Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10 Privacy Changes Appease Watchdogs, But Still No Data 'Off-Switch' (zdnet.com)

Posted by msmash on from the why-no-off-switch dept.

Earlier this month, Microsoft announced several privacy changes in Windows 10, but it didn't give users an option to completely opt-out of data-collection feature. The announcement came at a time to coincide with a statement by the Swiss data protection and privacy regulator, the FDPIC, which last week said it would drop its threats of a lawsuit after the company "agreed to implement" a string of recommendations it made last year. The news closed the books on an investigation that began in 2015, shortly after Windows 10 was released. Though the Swiss appear satisfied, other critics are waiting for more. The French data protection watchdog, the CNIL, was equally unimpressed by Microsoft's actions, and it served the company with a notice in July to demand that it clean up its privacy settings. In an email, the CNIL said that the changes "seem to comply" with its complaint, but it's "now analyzing more in [sic] details Microsoft answers in order to know whether all the failures underlined in the formal notice do now comply with the law." ZDNet adds: Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask -- but one that nonetheless lacks specifics. Microsoft said it wants users to "trust" it. And while the likelihood that the company is doing anything nefarious with users' information is frankly unlikely, the running risk is that the data could somehow be turned over to a government agency or even stolen by hackers is inescapable. That risk alone is enough for many to want to keep what's on their computer in their homes. While changing the privacy controls is a move in the right direction, it's still short of what many have called for. By ignoring the biggest privacy complaint from its consumer users -- the ability to switch off data collection altogether -- Microsoft has favored the "just enough" approach to appease the regulators. Without a way to truly opt-out, Microsoft's repeated pledge (eight times in the blog post, no less) to give its users "control" of their data comes off as a hollow soundbite.

16 of 211 comments (clear)

  1. Trust? by ilsaloving · · Score: 5, Insightful

    Apparently Microsoft uses the word "Trust" in the same way Apple uses the word "Courage". I still haven't figured out what either one means... only that neither correspond to what's in the dictionary.

    1. Re:Trust? by Anonymous Coward · · Score: 5, Interesting

      This view is disgusting:

      Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask

      Reasonable? Why should I spend my money on electricity and bandwidth to help the commercial product of a multi-billion dollar corporation? Why don't they pay people to do QA any more? Why don't they pay users if the data has business value?

      Fuck that. It is NOT a reasonable ask, it's ridiculous.

    2. Re:Trust? by UnknownSoldier · · Score: 5, Funny

      > Apparently Microsoft uses the word "Trust" in the same way Apple uses the word "Courage". I still haven't figured out what either one means..

      MS Trust: "I'm altering the deal. Trust I don't alter it any further." DUN DUN DE DUN.

      Apple Courage: "It is easy confuse to Courage with Stupidity -- we did. If you're stupid enough to spend yet more money on over-priced wireless crap to replace the gear you already have, we have the courage to sell it to you."

    3. Re:Trust? by skids · · Score: 5, Interesting

      The problem is endemic far and beyond Microsoft. While the data on your PC is something people take personally, other companies performing tech support for products less often encountered by end-users are playing it fast and loose with their customer's data in the name of support.

      In the networking space, if you call in any request to fix or enhance a product, the front line TAC these days has been told to have you collect a pretty thorough dump of the device configuration database. These databases are not necessarily in any sort of human readable form, but those who know what to look for can easily see that they often include private crypto keys, password hashes or sometimes even cleartext passwords, and more detail about the internal layout of the most sensitive parts of the customer's network than would be needed to solve a technical problem.

      This is plausibly just because these companies have not had enough customers complain, and assigned development the task of omitting potentially sensitive data from these "tech dumps"; But it doesn't take horribly much tinfoil to imagine there could be compromised policy-setters at these companies who stand ready to step on any attempt to rectify this situation.

      Finally, to top it off there is a trend to either transfer these files over email since huge attachments are no longer a problem on modern email systems, or to outsource file uploads to dropbox-ish cloud service providers.

      So, it would not surprise me if there were quite a few spooks... foreign, domestic, and industrial... working at support departments in major corporations, though the more resourced agencies may not even need to do even that given the lack of hygiene exercised in transferring these files to and around the corporate TAC.

      --
      Someone had to do it.
    4. Re:Trust? by LVSlushdat · · Score: 3, Insightful

      /puts on tinfoil hat

      I wonder how long it will be before those of us who refuse to use corporate/closed-source operating systems on our computers will be put on a watch list by the government, and subjected to things that terrorists are subjected to...

      As far as I'm concerned, you don't need a tin-foil hat to think that this may not be *too* far down the line...

      --
      THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  2. Re:oh yes I DID! by omnichad · · Score: 3, Informative

    Where have you been for the last two years? MS uses hard-coded IPs to avoid any messing around with DNS.

  3. Until Data Collection is 100% Removed... by Zurkeyon3733 · · Score: 3, Interesting

    This CAREER IT TECHNICIAN, will NEVER recommend it. Currently, we Recommend its REMOVAL from all workstations, and a regression to a safer, less intrusive, more compatible OS, that isn't able to uninstall things to make way for its own broken updates... Win 10 has uninstalled the following applications from our Users systems WITHOUT permission or ANY user interaction required... 1. Quickbooks. 2. Sage Accounting 3. Wintac (HVAC CRM) 4. Connectwise (IT CRM) All uninstalled from multiple systems, without permission, causing DAMAGE to several of our Business Class Environments, and taking 4 clients networks DOWN, as they primarily used Quickbooks. When its down they cannot function. It also damaged the Wintac Database, by uninstalling it WHILE IT WAS OPERATING! Win10 is by far and wide the VERY WORST thing ever produced and sold as an OS!

    1. Re:Until Data Collection is 100% Removed... by Anonymous Coward · · Score: 3, Funny

      Thank you for your sage advice, Career Captain CapsLock!

    2. Re:Until Data Collection is 100% Removed... by Zurkeyon3733 · · Score: 4, Informative

      So, in order to get Microsoft to stop doing something it shouldn't be doing in the first place (Uninstalling software WITHOUT asking) I have to spend more man hours and labor? Because that sure sounds like what you are saying... Keeping in mind that we have close to 1000 business customers, thats going to be AN AWFUL LOT of GP changes... Say 500 Hours to complete them all... So I assume Microsoft is ready and willing to cover this expense? And no dip shit, we dont roll out HOME in a business class environment. BUT on that same note, not every small business in america has an ENTERPRISE level environment, or even a Server for that matter. Or did you now know this? :-D

    3. Re:Until Data Collection is 100% Removed... by Anonymous Coward · · Score: 3, Insightful

      The parent actually makes a good point, and I don't doubt your rebuttal. However!

      Microsoft promised that there would not only be "one" Windows and that everyone would receive forced updates.

      But that's not actually the case. What they are doing is rolling out updates across different users at different rates. So actually, the parent poster could be 100% correct, and so can you, and it's all down to Microsoft using everyone who isn't an "Enterprise" customer as their QA department.

      They're being complete fucks. They know they're being complete fucks. What they're going to do now is a classic "shift to the middle move" where they relax the bullshit and everyone accepts the compromise position as being better than the bullshit today, but still 10 times worse than what it was 5 years ago.

  4. I called this already by El+Cubano · · Score: 5, Interesting

    I will simply refer you to my comment in last week's discussion on "Microsoft To Enhance User Privacy Controls In Upcoming Windows 10 Update": here

    Bottom line: Microsoft's only objective was "get people to quit trashing us openly". Of course, the current state very well could have been their desired end goal and they went extreme from the outset to give them room to appear to compromise. Either way, whether or not it was planned, they make themselves look (comparatively) like the good guys.

  5. Trust me. by fahrbot-bot · · Score: 5, Funny

    Microsoft said it wants users to "trust" it.

    I hear that a lot from companies and people -- like some newly elected officials -- and it always makes my ass twitch.

    --
    It must have been something you assimilated. . . .
  6. "frankly unlikely"? by sacrilicious · · Score: 3, Insightful

    ZDNet adds: ... And while the likelihood that the company is doing anything nefarious with users' information is frankly unlikely ...

    This quote is a case of somebody writing something to just fit a grammatical template, rather than thinking about what they're writing. Substantiate that wild speculation, ZDNet, or turn in your beard-stroking license asap.

    --
    - First they ignore you, then they laugh at you, then ???, then profit.
  7. I only want an operating system by OrangeTide · · Score: 5, Insightful

    Is that too much to ask? I'd like to pay some money in exchange for software to abstract my hardware into a platform and allow application to run. That is of course the kernel and drivers as well as the libraries and services necessary for applications.

    I don't want advertisements, data mining, or even a bundled web browser. I do want security updates and timezone updates, please don't stop updating timezones with the excuse that an older operating system version is "unsupported".

    If this were a free market, we could pay money in exchange for the goods and services we want. Assuming we can agree on a price, but I doubt even a million dollars would could get Microsoft's attention.

    --
    “Common sense is not so common.” — Voltaire
    1. Re:I only want an operating system by Bob+the+Super+Hamste · · Score: 5, Funny

      Oh come on it isn't like they could just create some tz data files and update that. How would the system ever know what one to use and how could users be expected to keep them up to date?

      --
      Time to offend someone
  8. Re:oh yes I DID! by MightyMartian · · Score: 3, Informative

    I don't think there's anything illegitimate about it. It's just that he's mentally ill, and that the software in question really doesn't work where an OS or software manufacturer hard codes callback IP addresses. I went to his page about six months ago, and was fascinated to see screenshots from what was either XP or Server 2003, which said a lot not only about the software, but about APK's state of mind. He's also made a number of posts over the years that suggest he's a good old fashioned netkook, maybe the last of that ancient breed. So, like all good netkooks, he has a fixation, which in his case is his obsession with the hosts file.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.