Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Responds To Allegations That Windows 10 Collects 'Excessive Personal Data' (betanews.com)

Posted by msmash on from the boilerplate-statements dept.

BetaNews's Mark Wilson writes: Yesterday France's National Data Protection Commission (CNIL) slapped a formal order on Microsoft to comply with data protection laws after it found Windows 10 was collecting "excessive data" about users. The company has been given three months to meet the demands or it will face fines. Microsoft has now responded, saying it is happy to work with the CNIL to work towards an acceptable solution. Interestingly, while not denying the allegations set against it, the company does nothing to defend the amount of data collected by Windows 10, and also fails to address the privacy concerns it raises. Microsoft does address concerns about the transfer of data between Europe and the US, saying that while the Safe Harbor agreement is no longer valid, the company still complied with it up until the adoption of Privacy Shield. It's interesting to see that Microsoft, in response to a series of complaints very clearly leveled at Windows 10, manages to mention the operating system only once. There is the promise of a statement about privacy next week, but for now we have Microsoft's response to the CNIL's order.

18 of 159 comments (clear)

  1. Got that, Microsoft shills? by LichtSpektren · · Score: 4, Insightful

    Even Microsoft themselves aren't denying Windows 10 is a spy machine.

    All of you who said that the privacy concerns were just FUD or that it's simple to turn off the surveillance, time to eat your crow.

    1. Re:Got that, Microsoft shills? by TheReaperD · · Score: 4, Informative

      I'm not saying this tool will completely block all of the data collected but, it does block the vast majority of it and is simple to install and it's from a company I find reliable: Spybot Anti-Beacon.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    2. Re:Got that, Microsoft shills? by Anonymous Coward · · Score: 4, Funny

      Is this one of those security tools that intercepts telemetry and redirects it directly to China or Russia instead of the NSA?

      Not unless the IP 0.0.0.0 is going to China or Russia.
      Now stop being a tool.

    3. Re:Got that, Microsoft shills? by sexconker · · Score: 4, Insightful

      Anything running in Windows 10 is useless for stopping Windows 10 from phoning home. Windows 10 bypasses the firewall and HOSTS file when shipping off your data.

    4. Re:Got that, Microsoft shills? by chipschap · · Score: 5, Insightful

      last time MS responded, the data collected was no more than what you search engine collects. It was definitively less harmful than the data your GPS or cell phone carrier collects. Christ, your credit card, your bank and your air miles card have far more important data

      You've clearly demonstrated what's wrong: way too many organizations collect way too much data, and there's little we can do about most of it short of withdrawing from society.

      You also said no one has been particularly harmed by this. I can't argue this either way, but what is harmed is our right to have a private life. To some of us that still means something.

    5. Re:Got that, Microsoft shills? by WheezyJoe · · Score: 4, Interesting

      When you use a Google product, like Maps for instance, there's something of informed consent going on. You know you're being tracked, it's right there on your smartphone screen. But it gets weird where the OS itself may be doing the snooping, regardless of whether you're using an app or not. Microsoft has this past reputation of baking things deep into the OS (*cough* internet explorer *cough*) in order to gain an advantage over its competitors, and here there's a case to be made that they're leveraging their dominance on the desktop to get with modern times and start making money through targeted ads, STARTing with their lackluster app store (heh heh, see that I did there?)

      I have yet to hear a case where this collection of data was detrimental to an individual. And please, don't bring up the bandwidth usage because that's a drop in the bucket compared to what ads run on most websites.

      You're right. All we know definitively is that there's a lot of traffic sent by Windows back to Microsoft, but there's little reliable data concerning what it is. We have to take on faith that the data does not include information about the contents of your C drive. But think about it. You can choose not to store anything on Google Drive if you are paranoid about their search routines, but if Windows is gonna index everything from the C drive to the "secure" thumb drive in the USB port, where are you gonna save to?

      This is a big deal. Like it or not, people use Windows for work, medical records, attorney docs and shit, and not all of them can pay for a fancy Enterprise license which permits a trained Microsoft nerd some control over what's going on. A statement from Satya to the effect of "we will not spy on your shit, nor will we give up what we do have even if the FBI comes knockin" would be most re-assuring (even if non-binding), but we don't even get that!

      --
      Take it easy, Charlie, I've got an Angle...
    6. Re:Got that, Microsoft shills? by sexconker · · Score: 3, Informative

      You don't have to be an expert to know that you can't control Windows from within Windows. We've already seen Windows 10 lie about its behavior.
      You need an external device not running Windows to ensure you're not leaking. That means tracking every outbound connection from a Windows 10 host at the switch/router, investigating every IP, and blocking anything affiliated with Windows 10 "telemetry" or "updates". Then you'll need to manually download every actual security update, possibly from another system, and install them individually. Because yes, you still need security updates.

      Windows 10 is a shitshow and a complete non-starter for anyone who cares at all about security or privacy.

    7. Re:Got that, Microsoft shills? by hairyfeet · · Score: 4, Informative

      Sorry but Spybot Anti-Beacon is frankly magic beans, as a big part of their "security" is using HOSTS files which has already been proven to be completely ineffective because MSFT hardcoded the IP addresses into the spyware programs themselves.

      Hmmm...I've seen that behavior before at the shop, where did I see that? Oh yeah....malware.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. What are they planning? by Coisiche · · Score: 5, Funny

    There is the promise of a statement about privacy next week

    So after the final date for free Windows 10 then?

    Why do I have the feeling that statement will be "Gotcha! Suckers!"

  3. They didn't really respond by Shadow+IT+Ninja · · Score: 5, Insightful

    From TFA, it sounds like the headline here should be more like "Microsoft Acknowledges But Does Not Respond To Allegations That Windows 10 Collects Excessive Personal Data."

    1. Re:They didn't really respond by ausekilis · · Score: 3, Insightful

      Wow, what a fucking shock: a multi-billion dollar company doing business in nearly every country around the world requires more than 24 hours to make a substantive response that's been properly vetted by their legal department to a governmental order involving possible fines and other legal sanctions.

      You'd think that the CEO of Microsoft could just, you know, whip up a quick 140-character tweet clearing the thing up within an hour of being notified of the legal action. I mean, it's not like you want to be very careful when punitive fines and sanctions are on the line, or anything.

      Fucking retard.

      You must be forgetting that Windows 10 has been out for a year and under constant public criticism about their data collection/retention/usage policies. Considering Microsoft, Google, Apple and Amazon have been under fire for the Safe Harbor agreement, Microsoft should have seen the inquiry coming a mile away. While it's true any response needs to be vetted to PR and Legal, you'd think they'd at least have some canned statements at-the-ready.

      Given how public this botnet/mass surveillance/skynet of Windows 10 data collection is, I'm surprised it took this long for a Gov agency to speak up.

    2. Re:They didn't really respond by MtHuurne · · Score: 4, Insightful

      Exactly. The core issue is that Windows 10 is collecting personal information that is not required for the functioning of the OS or the services it provides to the user. There doesn't have to be a discussion over where Microsoft stores the information, since they shouldn't be collecting it in the first place.

  4. If what is collected is benign ... by Alain+Williams · · Score: 3, Interesting

    and nothing that any of us should worry about, then why is there not a way in which the PC's user can view all of the data that is sent to Microsoft? This should include a plain English explanation of everything. After all: why should a PC's owner not see what it sends ?

    Disclaimer: I do not have any MS product

  5. Hey, look... by Z80a · · Score: 5, Funny

    I know you're typing right now how you're suspicious that Windows 10 watches your every move, but you can rest assured no such thing occurs.
    Also you forgot the comma on the line 3.

  6. Win 10 - Illegal for doctors and libraries? by Anonymous Coward · · Score: 4, Interesting

    With MS's failure to address this, I wonder if this confirms that Windows 10 is essentially illegal to use in Doctor offices across the US, as well as Public Libraries? Both institutions have federal laws on records preventing the sharing of information with third parties unless noted by the patient/patron specifically.

    As such, the use of Windows 10 for either may well be illegal.

    1. Re:Win 10 - Illegal for doctors and libraries? by JohnFen · · Score: 3, Informative

      I have never been required to sign a HIPAA waiver. I have, however, always been required to sign an acknowledgement that I have read the HIPAA fact sheet.

  7. Solution: Show us the source code by UnknownSoldier · · Score: 3, Insightful

    Hey MS

    If you want to _prove_ your innocence then show the source code so we can audit what, when, where, data is being collected.

    Because you have ZERO trust at this point.

    What's that? Have "faith" in you? BWUAHA. Fuck your arrogance and spying. PROVE IT.

  8. "Microsoft responds..." by tlambert · · Score: 5, Funny

    "Microsoft responds..."

    We have no idea what would lead Jeremy Archibald Plevin of 2217 Sand Fort Terrace, Blivet Michigan, whose social security number is 555-666-7777, and who only has $9,472 in his bank account and that $100 savings bond his grandfather gave him when he turned 13, and tends to watch an average of 17.3 cat videos per month, and whose favorite search term is 'midget porn' (seriously, Jeremy?1?) to make such unfounded accusations. However, we'd like to assure you, they are unfounded.