
Windows 10 phones home when you search your start menu, even with Bing disabled - ultramancool
https://up1.ca/#Dpl7PlGX6DHUqQ8B9p9oAQ
======
chatmasta
This also happens on iOS with spotlight. As far as I can tell there's no way
to turn it off.

Source: MITM your iOS traffic.

Sidenote -- a possibly unforeseen side effect of end to end encryption
everywhere is that it makes it far more difficult to man in the middle your
traffic and hold companies accountable for their privacy policies.

~~~
userbinator
_a possibly unforeseen side effect of end to end encryption everywhere is that
it makes it far more difficult to man in the middle your traffic and hold
companies accountable for their privacy policies_

I don't think it's an unforseen effect, but one that is highly downplayed by
advocates pushing the security angle. When it was revealed that smart TVs
phoned home with detailed viewing information, including filenames, I remember
making a similar comment - if they had used TLS, that discovery might not have
occurred.

The ability to MITM your own devices is very important, if only so you can
figure out exactly what they're sending out.

Another thing is the widespread use of enforced code signing, accompanied by
pinning to specific (e.g. MS) CAs; if this had happened a decade or more ago,
it would've been pretty easy to pinpoint the parts of the OS responsible and
just patch them out. Now the same thing is likely still possible
(theoretically, as long as you can change any byte on the disk it is), but
involves plenty of bypassing other protection mechanisms on the way and could
get pretty hairy if hardware is involved (e.g. secure boot/TPM.) From this
perspective, remote attestation and the other upcoming security technologies
are immensely disturbing. The desktop PC ecosystem is gradually being locked-
down in the same way that mobile is.

These security mechanisms certainly have benefits, but their goal is ensuring
that your software is completely unchanged from what the author wants you to
have; in situations like these, that is precisely what you _don 't_ want.
Nevertheless, I hope the hackers/crackers out there find a solution so those
that are forced to use Win10 can still retain some privacy.

~~~
pdkl95
The "feature" to worry about is the new SGX instructions. With those, the
secure boot/TPM stuff is locked down at the hardware level, and we lose root
access.

Unfortunately, given how many _in this very thread_ are willing to apologize
for MS's behavior and justify their power grabs, I don't expect there will be
much resistance in this War On General Purpose Computing.

------
unluckier
Is it really necessary to use a host that requires JavaScript to display an
image?

Anyway, I've confirmed this. I've disabled web search and all of the other
privacy options I've seen with Windows 10 during and after install. As soon as
the first character is typed into the Windows 10 search box, the request goes
out to www.bing.com. It doesn't say _what_ you searched for (as the request
happens before you complete the search), but it does send a lot of info to
Microsoft about your platform, including a unique identifier.

~~~
shard972
Yea i don't like this image hosting service either. I'm on some bad wifi atm
and it actually froze my UI for a minute.

~~~
simoncion
I don't know what client you're using, but the UI freeze might have been
because of the client-side decryption of the image data.

~~~
k3d3
The decryption is done in a web worker, not the UI thread. That shouldn't be
the cause.

------
blackbeard
I'm starting to think I need to worry about things getting out of my firewall
more than things getting in.

~~~
gnufrra
On my Mac I use Little Snitch to monitor outbound connections and I love it. I
haven't found an equivalent simple and lightweight application for Windows
yet.

~~~
Gracana
Oh man, I am racking my brain trying to think of the tool I used to have
installed on my PC at my last job. It was built by somebody who posted on HN,
lightsomething or something? It would warn you about new programs connecting
to the network and do other neat stuff. Not quite the same as little snitch,
but similar and very pleasant to use. I'll update if I think of it (or maybe
somebody else can name it.)

[edit] Glasswire! [https://www.glasswire.com/](https://www.glasswire.com/)
It's super slick. Apparently the paid version has an "ask to connect" feature.

~~~
mrschwabe
Is there an open source alternative/equivalent, preferably runs on Linux?

~~~
Yuioup
Pretty much every distro on earth comes with a firewall package which you can
install and configure.

------
justThis1Post
As time goes by, computer software begins to feel more and more hostile to the
user. When I installed Windows 10, all the privacy settings made me feel like
I was wrangling a beast rather than setting up something that would help me.

I don't know if there's any solution or if privacy is just a remnant of the
past. Is Linux any better? And is there any way to own a smartphone which is
built not to leak my information, either through the operating system or
through 3rd party apps that request access to everything on the phone?

~~~
mikegioia

        I don't know if there's any solution or if privacy is
        just a remnant of the past.
    

This always irritates me when I see it (not specific to you). It's _not_ a
remnant of the past and there _is_ of course a solution! The solution is
trading some of the conveniences you think you need. The solution is for once
trying something other than what you're used to.

The reason why you (and everyone else who thinks this way) feel there's no
solution is because in your world, giving up a smart-phone or even using a
non-Windows/Google/Apple device is a non-starter.

There are new phones coming out like Ubuntu's and Mozilla's that, while not
perfect, absolutely are better alternatives. If you keep digging there are
projects like Neo900 that respect privacy in totality. You could use a feature
phone, or an old n900, or any bevy of alternatives but the price they come
with is convenience :)

~~~
couchand
Shout out for the N900. I've said for years I'd pay handily for an updated
model. Your comment reminded me to check back on the Neo900 project, and it's
still chugging along. Looks like they've started accepting pre-orders on the
site.

~~~
z3t4
Too bad Microsoft bought it, and shut it down though :/

~~~
couchand
[citation needed]

~~~
z3t4
I currently own a N9 mobile phone, witch is the successor of N900. I had a
windows phone before that. And the N9 is superior to Windows phone in all
aspects.

When Microsoft bought the company (Nokia) they shut down all support for the
phone, including SDK, app store, music store, maps, roads and software
updates.

~~~
couchand
So, just to clarify, your first 'it' meant Nokia, and the second 'it' was the
N9 phone.

That's not what I was referring to, though. You and Nokia may have seen the N9
as the successor to the N900, but I certainly didn't, and I suspect the Neo900
team didn't, either.

~~~
z3t4
> You could use a feature phone, or an old n900

I'm pretty sure Microsoft killed that one too.

Microsoft's strategy is to literally kill the competitors. They won't afford
buying Google or Apple though :P

------
MichaelGG
I opened a bug (well, feedback item) during the preview about this. Even with
the various group policy settings set, there was no way to disable web search.
Rather unacceptable. One would think this has regulatory and compliance issues
as well, no?

~~~
blackbeard
This is a big problem for us in the finance sector. We're SOL when it comes to
Windows 10. It's a complete dead end if we can't lock stuff down with GPO.

There are meetings taking place to work out what to do about this in various
companies and the general answer so far is jump the sinking platform ship and
"thank fuck we wrote everything in Java". Some of the big guys are already
rolling out RHEL desktops.

~~~
pdkl95
I wonder if it is even legal to use Windows 10 if you have to comply with
HIPAA regulated.

I suggest using this incompatibility as leverage against this kind of data
exfiltration. The only way a big company will change is when it hurts their
pocket book. They might notice if enough businesses such as yours decline to
use Windows 10 while complaining about this.

Of course, Linux is always a good choice, regardless of what MS is doing. If
big players are already jumping to RHEL, now would definately be the time to
switch.

~~~
blackbeard
The problem is that we deliver everything via the web so people will barely
notice if we move our stuff over to an alternative platform from Windows.

Microsoft knows it has lock in from a lot of people and it will abuse this. I
think their aggressive cloud move with Office 365 and Azure's PaaS stuff is an
example of how they are moving this forward further yet retaining a
subscription. NOTHING is portable away from them without significant cost.

Edit: just the effort I started two weeks ago to move all my data to platform
neutral formats and shift to Linux is less than 50% of the way through and
that's just one person with 20 years of data.

------
ikeboy
Just changed two rules in Windows Firewall to blocked and it appears to no
longer send anything.
[https://i.imgur.com/a5yu5vb.png](https://i.imgur.com/a5yu5vb.png)

Wondering if I should go through all the Windows stuff there and turn them
off. Edit: just did (except for Edge and obvious internet related stuff).

Is there a way to change Firewall rules with a registry tweak? That would be
the ideal way to distribute this.

~~~
blackbeard
Use Powershell: [https://technet.microsoft.com/en-
us/library/jj554843%28v=wps...](https://technet.microsoft.com/en-
us/library/jj554843%28v=wps.630%29.aspx)

You can get the rules and enable/disable them easily.

~~~
ikeboy
Thanks!

Typing

> New-NetFirewallRule -DisplayName "Search" -Direction Outbound -Action Block
> -Profile "Domain, Private, Public" -Program
> "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"

in elevated Powershell should work.

~~~
blackbeard
Please note that the manifest id above (cw5n1h2txyewy) may change if they
update the app rendering the rule invalid.

~~~
ikeboy
That looks to be a publisher id in use since Windows 8.

~~~
blackbeard
I'm not sure it is universally consistent with that. I saw it change for a
Metro app in Windows 8.1.

------
Paul_S
Reminds me of when canononical did something similar with ubuntu and extended
searching your applications to searching merchandise on amazon and other
stores. It's really funny when you open the start menu equivalent at work to
launch the terminal* and as you type "t" you get to see items you can buy -
one of them being "The Simpsons". Genius.

* before you complain I use the start menu to launch the terminal: I never remember ubuntu shortcuts, it's meta+t on my system

~~~
Macha
This behaviour bit me in the ass in work today. Had a new Mac, just installed
Polycom (our video conferencing program), typed Polyc<enter> out of habit in
spotlight to launch it, ended up on the wikipedia page for polycystic ovarian
syndrome...

~~~
to3m
I rarely use the Spotlight or Start Menu keyboard searching because of stuff
like this. If it doesn't reliably produce the right result each time if you
only type a small amount of the name - which it doesn't - what's the point?

(Call me crazy, but because of this I've come to not mind the basic Windows 8
start screen. It's not as good as the classic start menu, but compared to the
Windows 7 one you can at least arrange it for quick access to a larger number
of programs.)

~~~
ZoFreX
This. I previously loved Spotlight but it's getting strange in its old age.
For example, if I type "i" or "it" or "ite" or "iter", Spotlight predicts
"iTerm". But if I actually type "iTerm" in full it takes me to "Go2Shell" in
the App Store – because it has the word "iterm" in the patch notes of the most
recent version. Useful.

------
abcxyz123
Foreshadowing? From April 2014: "To be able to truly benefit from this
platform you need to have a data culture inside of your organization. For me,
this perhaps is the most paramount thing inside of Microsoft," said Nadella.

"It's not going to happen without having that data culture where every
engineer, every day, is looking at the usage data, learning from that usage
data, questioning what new things to test out with our products and being on
that improvement cycle which is the lifeblood of Microsoft."
[http://www.reuters.com/article/2014/04/15/us-microsoft-
ceo-d...](http://www.reuters.com/article/2014/04/15/us-microsoft-ceo-data-
idUSBREA3E1US20140415)

------
RexRollman
Apple, Microsoft, and Google are on the road to destroying computing autonomy.
I have been an OS geek since 1992 and I have never felt so disgusted with the
commercial OS market.

------
nathanaldensr
The following fix worked for me. I don't see any outbound traffic on Fiddler
when typing searches in the Start menu or when actually running the search.
Granted, Microsoft needs to make this MUCH easier to do; the VAST majority of
Windows users have no idea what group policies are.

1\. Run gpedit.msc

2\. Navigate to Computer Configuration\Administrative Templates\Windows
Components\Search

3\. Set the State to Enabled for "Do not allow web search", "Don't search the
web or display web results in Search", and "Don't search the web or display
web results in Search over metered connections"

4\. Reboot

Enjoy. :)

~~~
redcalx
> I don't see any outbound traffic on Fiddler

Be aware that software can choose to not use a system configure proxy. It's a
good tool to use, but absence of traffic in fiddler is not a definitive
result, not least because it's tracking http traffic only. Wireshark is
probably the next best option.

~~~
nathanaldensr
Of course this is true, but the OP's screenshot is a Fiddler screenshot. It's
safe to say the calls in question do use the proxy configuration.

For completeness, I ran Wireshark and didn't see any outbound HTTP (or
otherwise abnormal) traffic while searching from the Start menu.

------
bitmapbrother
Here's a list of servers Windows 10 contacts on startup. There are probably
more, but these are the ones that showed up.

BN1WNS2011508.wns.windows.com

OneSettings-bn2.metron.live.com.nsatc.net

a978.i6g1.akamai.net

americas2.notify.windows.com.akadns.net

any.edge.bing.com

bingads.microsoft.com

bl3302.storage.live.com

bl3302geo.storage.dkyprod.akadns.net

client.wns.windows.com

corp.sts.microsoft.com

diagnostics.support.microsoft.com

directory.services.live.com

directory.services.live.com.akadns.net

dns.msftncsi.com

en-us.appex-rf.msn.com

fe3.delivery.dsp.mp.microsoft.com.nsatc.net

fe3.delivery.mp.microsoft.com

i1.services.social.microsoft.com

i1.services.social.microsoft.com.nsatc.net

ipv6.msftncsi.com

ipv6.msftncsi.com.edgesuite.net

login.live.com

login.live.com.nsatc.net

pre.footprintpredict.com

register.mesh.com

settings-win.data.microsoft.com

settings.data.glbdns2.microsoft.com

skyapi.live.net

skyapi.skyprod.akadns.net

skydrive.wns.windows.com

ssw.live.com

ssw.live.com.nsatc.net

statsfe1.ws.microsoft.com

travel.tile.appex.bing.com

v10.vortex-win.data.metron.life.com.nsatc.net

v10.vortex-win.data.microsoft.com

watson.telemetry.microsoft.com

watson.telemetry.microsoft.com.nsatc.net

wildcard.appex-rf.msn.com.edgesuite.net

win10.ipv6.microsoft.com

win10.ipv6.microsoft.com.nsatc.net

wns.notify.windows.com.akadns.net

www.bing.com

www.bingads.microsoft.com

~~~
prawn
It's really disturbing how many would be indistinguishable (to almost
everyone) from malware servers. Lots of .net domains and entities I've never
heard of.

~~~
simoncion
It's pretty common practice for a .com to run its backend stuff on the .net
version of their .com domain.

Also, if you know how CDNs tend to structure their DNS entries for their
clients, you can remove all but seven of those entries from the list.

~~~
prawn
No average joe is going to know any of that though. If they saw or heard about
that list, they'd be confused or freak out.

~~~
jdmichal
They would only freak out because some tech person is presenting the
information to them in a way that makes them think they should.

~~~
prawn
Tech people are the first ones to freak out about it. ;)

~~~
simoncion
A non-technical person's computer is often a source of agitation for a wide
variety of reasons. Sometimes those reasons are reasonable. Sometimes they are
not.

I don't think we're doing ourselves any favors by speculating what Aunt Tilly
might think of a long list of human-unfriendly domain names.

------
ultramancool
This occurs even on Enterprise with Cortana and Bing disabled via the UI and
via GPOs.

~~~
gruez
are you using LTSB?

~~~
ultramancool
No, I am not using LTSB. I think LTSB desktop only would be safe from this as
it doesn't have the new start menu UI, but I don't have a copy around to test.

~~~
resus
It does it on LTSB too. Proof:
[http://forums.mydigitallife.info/threads/63112-LTSB-
Enterpri...](http://forums.mydigitallife.info/threads/63112-LTSB-Enterprise-N-
Pure-Desktop-version-Flexible-update-behaviour-no-Modern-
Apps?p=1107345&viewfull=1#post1107345)

------
CSDude
Ubuntu does the same by default if you do not disable it via Privacy.

Not suprised that MS does this, however the sad part is for a simple search,
there are literally thosaunds of bytes exchanged

~~~
bsilvereagle
> there are literally thousaunds of bytes exchanged

For people on capped connections, this is a nightmare. 4kB/search, for using
your computer normally! Even though 100 searches/day is only 12MB of
data/month, the fact that Microsoft thinks it's okay for the OS to slurp data
like this boggles my mind.

~~~
dc_gregory
It seems a bit unlikely that users doing 100 searches a day would also be the
same set of users who worry about 12MB of data usage in a month.

For example, even in the Australian market (very low competition environment),
12MB of data via 4G is trivial.

~~~
rbanffy
It's not Microsoft's data traffic to grab. The user is paying for it and
Microsoft should treat their users with respect. Not making users pay for data
that benefits Microsoft would be a start.

------
blinkingled
It's the new norm apparently - everyone is doing this.

Apple gives OS X away but nobody has yet got the memo that you are becoming
the product. (Yosemite does exactly that by default - you can disable it
though.)

~~~
matthewmacleod
I thoroughly doubt that Apple's endgame here is to make their users the
product – given that the operating system is only available to people who have
paid them money in the first place.

A much more pragmatic conclusion is that they think this feature is something
that users want. And in Apple's case, as well as others, it probably is.

~~~
blinkingled
You paid for the hardware and the OS that shipped with it. Developing a new OS
version costs Apple non trivial amounts of money - development, deployment,
testing, bandwidth, support etc. and they used to charge for them up until
just a few years ago. Something's got to fund it - things like pushing more of
Apple's online services, gathering user data etc provide some ROI to Apple.

~~~
geofft
You might be paying for the hardware and two or three OS versions. It's in
Apple's interest to keep everyone upgrading, so they might as well just put
the average expected OS upgrade cost into the hardware, and rely on planned
obsolescence (which is pretty easy as computer hardware keeps improving) to
keep that expectation relatively low. Sure, a few users will upgrade hardware
all the time and a few will never upgrade, but that doesn't throw off the
economics too much.

(I also feel like analyzing specific pricing decisions is missing the forest
for the trees of "If you're not paying for it, you're the product." It mostly
applies to whether an entire business model is free, e.g. Facebook. Several
years back, Microsoft used to give out free memory-card-to-USB adapters for
the original Xbox, intended for keyboards for MMORPGs, but also useful for
jailbreakers. I requested one. Did I become the product?)

------
orionblastar
Microsoft has almost always done this with Windows. Each new version had
something new to phone home about. Previous Windows versions told Microsoft
what apps you had installed, send in crash data, and other things.

Microsoft is doing the customer is the product thing that others have done for
like the past decade. It is how they can give away Windows 10 upgrades for
free, even to pirated copies, and still earn money off of it.

If you don't want to be tracked or spied upon: [https://prism-
break.org/](https://prism-break.org/)

You shouldn't be using Windows but one of the free or open source alternatives
instead.

HIPPA compliant offices cannot use Windows 10 because of the tracking it does
and patient privacy laws.

Even worse is the Wifi sharing with social networks, if even one of your
corporate employees has it turned on, their friends can get access to your
Corporate Wifi and it is a security breach. You'll have crackers trying to
friend employees on social networks of your company just to get the Windows 10
Wifi sharing password to get into your corporate network.

Even with all of the privacy settings turned off, there is most likely more
stuff that phones home.

You know that given enough time video gamers will be forced into DirectX12 and
have to use Windows 10. That business apps will be written for Windows 10 and
force companies to upgrade. Sooner or later most people will have to upgrade
to Windows 10 in order to run the software they need.

Woe be to the person who chooses express settings during startup. They will
wonder why their Internet is so slow and woe be to them if they have a tablet
with a data plan and wonder why they go over it.

~~~
snuxoll
> Even worse is the Wifi sharing with social networks, if even one of your
> corporate employees has it turned on, their friends can get access to your
> Corporate Wifi and it is a security breach. You'll have crackers trying to
> friend employees on social networks of your company just to get the Windows
> 10 Wifi sharing password to get into your corporate network.

Your first mistake was using a simple WPA pass-phrase to secure your corporate
WLAN. If you aren't deploying RADIUS and requiring users either present a
valid client certificate or their domain credentials to gain access to your
corporate network you have already lost - and this goes for any of your wired
ports too...

~~~
orionblastar
You'll be amazed at the small and mid-sized companies who don't do that to
secure their network. Some even don't have an IT department and have tech
savvy employees handle the network for them.

A lawyer of mine has her husband handle their network and PCs. Still running
XP and Vista, using ClamAV for AV, has clients access the XP PC to watch
videos and they could click on any link or browse any address when they aren't
looking. You'll find a lot of small law firms work like that.

------
stevecalifornia
I wish this was happening on my machine so I could investigate, but it's not.
Searches in Start ask if I want to search the web then open a browser.

I have the default search settings.

~~~
ultramancool
Check for connections being made by SearchUI.exe over HTTPS to Bing servers. A
tool like TcpView or Wireshark should do the job.

If you really don't have these being made, please share with us your settings,
anything you suspect may have disabled these? I've been unable to find
anything and I've applied the tweaks from this article, including the GPO
changes:

[http://www.ghacks.net/2015/07/30/windows-10-and-
privacy/](http://www.ghacks.net/2015/07/30/windows-10-and-privacy/)

------
whalabi
Clearly, the norm is phoning home now.

Google perhaps sets the benchmark, every single action you take in Google
apps, whether native or web, is tracked extensively.

As far as I know Chrome OS isn't an exception.

Perhaps we need firewalls to protect us from our own software.

------
jakub_g
It seems there would be a big market for an app with a nice GUI making it
possible to change all the privacy settings of Windows 10 (as we go and
discover stuff like this) in one single screen.

~~~
overgryphon
The in-box Settings app already has a privacy section that is easy to find,
has a nice GUI, and breaks down privacy options into reasonable categories
(location, contacts, calendar, feedback, devices, ect). Microsoft may need to
add a few more options, but overall it's a huge improvement over the privacy
controls of Windows 8.1.

------
_up
I have the feeling. MS implements more Intrusive Adware and Ads in Windows 10
next year. And you basicly will have to decide if you want Ads or pay Monthly
for an Advertising free experience (Enterprise Version).

------
pedalpete
The start menu is a combination web-search and local search. How could it not
'phone home' on a web search? Note the address it is 'phoning home' to is
Bing.

As far as what the contents of the package being sent is, I'll assume it is
more information than necessary, and probably over-reaching until they get a
slap on the wrist, but to call this phoning home is probably a stretch in
itself.

\-- Edit -- Apparently the search still phones home even if search is
disabled, which makes my point mostly... pointless.

I still suspect that this was an example of Microsoft (intentionally) over-
reaching and that they'll backpedal on this now that it has been brought to
light.

Shame is, it feels like they are breaking any goodwill that the community may
have still had left for them.

~~~
ultramancool
This occurs with the web search disabled, which is the real concern. Sorry, I
couldn't fit it all in the title, HN title limit is very short. I posted it in
the thread but clearly people aren't reading that.

EDIT: I've changed the title of the post to clarify this. Hopefully that
helps. 80 characters is quite annoying to work with.

------
Aoyagi
I don't see how is that strange considering in WP8 they send all primary
contacts and calendar entries to THE CLOUD with no option to opt out and of
course without telling the user, and considering what they've shown in Win10.
Microsoft clearly hates privacy.

------
ionised
Yeah I noticed this and was very annoyed.

I use Comodo firewall and have basically set up a load of rules to prevent
phoning home of any kind except to check updates.

~~~
scholia
Does that mean you're blocking CDNs? What's the effect on performance?

~~~
ionised
Can't say I've noticed any issues.

That said, I'm not using the Windows Store, Cortana, ModernUI apps, OneDrive
or even a Microsoft Account at all so your mileage may vary.

~~~
scholia
OK. A bit like Hamlet without the prince!

I take it you don't believe in app stores, secure apps, AI, deep learning,
cloud computing and similar modern rubbish ;-)

~~~
ionised
You're jumping to a lot of conclusions.

1) I do use app stores (F-Droid, Play etc) but I have no use for the Windows
Store. Windows ModernUI apps are basically stripped down versions of more
feature-filled desktop applications, so why wouldn't I just use them instead?

2) Secure apps? What does this even mean?

3) I love AI. I play games, so I have to.

4) Again, not even sure what you're suggesting.

5) I do use cloud services. Just not Microsoft, Google or Apple ones.

6) Modern does not immediately equate to good. This kind of thinking is naive.

My Windows machine is for games and games alone. I have no need or want of any
of Microsoft's cloud integration.

~~~
scholia
_> My Windows machine is for games and games alone. I have no need or want of
any of Microsoft's cloud integration._

Fair enough. You could have skipped the other six points.

 _> Windows ModernUI apps are basically stripped down versions of more
feature-filled desktop applications, so why wouldn't I just use them instead?_

Windows ModernUI apps are written to Windows Runtime, not the old Win32 API.
This means they are available from a trusted source (not eg Download.com),
they are easy to install, can be updated automatically, they are easy to
uninstall, they are more controlled than Win32 apps, and they run sandboxed,
so they are more secure.

If a ModernUI app does what you need, it would be sensible to run the app
rather than a traditional desktop program.

~~~
ionised
> they are easy to install, can be updated automatically, they are easy to
> uninstall

I generally don't have problems with any of those things.

> they are more controlled than Win32 apps

Not necessarily a good thing for power users.

> and they run sandboxed, so they are more secure.

Already got my own solution for this.

> If a ModernUI app does what you need, it would be sensible to run the app
> rather than a traditional desktop program.

That's what I'm saying. In my experience they generally are inferior to most
desktop applications that already exist and are far more powerful and
featureful. It's been this way since Windows 8 debuted the Windows Store.

If at some point in the future that changes then I'll consider switching over
to them properly. Until then, I'll stick with Win32 programs that are...well,
better in both UI (in my opinion, they are easier to navigate) and features.

ModernUI apps are just Microsoft's foray into the walled garden ecosystem. I
can't blame them for doing it this way, there is a lot of money to be made and
Apple and Google are both doing it so they run the risk of being left behind.

I still like control over how my operating system and the applications on it
run though. I'm not an error-prone casual user. I don't need the use of my OS
and programs dictated to me., nor do I like my applications to be delivered
through a single vendor-controlled portal.

~~~
scholia
_> I generally don't have problems with any of those things._

Good for you. Sadly, roughly 1.5 billion people frequently do have problems
with all of those things.

 _> Not necessarily a good thing for power users._

Windows isn't written for power users. If it were, Microsoft would be a very
small and very poor company.

 _> Already got my own solution for this._

Good for you. Sadly, roughly 1.5 billion people don't.

 _> In my experience they generally are inferior to most desktop applications
that already exist and are far more powerful and featureful. It's been this
way since Windows 8 debuted the Windows Store._

Absolutely true. But, as you say, the vast bulk of users seem to be very happy
with iOS- and Android-level apps. Microsoft's strategy is to run the apps that
most people appear to want.

 _> I can't blame them for doing it this way, there is a lot of money to be
made and Apple and Google are both doing it so they run the risk of being left
behind._

Yes, well put. That hits the nail right on the head....

------
bitmapbrother
I installed Windows 10 yesterday and used it for a couple of hours before
coming to the conclusion that I made an error in downgrading from Windows 7.
Windows 10 feels more like their phone OS disguised as a desktop OS. Perhaps
the most jarring part was how ugly legacy (Windows 7) apps looked in Windows
10. They didn't even bother trying to make these apps look nice. Also, their
services are plastered all over the place and there's little you can do to
turn these off. And then there's the numerous privacy invasive "features"
proactively turned on for you when you install it.

Luckily, you have 30 days to change your mind and return to Windows 7. I did
it within hours. I never liked Windows 8 and I think I dislike Windows 10 ever
more. No wonder they're giving it away because had they tried to sell it then
it would have probably met the same fate as Windows 8.

~~~
devindotcom
I wonder - does that get you in the door to do the free upgrade more than a
year from now? I wouldn't mind upgrading once 10 has had a little time to age
properly.

~~~
jonlucc
They already have a large update coming in the Fall and one next Spring that
should bring additional features. Of course, fixes to things that are broken
should be happening regularly.

~~~
tdkl
> They already have a large update coming in the Fall and one next Spring that
> should bring additional features.

And this is relevant to a customer now as in what ?

I'm getting tired or too old for this "continuous, agile, push now make it
work later" attitude of products that's out today.

~~~
jonlucc
I only mean that there will be at least a couple changes before the 1-year
upgrade offer expires.

------
reilly3000
I'm presuming this is some kind of analytics function. Just as most sites send
DOM events to GA based on every user's activity on your site, I'm guessing
Microsoft wants to gather aggregated search patterns to better its usability.
It's not cool that they didn't provide an explicit opt-out for this.

------
belgianguy
I wonder if it'd be possible to either blackhole all this nonsense, or to
"quasar" their data servers with preset queries like "I like my privacy",
"mind your own business" instead of your original query.

------
sandworm101
Another bad day for Microsoft. Another good day for linux.

~~~
tychuz
You mean Apple, we're talking about desktop OS here - new Windows Server is
not released yet.

~~~
sandworm101
Nope. I mean desktop linux. Every time MS, or Apple, launch a new OS with
silly fine print and non-removable malware I get people asking about linux.

Actually, silly ToS language and spyware don't really matter. The entire
update/versioning process with MS is so painful that distros like ubuntu start
to seem the easier option.

~~~
PhantomGremlin
_Nope. I mean desktop linux._

So you're saying that 2015 is finally the year of Linux on the desktop? That
prediction has been made before. That prediction has never come true, and
never will. IMO.

------
narrator
I wonder what foreign governments such as China and Russia are going to do
about this. How are they going to secure their networks from surveillance?

~~~
kaybe
Are they really running Windows? I wouldn't, if I was them.

~~~
nivla
More or less likely yes but so does the U.S. Microsoft also opens up the
sources to them so that alleviates some of their concerns.

------
mirimir
I'm not much into Windows anymore, but this might be useful:
[https://www.wilderssecurity.com/threads/windows-10-privacy.3...](https://www.wilderssecurity.com/threads/windows-10-privacy.377785)

------
mark_l_watson
There may be too much paranoia here.

I installed Windows 10. I turned off Cortana web search so it now only
searches for stuff on my laptop. Convenient.

I also turned off all camera and microphone use. Easy enough to turn on if I
need it.

Search for "privacy settings"' hit the first link and turn off what you want.
(I turned off just about everything.)

I think that as long as I use privacy badger in my web browsers, use duck duck
go as my default search engine, and make sure to install security updates and
scan daily, that my cheap little Windows 10 laptop is reasonably comparably
privacy wise to my two Mac laptops, but less private and secure than my three
Linux laptops.

Seriously, I think it is a mistake to talk non-tech family and friends out of
using Windows 10. Just help them make the right privacy settings.

~~~
Silhouette
_There may be too much paranoia here._

The thing is, I don't think avoiding Windows 10 _is_ an overreaction at this
point.

The default behaviour is highly intrusive. The accompanying privacy policy
makes it clear that Microsoft are allowing themselves to hoover up large
amounts of personal data. (The first warning sign is that desktop software
even needs a privacy policy.)

The new business model, starting with giving Windows 10 away for free and
aiming to make money on what you do with it instead, is a fundamental shift
from previous Microsoft products under the Windows brand.

Finally, for most users, updates are now automatic and can't be turned off.
That means any workarounds that are contrary to Microsoft's new business model
can simply be turned off remotely by Microsoft. Nothing you configure in any
settings or block in any firewall hosted on the Windows device itself can be
trusted.

It's only paranoia if they're not out to get you.

 _Seriously, I think it is a mistake to talk non-tech family and friends out
of using Windows 10. Just help them make the right privacy settings._

You can't make the right privacy settings in this context. They don't appear
to exist as far as I can see, but even if they do, they can be altered against
your will later. Microsoft's new business model motivates them to do exactly
that, and with the Windows 10 terms and privacy policy, you are explicitly
consenting to this kind of user-hostile behaviour when you install the OS.

I think it is a mistake _not_ to talk anyone you know out of using Windows 10.
You can opt out of using on-line services like Google or Facebook if you are
concerned about your privacy. But if you can't even trust your own desktop OS,
you essentially have no privacy at all the moment you switch on your computer.
Even for a generation that thinks nothing of sharing a lot of personal
thoughts and photos on social networks, that is a big step.

~~~
scholia
_> The new business model, starting with giving Windows 10 away for free_

There isn't a new business model, and Microsoft is not giving Windows 10 away
for free. What it is offering is a free upgrade to Windows 10 to people who
have paid for Windows 7 or 8. This isn't really any different from iOS and
Android users getting free upgrades on devices they have also paid for. It's
what people expect.

 _> Finally, for most users, updates are now automatic and can't be turned
off. That means any workarounds that are contrary to Microsoft's new business
model can simply be turned off remotely by Microsoft._

You can't turn off updates to Gmail or Facebook either. Same goes for most
mobile apps. Or your Chromebook.

What has changed is that Microsoft is building a cross-platform mobile
ecosystem in which Windows 10 is a mobile operating system. Think: cloud-
first, mobile-first, and Software as a Service. (Windows 10 will run on
phones.)

Now, I'm not saying that the permissions required in Windows 10 are _right_.
What I am saying is that the permissions suitable for a cloud-based cross-
platform ecosystem* with a built-in intelligent agent and deep learning (AI)
capabilities are not the same as the ones required by an old-fashioned
standalone operating system, and should be evaluated in that context.

* Windows 10 devices (phones, tablets, PCs, games consoles), OneDrive, Azure, Office 365 (PCs, Macs, tablets, smartphones), Windows Store, Bing, and dozens of apps on Windows 10, iOS and Android etc. This is comparable to the iOS and Android ecosystems, not to standalone Linux.

~~~
Silhouette
You have just stated that there isn't a new business model, and then
immediately described in considerable detail a dramatic change where lots of
people get a free new version of the OS (which has _not_ happened before) and
that new version is no longer a traditional desktop OS like previous versions
of Windows but instead a new kind of thing that is about being cross-platform,
cloud-friendly, mobile-first, service-driven, and generally more like what
Google or Apple would offer. You also glossed over all the spyware and the ads
that you can pay^Wsubscribe to remove even running basic software locally on
your own system, though you did mention some of the other paid services that
Microsoft have made pretty clear they will be promoting via Windows 10. If
that isn't a fundamental (and user-hostile) change in business model, I don't
know what is.

~~~
scholia
It's not a change in Windows 10's business model. It's still a paid-for
operating system.

 _> that new version is no longer a traditional desktop OS like previous
versions of Windows_

It's no longer a traditional desktop OS, but that change is not new to Windows
10. It was already the case with Windows 8.

 _> You also glossed over all the spyware and the ads that you can
pay^Wsubscribe to remove even running basic software locally on your own
system_

Not really. Windows Store apps behave just like other people's store apps.
It's exactly in line with the current culture of "free". I'd guess that
Microsoft doesn't like it any more than you do, but thinks it needs to become
like Android to prosper in a world that's averse for paying for stuff, or even
thinks that paying people to write code is evil.

Windows 10 is designed for people who aren't interested in computing and don't
want to be bothered with having to maintain their PC.

There's certainly a change in the technology approach, but the idea of
developing point releases may have been sub-optimal for five or 10 years. The
idea with Windows 10 is to use Big Data from actual usage to drive continuous
improvements. _Exactly_ like Gmail, Facebook etc.

------
tremon
requires javascript; didn't read

~~~
PhantomGremlin
Same for me.

When I'm on my deathbed, I don't think I'll say "Damn! I wish I had enabled
Javascript back in 2015 so I could read that clickbait article on Windows 10
privacy (or lack thereof)."

All hyperbole aside, I'm glad for HN threads like this. I don't _need_ to read
the article to get the gist. And I also gain perspective from all the comments
posted here.

------
jug
Can you turn off search suggestions?

I assume it's like all those sort of services, like the Google Chrome address
bar, etc.

------
jevgeni
I wonder how many people here complaining about privacy have frequent flyer
cards or valued customer cards?

~~~
RunawayGalaxy
Opting into a FF program is voluntarily exchanging your personal info and
loyalty to a brand for benefits in pricing. How is that the same as an OS
uploading your information from a local search by default in an opt-out model?
I'm really not trying to be snarky, I genuinely think I'm missing some point
here.

~~~
jevgeni
I don't think this is a defining difference here. Sure, doing something by
default without telling the customer seems sneaky, but its impact is small in
comparison to other leaky privacy products most people use.

What I understand about the matter, the information sent is a regularly
regenerated random ID and some machine information. Compare that with a
Tesco's Clubcard or Walmart's Credit Card: given the information you provide
them with, these companies may know what you eat, how much you spend, where
you live. They can judge your income, they can project your financial
situation into the future, and they probably know when you go on holiday. And
I don't really think people opting in on those products really understand
these implications.

I think this issue is overblown only due to it belonging in the area, where
most commenters here work. As I see it, there are business practices way more
harmful to privacy than this, but are happily ignored by the pop-privacy crowd
just because they are convenient and have been in place for a long time.

~~~
scholia
Most of the stuff complained about in Windows 10 was already in Windows 8
(except Cortana), but "the pop-privacy crowd" has only just discovered it,
apparently ;-)

------
vinbreau
Glad I use a launcher and rarely ever touch the start search.

------
zekevermillion
If you opt into the Windows ecosystem, there's no point in complaining about
leaking private info. If you care about this, you should choose to run an OS
that you control.

~~~
ultramancool
Not all of us are all-in on the ecosystem. Personally, I just want to play
some games and occasionally do some reverse engineering. Just for that, which
was perfectly possible in the past, I should be forced to give up private
info?

~~~
zekevermillion
I'm not saying that building software which does not respect privacy is
_good_. I'm saying that if you choose to use software that is designed by
companies that are clearly motivated to monetize your personal info, then that
is a trade-off which you accept. Render unto Caesar.

------
mahouse
Do "normal" applications look blurry on high DPI screens?

~~~
louthy
It looked OK on my 4K screen when I installed it. I however fairly quickly
went back to 8.1. It's soooo slow, lagging mouse pointer slow. There are lots
of 'proportion' issues as well that aren't there with 8.1 (task bar too small,
title bars too large), I couldn't get the Display settings to anything close
to comfortable.

It also looks a mess, mainly the random font sizes, but also the fact that
they've tried to modernise everything, like menus, etc. (that they clearly
didn't get around to with W8), but there's still aspects that have been
forgotten and are in the W7 style. So there's W7+W8+W10 all in one. I didn't
mind so much with W8 because 'modern' was 'over there', and W7 with some flat
tweaks is 'over here'. But now it's all thrown together. Not pretty.

Then when it would only randomly 'see' certain domains on my work VPN, and
just be blind to others, I'd had enough... and bailed. I've never bailed on an
OS before, always given it a chance to settle in. W10 just doesn't feel
finished.

~~~
pdkl95
> mainly the random font size

That's a consequence of the cheats that MS did a _long_ time ago in how they
render TrueType. The short version: instead of properly kerning the rendering,
each glyph's x-location is rounded up to the next pixel boundary, causing
nasty misalignments (some of which accumulate over the line).

The long (but very interesting version:
[http://www.antigrain.com/research/font_rasterization/index.h...](http://www.antigrain.com/research/font_rasterization/index.html)

------
VOYD
And yet, you posed this on the internet, sharing your IP & MAC addresses with
several companies.

~~~
QUFB
How is he sharing his MAC address with any companies that are outside his
network segment?

~~~
jevgeni
So sharing things on the network segment is OK?

