Microsoft Telemetry Collection, Explained

New submitter Poohsticks writes: There's a nice breakdown of the updated information from Microsoft about what they are doing with the telemetry data that Windows 10 is collecting (original Technet article here) by Chris Williams at The Register. Interesting finds that better explain what's happening with that data (and how to control it).

Stop Writing Software for Windows

Most people here have been commenting with something like "Stop Using Windows", but I think this is the wrong message.

Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".

My software company has just ruled out all future Windows development. Yes, that means we'll lose some clients, and yes, that means we will have some customer training issues to resolve. But compared to the clusterfuck that is Windows10, it was actually a pretty easy decision for us to make. If Microsoft wants to be a part of the future of software development then they will need to continue to push .NET onto cross platform, and clean up that Mono license so that we can all use it with confidence. Otherwise, Microsoft software development is dead. Sure, not now, not in five years, but this is it: the beginning of the end.

So stop writing software for Windows and watch the world change...for the better.

Personally, I don't care

[jenningsthecat]

The founder of the company has sided with the DOJ against Apple. And Microsoft seems only to have gotten worse since Gates handed over the reins. That tells me all I need to know about Microsoft's trustworthiness as far as user privacy is concerned. Even if telemetry truly can be fully disabled, who's to say it won't be re-introduced without notice? Microsoft is sneaky that way.

I almost wish I was still a Windows user so I could quit in protest, but I moved to Linux almost 10 years ago and haven't looked back. I feel for those who are stuck with it, for whatever reason. I never thought I would say this, but if my only two choices were Apple and MS, I'd choose Apple.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

"...submits the URL you are visiting to urs.microsoft.com"

URS = URL Reputation Service - have you also disabled the phishing protection options in IE/Edge..?

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[AmiMoJo]

I've done this myself and the behaviour was different. No access to bing.com. He seems confused by Smartscreen as well, not realizing that it works by submitting URLs to Microsoft for auditing when they are opened in Edge.

Re: Ok, let's suppose its all true.

[gstoddart]

That's a FUD stretch. There's been no suggestion that any telemetry stuff accepts inbound connections.

Sorry, but that is complete and utter bullshit .. or at least, there is an indirect mechanism:

Full is where things get a little dicey, depending on how much you prize your privacy. If your system reports back strange crashes that Microsoft techies can't get their heads around, they can request extra data from your machine, which Windows 10 will hand over under remote control if management approves. This extra information can include some of your files so the engineers can recreate the exact crash in their labs using your data and apps. Microsofties can also run diagnostic tools on your system to gather more evidence. Here's Microsoft's explanation of the process:
Before more info is gathered, Microsoft's privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
Ability to get registry keys.
Ability to gather user content, such as documents, if they might have been the trigger for the issue.

If Microsoft engineers can request information about your machine -- like we're meant to believe they're sitting around looking for problems on everybody's machine -- then that either has to be a push to you, or on your next upload you get sent a payload which says "gather the following".

But you'll notice it says "remote control" and provides a mechanism to run programs - which tells me there is now a mechanism to remotely control machines and run software. Like that won't get exploited real quick.

They're using this because Windows 10 is essentially an extended fucking beta where they're building it as they go, and want to measure how much of a shit job they're doing.

And if most versions can't select the Security only policy, what's to say that it won't be long before you can't deselect full?

Sorry, but Microsoft has given themselves the right to do remote administration and data gathering ... and for all but the ones which can select Security, they'll do it in such a way that they can personally identify you. Oh, and apparently they'll gather some of your documents as well.

No fucking way we can trust them with this, because as soon as they have the ability to tell your computer to package up some data and send it to them, some asshole in law enforcement is going to demand they misuse it. And don't say they won't, because that's exactly the kind of shit law enforcement and the security agencies are doing. No way they won't show up with an NSL demanding information and forbidding Microsoft from admitting to it.

There needs to be a setting which says "you mayyro.slashdot.orgumstances collect any information as I do not consent to it". If there isn't, Windows 10 is going to cause Microsoft headaches they can't even begin to imagine ... starting with any country which has privacy laws that a fucking EULA can't overrule.

Some of what is described should be illegal for them to do. In fact, in some places, I'm pretty sure it is.