Slashdot Mirror
Microsoft Finally Reveals What Data Windows 10 Really Collects (theverge.com)
Starting today, Microsoft is updating its privacy statement and publishing information about the data it collects as part of Windows 10. From a report: "For the first time, we have published a complete list of the diagnostic data collected at the Basic level," explains Windows chief Terry Myerson in a company blog post. "We are also providing a detailed summary of the data we collect from users at both Basic and Full levels of diagnostics." Microsoft is introducing better controls around its Windows 10 data collection levels in the latest Creators Update, which will start rolling out broadly next week. The controls allow users to switch between basic and full levels of data collection. "Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure," says Myerson. "As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level."
... of course, is that we have to wait for Microsoft to "inform" us about that in the first place.
Finally, since January. They revealed this in January when they pushed the update to Insiders Build. They introduced the disclosure as part of compliance with EU regulations.
Link to the actual list, not an article about the list: https://technet.microsoft.com/...
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
that this list is really complete and conclusive? Or is this just what MS is saying is the complete list?
"I do not agree with what you say, but I will defend to the death your right to say it"
Why can't we turn it off entirely? I can troubleshoot my own PC and don't need it "phoning home" - EVER.
So still no choise of Dont spy my shit...
We all know that without the source, it is impossible to verify their claims.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
"Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure," says Myerson. "As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level."
I wonder what they felt they needed to remove before they were willing to publish the disclosure.
How about you don't 'collect' anything on anyone for any reason, you bastards?
The Tech Net article lists the diagnostic data. Is any non-diagnostic data collected?
They are transparent about the Creator's Update. But they have reduced the telemetry by about half, saying that they realized they didn't find all telemetry useful. So you don't really know what they *have been* collecting prior to the Creator's Update. For all we know they've removed a bunch of more onerous details that could have *upset* us.
"Sperm Count" (listed on page two) seems unnecessary.
It must have been something you assimilated. . . .
Some open source supporters will make claims like "But they're being transparent!" or "But you can opt out!" or some other nonsense like that.
But guess what? None of that matters!
It does matter. It's relatively trivial to opt out of Mozilla's data collection and to know what's being collected, whereas that's absolutely not the case with Microsoft. So when you say shit like this:
"we cannot consider them to be any better than Windows, or conversely, we can't consider Windows to be any worse than projects like Firefox"
I know you're either shilling for Microsoft or being idealistically stupid about practical differences.
Look at the f*cking thing and see how reasonable it is:
https://technet.microsoft.com/...
It's completely ridiculous. Windows 10 is basically spyware disguised as an OS at this point.
Any company can publicly change policies overnight and then change them back the next day quietly and worse than ever.
If EULA's are actually legal then we need to regulate them so that it's not a one sided contract with no measurable benefit to the customer.
Is "reduced by half" anything like "increased by a factor of 2"?
Unless Microsoft brings back the Windows 7 UI in Windows 11 I think I will either move on to a Mac or Lunix distribution for my next computer. They will also need to scrap the data collection and advertising features in Windows 11.
"Why should I believe you?"
Time and again we have been lied and misled by Microsoft. Give me one good reason I should believe this.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bing to upload the stuff. I block bing at my firewalls and the logs constantly show my Win10 laptop trying to connect to Bing.
Perhaps the EU restrictions on unfettered data collection will trickle down if the big players are made to comply. We can hope.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
You should look into the msdn historical edit article where they showed that microsoft removed verbiage on it's MSDN page about collecting even worse information such as your documents and allowing microsoft employees investigating any crash reports sent by your machine to actually remotely access your machine and view your documents and run your programs.
Not trolling either. It was a link passed around here awhile ago and microsoft even sent a takedown to the wayback machine which previously had the edit but now does not. Yet on a different microsoft site that lists wiki-style diff's of it's pages, it's still there.
Someone find it please. They are backpedaling so hard on this it's sad.
That AC's position is much more consistent and sensible than yours is. That AC is saying, ``Data harvesting is wrong.'', while you're saying,``Data harvesting is wrong, except if you can opt out, or except if you know what's being harvested, or except if moz://a is doing it, or except if it's called telemetry, or except if Google Analytics is used to store it, or except if ...''. Face it, data harvesting is wrong. It doesn't matter who is doing it, or how they're doing it, or why they're doing it, or what they're doing with the harvested data. It's wrong. There aren't degrees of wrongness here. All incidents of data harvesting are equally wrong.
Actually, opt-out is all that is required, and both Firefox and Homebrew have it and since they're both open source, if you don't like having to opt out, you can edit the code and remove the data gathering completely. You know who doesn't allow you to opt out? You who what doesn't allow you to edit the code? Microsoft.
The issue I have with Windows 10 is that it no longer treats you like you are the OWNER. It treats you like a library card holder, lucky to be able to use their 10 year old machine.
Good thing Microsoft isn't an ISP or Americans would be freaking out.
All incidents of data harvesting are equally wrong.
No, the world is not black and white. Otherwise Richard Stallman would be a practical person instead of out on an idealistic island. People like Stallman are useful as standard bearers, but in the real world we deal with practical choices that require us to distinguish between varying degrees of "wrong".
That comment shouldn't be at -1. I don't know what Homebrew is, but I had no idea that Firefox collected so much info about me. Now that I know what it's doing I think I'll have to find an alternative browser. I've been meaning to investigate Chromium. Learning what Firefox is doing will make me find the time to see if Chromium is as invasive. I hope that it isn't. Does anyone know of any browsers that truly respect privacy? I thought that Firefox did but now I've learned that I was wrong!
We're rolling out Windows 10 in a very low-bandwidth environment, and in some cases a no-bandwidth environment. (Yes, they still exist today!) Turning off telemetry was one of the reasons we upgraded the OEM licenses from Pro to Enterprise -- there's just no need to use precious connection time sending usage data to Microsoft. And yes, that means "paying twice" for the OS, once to the OEM and once for the Enterprise subscription.
In my opinion, Microsoft did a very poor job of communicating what the difference between Home, Pro and Enterprise was. Basically, anyone with Home and Pro is getting the OS for "free" in exchange for telemetry data and information they can sell to marketers, period. Pro is Home with the ability to join a classic AD domain. This is very different from the days of Windows 7, where Pro had enough features to make it the default OS for business deployment. What Microsoft is doing is pulling more and more features under Enterprise, including the ability to opt out of constant feature changes. The result is that most large companies are buying Enterprise upgrades and getting on the subscription treadmill.
I think the best thing they could do right now is to let anybody buy the Enterprise version as a one-off, or make a complete shut-off of the telemetry available but slightly difficult to find in every edition of the OS. Even if they made the telemetry controllable by a few hard to find registry keys, the vast majority of consumers wouldn't touch any of the default settings and they'd still be getting data from them. Microsoft just got done "giving away" Windows 10 to millions of Windows 7 and 8 users in the form of the free upgrade, and the indication is that they will be on the same major release forever from now on, just releasing big update packages once or twice a year. Enterprise customers are subsidizing this development by still paying license fees in the form of subscriptions -- those millions of PCs that were upgraded for free only have the revenue stream of the marketing data coming in until they're replaced. And if Microsoft sticks to their promises, there will be no more revenue for traditional boxed software upgrades either -- no Windows 11 release they can ship out on DVDs to stores is coming.
Do I like being a product for marketing companies to mine data on? Not really -- and I do think Microsoft should be transparent about why they're doing what they're doing. I think all the companies doing this (Microsoft, Apple, Google, etc.) are going to have to find a new way to operate once the social media and advertising bubbles pop too...right now all of them are subsidizing their phone OS development with the fact that they have access to very personal data on a device you carry with you 24 hours a day.
Z0MG they collect UR privacy settings before and after upgrades!! They must want to make sure your privacy settings have been successfully forgotten.
Fields.TelClientSynthetic.PrivacySettingsAfterCreatorsUpdate.PreUpgradeSettings
Fields.TelClientSynthetic.PrivacySettingsAfterCreatorsUpdate.PostUpgradeSettings
HKLM_SensorPermissionState.SensorPermissionState
HKLM_LocationPlatform.Status
HKCU_LocationSyncEnabled.AcceptedPrivacyPolicy
HKLM_AllowTelemetry.AllowTelemetry
HKLM_TailoredExperiences.TailoredExperiencesWithDiagnosticDataEnabled
HKLM_AdvertisingID.Enabled
I will still install Linux for family members who need a new laptop, or are just stuck with broken M$ Windows/Winblows/Windoze installations.
A bit over 220 KB of text in just shy of 3800 lines to describe what they collect in "basic" form? GFY, MS. Too late. I will continue doing my part in (somewhat futile, but oh well) limiting the spread. This sort of horse shit is perhaps 40% of the reason why I will never voluntarily use your operating system.
There is no XUL, only WebExtensions...
As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level.
Better compression algorithm combined with consolidating events?
Help! I'm a slashdot refugee.
It does matter. It's relatively trivial to opt out of Mozilla's data collection and to know what's being collected, whereas that's absolutely not the case with Microsoft.
It looks like they're making it trivial. Am I wrong?
The Daddy casts sleep on the Baby. The Baby resists!
Why is this at -1? The data is encrypted, and Windows users presumably don't get to look at the keys.
So literally people have to take MS's word for it. Oh well.
CLI paste? paste.pr0.tips!
The justifications offered by MS are as ridiculous as they are hilarious.
"Activity for run of the Transient Account Manager that determines if any user accounts should be deleted for devices set up for Shared PC mode to help keep Windows up to date. Deleting unused user accounts on shared devices frees up disk space to improve Windows Update success rates"
Seriously so you have to know how many local accounts, when I add, change and remove them. When they first login and their sids I keep on my own machine because there is some insanely comical correlation between local accounts and available disk space?
It's not like you are not already explicitly stealing volume information via Census.Storage and SetupPlatformTel.SetupPlatformTelActivityEvent. And who the fuck installs software without check for available disk space first? Is the success rate of an action really undeterminable prior to taking it because disk space? I don't think even Microsoft is stupid enough to believe their own BS.
Also love the generic key/value data access schemes where the full list of available keys that can be transmitted are not specified anywhere.. Only the top level interface to transfer the data.
FieldName - Retrieves the event name/data point.
Value - Retrieves the value associated with the corresponding event name
If your going to be transparent don't be transparently slimy. You may impress end users with better things to do with reams of context deprived technobabble but there are plenty of people in the world as smart or smarter than the people who compiled this crap.
Comment removed based on user account deletion
For firefox, you can check, they describe very well what is sent and almost all the data is technical related, no identifiable info, no browsing history... and they inform you of that and you can opt-out
Now compare that with MS, where it is full of identifiable info, browsing history and even command line (great to catch passwords, "interesting" paths and programs)
Higuita
Many issues are pretty binary. Data harvesting is wrong. It provides nothing to the user and there is no reason a user would want to enable it.
one solution is to use blackbird to turn off all telemetry and uninstall builtin spy/adware. be warned, though, i had some basic things break (like start menu search) after running it.
Apple and Microsoft have probably been the best major companies for keeping their changes small and manageable. Eventually you had to migrate off VB6. Eventually you had to click the "also compile this for Intel" checkbox in Xcode. But that doesn't change the fact that if you use their platforms, you are subject to their business decisions, even when they conflict with yours.
Perhaps hypocritically, I'm typing this on a Mac. I've decided that given Apple's track record, they're probably not going to yank the rug out from under me overnight. But you can bet that all the code I write is in FOSS languages and deployed to FOSS operating systems. I can change my desktop OS - with some pain and gnashing of teeth to be sure - without compromising the things I design. That's because RMS is correct: he's convinced many of us that it's practical to choose open platforms instead of closed shininess where it really matters.
Dewey, what part of this looks like authorities should be involved?
Maybe your kid(who didn't starve) grows up to be the drug addict who steals my car again.
you BOTH suck and I want my cars back!
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
I have:
Set the settings to Basic.
Disabled it in the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
added the keyword AllowTelemetry and set it to 0.
Changed the Group Policy level to Disabled:
Computer Configuration\Administrative Templates\Windows Components\Data Collection And Preview Builds\Allow Telemetry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
Disabled the services, and killed the processes:
- Connected User Experiences and Telemetry Service.
Connected User Experiences and Telemetry process
dmwappushsvc process
Rebooted the machines
And the Microsoft Compatibility Telemetry still shows up once and awhile.
And this has happened on several machines.
So its still there and still comes back and its still collecting data.
From what I've seen, yes you are. They're making it fairly trivial to reduce the data collection (from Full to Basic) but I don't see anything about disabling it all together.
I guess it depends what qualifies as data harvesting. Having crash reports automatically sent off to the developer could help to fix bugs that users just didn't bother to report. The bug can then be fixed, and fixing bugs in software definitely does provide something of value to the users. However, sending out a crash report with pertinent information about what may have caused the crash could very much be described as data harvesting.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Some open source supporters will make claims like "But they're being transparent!" or "But you can opt out!" or some other nonsense like that.
But guess what? None of that matters!
It does matter. It's relatively trivial to opt out of Mozilla's data collection and to know what's being collected, whereas that's absolutely not the case with Microsoft. So when you say shit like this:
"we cannot consider them to be any better than Windows, or conversely, we can't consider Windows to be any worse than projects like Firefox"
I know you're either shilling for Microsoft or being idealistically stupid about practical differences.
Yet you still have to take Mozilla for their word just like Microsoft. Both companies could be lying about what they collect. You trust one but not the other when the data could be identical.
Ummmm and Pale Moon.
== Jez ==
Do you miss Firefox? Try Pale Moon.
At the very least, they admit that they:
- Uniquely identify you, your device, and your location/network.
- Record what you navigate and search on the internet.
- Record what you watch, listen to, and read.
- Record your purchase history.
Any citations for these (like field names in that huge list) that you could provide? I searched for some keywords to find anything related what you mentioned (ex: web, browse, history, internet, purchase, etc) and could not find anything as nefarious sounding as your summary. Perhaps I'm not looking closely enough and it's a huge list, so citations would be appreciated. I really would like to know if they are collecting the info you listed. Thanks.
I'm an Win10 insider receiving Win10 6 months early. Reading it's TOS I never installed or wished to be part of Win10. The way it read, if connected to another's system it was free game for data collection as well.
Gaming won out, just last week I purchased Win10 Pro (for it's grpedit.msc (group editor)).
This change only requires me to disable licensing to install what I want now (a very old and proven version of Comodo firewall).
My trust was broken as far back as Vista. I've been using nothing but UNIX based operating systems ever since and though it's been quite a learning experience to say the least, the headaches evolved are entirely my own fault for "playing around" rather than being caused by a corporation forcing them on me. I have a laptop that's about 9 years old running Linux kernel 4.10 32-bit PAE (for more RAM access) just fine with new software, no lag, and no weird privacy agreement because it's not only Linux, but because I made the distro myself. https://theouterlinux.com/psyc.... It does have a EULA though, but so does everyone else. It's OpenSUSE 13.2 based so please make sure to run the Upgrade script if you do install it (yast --> live installer). I'd correct the ISO by default, but SuseStudio killed OpenSUSE 13.2, so I had to make a script to fix repos and other things.
I disagree. RMS is supremely practical over long periods of time. His core message is "if you tie your fate to something you don't control, you will get burned." I've never seen this not be correct.
If you took that core message truly to heart, you'd be out on wilderness survival training near your prepper bug out shelter right now. The rest of us depend on lots of things, not just the software in our computers. Don't get me wrong, all other things being equal I'd take open source too but all other things are rarely equal...
Live today, because you never know what tomorrow brings
I don't think that's a good analogy. Most things in life are fungible: while we might prefer Safeway's canned corn to Costco's, for all intents and purposes one can substitute for the other. Marketing aside, Shell and ExxonMobil gasoline are mostly identical. I like Levis jeans, but there are other brands on the market and my Kohl's shirt and Target socks are 100% compatible (well, my wife might make fun of my pairings, but I don't go into anaphylaxis if the brands don't match).
The same is true for Debian and Red Hat - while I have my preferences, software I write on one will run on the other with minimal tweaking. Linux is the product I need and there are many, many vendors who will provide it to me. If Red Hat closes tomorrow, I'm a couple of Dockerfile lines away from not noticing or caring. That's absolutely not true of macOS or Windows. Again, I don't think Apple or Microsoft is likely to pull the plug on them tomorrow, but they could (and have) so substantially modify them that stuff no longer runs unchanged on them. If/when they do, there's literally not a thing you or I could do about it but ride the unsupported legacy tail as long as we can while we rushedly port to new platforms.
Dewey, what part of this looks like authorities should be involved?
Yet you still have to take Mozilla for their word just like Microsoft. Both companies could be lying about what they collect.
One of them is open source, the other is closed source. Furthermore, I don't even run a binary directly from Mozilla, I use a binary from Debian. And finally, while ultimately there is some trust involved, until now Microsoft has been dedicated to non-transparency and being aggressive about collecting information, while Mozilla is relatively straightforward and transparent.
The link still works fine for me but here's an archive from this afternoon.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Such is the nature of proprietary software. Users are at the mercy of whatever proprietors grant.
Other problems with this:
Regardless of the PR, regardless of the labels on the settings, regardless of whether you're using the GUI to make changes or setting registry values, regardless of whether you're using one variant of proprietary software ("Basic" edition, "Home" edition, etc.) or another (perhaps an enterprise or "professional" edition) the relationship to power does not change how proprietary software works: With proprietary software users' privacy is never really under their control. Users who don't understand how computers work or why software freedom matters may read articles like theverge.com's article and come away thinking they're better off now. They won't realize proprietary software user are still facing the same problems as before with nothing of substance altered.
Digital Citizen
They're listening to your microphone (speech data). Capturing everything you're typing (typing data). Watching every app you use. Giving you a unique ad id. Tracking your location data. Touch screen data. What else would a spy agency want?
No, I'm not shilling for Microsoft (check my posting history, especially back around 1997-2000 - I've been brutally and vocally critical of Redmond's abuses), but this is a good step that should be applauded.
The reality today is that Microsoft is among the most open and forthcoming of modern tech companies in disclosing what information it collects and how it's used.
They're not offering all the options we'd like to see, for sure, but it really seems to me that they're close to leading among big companies, and certainly way out ahead of the likes of Google, Facebook, and Apple, to name just a few of their competitors in one space or another. And for that, they deserve some credit...
"The future's good and the present is nothing to sneeze at." - Roblimo's last
Again, with WSL/Ubuntu for Windows, I've got a dev platform that gives me truly the best fusion of the Windows and Linux worlds. This is arguably superior to Apple's approach from an openness point of view...
If you're writing code to run in the cloud and/or containers, then it really doesn't make much difference what desktop OS you use, so long as it's one that makes things easy and has a good set of tools that make you productive - that's kinda the whole point of those sorts of abstractions in the first place...
"The future's good and the present is nothing to sneeze at." - Roblimo's last
LOL Safeway? Welcome to the future, Mr. 1950s. Today our grocery stores are called "Ralphs" and "Vons".
Aw, hello little SoCal! Up in Bay Area, we didn't realize you had Internet already. Welcome aboard!
Dewey, what part of this looks like authorities should be involved?
Generate nightly when I sodomize my cat
Bazinga! But what if I prefer to use less or tee instead of cat?
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }