Linked by Thom Holwerda on Tue 6th Mar 2018 20:12 UTC
Windows

Microsoft is once again tackling privacy concerns around Windows 10 today. The software giant is releasing a new test build of Windows 10 to Windows Insiders today that includes changes to the privacy controls for the operating system. While most privacy settings have been confined to a single screen with multiple options, Microsoft is testing a variety of ways that will soon change.

There have been some concerns that Windows 10 has a built-in “keylogger,” because the operating system uses typing data to improve autocompletion, next word prediction, and spelling correction. Microsoft’s upcoming spring update for Windows 10 will introduce a separate screen to enable improved inking and typing recognition, and allow users to opt-out of sending inking and typing data to Microsoft.

I doubt any of these changes will reassure people who refuse to use Windows because of privacy concerns.

Thread beginning with comment 654318
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by Drumhellar
by Drumhellar on Tue 6th Mar 2018 22:33 UTC in reply to "RE: Comment by Drumhellar"
Drumhellar
Member since:
2005-07-12

To be fair, can you really trust it not to send anything unless it was open source and people could go through the code to see EXACTLY what it is doing?


I can. Not absolutely, but then again, that level of absolute trust isn't available for open source projects either.

Unless you are capable of reliably analyzing every bit of code that produces your OS on your own, you have to trust somebody.

You have to trust developers that say their software does what it says and nothing more. You have to trust your distribution that they're giving you the packages patched only in the way they say they're patching software. You have to trust that third parties actually bothered to check to make sure your distribution maker is giving you what they say, and that they are actually competent.

At some point, you just have to trust somebody. Pretending this isn't the case is naive, and simply incorrect.

Do I trust Microsoft software?
After all the years I've been using it, I've never heard of their software doing anything nefarious w/r to user data. They have consistently been clear about what they do, and in the areas they have been less clear, at least their opacity has been well defined.

I haven't seen any reasons why I should specifically distrust them.

From Microsoft's perspective, not doing so is a huge financial risk - think of what would happen in Europe especially if they were caught sending data they said they weren't collecting. The EU isn't shy from imposing huge fines and tight restrictions on large companies that break the rules.

The fact they started doing it in the first place is the big 'why'.


Started doing what in the first place? Collecting telemetry? That's easy: Makes it easier to find bugs and diagnose problems. There's been plenty of examples in Windows 10 where users were afflicted by bugs in updates that didn't show up in insider releases, that telemetry was able to provide answers for.

Why did they release the tool to examine all the telemetry? People have been asking for it, and it actually will assuage some of the distrust about the telemetry data when people are able to analyze it.

Reply Parent Score: 3

RE[3]: Comment by Drumhellar
by Alfman on Wed 7th Mar 2018 02:10 in reply to "RE[2]: Comment by Drumhellar"
Alfman Member since:
2011-01-28

Drumhellar,

You have to trust developers that say their software does what it says and nothing more. You have to trust your distribution that they're giving you the packages patched only in the way they say they're patching software. You have to trust that third parties actually bothered to check to make sure your distribution maker is giving you what they say, and that they are actually competent. At some point, you just have to trust somebody. Pretending this isn't the case is naive, and simply incorrect.


It's true, sometimes claims about FOSS get exaggerated. However just one minor counter point: with proprietary software, trust typically has a single point of failure (the commercial vendor). With FOSS on the other hand, trust can span multiple parties, adding a form of "trust redundancy" that isn't possible with proprietary software because no one else has the source.


Do I trust Microsoft software?
After all the years I've been using it, I've never heard of their software doing anything nefarious w/r to user data. They have consistently been clear about what they do, and in the areas they have been less clear, at least their opacity has been well defined.

I haven't seen any reasons why I should specifically distrust them.


This is a dated reference, but what about the "_nsakey" that was revealed when microsoft accidentally published a debug version of the kernel?

https://www.heise.de/tp/features/How-NSA-access-was-built-into-Windo...

Microsoft tried to rebuke the accusations in public, but it never really provided supporting evidence.

Reply Parent Score: 6

RE[4]: Comment by Drumhellar
by adkilla on Wed 7th Mar 2018 08:08 in reply to "RE[3]: Comment by Drumhellar"
adkilla Member since:
2005-07-07

The article is old. The NSA has found it easier to store their backdoors on CPUs. You may use an open source OS, but what about your CPU? They are actively finding a way and won't stop doing that.

Unless we DIY everything, we can never be sure of anything. Open source don't mean anything if we don't have control over every stage of of our IT infra. Even if our PC fully is open source (both hardware and software), then what about our printers, routers, NAS, etc? See where this is going?

Reply Parent Score: 1

RE[3]: Comment by Drumhellar
by grat on Wed 7th Mar 2018 18:06 in reply to "RE[2]: Comment by Drumhellar"
grat Member since:
2006-02-02

All of what you said is true, but irrelevant.

It is "cool" to disbelieve-- You are a sheeple if you trust anyone or anything, and an elite if you distrust everything and everyone.

The fact that society cannot stand that level of disbelief is irrelevant.

The internet is truly a wilderness of mirrors where reality has ceased to have any useful meaning.

I've always found it entertaining that people can believe that a company like Microsoft is capable of incredibly complex and devious conspiracies, when the company's history is actually littered with examples of poorly kept secrets. Even the NSA has been unable to conceal the full extent of their operations, but somehow, a company like Microsoft is (apparently) capable of all kinds of super sekret information gathering without anyone noticing, or blowing whistles.

Reply Parent Score: 4

RE[4]: Comment by Drumhellar
by tomchr on Wed 7th Mar 2018 21:43 in reply to "RE[3]: Comment by Drumhellar"
tomchr Member since:
2009-02-01

It is "cool" to disbelieve-- You are a sheeple if you trust anyone or anything, and an elite if you distrust everything and everyone.


Grat,

(Dis)belief is not exactly a choice. One may choose to hide one's real beliefs in order to act "cool", but one cannot just change those beliefs on command. Experience and knowledge play a big part when it comes to what to believe.

It is a fact that Microsoft collects huge amounts of personal telemetry data, regardless of your consent.

Trust is usually earned. If you trust anything that does not respect your rights, then I would venture that you are naive.

What Microsoft is doing is not very complex or devious. It is simply an invasion of privacy. Google does it. Apple does it. They are making a clear choice not to respect your constitutional and basic human right. If you are lax about it, then you are part of the flock of the vast majority.

Edited 2018-03-07 21:56 UTC

Reply Parent Score: 3

RE[4]: Comment by Drumhellar
by zima on Fri 9th Mar 2018 23:57 in reply to "RE[3]: Comment by Drumhellar"
zima Member since:
2005-07-06

I've always found it entertaining that people can believe that a company like Microsoft is capable of incredibly complex and devious conspiracies, when the company's history is actually littered with examples of poorly kept secrets. Even the NSA has been unable to conceal the full extent of their operations, but somehow, a company like Microsoft is (apparently) capable of all kinds of super sekret information gathering without anyone noticing, or blowing whistles.

And at least some ( http://www.osnews.com/permalink?654315 ) of the conspiracy theorists / believers in Your Microsoft Overlords also think at other times, when it suits them, that MS is totally incompetent as an organisation... ( http://www.osnews.com/permalink?653972 )

Reply Parent Score: 3

RE[3]: Comment by Drumhellar
by Doc Pain on Fri 9th Mar 2018 05:15 in reply to "RE[2]: Comment by Drumhellar"
Doc Pain Member since:
2006-10-08

Do I trust Microsoft software?
After all the years I've been using it, I've never heard of their software doing anything nefarious w/r to user data.


How about this?

https://mspoweruser.com/microsoft-monitoring-censoring-skydrive-uplo...

https://mspoweruser.com/watch-what-you-store-on-skydriveyou-may-lose...

Additionally, just because you don't notice something (or hear about in the TV news) doesn't imply it doesn't happen. As you may have gathered from recent history, with the many leaks of how governments and their spy agencies cooperate with companies in order to obtain and manipulate data (for whatever purpose they claim after the leak), you cannot deny that there is at least potential for abuse. And if there is potential for abuse, it will happen, no matter if we can notice it ourselves, or get slapped by harsh reality when a whistleblower tells us the truth.

They have consistently been clear about what they do, and in the areas they have been less clear, at least their opacity has been well defined.


You cannot be sure without auditing. For example, some "Windows" dialog tells you that telemetry has been switched off. Then you monitor the network traffic. Do you still see suspicious packets going in and out? Then you probably found something worth investigating.

(Keep in mind not all traffic should be considered suspicious. Just because the system appears to be doing nothing, it might still act on the network for good and valid reasons.)

I haven't seen any reasons why I should specifically distrust them.


This should help:

https://www.infowars.com/direct-nsa-partners-att-verizon-microsoft-c...

Except of course your viewpoint is that all those actions taken by spy agencies are entirely and always within national and international boundaries of law, serving mankind, providing benefit for everyone. ;-)

From Microsoft's perspective, not doing so is a huge financial risk - think of what would happen in Europe especially if they were caught sending data they said they weren't collecting. The EU isn't shy from imposing huge fines and tight restrictions on large companies that break the rules.


MICROS~1 currently is in a position where it can "dictate" how the EU deals with them simply because the EU is in their hands, in terms of "keeping the offices running". They put much work and money into lobbying. With vendor lock-in and long-running contracts (with exceptional fees for breaking them), nobody will oppose or just question what they do.

Collecting telemetry? That's easy: Makes it easier to find bugs and diagnose problems. There's been plenty of examples in Windows 10 where users were afflicted by bugs in updates that didn't show up in insider releases, that telemetry was able to provide answers for.


Which is probably fine if the user provided consent, either by own choice, or by "accept license" (with telemetry being part of the license, and accepting it is the first step in getting "Windows" installed).

It's also possible to see this as follows: They are simply delegating the work of QA to the paying (!) users. This is doubleplusgood: Users pay, and they can fire QA stuff, as the users are doing QA now. ;-)

But keep in mind not everyone has a high bandwidth Internet flatrate plan. Some people are still paying by the MBs, especially on mobile connections. Deactivating any traffic unneccessary to them (!) is an important option which should work as expected: Telemetry off = no data sent.

Why did they release the tool to examine all the telemetry?


Because when you provide a tool to inspect data, you can always filter out the things which users should not see. If I was a malicious actor, I'd do exactly the same - and as you probably know, that's exactly what many hacking techniques include: hide what you do, keep everything else look normal. This is easily possible when you control the tools that should monitor a system's actions.

That's the reason it's neccessary to have independent tools to examine this kind of data - simply to rule out this important point to hide "undesired" information.

People have been asking for it, and it actually will assuage some of the distrust about the telemetry data when people are able to analyze it.


They also could have released a complete specification of telemetry traffic so everyone interested could create an own parser / analyzer / monitor for that data. Relying on closed-source "solutions" to monitor closed-source systems sending undocumented traffic and then expecting trust... well, that just doesn't seem right.

Reply Parent Score: 2

Drumhellar Member since:
2005-07-12



ne·far·i·ous
nəˈferēəs/
adjective

(typically of an action or activity) wicked or criminal.


Censoring images that violate a ToS on images (We don't know if the person's images were public or not - he thinks they weren't, but who knows) is hardly wicked, and certainly not criminal.

Additionally, just because you don't notice something (or hear about in the TV news) doesn't imply it doesn't happen.


I try to base my decisions on what is known, or reasonably well supported by actual evidence. I don't base my decisions on supposition, or on what I imagine to be true.



InfoWars is run by a person who literally claimed that the reason President Obama proposed airstrikes in Syria was so he could take technology so he and fellow "globalists" could become immortal cyborgs and rule the world from their "flying jetcopters and Air Force Ones". Sadly, that is very run-of-the-mill material for InfoWars and for Alex Jones.

I absolutely distrust everything that is on that page, as should you.

And that includes everything they post about actual, legitimate government conspiracies, because what they post is going to be utter bullshit and still not based in truth.

And, honestly, I stopped reading your post there. I have never encountered a person who both read InfoWars and actually honestly cared about facts and evidence.

Reply Parent Score: 3