised that anyone hasn't done it yet.

Providing a full analysis on what kind of data Windows sends would bring a lot of fame to a security researcher.

Re:Why not capture with wireshark and analyze?

[ArmoredDragon]

Well, son, there are three possible scenarios:

- They are using a symmetric key (doubtful)
- They are using assymmetric keys to negotiate a symmetric key on the fly
- They are using asymmetric keys for the whole transmission

The first two can be figured out with some kernel patching, or even just firing up a VM and watching for the symmetric key.

The third would involve patching the kernel to replace Microsoft's public key used for encryption with your own public key that you can then decrypt with a private key. Or just flat out disable the encryption entirely.

Either way it's done, you'd also need to have another host emulate Microsoft's server responses to see how the exchange takes place, and simply capture what is being sent, and analyze.

Re: Why not capture with wireshark and analyze?

[ArmoredDragon]

Some code needs to be patched to write the data to a file before the encryption happens. I doubt that is impossible.

Precisely. If you patched it, you'd break patches and other whatnots, but that doesn't matter because this doesn't have to be a production system. Or if there are so many checks that it would take forever and a day to patch them all, then perhaps run it in a VM and poke the kernel memory from behind the hypervisor until it cooperates.

For the latter approach, I'm not sure if any tools exist that could properly map the kernel memory in a VM due to address randomization, but that doesn't mean it can't be done.

Re:Why not capture with wireshark and analyze?

[ArmoredDragon]

And how to you propose to get around the fact that all the code that you would need to replace won't run unless is it signed by Microsoft? At this point, the layers of verification from power on to logged in go deeper than firmware.

This is a silly question to ask. I personally haven't seen or even heard of any systems that don't permit you to disable boot code signature enforcement. Hell, even the Microsoft built Surface Pro 4 does; you can go right ahead and install Linux on the damn thing. Without enforcement there's no chain of trust, so you can patch wherever the hell you want.

wtf is this article

[LichtSpektren]

Apparently it's some apologism for Windows 10, but an unbelievably poor one. "Oh no, no no! Please don't panic because Windows phones home to over 100 different servers even when you turn the telemetry off. It's probably, eh... nobody's quite sure, but I'm sure everything will be okay!"

Re:wtf is this article

[DogDude]

"Panic"? Really? Why would one "panic", even if it were somehow true that MS decided to collect all of the information about everybody on the planet? That doesn't seem like a response of a mentally stable person.

Re:wtf is this article

[LichtSpektren]

Well, if I were some corporation with extremely valuable trade secrets, or some government with information that would endanger lives if leaked, and I just deployed Windows 10 and found out that it's a gigantic spying beacon for Microsoft, I would indeed panic.

Remember, Microsoft and their shills have been crying that all of the telemetry can be turned off in Windows 10 Enterprise edition (the edition that said corporations & governments would be deploying), but that was proved completely false.

Re:wtf is this article

[OzPeter]

Apparently it's some apologism for Windows 10, but an unbelievably poor one. "Oh no, no no! Please don't panic because Windows phones home to over 100 different servers even when you turn the telemetry off. It's probably, eh... nobody's quite sure, but I'm sure everything will be okay!"

Is this another one of those quizzes where the answer is "People who did't read TFA"?

Either you read the TFA and are totally mis-representing what was in it, or you didn't read TFA. Because in TFA it clearly identifies and describes the network traffic that was identified by the Voat user and points out 1) how innocuous it is, 2) how bad the methodology was, and 3) How Forbes sensationalized it.

If you have counter points then make them.

Re:wtf is this article

[phishybongwaters]

I'm pretty sure if you recorded to connections from your MAC or Linux desktop, and didn't filter out normal expected traffic, you'd be APPALLED at the tracking taking place. connections do not equal tracking.

Re:wtf is this article

[LichtSpektren]

I'm not quite sure why you broke out into an inane babbling rant, but the rebuttal article on ZDNet is failed apologism because even the author admits he has no idea what information Microsoft is collecting. He's assuming (because he trusts MS, you see) that the data is anonymized and only used for this or that, but notice how many times he says "possibly", "could", etc.? It's all speculation.

Re:wtf is this article

[Ogive17]

So disagreeing with a conclusion is being an apologist?

Does Win10 phone home? Yes.
Does Win10 phone home at the rate that was originally reported? No.

Is Win10's rate different from other OS rates?

Re:wtf is this article

[LichtSpektren]

I'm pretty sure if you recorded to connections from your MAC or Linux desktop, and didn't filter out normal expected traffic, you'd be APPALLED at the tracking taking place. connections do not equal tracking.

Since my OS is open source, I can see exactly what information is being sent out. However, Microsoft does not disclose what information is being sent to 107 of the domains that Win10 contacts, nor do they explain why all of those domains are contacted even when you manually configure Win10 not to.

Re:wtf is this article

Neither did Novel

Umm...when did Novell ever compete in the desktop OS space with an offering of their own? You might be thinking of SuSE, but that is Linux, which you already mentioned.

Re:wtf is this article

[icebike]

Apparently it's some apologism for Windows 10, but an unbelievably poor one.

Look, anything from Ed Bott will always be along those lines. Ed Bott doesn't actually exist. His computer is has a direct link from Microsoft's PR department which submits all his stories. Oh, sure there is this guy who shows up at the office once in a while. But his salary is mysteriously paid via an obscure credit to ZDNet bank account, he's long ago forgotten his real name, he plays Microsoft Solitaire all day, then drives home to an empty house, watches MSNBC all evening and gets up and does it all again tomorrow. One of these days he will be reprogrammed, but today is not that day, and so the story remains the same from Ed, decade after fawning decade.

Re:wtf is this article

[bluefoxlucid]

Debian phones home and tells them what software I have installed.

Re: wtf is this article

Only if you opt in during the installation

Re:wtf is this article

[DRJlaw]

I'm not quite sure why you broke out into an inane babbling rant, but the rebuttal article on ZDNet is failed apologism because even the author admits he has no idea what information Microsoft is collecting. He's assuming (because he trusts MS, you see) that the data is anonymized and only used for this or that, but notice how many times he says "possibly", "could", etc.? It's all speculation.

No, it is not. It is a successful critique of the claim that there were "thousands" of attempts to contact Microsoft to allegedly report nasty telemetry data, when at least 2/3rds were not telemetry data. That's a significant fact to the rest of us.

TFA: of all, 602 connection attempts were to 192.168.1.255, using UDP port 137. That's the broadcast address where Windows computers on a local network announce their presence and look for other network computers using the NetBIOS Name Service. It's perfectly normal traffic.

If you can't even figure out that non-routable broadcast traffic cannot report information back to Microsoft, why should we accept the Forbes speculation while rejecting the ZDnet non-speculation concerning that broadcast traffic, similar DNS lookups to a local router, etc.? If the frequency of the supposed attempts was unimportant, then why was it the focus of so much of the reporting?

Don't accuse others of "insane babbling rants" when you not only have no idea what Microsoft is collecting, but actively refuse knowledge of what is going over the wire. The ZDnet author didn't extend much trust to Microsoft, but simply reported that the huge number reported in connection with the telemetry issue was primarily sensationalistic claptrap.

TFA: And yes, there is certainly some telemetry data in there.
* * *
But we don't know, because Mr. Crust didn't actually do any traffic analysis.

So do some, instead of engaging in your own chicken-little-like repetition of others' insane babbling rants.

Re:wtf is this article

[Blue+Stone]

Thank you. It's very tempting to circlejerk about this. People on Slashdot are supposed to have a few more critical thinking abilities. Doesn't always work out that way.

There are still questions about Windows 10 data transfers, but misinformation and sloppy research as found in the original Forbes article, does not help in any way.

Re:wtf is this article

[canajin56]

Not only that, but asshatA called 192.168.1.1 a non-private internet address.

Re:wtf is this article

[Sax+Russell+5449D29A]

That feature is not enabled by default. When you install Debian, you have to specifically select that you *want* to enable that particular functionality.

Re:wtf is this article

[AmiMoJo]

I did this test properly last year. Didn't save results, so maybe I'll repeat it and post the results.

Long story short, if you properly disable all the live stuff after install (live tiles, Windows Store apps, search bar, nothing tricky or requiring registry edits) the only traffic is Windows Update. Telemetry on application crash, but in Enterprise you can disable it.

The crash telemetry is the only nasty bit, because of the potential for information leakage. I'll test Pro next time, see if it can be disabled.

Re:wtf is this article

[WaffleMonster]

Except that a massive amount of these "connections" were fucking NTP and DNS. Alarmist at best.

I have got to try this the next time I get pulled over for speeding. Hey officer most of the time I wasn't speeding... Your ticket is Alarmist at best.

You have full and total control over what goes out over your network, if you fail to pay attention, it's your fault.

I love these arguments requiring everyone to have expert domain knowledge in order to keep from being fucked over. I wonder how the purveyors of this concept feel about it being applied to all professions on which they rely and for which they are not domain experts? Hey you have total control over every cheerio you shove into your mouth even the deformed ones with dead bugs and toxic chemicals caked into them.

That said, I don't dig the tracking, but it's not nearly as bad as some of you seem to think it is.

How do you know that? How is anyone else supposed to know? Not only is there a clear lack of transparency and objective information but different people can have vastly different value judgments about the same activity.

Personally I don't want my systems chatting away with Microsoft for reasons I don't expressly authorize. It has proven to be a vast waste of my time to achieve something for which a simple knob should have been made available.

So lets recap, asshatA records all the connections coming from his PC and immediately exclaims "MICOCRAP IS TRAKKING UZZZZ" but fails to omit the NTP, DNS and gods knows whatever, normal, traffic from this report.

I agree in terms of information content and execution it was pretty crappy yet I still see value in the simplicity of the question and outcome because it is more aligned with basic user expectations after having gone thru several pages and disabling all privacy features and having taken no action to cause network traffic.

While everyone here knows you have to disable telemetry from group policy and this test clearly did not do that... end users have no idea and that is really what is important.

What I'm most interested in learning more about is very first item on the list all those thousands of teredo connections/packets... I would very much like to know what the heck THAT is all about.

Re:wtf is this article

[BigBuckHunter]

but notice how many times he says "possibly", "could", etc.? It's all speculation.

Indeed! I read both of TFA's, and both were poorly researched sensationalist fluff pieces written by paid shills with agendas. We need to wait for CNET, CNN, and Fox News to chime in to see which side is going to pay the media more to represent them in a positive light.

Re:wtf is this article

[mattventura]

The difference is that that's all stuff that I implicitly or explictly told it to do. And if I want it to stop doing those things, I can easily make it do so. Compare that to Windows, where you have to put a lot of work into eliminating its tracking, only for all your hard work to be undone come the next set of updates.

Re:wtf is this article

[thegarbz]

Is Win10's rate different from other OS rates?

Who knows. Their flawed methodology dropped packets to Microsoft IPs forcing endless attempts to reconnect to a server which should be live since Windows can see an active working network connection.

Re:wtf is this article

[Ol+Olsoc]

"Panic"? Really? Why would one "panic", even if it were somehow true that MS decided to collect all of the information about everybody on the planet? That doesn't seem like a response of a mentally stable person.

Never worked on COMSEC eh? If you knew windows 10 was doing this, and had your attitude, you'd probably end up working at the drivethru windows at Burger King.

Re:wtf is this article

[Ol+Olsoc]

I'm pretty sure if you recorded to connections from your MAC or Linux desktop, and didn't filter out normal expected traffic, you'd be APPALLED at the tracking taking place. connections do not equal tracking.

Install Wireshark. and see. I have it on all my machines OSX, Linux and PC. There are connections you would expect, like update checks, connection requests, and of course data submitted that you want submitted, but no keylogging has been seen as of yet.

And do you deny what Microsoft says they do this? Why are they telling us they are collecting all the data that they say they are connecting, but really aren't collecting that data? Given what they have done with Skype, it is not unreasonable to assume that they have done the same thing with W10.

Re:wtf is this article

[bluefoxlucid]

That feature is called apt-get upgrade.

Re:wtf is this article

[Sax+Russell+5449D29A]

Well, to my knowledge Debian does not collect user data regarding installed packages, upgrades or similar, unless the user gives his or her explicit approval of such data collection (popcontest).

However, if you want to be anal about it: using apt is voluntary and you can build all the software you need by downloading them from any source you trust the most. Comparing voluntarily using apt on Debian to Windows phoning home even if you explicitly disable such features on it is fallacious.

Re:wtf is this article

[HiThere]

At least not unless they feel extremely confident that nobody will be able to prove (in a preponderance of the evidence sense) that they are doing it. And given the uncertain nature of juries, that would be a pretty big risk.

Re:wtf is this article

[bluefoxlucid]

It sends HTTP requests. You don't know that the third party mirrors don't keep apache logs, do you, Mr. Anderson?

Re:wtf is this article

[Sax+Russell+5449D29A]

Let's put it this way: do you know that they do? If they did, why not create your own mirror?

The difference here is, as I outlined in the earlier post, that in Windows' case we know that it's phoning home despite explicit user disapproval. You're comparing facts to subjective speculation. We can speculate about anything and everything, but it doesn't mean everything that is possible is being done. And an important point with Debian is that even if it was being done, you have a legitimate and easy way of circumventing it.

Re:wtf is this article

[Duggeek]

Apparently it's some apologism for Windows 10...

Really!? You're going there. That's like saying the sun is dying because it doesn't look as bright behind the tinted windows inside your car.

But taking you at your word, let's also say that your remark is apparently apologist for the paranoia cabal that supports Mr. Crust (as the ZDNet author dubs him) and his oh-so-loosely termed "research" claims.

A guy installs Windows 10 on a VM slice under Linux, blocks all LAN traffic and records the result. The only thing conclusive about that is the inter-dependency between modern PC platforms and the Internet... and that's all; something TFA makes incontrovertibly clear. In other news, water is wet and the sun will rise in the morning.

For anyone who took 10 minutes to read TFA, the truth is plain to see. The claims of Mr. Crust are firstly, trumped-up, and secondly, wholly presumptuous based on highly circumstantial and incomplete data, and lastly, hyped-up pseudoscience masquerading as research. It's not being an apologist, it's being a realist. The real "test" here is done on the audience; to find those among us who would be gullible enough to believe such rabble-rousing.

FYI: Record-low prices on hat-making material; Wal-Mart has 50 sq ft available for under four bucks.

Relax folks, not every Win10 packet is spying data

[JoeyRox]

This is supposed to be comforting?

What kind of telemetry

[Dunbal]

They gave away at least a few billion dollars' worth of revenue when they gave away Windows 10 for free. So the kind of telemetry they are collecting is at least worth a few billion dollars. Anyone who says different is lying. There is no free lunch.

Re:What kind of telemetry

[LichtSpektren]

They gave away at least a few billion dollars' worth of revenue when they gave away Windows 10 for free. So the kind of telemetry they are collecting is at least worth a few billion dollars. Anyone who says different is lying. There is no free lunch.

I would like to augment your point by commenting that Microsoft isn't just *giving* Win10 away, they're *foisting* it as hard as it can, likely breaking quite a few laws in the process.

So that means the profit they're expected to make off of people running Win10 must vastly exceed the cost of making Win10, AND the cost of fighting off all the lawsuits in the process of ramming Win10 onto peoples' computers. One could argue that perhaps they're expecting all that profit to come from people being exposed to the built-in advertisements and the Windows Store, or people so pleased with the OS that they run out and buy a Surface/Xbox/WinPhone, but does anybody really believe that?

Re:What kind of telemetry

[bluefoxlucid]

It'd be nice to cut off support for Windows 7, 8, and 8.1 just like XP.

Your computer is broken? Uh. You're using Windows 8.1. Get Windows 10 bye.

There will be no more updates to Windows 8.1. Go away. Get Windows 10. We're only writing these patches once.

Re:What kind of telemetry

[Megol]

They gave away at least a few billion dollars' worth of revenue when they gave away Windows 10 for free. So the kind of telemetry they are collecting is at least worth a few billion dollars. Anyone who says different is lying. There is no free lunch.

I would like to augment your point by commenting that Microsoft isn't just *giving* Win10 away, they're *foisting* it as hard as it can, likely breaking quite a few laws in the process.

In your dreams...

So that means the profit they're expected to make off of people running Win10 must vastly exceed the cost of making Win10, AND the cost of fighting off all the lawsuits in the process of ramming Win10 onto peoples' computers. One could argue that perhaps they're expecting all that profit to come from people being exposed to the built-in advertisements and the Windows Store, or people so pleased with the OS that they run out and buy a Surface/Xbox/WinPhone, but does anybody really believe that?

So you can't see any other advantage for Microsoft? By reducing their systems to one they cut down on overheads in development, bugfixing and support. It also improves the public image which took a beating when Windows 8 was released. And that is an important part of their whole business: if consumers begin to consider alternatives, not demanding Windows when they buy a new computer then MS would lose a lot of cash! The alternative for MS would probably be another free 8.x upgrade that took a lot of parts from the Windows 10 project - and that would most likely cost almost as much.
The free Windows 10 upgrade was a one-off deal, if you buy a computer with Windows then you pay real money for that privilege*, it isn't paid via advertisment.
(* or something)

Re:What kind of telemetry

Windows isn't the Microsoft cash cow. It's the framework that Microsoft needs to keep popular to let their cash cow graze. The competition to Windows come in three different pricing options: free (Linux and others), hidden initial cost and $30 each upgrade (OSX), or roughly five billion dollars (Oracle, Sun, whoever). Since none of them are fully compliant with Microsoft's actual money making process, Microsoft needs Windows to be common. This pushes the price they can demand for Windows toward $0.

Other side, maintenance. The cost to Microsoft to maintain 3 different generations of operating system is significantly worse than the cost to maintain one generation of operating system. Someone with the actual numbers could run the math and see what the actual cost to Microsoft is in pushing Windows 10, what the decrease in potential revenue is, and what the decrease in maintenance expenses would be. I would not be at all surprised if the decrease in maintenance cost would outweigh the loss of theoretical revenue within half a year.

As for the telemetry and unavoidable communications, if anyone was actually concerned with learning what those contained, someone would've set up a packet sniffer just watching a single PC running 10 and announced their findings. Maybe someone is working on that, but I haven't seen anything about it.

Re:What kind of telemetry

[bfpierce]

Usage statistics for windows users is easily worth that much to the UI/UX and Application development people at Microsoft on it's own.

Then you can add in all that information being rolled into Bing and the targeted advertising they can potentially do.

Re:What kind of telemetry

[hairyfeet]

Actually allow me to correct your correction as MSFT is giving away absolutely nothing as a full version (not the "super duper extra spyware" insider edition) of Windows 10 Requires a legal key from 7 or 8 which currently costs as of this writing between $100-$200 dollars and there are several reports of users trying to go back to Windows 7 after the 30 days to find THEIR KEYS ARE NOW INVALIDATED. I can attest to this being true as I've had to talk to more damned third world MSFT flunkies than I ever cared to thanks to this very issue.

So the REAL cost of Windows 10 is currently between $100- $200 USD, that is the cost of the Windows 7 or 8 key you are giving up by taking this "free OS" and not going for the super duper extra spyware insider edition......sorry but that is the most fucking expensive "free OS" I've ever seen in my life and why we need to kill that "Oh its free you can't complain" bullshit because that is what it is, total bullshit!

Re:What kind of telemetry

[The-Ixian]

You are making an assumption that this is a tit-for-tat arrangement.

Smart business moves are rarely this.

To say that if they give up money here, they HAVE to make it up there is not necessarily true.

We don't know exactly what MS's end game is, but this could just be a strategic move in a much larger game.

The fact is, MS's major money makers right now are Azure (which is giving AWS a huge run for its money) and Office 365. They may be willing to take a loss in what was once a major money maker so that they can push other services (like O365).

MS is not a one trick pony, they don't need to sell your information to advertisers to make a buck so it seems unlikely that is what they are doing. I think it is more likely that what they are doing is leveraging their cloud platform to improve the overall experience of Windows.

Believe it or not, cloud computing is here to stay, it only makes sense that a Microsoft, a company that operates the #2 cloud platform, will take advantage of that platform and, gasp, make a lot of network connections to do it.

You are completely within your right to not use this operating system. There are a lot more players in this arena than there used to be, however, if you look at any of them, they are all doing basically the same thing (leveraging cloud computing to enhance the customer experience).

One of the "value added" (to Microsoft or Google or Amazon or Apple) of sending information to the cloud is they also get invaluable information on how their products are being used. Like it or not, this is the way we are headed.

This kind of thing definitely is scary but it is not going away... as a matter of fact, I think that a lot of people find that the more their company of choice knows about them the more they like it because it becomes a more personalized experience.

Re:What kind of telemetry

[AmiMoJo]

They are hoping to get income from the Windows Store, like every other modern OS. The income Google and Apple get from their stores is billions a year and growing.

Re:What kind of telemetry

[ArylAkamov]

You forgot about that whole "deactivating the product key if you install win10" part, so it's only one OS. 7 or 10.

Re:What kind of telemetry

[Waccoon]

If you don't already have a previous versions of Windows installed and you want Windows 10, you need to buy a new copy at full price. That's $140 for the OEM "Pro" version.

Unless MS is offering a "Windows7 mode" that I don't know about, you're not getting two for the price of one.

Re:What kind of telemetry

[Bite+The+Pillow]

Ggp was in context of W10 being the most expensive free upgrade ever, and it presumes possession of the Windows 7 license. So your comment is bogus on its face.

For both you and your sibling, normally W10 would have cost money as an upgrade, and it doesn't. If you had to do the math, what would it be? Not the cost of the original W7 license alone, and not the list price.

I contend that you paid for the work done to make 7 and you don't pay for the work for 10. Using them simultaneously is NOT the same thing, so invalidating your right to use 7, when you have used it for years, does not somehow mean you paid zero dollars to not use it.

I could go on, but the two of you seem great at choosing one thing to illogically disagree with and miss the point, so I'll give you no more rope to hang yourself with.

Re:What kind of telemetry

[hairyfeet]

Are you dense, or just unable to understand basic logic? Let me break it down...you PAID for Windows 7, this is valued at say $110 for Home, following along? They offer to TRADE, not give, because if they gave you anything then you'd still have your Windows 7 (which you don't) a copy of Windows 10 in exchange for your windows 7 currently valued at $110.

So I'm sorry but they didn't "give" you shit, they took something of value when they handed you that OS and in no universe does trading equal free, no fucking way. You can jump through all the flaming logic hoops ya want fanboy, it won't make 1+1=3.

TLDR

[Nidi62]

"These aren't the droids you're looking for"

Yes, they probably are

Re:No worse than iPhone

[Penguinisto]

You can't even listen to music on OS X or iPhone without the software contacting Apple.

Actually, yes I can.

Re:No worse than iPhone

[LichtSpektren]

You can't even listen to music on OS X or iPhone without the software contacting Apple.

I'm quite tired of this nonsense rebuttal. When you use an Apple application, it contacts Apple's servers to see if there are updates available--you can turn that off as well. In contrast, when do you even the most mundane things in Win10 (with the telemetry turned off, mind you), the OS contacts over 100 different domains: https://github.com/WindowsLies...

Why the fuck does Win10 contact telemetry.appex.bing.net, ad.doubleclick.net, and watson.live.com whenever you open the fucking Notepad?

Re:No worse than iPhone

Even if this is true, so what? It doesn't excuse it in the slightest. Go make an article about OSX or iOS.

The bottom line is that Windows 10 is significantly worse than Windows 7 and 8 in the privacy department. And this has to be pointed out.

Re:Relax folks, not every Win10 packet is spying d

[Overzeetop]

Well, since the article is a reaction to "Windows is sending your more personal information back to MS *thousands* of times per day," I'd say yes. It's not so much about comfort as a realistic approach to evaluating what is sent.

My computer phones home to Google thousands of times a day, too. Of course, it's getting my mail, my calendar, and other data, along with the telemetry it's collecting. But, you know, I should be absolutely petrified that Google is spying on me with all that data going back and forth. I suppose.

poison the data

[frovingslosh]

Some of use don't have the luxury of not using Windows, either because we need to run applications that are only on Windows or we work with or support others who cannot be forced off Windows. What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses. Or even better one that sends bad data to Microsoft. Maybe a nice little distributed computing project would be to know what data Microsoft is collecting and the write and distribute software that keeps feeding Microsoft bogus data to make their data collection less useful. If enough people ran such software, and I believe a lot of people would gladly do it no matter if the were Windows or Linux users, Microsoft might get the message and cut this out.

Re:poison the data

[jenningsthecat]

...What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses.

I recall reading within the past week, (probably in connection with Office 365), that some functionality was simply broken when telemetry was disabled beyond what the OS itself allows users to disable. Perhaps that breakage only applies to Microsoft applications; but if it doesn't already apply to third party programs, and indeed to the OS proper, I'm sure Microsoft will fix that 'oversight' sooner-rather-than-later in a mandatory update.

Or even better one that sends bad data to Microsoft. Maybe a nice little distributed computing project would be to know what data Microsoft is collecting and the write and distribute software that keeps feeding Microsoft bogus data to make their data collection less useful.

I think with Windows 10 we're seeing the advent of a brand of distributed computing in which 'error checking' takes place between MS servers and your computer. MS gets to define what an 'error' is; if the data your computer sends back to the mothership isn't what MS is expecting, they will simply discard it. And they may disable part or all of your OS functionality as well. Coming up with an algorithm which can successfully fool Redmond while sending false information might be quite a programming exercise.

...Microsoft might get the message and cut this out.

Not a chance. The only thing that will get Microsoft's attention is customers jumping ship in droves. And we all know that ain't gonna happen. Too many people don't understand where this is all going, and most of the rest simply don't care.

Re:poison the data

[DogDude]

What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses

Almost any router, personal or commercial, includes a firewall. You should look into using the one(s) you already own, if you're so afraid of Microsoft.

Re:poison the data

[ledow]

Just VM it and stop pissing about.

Then you can run your Windows-only app, have a built-in firewall in the hypervisor that can do whatever you need, you can use your original hardware, you can run other systems that are more privacy-respecting for your day-to-day activities, your licences almost certainly already cover such use, and everything from 8 Pro upwards allows you to use Hyper-V to do just this.

Re:poison the data

[jabberw0k]

we work with or support others who cannot be forced off Windows

If you help perpetuate such environments, you are being an Enabler in an abusive relationship. Stop doing that.

Re:poison the data

[JazzLad]

...What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses.

I recall reading within the past week, (probably in connection with Office 365), that some functionality was simply broken when telemetry was disabled beyond what the OS itself allows users to disable.

A hardware firewall would not be manipulated by the OS (or maybe I misunderstood your reply). I know I won't use 10 until I take the time to configure my router (something I am not looking forward to doing, but know I need to do eventually).

Re:poison the data

[Jack+Griffin]

If you help perpetuate such environments, you are being an Enabler in an abusive relationship. Stop doing that.

Sure, as you as you front up with the millions in migrations costs we'll do just that...

Re:poison the data

[iampiti]

Customers jumping ship in droves or heavy fines by autorities. I can't understand why the EU gave them such a hard time about Internet Explorer being bundled with Windows but they've said nothing about this abusive spying. I'm sure it breaks some EU laws. It might be time I got involved in politics.

Re:No worse than iPhone

with the telemetry turned off

How? Last time I checked telemetry couldn't be disabled on 10, not even on the Enterprise version (go read the "fine print" on Microsoft's website, it's quite sneaky).

https://technet.microsoft.com/library/mt577208%28v=vs.85%29.aspx

Acceptable Phone Home

[Alain+Williams]

Once every day or so: "here are the Microsoft packages installed, are there any updates ?" That does not include: non Microsoft packages, hardware info (other than needed to choose packages), disk/net/cpu/... usage, local account/user info, package usage/popularity, lists of: file names, web sites visited, ...

Re:Acceptable Phone Home

[Stan92057]

I agree but the people who downloaded and installed windows 10 agreed to something very different. Linux Free and Microsoft Free are 2 very different things. Personally i don't feel bad for any person who choose to install win 10 they can/could have always uninstall it. IMO the only people who have a complaint are the business/persons who bought licances/ deals they paid for win 10. They should have the say on everything the OS collects and data mines. BTW do you know what Linux any distro collects?

Re:"No big deal"

It looks more like thousands of examples of DNS, NTP, NetBIOS and other perfectly normal and required traffic for any system that is connected to a network or the internet. I mean nearly all of these examples are basic network functionality. Most of the rest are things like OS updates, application updates, applications downloading scheduled data (weather, news, etc.). I know this is /. and we are all supposed to hate MS and Winblow$ like it's still 1999, but can we at least TRY to apply some logic and reasoning to our hating?

This is exactly what's wrong with Slashdot

The article claiming Windows 10 telemetry phoned home a ridiculous amount of times even when disabled was false. The user who conducted the experiment set telemetry to basic rather than turning it off. Furthermore, some of the apps that might make connections, what's known as the Windows out of the box experience, were not disabled. Furthermore, the router was configured to drop all outbound connections. As a result, the failed attempts to connect resulted in retrying or connecting to different mirrors over and over again. For some services like Windows Update this is completely reasonable behavior, otherwise they'd be vulnerable to a denial of service attack against the update server. The methodology exaggerated the amount of connections made by Windows while not even properly disabling telemetry. These are the facts. One reputable Slashdot user noted that when telemetry was disabled fully in the Enterprise version of Windows and all of the other apps were disabled, the only outbound connections were, in fact, Windows Update.

Despite the facts, Slashdot users complain about any story that suggests that Windows 10 telemetry isn't as severe as it's made out to be and accuse the authors of being Microsoft shills. Furthermore, these Slashdot users get modded up, and the parent is at +4 insightful. It seems that facts are optional in these discussions, and that's a shame. Those who make such false claims about Linux distros such as Ubuntu are rightly accused of being trolls and modded accordingly. But doing that to Microsoft is insightful.

Those of you who post such things and mod up such posts should be ashamed of yourselves. If privacy advocates want to be taken seriously, the discussions need to be based on facts instead of FUD. There are real issues with Windows telemetry namely that users are automatically opted in without being prompted, that Microsoft hasn't disclosed what data are sent to them, and that only the Enterprise versions of Windows 10 can fully disable the telemetry. These are real issues. But when there's so much FUD and misinformation, it damages the credibility of those who raise very legitimate objections. You should be ashamed of yourself for posting false information because it does a disservice to those with very real concerns about privacy.

Re:This is exactly what's wrong with Slashdot

[Jack+Griffin]

Best post of the entire thread, yet still only modded 3...

Re:Idiot

[Megol]

Just the fact that it it phoning home is enough to reveal some information, such as that the device on the other end is running Windows 10. Looks like it's also trying to discover any other machines on the local network.

Oh, the humanity!

If it's suspicious activity that wasn't disclosed ahead of time, it should be considered nefarious until proven otherwise. Your machine is not under your control ... that's a serious problem.

I'll assume you never use a smartphone, a user friendly Linux distribution (or *BSD ditto) etc.? Even browsing the web would make the machine "not under your control" so I guess you use telnet to communicate with /. servers.

Either that or your post is essentially useless.

Well, it's ZDNet

[Khyber]

They're one of the harder corporate shills. Microsoft or Apple, they know no bounds in selling out.

Re:Oh dear, the blind misleading the blind...

[ledow]

But his point about "if the guy had let the connections go out - especially HTTP which you can just sniff - we might know for certain what it was actually trying to send out" is more than spot-on enough to compensate.

And if you're worried, block port 80 to those ranges of IPs.

Re:No worse than iPhone

[Alumoi]

Why the fuck does Win10 contact telemetry.appex.bing.net, ad.doubleclick.net, and watson.live.com whenever you open the fucking Notepad?

Because Cortana?
Cortana: It looks like you are trying to type some letters. Would you like help?

Re:"No big deal"

[F.Ultra]

Why are a Windows 10 box in 2016 actually sending out freaking NetBIOS broadcasts for? That shit should be dead and buried decades ago.

The Reality of the Situation

[Sir_Eptishous]

Where I work, and at most of the companies I have worked for, the vast majority of the software used, ran on Windows.

Whether it was servers or workstations, Windows was the choice. This was because the software used could only be ran on Windows. I suspect there are many companies/government agencies/schools, etc that are in that same situation. Sure, there may be a *nix server here, an Apple product there, etc, but Microsoft definitely has the stranglehold.

Since Microsoft is in this position, and the software used by my workplace runs only on Windows, there will eventually come a time, when vendors have put out versions of their software that will run on WX, that all workstations in our workplace will be WX. I don't see this NOT happening.

This means, that unless someone took the time to configure a firewall to block all of the telemetry, etc, connections going out to Microsoft's "user data and profiling aggregation infrastructure", anything someone did on one of those WX machines, while at work, would essentially be tracked and logged by Microsoft and whoever they were sharing that data with.

I don't think people really understand what this means.

Oh, and do me a favor. Please don't suggest I use Linux. If a workplace like mine, or the others I've been at, could have used Linux instead of Windows, that transition would have happened years ago.

And another thing, there is a false sense of privacy among many about BYOD. As if using your iPhone or Samsung is going to leave you a trail free of crumbs. Free from every comment you make online, free of every post or update.

Re:The Reality of the Situation

[The-Ixian]

FYI, in a corporate environment, if you are running Windows 10 Enterprise, you have more control (via GP) to disable telemetry.

In anything other than Enterprise, setting the telemetry to "0 - don't send telemetry" is equivalent to setting it to "1 - Send limited telemetry".

But even still, in a corporate environment, there are other ways to block this kind of thing. I am thinking ACL's on the firewall or layer 7 (application) rules in the firewall. But you could also maintain internal DNS that loops back certain MS domains.

I wouldn't be surprised if someone came up with a DNS service at some point that does this.

What the actual fuck

[kuzb]

Even after the moronic voat user was shown to have completely screwed up the entire test slashdot is here referencing it yet again as fact? The new editors - just as shitty as the old ones.

Re:What the actual fuck

The new editors - just as shitty as the old ones.

Old Timmy = New Timmy. Same Timmy, same Timmy crap.

Re:What the actual fuck

[thegarbz]

Even after the moronic voat user was shown to have completely screwed up the entire test slashdot is here referencing it yet again as fact? The new editors - just as shitty as the old ones.

a) timothy is not a new editor.
b) this article is talking about how garbage the results are.
c) old users still the same bitchy unappeasable old users.

Re:What the actual fuck

[Nothing2Chere]

Are you sure you're not new here?

Re:No worse than iPhone

[ilsaloving]

With the exception that if you disable it, it actually IS disabled. If you don't use features that specifically require online contact (eg: Siri, Genius, Apple Music, etc) then it doesn't. (AFAIK)

Re:"No big deal"

[bruce_the_loon]

NetBIOS over TCP is still a core part of Microsoft networking and the broadcasts allow the various machines running Windows or SAMBA to discover each other without needing a central directory server. It is still implemented because it is a useful API with decent backward compatibility with everything back to 95/98.

This isn't the old NetBIOS Frames line protocol from the extremely old days, rather the service layer protocol that handles the discovery, negotiation and authentication parts of peer-to-peer file and printer sharing in Windows.

DNS queries aren't "spying."?

[vvaduva]

DNS queries aren't "spying."

Yes, actually they can be. I don't want Microsoft to know that I read deepdotweb anymore than I want the government to know that. Why is microsoft resolving names for Windows 10 users? And who are they sharing the logs with?

This Windows 10 apologist has nothing to offer as an acceptable excuse for this behavior.

Re:NetBIOS and DNS are not telemetry

[Holi]

I have DNS servers already, how is sending dns queries to microsoft not spying?

Re:Ok so what about the other 2000?

[KGIII]

I don't use Windows on my computers (I do have a Windows phone) so I don't have a dog in this fight but... Err... You know what telemetry is, right? I mean, you can (and should) be able to turn it off if you want and off should mean off - no questions asked. But, umm... If they don't know how you use the OS then they won't be *likely* to consider your use-case when they make changes. They won't know that you're one of the people with that video card and having that problem so they won't fix it if you don't send crash reports. They won't be able to optimize their personal assistant thing if you don't let them have that personal data.

Now, to be clear, I'm a firm believer in off means off. But, it's incumbent on you to know what the outcome of your choices may be. Oh, they might get enough reports about that driver and video problem but what if your peers also shut it off? This goes in both directions, actions have consequences. I don't know what the outcome will be but I'm pretty sure they're actually pretty good at collecting (and by lack of reports to the contrary) securing this telemetry data. Where I using Windows, I'd probably let them have the data - though I'd be pretty pissed if off didn't mean off. (I'm kinda big on that - off is off and on is on, it's an honesty thing.)

One other thing to note... Since the days of 95, but more pronounced with 98, there tends to be a big swing in the direction of people who are moving to Linux. Six months or so later, they're gone from the forums and the .ISO download numbers are back to normal. In a year, they've turned into rabid supporters of the OS they were so against. I have been watching and expecting a huge swing in numbers. (I seed well over 100 distros - the last time I counted there were 144, it's not an exact metric so I also look at the sites that offer their stats like DistroWatch.)

You know what I've seen? Not a whole hell of a big jump in numbers. Lots of noise. I see a lot of that. But the numbers don't seem to indicate any huge swings, perhaps fewer now than when 8 and 8.1 dropped. I'd not be surprised if someone could get and crunch the numbers and they turned out that this uptake isn't all that high with Linux right now. So, people don't actually seem to be pissed off about this at the level where they're jumping ship.

I dunno... Were I still using Windows, this might have been enough to make me bail. It's not that I dislike the telemetry. It's that I want off when I say off. If I can't trust my OS to do that, what can I trust it for?

Re:Relax folks, not every Win10 packet is spying d

[thegarbz]

My computer phones home to Google thousands of times a day, too.

Funny thing is if you take an Android phone to China it'll self drain it's battery in attempts to phone home to Google. That's kind of the default action when you can see a network but didn't manage to get through to a server. Retry.

Thousands of connection attempts may drop down to a handful if the connections actually went through.
But then there's another question of does windows bulk store telemetry information, does it attempt to send it out blind, or did the user by dropping connections to Microsoft IPs stop windows from even attempting collect telemetry in the first place.

There was nothing right about this test.

Re:Idiot

[BarbaraHudson]

I'm free to run a *nix box without ever connecting it to the internet. How long before Windows 10 times out and refuses to work unless it's re-validated (may be in a future update, may already exist ... but we know it's coming).

Re:Idiot

[BarbaraHudson]

Those are connections *I* choose to initiate. That you don't see the difference is a bit scary.

Re:Idiot

[BarbaraHudson]

When something phones home, and doesn't tell you what data it sends, why would you assume that it's not forwarding that info as well?

Re:Relax folks, not every Win10 packet is spying d

[Bite+The+Pillow]

The DoD says DoD puters have to have EE and set telemetry to its lowest setting (EE only), so I am comfortable with it.

iase.disa.mil and search under operating systems.

Personally, I'm going to avoid win 10 until I can't, then run ReactOS. And anything that doesn't work in ReactOS will get a bug report and a simple example program. A simple main.c showing the problem gets good results, I have found.

Everybody does analytics

[iamacat]

If you have two apps which are exactly the same to start with and only one does analytics, it would crush the competitor in a year or two after all significant crashes are fixed and user interaction is optimized by studying flow between screens. People grumble about tracking but do not reflect that in their purchasing/web browsing decisions to the extent of choosing an inferior but more anonymous product.

Re:Relax folks, not every Win10 packet is spying d

[Waccoon]

The test results don't make sense, anyway. Wouldn't it be better to collect information into a log and then send that log once a day with a scheduler?

Who needs to worry about thousands of connections when only one is needed?

Is it a true EULA agreement if they autoinstall?

[anti-disney]

I woke up one morning to find my Windows 7 Laptop was attempting to run Windows 10 for the first time but crashed because my laptop wasn't compatible with Windows 10. If this installation were successful and I was upgraded without consent, how am I agreeing to their EULA? Before you could simply abort the installation and refuse to install the product if you didn't agree with the EULA. In my upgrade to Windows 10, I was never given the option to accept or decline the EULA license that came with Windows 10. I just woke up in the morning and realized while I was asleep my laptop was upgraded to Windows 10 but that the upgrade failed because my laptop wasn't compatible with Windows 10. I ended up having to wipe the entire hard drive and reinstall Windows 7 and recovered some of my previous files from backups I made. After this incident, I have chosen not to use Windows at all but still will have to use it for some tasks but the rest of my computers run Linux and I've been happy with Linux.