Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Responds To Allegations That Windows 10 Collects 'Excessive Personal Data' (betanews.com)

Posted by msmash on from the boilerplate-statements dept.

BetaNews's Mark Wilson writes: Yesterday France's National Data Protection Commission (CNIL) slapped a formal order on Microsoft to comply with data protection laws after it found Windows 10 was collecting "excessive data" about users. The company has been given three months to meet the demands or it will face fines. Microsoft has now responded, saying it is happy to work with the CNIL to work towards an acceptable solution. Interestingly, while not denying the allegations set against it, the company does nothing to defend the amount of data collected by Windows 10, and also fails to address the privacy concerns it raises. Microsoft does address concerns about the transfer of data between Europe and the US, saying that while the Safe Harbor agreement is no longer valid, the company still complied with it up until the adoption of Privacy Shield. It's interesting to see that Microsoft, in response to a series of complaints very clearly leveled at Windows 10, manages to mention the operating system only once. There is the promise of a statement about privacy next week, but for now we have Microsoft's response to the CNIL's order.

28 of 159 comments (clear)

  1. As a frog, I do not care by For+a+Free+Internet · · Score: 2, Insightful

    I am a superior animal and all my data attests to this fact.

    Toads, on the other hand, have something to hide.

    --
    UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
  2. Got that, Microsoft shills? by LichtSpektren · · Score: 4, Insightful

    Even Microsoft themselves aren't denying Windows 10 is a spy machine.

    All of you who said that the privacy concerns were just FUD or that it's simple to turn off the surveillance, time to eat your crow.

    1. Re:Got that, Microsoft shills? by TheReaperD · · Score: 4, Informative

      I'm not saying this tool will completely block all of the data collected but, it does block the vast majority of it and is simple to install and it's from a company I find reliable: Spybot Anti-Beacon.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    2. Re:Got that, Microsoft shills? by Anonymous Coward · · Score: 4, Funny

      Is this one of those security tools that intercepts telemetry and redirects it directly to China or Russia instead of the NSA?

      Not unless the IP 0.0.0.0 is going to China or Russia.
      Now stop being a tool.

    3. Re:Got that, Microsoft shills? by sexconker · · Score: 4, Insightful

      Anything running in Windows 10 is useless for stopping Windows 10 from phoning home. Windows 10 bypasses the firewall and HOSTS file when shipping off your data.

    4. Re:Got that, Microsoft shills? by chipschap · · Score: 5, Insightful

      last time MS responded, the data collected was no more than what you search engine collects. It was definitively less harmful than the data your GPS or cell phone carrier collects. Christ, your credit card, your bank and your air miles card have far more important data

      You've clearly demonstrated what's wrong: way too many organizations collect way too much data, and there's little we can do about most of it short of withdrawing from society.

      You also said no one has been particularly harmed by this. I can't argue this either way, but what is harmed is our right to have a private life. To some of us that still means something.

    5. Re:Got that, Microsoft shills? by WheezyJoe · · Score: 4, Interesting

      When you use a Google product, like Maps for instance, there's something of informed consent going on. You know you're being tracked, it's right there on your smartphone screen. But it gets weird where the OS itself may be doing the snooping, regardless of whether you're using an app or not. Microsoft has this past reputation of baking things deep into the OS (*cough* internet explorer *cough*) in order to gain an advantage over its competitors, and here there's a case to be made that they're leveraging their dominance on the desktop to get with modern times and start making money through targeted ads, STARTing with their lackluster app store (heh heh, see that I did there?)

      I have yet to hear a case where this collection of data was detrimental to an individual. And please, don't bring up the bandwidth usage because that's a drop in the bucket compared to what ads run on most websites.

      You're right. All we know definitively is that there's a lot of traffic sent by Windows back to Microsoft, but there's little reliable data concerning what it is. We have to take on faith that the data does not include information about the contents of your C drive. But think about it. You can choose not to store anything on Google Drive if you are paranoid about their search routines, but if Windows is gonna index everything from the C drive to the "secure" thumb drive in the USB port, where are you gonna save to?

      This is a big deal. Like it or not, people use Windows for work, medical records, attorney docs and shit, and not all of them can pay for a fancy Enterprise license which permits a trained Microsoft nerd some control over what's going on. A statement from Satya to the effect of "we will not spy on your shit, nor will we give up what we do have even if the FBI comes knockin" would be most re-assuring (even if non-binding), but we don't even get that!

      --
      Take it easy, Charlie, I've got an Angle...
    6. Re:Got that, Microsoft shills? by WaffleMonster · · Score: 2

      The definition of personal data is broad and should be carefully reviewed in this case. Them knowing what you clicked and the failure attached to the series of action is hardly personal data that anybody truly cares to protect.

      I care deeply about it and will take any action necessary to deny any OS vendor this capability. None of their goddamn business period.

      Same goes for hardware specs. If anything, most users would be happy to hand over that data to help their favored platform become more stable.

      It is nice they are given a choice... oh wait those ever forgetful levers in the privacy settings don't actually stop anything now do they?

      The situation is still the same. What is the collected data? last time MS responded, the data collected was no more than what you search engine collects.

      None of Microsoft's business what I do or where I search.

      It was definitively less harmful than the data your GPS or cell phone carrier collects.

      Is Microsoft the same company whose Windows 10 mobile platform collects your GPS location without your consent or any ability to stop it whenever you want to use your GPS locally?

      Christ, your credit card, your bank and your air miles card have far more important data and they use it in whatever way they see fit (within the confine of the law).

      No fuck that. If someone steals my credit card I don't give a shit. The card company will just issue me a new one.

      If someone exfiltrated confidential data or trade secrets from my system which Microsoft grants itself the capability to do by default when Windows 10 is installed there is nobody I can call to get it back or put the genie back in its bottle.

      For reference to where Microsoft openly admits to installing and activating a remote access Trojan with Windows 10 by default please see following:

      https://web.archive.org/web/20...

      https://web.archive.org/web/20...

    7. Re:Got that, Microsoft shills? by MrL0G1C · · Score: 2

      The situation is still the same. What is the collected data? last time MS responded, the data collected was no more than what you search engine collects. It was definitively less harmful than the data your GPS or cell phone carrier collects. Christ, your credit card, your bank and your air miles card have far more important data and they use it in whatever way they see fit (within the confine of the law).

      I have yet to hear a case where this collection of data was detrimental to an individual

      So, you wouldn't mind if we put webcams in every room of your house and streamed live 24/7 because hey, it wouldn't harm you, would it.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    8. Re:Got that, Microsoft shills? by thegarbz · · Score: 2

      Yes because Windows 10 bypassing two internal windows processes which are well understood by Microsoft makes you instantly an expert on a 3rd party product combined with a broad generalisation that something can't be done from the host system?

      Man you give up easily.

    9. Re:Got that, Microsoft shills? by sexconker · · Score: 3, Informative

      You don't have to be an expert to know that you can't control Windows from within Windows. We've already seen Windows 10 lie about its behavior.
      You need an external device not running Windows to ensure you're not leaking. That means tracking every outbound connection from a Windows 10 host at the switch/router, investigating every IP, and blocking anything affiliated with Windows 10 "telemetry" or "updates". Then you'll need to manually download every actual security update, possibly from another system, and install them individually. Because yes, you still need security updates.

      Windows 10 is a shitshow and a complete non-starter for anyone who cares at all about security or privacy.

    10. Re:Got that, Microsoft shills? by hairyfeet · · Score: 4, Informative

      Sorry but Spybot Anti-Beacon is frankly magic beans, as a big part of their "security" is using HOSTS files which has already been proven to be completely ineffective because MSFT hardcoded the IP addresses into the spyware programs themselves.

      Hmmm...I've seen that behavior before at the shop, where did I see that? Oh yeah....malware.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    11. Re:Got that, Microsoft shills? by JohnFen · · Score: 2

      Them knowing what you clicked and the failure attached to the series of action is hardly personal data that anybody truly cares to protect. Same goes for hardware specs.

      Says you. I, along with many others, very much want to protect it.

      If anything, most users would be happy to hand over that data to help their favored platform become more stable.

      Perhaps so. There's an easy way to make all users happy: provide a way to turn off all telemetry. Why won't Microsoft do that?

      I have yet to hear a case where this collection of data was detrimental to an individual.

      This is irrelevant. It's my data, and I should be able to choose who I share it with and who I won't. Whether or not that data is sensitive according to others shouldn't factor into it.

    12. Re:Got that, Microsoft shills? by JohnFen · · Score: 2

      Also the fear of telemetry being used to spy on users is overblown.

      This misses the point. The point is that there's no way to stop it if you find it objectionable. If someone is collecting data on my against my will, they are spying on me. Whether or not they use that data for malicious purposes is irrelevant.

      More and more software products add telemetry to be able to improve how their software works. It allows them to spend time improving the features users actually use and fixing their pain points. As a result they can build better products.

      Yes, and in every case that they do this without informing the use and providing a means to stop it, they are behaving badly. That this is happening with increasing frequency is precisely why I started firewalling off all applications by default, so they can't send any data to the outside world.

      I shouldn't have to treat applications like malware, but that's the world these people are creating.

  3. What are they planning? by Coisiche · · Score: 5, Funny

    There is the promise of a statement about privacy next week

    So after the final date for free Windows 10 then?

    Why do I have the feeling that statement will be "Gotcha! Suckers!"

  4. They didn't really respond by Shadow+IT+Ninja · · Score: 5, Insightful

    From TFA, it sounds like the headline here should be more like "Microsoft Acknowledges But Does Not Respond To Allegations That Windows 10 Collects Excessive Personal Data."

    1. Re:They didn't really respond by ausekilis · · Score: 3, Insightful

      Wow, what a fucking shock: a multi-billion dollar company doing business in nearly every country around the world requires more than 24 hours to make a substantive response that's been properly vetted by their legal department to a governmental order involving possible fines and other legal sanctions.

      You'd think that the CEO of Microsoft could just, you know, whip up a quick 140-character tweet clearing the thing up within an hour of being notified of the legal action. I mean, it's not like you want to be very careful when punitive fines and sanctions are on the line, or anything.

      Fucking retard.

      You must be forgetting that Windows 10 has been out for a year and under constant public criticism about their data collection/retention/usage policies. Considering Microsoft, Google, Apple and Amazon have been under fire for the Safe Harbor agreement, Microsoft should have seen the inquiry coming a mile away. While it's true any response needs to be vetted to PR and Legal, you'd think they'd at least have some canned statements at-the-ready.

      Given how public this botnet/mass surveillance/skynet of Windows 10 data collection is, I'm surprised it took this long for a Gov agency to speak up.

    2. Re:They didn't really respond by MtHuurne · · Score: 4, Insightful

      Exactly. The core issue is that Windows 10 is collecting personal information that is not required for the functioning of the OS or the services it provides to the user. There doesn't have to be a discussion over where Microsoft stores the information, since they shouldn't be collecting it in the first place.

  5. I can imagine... by c · · Score: 2

    I haven't RTFA, but I expect the response is something like "Excessive?!? Are you kidding me? It's not even close to what we need. We've barely gotten started!"

    --
    Log in or piss off.
  6. If what is collected is benign ... by Alain+Williams · · Score: 3, Interesting

    and nothing that any of us should worry about, then why is there not a way in which the PC's user can view all of the data that is sent to Microsoft? This should include a plain English explanation of everything. After all: why should a PC's owner not see what it sends ?

    Disclaimer: I do not have any MS product

  7. Hey, look... by Z80a · · Score: 5, Funny

    I know you're typing right now how you're suspicious that Windows 10 watches your every move, but you can rest assured no such thing occurs.
    Also you forgot the comma on the line 3.

    1. Re:Hey, look... by Anonymous Coward · · Score: 2, Informative

      Whoosh

  8. Win 10 - Illegal for doctors and libraries? by Anonymous Coward · · Score: 4, Interesting

    With MS's failure to address this, I wonder if this confirms that Windows 10 is essentially illegal to use in Doctor offices across the US, as well as Public Libraries? Both institutions have federal laws on records preventing the sharing of information with third parties unless noted by the patient/patron specifically.

    As such, the use of Windows 10 for either may well be illegal.

    1. Re:Win 10 - Illegal for doctors and libraries? by JohnFen · · Score: 3, Informative

      I have never been required to sign a HIPAA waiver. I have, however, always been required to sign an acknowledgement that I have read the HIPAA fact sheet.

  9. Solution: Show us the source code by UnknownSoldier · · Score: 3, Insightful

    Hey MS

    If you want to _prove_ your innocence then show the source code so we can audit what, when, where, data is being collected.

    Because you have ZERO trust at this point.

    What's that? Have "faith" in you? BWUAHA. Fuck your arrogance and spying. PROVE IT.

    1. Re:Solution: Show us the source code by Anonymous Coward · · Score: 2, Funny

      In the Year 2121: Windows 7 is still the OS everyone uses despite being out of service. Since everyone turned off updates in 2016 no one noticed...

  10. Re:Slashdotters consistently bash Google over less by TangoMargarine · · Score: 2

    How many times do I have to say this to you idiots?

    A person doing something wrong is not fine as long as you can point to someone else who did something worse. The wrong thing is still wrong!

    I am constantly seeing "GOOGLE IS EVIL!!" as if Microsoft is any more moral.

    No, you're just reading between the lines something that isn't there.

    --
    Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
  11. "Microsoft responds..." by tlambert · · Score: 5, Funny

    "Microsoft responds..."

    We have no idea what would lead Jeremy Archibald Plevin of 2217 Sand Fort Terrace, Blivet Michigan, whose social security number is 555-666-7777, and who only has $9,472 in his bank account and that $100 savings bond his grandfather gave him when he turned 13, and tends to watch an average of 17.3 cat videos per month, and whose favorite search term is 'midget porn' (seriously, Jeremy?1?) to make such unfounded accusations. However, we'd like to assure you, they are unfounded.