Linked by Thom Holwerda on Tue 6th Mar 2018 20:12 UTC
Windows

Microsoft is once again tackling privacy concerns around Windows 10 today. The software giant is releasing a new test build of Windows 10 to Windows Insiders today that includes changes to the privacy controls for the operating system. While most privacy settings have been confined to a single screen with multiple options, Microsoft is testing a variety of ways that will soon change.

There have been some concerns that Windows 10 has a built-in “keylogger,” because the operating system uses typing data to improve autocompletion, next word prediction, and spelling correction. Microsoft’s upcoming spring update for Windows 10 will introduce a separate screen to enable improved inking and typing recognition, and allow users to opt-out of sending inking and typing data to Microsoft.

I doubt any of these changes will reassure people who refuse to use Windows because of privacy concerns.

Thread beginning with comment 654315
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by Drumhellar
by leech on Tue 6th Mar 2018 22:01 UTC in reply to "Comment by Drumhellar"
leech
Member since:
2006-01-10

To be fair, can you really trust it not to send anything unless it was open source and people could go through the code to see EXACTLY what it is doing?

With a tool "oh, we show you what we collect (at least that we're okay with you knowing what we collect...)"

The fact they started doing it in the first place is the big 'why'.

Reply Parent Score: 6

RE[2]: Comment by Drumhellar
by BluenoseJake on Tue 6th Mar 2018 22:04 in reply to "RE: Comment by Drumhellar"
BluenoseJake Member since:
2005-08-11

Why is MS any different then Google, or Apple? They also collect all sorts of info, and are less transparent. The reason they started doing it is the same as MS, but for some reason, they get a pass.

Edited 2018-03-06 22:05 UTC

Reply Parent Score: 5

RE[3]: Comment by Drumhellar
by shotsman on Wed 7th Mar 2018 07:07 in reply to "RE[2]: Comment by Drumhellar"
shotsman Member since:
2005-07-22

Google does not get a pass from me. A total and abject failure more like. They collect data on you and then sell it on to their Advertisers etc.

Apple gets a 'Meh' from me. You can opt out of their collection and they publicly say that anything they collect is never sold on.

These days, I go out of my way to avoid having anything directly to do with Google. Their motto has clearly (IMHO) become 'Do Evil' to us mere mortals.
They clearly don't understand the meaning of 'No'.

As for MS, their dictatorial stance on a whole load of things including updates for W10 and the way that they willy-nilly overwrite your settings during the update process clearly shows that they are in the 'MS knows best and you will do as we say' mode more and more.
Their data collection system that bypasses the 'hosts' file settings etc is just plain wrong in my eyes.

I voted with my feet and have got rid of all MS OS's from my life. The reduction in stress I have is huge.
I'll be ditching Office as soon as I can get around to it.
YMMV

Reply Parent Score: 2

RE[3]: Comment by Drumhellar
by emphyrio on Wed 7th Mar 2018 14:04 in reply to "RE[2]: Comment by Drumhellar"
emphyrio Member since:
2007-09-11

They don't.

Reply Parent Score: 0

RE[2]: Comment by Drumhellar
by Drumhellar on Tue 6th Mar 2018 22:33 in reply to "RE: Comment by Drumhellar"
Drumhellar Member since:
2005-07-12

To be fair, can you really trust it not to send anything unless it was open source and people could go through the code to see EXACTLY what it is doing?


I can. Not absolutely, but then again, that level of absolute trust isn't available for open source projects either.

Unless you are capable of reliably analyzing every bit of code that produces your OS on your own, you have to trust somebody.

You have to trust developers that say their software does what it says and nothing more. You have to trust your distribution that they're giving you the packages patched only in the way they say they're patching software. You have to trust that third parties actually bothered to check to make sure your distribution maker is giving you what they say, and that they are actually competent.

At some point, you just have to trust somebody. Pretending this isn't the case is naive, and simply incorrect.

Do I trust Microsoft software?
After all the years I've been using it, I've never heard of their software doing anything nefarious w/r to user data. They have consistently been clear about what they do, and in the areas they have been less clear, at least their opacity has been well defined.

I haven't seen any reasons why I should specifically distrust them.

From Microsoft's perspective, not doing so is a huge financial risk - think of what would happen in Europe especially if they were caught sending data they said they weren't collecting. The EU isn't shy from imposing huge fines and tight restrictions on large companies that break the rules.

The fact they started doing it in the first place is the big 'why'.


Started doing what in the first place? Collecting telemetry? That's easy: Makes it easier to find bugs and diagnose problems. There's been plenty of examples in Windows 10 where users were afflicted by bugs in updates that didn't show up in insider releases, that telemetry was able to provide answers for.

Why did they release the tool to examine all the telemetry? People have been asking for it, and it actually will assuage some of the distrust about the telemetry data when people are able to analyze it.

Reply Parent Score: 3

RE[3]: Comment by Drumhellar
by Alfman on Wed 7th Mar 2018 02:10 in reply to "RE[2]: Comment by Drumhellar"
Alfman Member since:
2011-01-28

Drumhellar,

You have to trust developers that say their software does what it says and nothing more. You have to trust your distribution that they're giving you the packages patched only in the way they say they're patching software. You have to trust that third parties actually bothered to check to make sure your distribution maker is giving you what they say, and that they are actually competent. At some point, you just have to trust somebody. Pretending this isn't the case is naive, and simply incorrect.


It's true, sometimes claims about FOSS get exaggerated. However just one minor counter point: with proprietary software, trust typically has a single point of failure (the commercial vendor). With FOSS on the other hand, trust can span multiple parties, adding a form of "trust redundancy" that isn't possible with proprietary software because no one else has the source.


Do I trust Microsoft software?
After all the years I've been using it, I've never heard of their software doing anything nefarious w/r to user data. They have consistently been clear about what they do, and in the areas they have been less clear, at least their opacity has been well defined.

I haven't seen any reasons why I should specifically distrust them.


This is a dated reference, but what about the "_nsakey" that was revealed when microsoft accidentally published a debug version of the kernel?

https://www.heise.de/tp/features/How-NSA-access-was-built-into-Windo...

Microsoft tried to rebuke the accusations in public, but it never really provided supporting evidence.

Reply Parent Score: 6

RE[3]: Comment by Drumhellar
by grat on Wed 7th Mar 2018 18:06 in reply to "RE[2]: Comment by Drumhellar"
grat Member since:
2006-02-02

All of what you said is true, but irrelevant.

It is "cool" to disbelieve-- You are a sheeple if you trust anyone or anything, and an elite if you distrust everything and everyone.

The fact that society cannot stand that level of disbelief is irrelevant.

The internet is truly a wilderness of mirrors where reality has ceased to have any useful meaning.

I've always found it entertaining that people can believe that a company like Microsoft is capable of incredibly complex and devious conspiracies, when the company's history is actually littered with examples of poorly kept secrets. Even the NSA has been unable to conceal the full extent of their operations, but somehow, a company like Microsoft is (apparently) capable of all kinds of super sekret information gathering without anyone noticing, or blowing whistles.

Reply Parent Score: 4

RE[3]: Comment by Drumhellar
by Doc Pain on Fri 9th Mar 2018 05:15 in reply to "RE[2]: Comment by Drumhellar"
Doc Pain Member since:
2006-10-08

Do I trust Microsoft software?
After all the years I've been using it, I've never heard of their software doing anything nefarious w/r to user data.


How about this?

https://mspoweruser.com/microsoft-monitoring-censoring-skydrive-uplo...

https://mspoweruser.com/watch-what-you-store-on-skydriveyou-may-lose...

Additionally, just because you don't notice something (or hear about in the TV news) doesn't imply it doesn't happen. As you may have gathered from recent history, with the many leaks of how governments and their spy agencies cooperate with companies in order to obtain and manipulate data (for whatever purpose they claim after the leak), you cannot deny that there is at least potential for abuse. And if there is potential for abuse, it will happen, no matter if we can notice it ourselves, or get slapped by harsh reality when a whistleblower tells us the truth.

They have consistently been clear about what they do, and in the areas they have been less clear, at least their opacity has been well defined.


You cannot be sure without auditing. For example, some "Windows" dialog tells you that telemetry has been switched off. Then you monitor the network traffic. Do you still see suspicious packets going in and out? Then you probably found something worth investigating.

(Keep in mind not all traffic should be considered suspicious. Just because the system appears to be doing nothing, it might still act on the network for good and valid reasons.)

I haven't seen any reasons why I should specifically distrust them.


This should help:

https://www.infowars.com/direct-nsa-partners-att-verizon-microsoft-c...

Except of course your viewpoint is that all those actions taken by spy agencies are entirely and always within national and international boundaries of law, serving mankind, providing benefit for everyone. ;-)

From Microsoft's perspective, not doing so is a huge financial risk - think of what would happen in Europe especially if they were caught sending data they said they weren't collecting. The EU isn't shy from imposing huge fines and tight restrictions on large companies that break the rules.


MICROS~1 currently is in a position where it can "dictate" how the EU deals with them simply because the EU is in their hands, in terms of "keeping the offices running". They put much work and money into lobbying. With vendor lock-in and long-running contracts (with exceptional fees for breaking them), nobody will oppose or just question what they do.

Collecting telemetry? That's easy: Makes it easier to find bugs and diagnose problems. There's been plenty of examples in Windows 10 where users were afflicted by bugs in updates that didn't show up in insider releases, that telemetry was able to provide answers for.


Which is probably fine if the user provided consent, either by own choice, or by "accept license" (with telemetry being part of the license, and accepting it is the first step in getting "Windows" installed).

It's also possible to see this as follows: They are simply delegating the work of QA to the paying (!) users. This is doubleplusgood: Users pay, and they can fire QA stuff, as the users are doing QA now. ;-)

But keep in mind not everyone has a high bandwidth Internet flatrate plan. Some people are still paying by the MBs, especially on mobile connections. Deactivating any traffic unneccessary to them (!) is an important option which should work as expected: Telemetry off = no data sent.

Why did they release the tool to examine all the telemetry?


Because when you provide a tool to inspect data, you can always filter out the things which users should not see. If I was a malicious actor, I'd do exactly the same - and as you probably know, that's exactly what many hacking techniques include: hide what you do, keep everything else look normal. This is easily possible when you control the tools that should monitor a system's actions.

That's the reason it's neccessary to have independent tools to examine this kind of data - simply to rule out this important point to hide "undesired" information.

People have been asking for it, and it actually will assuage some of the distrust about the telemetry data when people are able to analyze it.


They also could have released a complete specification of telemetry traffic so everyone interested could create an own parser / analyzer / monitor for that data. Relying on closed-source "solutions" to monitor closed-source systems sending undocumented traffic and then expecting trust... well, that just doesn't seem right.

Reply Parent Score: 2

RE[2]: Comment by Drumhellar
by FlyingJester on Wed 7th Mar 2018 01:39 in reply to "RE: Comment by Drumhellar"
FlyingJester Member since:
2016-05-11

Being "Open Source" never stopped Chromium from downloading backbox binaries on Debian that could listen in on your microphone.

Reply Parent Score: 4

RE[3]: Comment by Drumhellar
by patrix on Wed 7th Mar 2018 09:25 in reply to "RE[2]: Comment by Drumhellar"
patrix Member since:
2006-05-21

It did, because the behaviour was noticed very quickly and fixed.

Reply Parent Score: 3

RE[3]: Comment by Drumhellar
by Dr.Cyber on Wed 7th Mar 2018 10:29 in reply to "RE[2]: Comment by Drumhellar"
Dr.Cyber Member since:
2017-06-17

Being "Open Source" never stopped Chromium from downloading backbox binaries on Debian that could listen in on your microphone.

But it does make it so that people can more easily know about it.

The advantage of open source regarding spyware is not that spyware is harder to include in it, but that it is harder to hide in it.

Reply Parent Score: 4

RE[2]: Comment by Drumhellar
by darknexus on Wed 7th Mar 2018 13:34 in reply to "RE: Comment by Drumhellar"
darknexus Member since:
2008-07-15

Don't be ridiculous. Even if it were open source, no one is going to audit every line of that code before they run it. You have to trust the rest of the community, and your distributor (Canonical, Red Hat, etc) and even then you can't be guaranteed someone in the chain won't put something in later. If you audit every single line of code that runs on your machine, good for you. The rest of us have a job and a real life to worry about, so there's just as much trust required as there is with Microsoft or any other closed company.

Reply Parent Score: 1