Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10 Privacy Changes Appease Watchdogs, But Still No Data 'Off-Switch' (zdnet.com)

Posted by msmash on from the why-no-off-switch dept.

Earlier this month, Microsoft announced several privacy changes in Windows 10, but it didn't give users an option to completely opt-out of data-collection feature. The announcement came at a time to coincide with a statement by the Swiss data protection and privacy regulator, the FDPIC, which last week said it would drop its threats of a lawsuit after the company "agreed to implement" a string of recommendations it made last year. The news closed the books on an investigation that began in 2015, shortly after Windows 10 was released. Though the Swiss appear satisfied, other critics are waiting for more. The French data protection watchdog, the CNIL, was equally unimpressed by Microsoft's actions, and it served the company with a notice in July to demand that it clean up its privacy settings. In an email, the CNIL said that the changes "seem to comply" with its complaint, but it's "now analyzing more in [sic] details Microsoft answers in order to know whether all the failures underlined in the formal notice do now comply with the law." ZDNet adds: Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask -- but one that nonetheless lacks specifics. Microsoft said it wants users to "trust" it. And while the likelihood that the company is doing anything nefarious with users' information is frankly unlikely, the running risk is that the data could somehow be turned over to a government agency or even stolen by hackers is inescapable. That risk alone is enough for many to want to keep what's on their computer in their homes. While changing the privacy controls is a move in the right direction, it's still short of what many have called for. By ignoring the biggest privacy complaint from its consumer users -- the ability to switch off data collection altogether -- Microsoft has favored the "just enough" approach to appease the regulators. Without a way to truly opt-out, Microsoft's repeated pledge (eight times in the blog post, no less) to give its users "control" of their data comes off as a hollow soundbite.

25 of 211 comments (clear)

  1. What gets collected by Anonymous Coward · · Score: 2, Insightful

    what ever the NSA or their EU equivalent asks for and more just in case they need to ask for more in the future.
    stop using windows if you want any semblance of privacy.
     

  2. Trust? by ilsaloving · · Score: 5, Insightful

    Apparently Microsoft uses the word "Trust" in the same way Apple uses the word "Courage". I still haven't figured out what either one means... only that neither correspond to what's in the dictionary.

    1. Re:Trust? by Anonymous Coward · · Score: 2

      off isn't off is the point, your enterprise edition is still sending info to microsoft without your consent.

    2. Re:Trust? by Anonymous Coward · · Score: 5, Interesting

      This view is disgusting:

      Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask

      Reasonable? Why should I spend my money on electricity and bandwidth to help the commercial product of a multi-billion dollar corporation? Why don't they pay people to do QA any more? Why don't they pay users if the data has business value?

      Fuck that. It is NOT a reasonable ask, it's ridiculous.

    3. Re:Trust? by UnknownSoldier · · Score: 5, Funny

      > Apparently Microsoft uses the word "Trust" in the same way Apple uses the word "Courage". I still haven't figured out what either one means..

      MS Trust: "I'm altering the deal. Trust I don't alter it any further." DUN DUN DE DUN.

      Apple Courage: "It is easy confuse to Courage with Stupidity -- we did. If you're stupid enough to spend yet more money on over-priced wireless crap to replace the gear you already have, we have the courage to sell it to you."

    4. Re:Trust? by skids · · Score: 5, Interesting

      The problem is endemic far and beyond Microsoft. While the data on your PC is something people take personally, other companies performing tech support for products less often encountered by end-users are playing it fast and loose with their customer's data in the name of support.

      In the networking space, if you call in any request to fix or enhance a product, the front line TAC these days has been told to have you collect a pretty thorough dump of the device configuration database. These databases are not necessarily in any sort of human readable form, but those who know what to look for can easily see that they often include private crypto keys, password hashes or sometimes even cleartext passwords, and more detail about the internal layout of the most sensitive parts of the customer's network than would be needed to solve a technical problem.

      This is plausibly just because these companies have not had enough customers complain, and assigned development the task of omitting potentially sensitive data from these "tech dumps"; But it doesn't take horribly much tinfoil to imagine there could be compromised policy-setters at these companies who stand ready to step on any attempt to rectify this situation.

      Finally, to top it off there is a trend to either transfer these files over email since huge attachments are no longer a problem on modern email systems, or to outsource file uploads to dropbox-ish cloud service providers.

      So, it would not surprise me if there were quite a few spooks... foreign, domestic, and industrial... working at support departments in major corporations, though the more resourced agencies may not even need to do even that given the lack of hygiene exercised in transferring these files to and around the corporate TAC.

      --
      Someone had to do it.
    5. Re:Trust? by LVSlushdat · · Score: 3, Insightful

      /puts on tinfoil hat

      I wonder how long it will be before those of us who refuse to use corporate/closed-source operating systems on our computers will be put on a watch list by the government, and subjected to things that terrorists are subjected to...

      As far as I'm concerned, you don't need a tin-foil hat to think that this may not be *too* far down the line...

      --
      THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  3. Re:oh yes I DID! by omnichad · · Score: 3, Informative

    Where have you been for the last two years? MS uses hard-coded IPs to avoid any messing around with DNS.

  4. Until Data Collection is 100% Removed... by Zurkeyon3733 · · Score: 3, Interesting

    This CAREER IT TECHNICIAN, will NEVER recommend it. Currently, we Recommend its REMOVAL from all workstations, and a regression to a safer, less intrusive, more compatible OS, that isn't able to uninstall things to make way for its own broken updates... Win 10 has uninstalled the following applications from our Users systems WITHOUT permission or ANY user interaction required... 1. Quickbooks. 2. Sage Accounting 3. Wintac (HVAC CRM) 4. Connectwise (IT CRM) All uninstalled from multiple systems, without permission, causing DAMAGE to several of our Business Class Environments, and taking 4 clients networks DOWN, as they primarily used Quickbooks. When its down they cannot function. It also damaged the Wintac Database, by uninstalling it WHILE IT WAS OPERATING! Win10 is by far and wide the VERY WORST thing ever produced and sold as an OS!

    1. Re:Until Data Collection is 100% Removed... by Anonymous Coward · · Score: 3, Funny

      Thank you for your sage advice, Career Captain CapsLock!

    2. Re:Until Data Collection is 100% Removed... by Zurkeyon3733 · · Score: 4, Informative

      So, in order to get Microsoft to stop doing something it shouldn't be doing in the first place (Uninstalling software WITHOUT asking) I have to spend more man hours and labor? Because that sure sounds like what you are saying... Keeping in mind that we have close to 1000 business customers, thats going to be AN AWFUL LOT of GP changes... Say 500 Hours to complete them all... So I assume Microsoft is ready and willing to cover this expense? And no dip shit, we dont roll out HOME in a business class environment. BUT on that same note, not every small business in america has an ENTERPRISE level environment, or even a Server for that matter. Or did you now know this? :-D

    3. Re:Until Data Collection is 100% Removed... by Anonymous Coward · · Score: 3, Insightful

      The parent actually makes a good point, and I don't doubt your rebuttal. However!

      Microsoft promised that there would not only be "one" Windows and that everyone would receive forced updates.

      But that's not actually the case. What they are doing is rolling out updates across different users at different rates. So actually, the parent poster could be 100% correct, and so can you, and it's all down to Microsoft using everyone who isn't an "Enterprise" customer as their QA department.

      They're being complete fucks. They know they're being complete fucks. What they're going to do now is a classic "shift to the middle move" where they relax the bullshit and everyone accepts the compromise position as being better than the bullshit today, but still 10 times worse than what it was 5 years ago.

  5. Re:Windows "telemetry" = Only use Linux Mint by Anonymous Coward · · Score: 2, Informative

    Why bother with any OS? Oh yeah, that's where my software lives

    So much software is Windows only or works on Windows "best" (emulation is spotty and under-performing on avg)

    It's a platform some of us have to live with

  6. I called this already by El+Cubano · · Score: 5, Interesting

    I will simply refer you to my comment in last week's discussion on "Microsoft To Enhance User Privacy Controls In Upcoming Windows 10 Update": here

    Bottom line: Microsoft's only objective was "get people to quit trashing us openly". Of course, the current state very well could have been their desired end goal and they went extreme from the outset to give them room to appear to compromise. Either way, whether or not it was planned, they make themselves look (comparatively) like the good guys.

  7. Trust me. by fahrbot-bot · · Score: 5, Funny

    Microsoft said it wants users to "trust" it.

    I hear that a lot from companies and people -- like some newly elected officials -- and it always makes my ass twitch.

    --
    It must have been something you assimilated. . . .
  8. "frankly unlikely"? by sacrilicious · · Score: 3, Insightful

    ZDNet adds: ... And while the likelihood that the company is doing anything nefarious with users' information is frankly unlikely ...

    This quote is a case of somebody writing something to just fit a grammatical template, rather than thinking about what they're writing. Substantiate that wild speculation, ZDNet, or turn in your beard-stroking license asap.

    --
    - First they ignore you, then they laugh at you, then ???, then profit.
  9. It's not "trust" in the Merriam-Webster sense ... by scunc · · Score: 2

    Microsoft: We know what our users want!

    Users: How? You haven't asked us about anything.

    Microsoft: Oh, we know--trust us ...
    -------
    All Power to the NT Overlords!

  10. I only want an operating system by OrangeTide · · Score: 5, Insightful

    Is that too much to ask? I'd like to pay some money in exchange for software to abstract my hardware into a platform and allow application to run. That is of course the kernel and drivers as well as the libraries and services necessary for applications.

    I don't want advertisements, data mining, or even a bundled web browser. I do want security updates and timezone updates, please don't stop updating timezones with the excuse that an older operating system version is "unsupported".

    If this were a free market, we could pay money in exchange for the goods and services we want. Assuming we can agree on a price, but I doubt even a million dollars would could get Microsoft's attention.

    --
    “Common sense is not so common.” — Voltaire
    1. Re:I only want an operating system by Bob+the+Super+Hamste · · Score: 5, Funny

      Oh come on it isn't like they could just create some tz data files and update that. How would the system ever know what one to use and how could users be expected to keep them up to date?

      --
      Time to offend someone
    2. Re:I only want an operating system by El+Cubano · · Score: 2

      If this were a free market, we could pay money in exchange for the goods and services we want. Assuming we can agree on a price, but I doubt even a million dollars would could get Microsoft's attention.

      It is a free market. What you describe actually exists. In fact, something better than what you describe exists: Linux. It may seem tired, but there are literally dozens of distributions out there. Some have corporate backing (e.g., RedHat, SuSE), others are developed by a community (e.g., Debian), and others are the result of heroics by primarily one individual (e.g., Slackware). The point is that there are so many options, some which will take your money, others of which will not.

      Many of those Linux distributions are a viable alternative for many people now. Of course, they may not be what you are accustomed to, and they may not run all of your favorite applications, but most things in life are some of trade-off. Do you want to run a particular app or group of apps at the expense of your privacy? Or are you willing to give up something else in order to secure your privacy?

      On the flip side, in a free market producers are free to produce what they want. For example, I can walk in to a Chick-Fil-A and try to order a cheeseburger. Of course, they don't make cheeseburgers, so they won't be able to sell it to me. At that point I have to make a choice: do I stick with Chick-Fil-A because I really want the waffle-cut fries, or do I go to Burger King next door?

      You and everyone else out there has a choice now, you just have to decide what is really important.

    3. Re:I only want an operating system by iampiti · · Score: 2

      Yeah, I also want that. Microsoft can only pull this crap because many important pieces of software only run on Windows (obviously, they know).
      If 99% of software was cross platform they'd have to give people what they want instead of giving us what Microsoft wants

  11. Re:Are Linux or open source software really better by Anonymous Coward · · Score: 2, Insightful

    > "But that tracking can be easily disabled!" or "But that tracking is off by default!"

    These are perfectly reasonable mitigations.

    Also, it is not reasonable to pretend that a thing that Ubuntu did is somehow "Linux", even if they were still doing it. You know what spies on you? Red Star Linux. But that's not a very reasonable thing. If you don't like the Ubuntu/Amazon thing, then leave it off or turn it off, or just simply don't use Ubuntu. Arch doesn't have that problem. Or Fedora, or Debian, or or or or or or

  12. Re:So how *does* one turn off telemetry completely by green1 · · Score: 2

    And that's the trick. It's easy to block all the telemetry by simply blacklisting all the MS servers at the firewall. The issue is that also blocks updates.

    Pick your poison....

    Of course you ask what /.ers do. They don't run Windows in the first place!

  13. Re:oh yes I DID! by MightyMartian · · Score: 3, Informative

    I don't think there's anything illegitimate about it. It's just that he's mentally ill, and that the software in question really doesn't work where an OS or software manufacturer hard codes callback IP addresses. I went to his page about six months ago, and was fascinated to see screenshots from what was either XP or Server 2003, which said a lot not only about the software, but about APK's state of mind. He's also made a number of posts over the years that suggest he's a good old fashioned netkook, maybe the last of that ancient breed. So, like all good netkooks, he has a fixation, which in his case is his obsession with the hosts file.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  14. Re:So how *does* one turn off telemetry completely by gweihir · · Score: 2

    Simple: Do not use Win10 or never connect it to a network. Anybody else that thinks they can reliably "turn of telemetry completely" in the face of missing documentation and forced updates is just kidding themselves. There is a good reason no well-known security researchers have come up with reliable recipes to do it, they know and understand this. It is also extremely telling that there are no good analyses of what actually gets sent out there: It is both difficult to do and the data could change completely on the next forced update.

    So, no, at this time it is not reliably possible to block telemetry and still have updates over the net. Of course, this is also designed by MS to not be easy and the only way to ever get this is if MS is forced legally to make it possible or forced to give the LTSB version (where they make assurances in this regard) gets general availability. The current changes are a good first step, but the process is far from completed. They need to be kicked where it hurts a few more times.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.