Slashdot Mirror
Nvidia Adds Telemetry To Latest Drivers (ghacks.net)
An anonymous reader shares a report on Ghack: Telemetry -- read tracking -- seems to be everywhere these days. Microsoft pushes it on Windows, and web and software companies use it as well. While there is certainly some benefit to it on a larger scale, as it may enable these companies to identify broader issues, it is undesirable from a user perspective. Part of that comes from the fact that companies fail to disclose what is being collected and how data is stored and handled once it leaves the user system. In the case of Nvidia, Telemetry gets installed alongside the driver package. While you may customize the installation of the Nvidia driver so that only the bits that you require are installed, there is no option to disable the Telemetry components from being installed. These do get installed even if you only install the graphics driver itself in the custom installation dialog.Further reading on MajorGeeks.
Will it report the percentage of pixels that are flesh colored?
Installing nvidia has always been a bit of a pain in Linux, with each distro having their own way of packaging the closed source drivers. I guess even THAT is a feature in backwards 2016.
Not that we should ban telemetry outright, but in the very least, we should know what data is being reported.
For entertainment value, here's the Nvidia driver download page from 2001, with the driver weighing in at 6Mb.
Compare with 15 years later, driver is now 300Mb....
Software bloat at it's finest.
"I bless every day that I continue to live, for every day is pure profit."
Figure out what they are reporting, then set up a botnet to flood their servers with false telemetry. They will get sick of it quickly.
1. During installation, ask the user if they want to participate. Ensure that they will be able to view the data before sending it.
2. When $crap happens or something else you want to measure: open a pop-up asking the user if it's ok to send the data. Show the data on the popup.
3. If user clicks OK, new email opens with codified subject so it can be parsed automatically. Body of email contains said data. User inspects everything and hits send.
4. Corp mail server receives the email, parses the subject, and forwards it to the telemetry server.
So, this means that I need to replace my NVIDIA with something else.
It was fun while it lasted - good bye NVIDIA and fuck off!
I am 100% certain that they would only be able to collect only crash data from EU citizen, as anything else, including usage or even something as simple as the percentage of pink pixel would break privacy laws and the right of correction.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Or will the driver not function without it?
“He’s not deformed, he’s just drunk!”
You don't have a right to the data on my machine, even if you wrote the software that generates it.
-- The End-User Manifesto
All this time I wondered what AMD could possibly do to convince me to try their video cards again. Now I know it was nVidia that had to do something all along.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
See subject: This is task scheduler driven in windows so cut out these entries there & poof/voila, it's gone:
NVidia Telemetry monitor
NVidia Crash and Telemetry reporter (2 of these are present)
(Each is GUID/SID marshalled (OLE type))
* Each time you update your drivers using the std. installer, this will PROBABLY have to be done (this is also the case w/ .exe's they used under %Program Files% in 64-bit & %Program Files (x86)% in 32-bit as well for nvtray.exe (if you don't like it, OR, NVBackend (can be disabled in tools like MSConfig start up area OR autoruns (far more comprehensive)).
(Personally on that LAST group, I go into the program files area & rename .exe files involved for 'geforce experience' IF you don't use it (I don't) along w/ DLL's those .exe files call functions from, but you have to be careful if you run STEAM games (bullshit imo, I like local diskbound games) there...)
Lastly - on updating a driver?
You don't REALLY need to use their std. installer - just extract it (goes beneath a NIVDIA folder & driver folder is what you use) & go to device manager & use it's properties page to update the driver (iirc, this doesn't install ALL NEW files, only strictly .sys driver related ones - feel free to correct me IF I am off here). This worked FINE for me going from build 375.63 to 375.70 current driver build.
Of course, you can also monitor what servers these things talk to w/ say, NirSofer's Network Latency View (or his other network tools) & block it by hostname (if it's done that way) OR ip address in firewalls too.
APK
P.S.=> In the end, this invasive spying is really, Really, REALLY getting "outta control" imo (well, not out of MY control or yours @ this point per the above)... apk
Welcome to Slashdot's Countdown to Election Day. I'm your host, David Duke. In our first segment, we're going to ask the question, "Are mud people ugly or nah?" and we'll be joined by our special correspondents Kellyanne Conway and Rudy Giuliani. But first, this word from Credit Repair dot Com.
You are welcome on my lawn.
You don't have a right to the data on my machine, even if you wrote the software that generates it.
-- The End-User Manifesto
But, it's ok to ask for it, after you explain what you are collecting. Taking something without asking is disrespectful and rude.
The thing about software like this, whether it be Microsoft, nVidia, or whoever, is that they have FULL access to your computer. Not just the current user, they have administrator access. They could, either by choice, accident or malice, send ANYTHING they want off of your computer. Tax forms, SSN's, bank account information, passwords, personal photos, etc.
That's fucked up.
A boilerplate shrinkwrap EULA does not count as asking for it. There is no meeting of the minds.
No mention of this when I purchased my card. Wonder how long before the lawsuit starts.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Telemetry is also there to help product owners to determine which features of the software are used the most. It allows product owners to have a better understanding how their software is used over all.
It's a frigging driver. First, "product owners" should stop insisting on bundling 5 different crap software packages when all I want to download is a driver (not easy to get individually).
According to TFA driver itself comes with telemetry too. But I am guessing that "driving of the hardware" is the most frequently used feature in that case. It's the only reason for getting that driver in the first place.
Basically just don't use 'GeForce Experience'. Honestly unless you're just one of these weird-os that can't live without social medial integration of your games then you can avoid all of this by not installing Experience. And honestly, why would any one?
Of course then this will only probably work until they make it mandatory, as these companies always try to do.
Installing nvidia has always been a bit of a pain in Linux, with each distro having their own way of packaging the closed source drivers. I guess even THAT is a feature in backwards 2016.
Its actually become easier to install, but harder to get to work if your machine doesn't support MTRR discrete mode (many Dells, and many Supermicro dual-socket server boards, do not). This led to the ironic situation where, because there is no BIOS option on my supermicro board to enable MTRR discrete mode, I either dig up ancient drivers that don't really work anymore for LInux, or I boot Windows when I want to do serious 3d stuff (whether its play a game, or whatever). GLXgears will run, but the moment you try to start celestia, blender, or anything else that uses opengl in any serious way at all, you get a "No opengl context" error and the program crashes. We know MTRR discrete mode isn't required (the windows driver works fine under the same constraints), so this suggests some real corner-cutting on the nvidia Linux driver side.
Oh well, once I get bored with No Man's Sky I'll probably put my Radeon card back in. It works great on Linux, with blender, celestia, and every other 3d app I throw at it. Nvidia, not so much.
Give me a checkbox to disable it (even if it is enabled by default) and I'll not whinge. Make it a PITA to disable and I'm livid.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I have a GTX 980, so I immediately RTFA and looked for the task they referenced in the Task Scheduler. FWIW, I did not find the task referenced in the article or anything at all related to nvidia. I have the latest driver package from nvidia installed. YMMV.
It amazes me that regardless of all the historical evidence, corps still keep right on thinking that they can pull this kind of shit off and end-users will be too dumb to ever notice.
No doubt nVidia will come up with some lame excuse about how its anonymized or that its just to improve our user experience or whatever, just like all the other corps that have ever got caught doing this kind of shit always do.
Just confirmed this on my own system. This telemetry is all a part 'GeForce Experience'. People should just uninstall that crap anyway as there's really nothing of value in that product anyway.
I use a PFSense box to block windows telemetry. Guess I will have to see where NVidia is sending data back to and add it to the list.
Take that, Nvidia. I'm guessing some power user will outline how to block telemetry with WIndows Firewall / hosts file.
Open Source Java Web Forum with LDAP authentication
Unless the task is running on the card and not in Windows.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I could die happy if I never saw Kellyanne Conway again. That disingenuous little shit-slurper has a chin that just begs for a solid right jab. And what's up with those vampire teeth of hers? Ewwww.
Just cruising through this digital world at 33 1/3 rpm...
I can't seem to find any comments telling if it is implemented in the Linux drivers as well?
Anyway, as another poster as mentioned, I guess somebody will have to run tcpdump and see where it connects, then block those IPs, unless the driver stops working without it but I would doubt it since video would stop working on non-connected machines.
Everything I write is lies, read between the lines.
Security is a bitch and we can't secure anything if we don't have complete control over the complete set of source code needed for each and every component including keyboard controllers, LCD controllers, graphics chips, wifi chips, and so on need to be released in full and not just an 'open source' wrapper around some proprietary firmware either (I'm looking at you AMD).
It's why I'm hostile to Lenovo, HP, Dell, Toshiba, Apple, and Sony (computers) as these companies implement digital restrictions in proprietary components (BIOS). It's why I'm hostile to Intel (CPUs backdoor'd), NVidia, AMD (not just graphics but also backdoor'd) for keeping everything proprietary and compromising my system's security. It's why I don't have an NVIDIA or AMD graphics card.
It's why I put my money into funding EOMA68 project (ThinkPenguin's the main sponsor and a crowd funding campaign was done here: https://crowdsupply.com/eoma68)- a modular computing standard which aims to open up hardware in the free software sense (even though they are also opening up schematics for boards it's the sources are what matter for individual components the most and modularizing ensures it's cheaper and easier to pressure component manufacturers to release code- whereas currently we have Intel or AMD for laptops for example EOMA68 is opening the way for non-x86 laptops with CPUs from other companies).
Anyone want to crowd fund a class action lawsuit?
No.
If companies allowed me to install my own telemetry software on their systems to report back to me, it would be very helpful and give me a better understanding of how the company is run and how their products are developed. It would help consumers determine what features of the software the companies are putting their funding and effort towards the most.
So why do they make users consent to allow nVidia permission to collect "personally identifiable information" for the purposes of "deliver[ing] marketing communications" and collect "games and applications settings, performance, and usage data" although it is "not limited to" doing just this?
That ain't just for "understanding" that's for exploitation and profit from "personally identifiable" customer data.
This shit is spyware.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
How 'bout just blocking all things nvidia with a single firewall rule instead of going through all that monkey motion? In fact, why not simply white list your browser and email and block everything else?
“He’s not deformed, he’s just drunk!”
which would contradict the article.
however this brings up a question about trustworthy computing.
But first, this word from Credit Repair dot Com.
I thought it was ever increasing modern increasingly VOIPy increasing deliverable turnkey supersized appsoftware that's always increasingly ever constantly modern business VOIP with intelligence and the increasingly included constantly modern supersized batteries, which are included... and modern... and supersized?
Constantly modern supersized VOIP backup apps!
Is telemetry included in the linux driver?
You suddenly find £2,000 gone from your bank account and the bank blames you (as not in this Tesco case). You audit; you are up to date with all virus bashing software, etc, ... how else could your data have gone ? You then find that 'telemetry' is being sucked from your machine, Nvidia/Microsoft/... refuse to disclose what they have taken from your machine; they will not say how they protect what they have taken or who they share it with. Can you go after them ?
It sends info to Google Analytics.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
I just checked my Task Scheduler, and none of those Nvidia telemetry tasks identified by MajorGeeks have ever run. I've just enabled "tasks history" (i.e.: chron logs) from admin to see if it's actually doing anything. The tasks only appear when you run Task Scheduler with admin rights, so access is restricted to users with administrator rights. From the history, I think this telemetry might be in the works, but not running yet.
It's possible that since it is an admin task and I run in a limited user account (standard account), it's not triggering the task, but the tasks are supposed to be triggered by login of "any user," with a daily report at 12:45 on my machine if there's no login to trigger, so I can't see how that's happening. This all should be working, but it appears to be dead at this time on my machine with the latest drivers.
I do have GeForce Experience 3 installed, and it *is* asking for a login, however. So it seems they're tagging *something* to an account.
The GeForce forums are a shitstorm of "ditch the login" posts in every GFX thread. People are threatening boycotts, etc. It's really quite interesting. Here's the initial feedback thread when GFX 3 went live. Bring popcorn.
Give me a checkbox to disable it (even if it is enabled by default) and I'll not whinge. Make it a PITA to disable and I'm livid.
That's no good, though. These checkboxes tend to become "accidentally" re-enabled with every software update.
The only solution is to remove telemetry from the driver and provide driver as a separate easy-to-find download (and then they can include what they want in add-on software).
Such Bullshit. Low IDs are getting as much modded as everyone else.
>>Telemetry was also highly regarded (until a few years ago)
You probably don't use MS Software, do you ?
aaaaaaa
I have a GTX 980, so I immediately RTFA and looked for the task they referenced in the Task Scheduler. FWIW, I did not find the task referenced in the article or anything at all related to nvidia. I have the latest driver package from nvidia installed. YMMV.
It is not a task, it is a service. If you found no NVidia processes, you either don't have an NVidia GPU after all, or you looked in the wrong place. There are three beneign ones you should have and two malicious ones you can kill.
Yeah, these tasks all run as a local user rather than SYSTEM, so when I log in with my standard account, the admin account that it's running under isn't logged in, and the condition for launch on any login is not met.
Error message:
Task Scheduler did not launch task "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" because user "[COMPNAME]\[ADMIN_USERNAME]" was not logged on when the launching conditions were met. User Action: Ensure user is logged on or change the task definition to allow launching when user is logged off.
This is par for the course with Nvidia software these days. Running a service as a local account? They should know better. ;)
Still too much hassle. The firewall is much less so.
“He’s not deformed, he’s just drunk!”
>> See subject: You only do so ONCE, & blablabla
No, that's not hte correct way. The correct way is to install Linux.
aaaaaaa
>> where is my freedom they fought ww1 and ww2 for ?
Gone since a long time, didn't you see it go away ?
aaaaaaa
Low-ID user? Where?
Il n'y a pas de Planet B.
Yeah, but with Asian porn, the pixels are always so big ....
Have gnu, will travel.
Don't worry, you can get her occasionally on talk radio - all the Kellyanne Conway you love, without the faceparts you hate :)
Lol, tell me what stations she's on so I can avoid them.
Just cruising through this digital world at 33 1/3 rpm...
It's simple: how many fat Asian women do you ever see? They also seem to have an uncanny ability to not show any signs of aging until they're at retirement age.
Those are two of the reasons I'm married to a lovely Asian lady. Those two reasons alone cut 90% of the Caucasian women out of the running.
Just cruising through this digital world at 33 1/3 rpm...
Do not have to search for Nvidia technical support. Technical support knows where to find you.
No. If you want a crash report, then ask for it and let me see the data that is going to be sent.
A boilerplate shrinkwrap EULA does not count as asking for it. There is no meeting of the minds.
Sorry, you'll have to supply case law for your claim. Brief research indicates there is case law ruling in favor and against whether EULA's are enforceable: https://en.wikipedia.org/wiki/...
We'll make great pets
read the tfa :http://www.ghacks.net/2016/11/07/nvidia-telemetry-tracking/
the actual log shipping is done via a schedule task
Give me a checkbox to disable it (even if it is enabled by default) and I'll not whinge. Make it a PITA to disable and I'm livid.
You can 1) complain to the manufacturer of the product or 2) switch to a competing product. That's the beauty of free markets. Vote with thy wallet.
We'll make great pets
This shit is spyware.
Here is who you register your complaint with: https://www.eff.org/
We'll make great pets
Block the application from all network access, not the IP
“He’s not deformed, he’s just drunk!”
Then you just need a firewall that does block the app.
“He’s not deformed, he’s just drunk!”
http://2.bp.blogspot.com/-lKCg...
Its not. I've got an nVidia card and I'd found the tasks before, but I'd assumed they were associated with geForce Experience (which I removed as soon as I discovered that they force a login even to just run the driver update -- which is the only reason I ever cared about that app in the first place.. I don't use shadowplay or game profiles or any of that other crap.)
I ended up having to use the DDU since the driver uninstaller crashed repeatedly, essentially giving me a full clean reinstall (sans Experience) when I was done.
And yeah after seeing the article I checked again and sure enough, the telemetry tasks were back.
Not sure about the people who claim to not see them.. Maybe there's some sort of A/B trial going on, or perhaps it was only in one specific version and they've already backed off on it, or maybe it only gets applied in specific hardware setups or who knows what else. But it definitely is (or hopefully by now.. was) a thing.
I don't run on the upgrade treadmill... Once I have a working driver, I stick with it.
It's NOT EASY being "world-class" (like me)
“He’s not deformed, he’s just drunk!”
Are you using the 375.70 drivers?
no editing allowed, so easy way to remove the tasks from the task scheduler
And how do you guarantee that the manufacturer hasn't added the odd extra circuit that wasn't in the base design? I guess if 3D printing gets advanced enough that you can print your own electronics.. but then you still have the compiler backdoor issue https://en.wikipedia.org/wiki/Backdoor_(computing)#Compiler_backdoors if the printer was built to recognize certain designs and modify them as it was printing. So now you have to build your own 3D printer (and it has to be advanced enough to print electronics.) And then whatever you used to build that has to be analyzed and so on until you're basically starting with a warehouse full of raw materials and thousands or even tens of thousands of hours ahead of you that you can't contract out because you can't trust other people to not build in back doors either. And THEN you have to somehow guarantee that you did everything perfectly and didn't leave any accidental flaws or the whole exercise was for naught.
Obviously those attacks are getting rather complex at that point, and its certainly a lot easier to trust a self-printed circuit created from an open design than it is to trust Windows or any other corporately-controlled system. But at some level, even going to all that trouble still leaves theoretical security risks.
And finally you then use your perfectly secured machine to check out Slashdot for the first time in 4 years after building your own browser because you don't really trust Firefox either, and simply sending and receiving the minimally necessary packets is supplying every router along the way with at least a bit metadata about your location and actions.
At some point, you'll eventually have to accept that risk is a thing and manage it rather than trying to eliminate it, because the latter is very close to impossible. The only true way to guarantee that your computer isn't sending out some sort of information is to turn it off, unplug it, smash it, and move its remains somewhere far away from you just in case its got some embedded RF chip or whatever that you didn't manage to smash.
To be honest, I just put that last pic in to give the ACs nightmares tonight.
You are welcome on my lawn.
Established users with a high "karma" are granted the option of posting at a score of 2 initially.
There are beautiful, sexy women in every country on this planet, and their color has nothing to do with it. My personal favorites are from India and Sweden.
You need to expand your horizons a little bit and open your eyes. You're missing so much in life.
Until all competing products do the same thing. Then all you're left with is complaints. And make no mistake, if this is determined to be a success (or at least not a big disaster) then its almost certain the rest of the industry will follow suit, sooner or later.
nVidia is risking pissing us all off by this move while their competitors aren't, but AMD would be risking essentially nothing if they do the same thing in a couple months since there's not really any other options for people to move to. Intel's a very distant third place and not really attempting to compete at the cutting edge. Whoever is below Intel isn't even worth discussing at this point.
A low-competition market doesn't have to be an actual oligopoly to screw over their customers. Sometimes it just takes one producer to risk pulling the trigger on something only-kind-of-bad and everyone just follows along if the action shows overall benefit to the bottom line. This scenario might not get away with actions as bad as a true oligopoly but it can still fall well into the "not good" category.
Telemetry used to be about diagnosing issues and improving software.
"Telemetry" as we see it today is rarely about those things. Its mostly about gathering user information for sale to third parties (primarily advertisers.)
So its hardly surprising that trust in "telemetry" has degraded as the term has more come to imply "personalized ads" rather than "improved experience." In fact most people consider the addition of ads to software (personalized or otherwise) to be the exact opposite of an improved user experience.
Until all competing products do the same thing. Then all you're left with is complaints. And make no mistake, if this is determined to be a success (or at least not a big disaster) then its almost certain the rest of the industry will follow suit, sooner or later.
If you're that concerned about this, complain: https://www.ftc.gov/. Venting on Slashdot is a waste of time.
We'll make great pets
What port is it communicating on? Simply block it
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
That ain't just for "understanding" that's for exploitation and profit from "personally identifiable" customer data.
This shit is spyware.
I am glad I moved to Linux exclusively once Windows 10 was released and I tried it out. Everyone whines about how their most important software does not run on Linux, how Linux is unusable because you have to debug crap, etc etc.
I think it is time to put a different spin on this: A computer is not worth using if everything you do is monitored, monetized, examined for legality, and stored forever to potentially use against you should you ever become the target of an investigation.
I can hear the objections now, "but but but I HAVE to use a computer."
Well, you can still use a computer without all of that crap; although Redhat and other distributions are starting to distribute crash reporters and such... which is the first step along the path already followed by mainstream software.
You will be completely encased in a cocoon of surveillance from birth until death unless it is fought. It needs to be fought yesterday, it needs to be fought now, and it needs to be fought in the future.
I have reclaimed my freedom from surveillance through my operating system by using Linux. OpenBSD is even better. FreeBSD seems to populated with SJW types so I avoid that like that the plague.
Regardless, Open Source is your only path to freedom when all closed source software starts implementing tracking/telemetry. Use it. use it now. The applications you need will eventually follow; however, it is better to live without a computer than to be tracked constantly. What was that what Patrick Henry said, "Give me liberty or give me death!"?
Yeah, stop spying on me or I will stop participating. Windows, and now NVidia, are out. Forever. There is no recovery from such a decision. It is a death sentence to NVidia.
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
From what I've seen, the Caucasian European women don't have such a problem with obesity.
I think this is true in general, but overall I think Asian women have an edge genetically. I've traveled around SE Asia somewhat and by and large, Asian women just aren't fat. It's not just diet, because this seems to apply to most of the Asian women in the US and Canada too, from what I see.
-
FWIW, I've started dating a lovely Asian lady too. It's really a breath of fresh air... and I'm not just talking about the physical attributes. Asians just seem to be a lot more sane and calm and rational than white American women, and also have more realistic expectations.
^^^^This, times 1000.
I couldn't agree more- they're saner, less self-centered, and more partner-oriented. In contrast with American/Western women, Asian women actually seem to like men and don't view them as a "problem" or the embodiment of everything wrong with the world. Most American/Western women seem to view a relationship as a constant competition, not as a partnership.
Yes, I'm generalizing, but my generalizations are based on literally decades of dating American women. My Asian wife thinks so differently from most American women that it's startling. Nearly all of my friends married to American women are jealous of our marriage and relationship and they're not shy about saying so. Practically all they do is complain about their wives, when most of what I do is compliment mine.
Am I biased? You bet your ass I am! :)
Just cruising through this digital world at 33 1/3 rpm...
"Caucasian" my ass. There are only two types of women: European Aryan women and inferiors.
Get back in your basement, goober. You've never touched a woman in real life so your opinion is worthless.
Just cruising through this digital world at 33 1/3 rpm...
Curso NR 10 online curso NR 10 curso NR 10 online