
Microsoft opens up on Windows telemetry, tells us most of what data it collects - discreditable
https://arstechnica.com/information-technology/2017/04/microsoft-opens-up-on-windows-telemetry-tells-us-most-of-what-data-it-collects/
======
DarkKomunalec
The actual list of what it gathers:
[https://technet.microsoft.com/itpro/windows/configure/config...](https://technet.microsoft.com/itpro/windows/configure/configure-
windows-telemetry-in-your-organization#telemetry-levels)

Included:

"Storage attributes, such as number of drives, type, and size" \-- So ID
numbers of all USB storage drives you've connected? Better not put sensitive
data on a USB and send it to a journalist...

"the number of crashes or hangs, and application state change details, such as
how much processor time and memory were used, and the total uptime for an
app." \-- To e.g. determine when you used the TOR browser, since the
difference in uptime between two time points is how much it was up during that
interval.

"App usage data. Includes how an app is used, including how long an app is
used, when the app has focus, and when the app is started" \-- Oh, never mind,
they also explicitly state they gather which apps you have installed and how
much and when you use them in the next section.

"Accessory device data. Includes a list of accessory devices, such as printers
or external storage devices, that are connected to Windows PCs and whether
these devices will function after upgrading to a new version of the operating
system." \-- Print poster and glue it to a wall -> Printer gets identified via
tracking dots ( [https://www.eff.org/pages/list-printers-which-do-or-do-
not-d...](https://www.eff.org/pages/list-printers-which-do-or-do-not-display-
tracking-dots) ) -> Printer is linked back to you, even if you bought it with
cash. I hope you didn't print anything your local sheriff would dislike!

Edit: This is all in the 'basic' level, which you can't disable.

~~~
Flammy
> > "the number of crashes or hangs, and application state change details,
> such as how much processor time and memory were used, and the total uptime
> for an app."

> To e.g. determine when you used the TOR browser, since the difference in
> uptime between two time points is how much it was up during that interval.

Having personally talked with Microsoft engineers who handle what this data is
used for, I can tell you they take PII very seriously and per user details
aren't being shared with 3rd parties (at present). Could they be misusing
this? Or start selling it? Yes, but it would be an incredibly dumb idea from a
brand value perspective, and I trust them to at least protect that. (I do
honestly think that like most people, Microsoft employees are well-meaning
individuals with good intentions)

What is this data used for? The most common use is to tell a large software
developer "you have a memory leak in version 3.1.x when running on 4th gen
intel CPUs with driver version 11.3" or similar. So companies with wide
install bases (Oracle, IBM, other Microsoft divisions, etc) can fix issues
which impact literally millions of users.

If anyone reading this has ever received this sort of Microsoft communication
about your software, could you share your experiences?

~~~
Veratyr
> Having personally talked with Microsoft engineers who handle what this data
> is used for, I can tell you they take PII very seriously and per user
> details aren't being shared with 3rd parties (at present). Could they be
> misusing this? Or start selling it? Yes, but it would be an incredibly dumb
> idea from a brand value perspective, and I trust them to at least protect
> that. (I do honestly think that like most people, Microsoft employees are
> well-meaning individuals with good intentions)

Being an American company, you also have to worry about Microsoft being
compelled to disclose per-user details with law enforcement or the
intelligence community. They have no choice when it comes to this, so allowing
them to have this data _at all_ is dangerous.

~~~
dTal
>it would be an incredibly dumb idea from a brand value perspective

Imagine how damaging it would be to their brand value if they put ads in the
main OS interface.

------
muraiki
I ranted in another article regarding Microsoft's Explorer Advertising about
my frustration with MS conflicting with my desire to support the good work
some of their teams are doing, such as C#, Visual Studio Code, and Typescript.
After reading through the comments here about everything this covers and which
cannot be disabled, I'm putting my money where my mouth is and I'm stopping
all further use of C#, F#, Visual Studio, Typescript, Azure, etc. I know that
my individual loss means nothing to MS, but it's clear that MS is dying to
attract developers to their platforms; as such, we who are outraged at MS's
privacy violations need to act together to reject MS technologies, as that is
one of the few things that they will listen to.

Disclaimer: These concerns of course extend to other companies actions, but in
the context of this article MS is the most relevant company.

------
nigma
Telemetry at the OS level bothers me to the point that I'm not Windows user
anymore and I I'm not planning to become one anytime soon.

But to be fair one should point out that Apple is also collecting telemetry
data (search system logs for com.apple.telemetry) without any toggles in the
system preferences.

Search results don't bring much info on what is collected and how it is being
used. Does anyone here have insight into Apple telemetry granularity?

~~~
sametmax
Fun thing is, they probably do the same, but:

\- will do it well enough so that you can't find out

\- control PR well enough so that it won't leak out

\- have enough fan boys that if by any miracle people learn about it they'd be
cool with it anyway

~~~
hedora
My take on this is that Microsoft is stuck in an awful compromise. Google's
stuff is free because their business model is surveillance. Apple compromised
the user experience to preserve privacy until it could push the machine
learning algorithms to user devices. Siri lagged (lags?) Google, but it can
now find all my locally stored cat pictures, even though Apple doesn't have a
copy of them. There are toggles in iOS to prevent Apple from gathering
personal info.

Microsoft is trying to double dip: Windows wants to be a premium product like
Apple, and the cloud division wants to be Google. The CEO is from the cloud
division.

To get more user data, many teams in Microsoft backported data collection to
existing Windows devices without an opt-in (or even opt-out) at the same time
they made telemetry mandatory, effectively compromising millions of devices.

This completely destroyed any trust privacy-minded users had in them. Now the
telmetry team (which is probably actually acting in good faith, and just
trying to make stuff better) is the lightning rod for all the other
inappropriate data collection being done in Redmond.

This is why there is such a disconnect between Apple's response to privacy
issues (usually: "oops, crap. We'll fix it in the next release") and
Microsoft's responses, like this article, where the spokesperson doesn't have
the knowledge or authority to provide honest answers.

~~~
pseudalopex
Microsoft allows more control over data collection in Enterprise than in Home
or Pro. That seems like a calculation about how much each group could push
back, not acting in good faith.

------
nathanaldensr
It doesn't matter what Microsoft says or how they paint it. It doesn't matter
how "transparent" they are. As long as data-gathering (read: snooping) is a
part of the operating system, there will be a conflict between that and a
user's desire for privacy. The only acceptable option for privacy-conscious
users is to not use Windows 10 at all, unless and until Microsoft introduces
an "Off" setting.

~~~
CaptSpify
Even if they introduce an "off" setting, there's no good way to verify that
they aren't collecting/sending that data anyway.

~~~
Varriount
What about using something like TCPView[1], and Process Explorer[2]? Saying
that there's "no good way" is throwing in the towel a bit early.

[1] [https://technet.microsoft.com/en-
us/sysinternals/tcpview.asp...](https://technet.microsoft.com/en-
us/sysinternals/tcpview.aspx) [2] [https://technet.microsoft.com/en-
us/sysinternals/processexpl...](https://technet.microsoft.com/en-
us/sysinternals/processexplorer.aspx)

~~~
mysterydip
If it's the OS doing the data gathering, it can just hide that stuff from
whatever you would use to monitor it. Look at how rootkits hide for an
example.

~~~
sqldba
Not to mention they bypass their own hosts file to make sure you don't
override anything that might stop their data theft.

------
hedora
From a quick skim:

There is still no "stop sending my personal information to Microsoft" switch,
but Microsoft has published a list of examples of what data the "telemetry"
subsystems collect.

There are other Windows 10 subsystems (cortana, start menu, etc) that silently
collect data, and they are not covered by the list the article links to.

~~~
coldpie
> There is still no "stop sending my personal information to Microsoft" switch

Sure there is. Don't use Windows.

~~~
hedora
:-)

I think that is necessary but not sufficient at this point, sadly.

I don't use outlook, but they announced some feature where it looks up the
senders of your emails on linked in. So, if anyone you know uses outlook, then
linkedin knows you know them.

I'm not sure if it looks at email bodies (yet), or if they rolled it out yet.

Either way, Microsoft should soon be able to sell employers a reasonably
complete list of employees that are looking for a new job (including employees
that are not active on linkedin or that do not even have linkedin accounts).

This is one example of many, I'm sure.

------
monochromatic
Windows 10 makes me want to move to Linux more than ever. I'm not some FOSS
crusader, but I would like an operating system that doesn't spy on me, doesn't
put ads in my desktop UI, and doesn't force people into an upgrade to do so.

~~~
nol13
Do it, don't look back.

(and I'll take this opportunity to thank everyone who works on FOSS software,
paid or otherwise)

~~~
monochromatic
It's been years since I've futzed around with Linux... it's a little daunting.
I need to be able to exchange Word documents with clients, and I worry about
formatting errors and the like showing up if I'm creating those documents in
LibreOffice. Also, I do like to play the occasional video game.

Really, what I want is Windows 7 that isn't locked to last-generation hardware
and that isn't coming up on EOL. It wasn't FOSS, but it worked very well for
what I needed.

~~~
coldpie
The company I work for, CodeWeavers, sells a commercial version of Wine called
CrossOver for exactly that use case. We're a little behind the current
versions of Office; 2013 doesn't work very well yet, but old versions work
excellently and we're working hard on 2013.

~~~
andrei_says_
How's Adobe CS support?

~~~
coldpie
Good question, I don't know. I remember hearing something just this morning
about CS5 working well, but I don't know if that was with some internal hacks
or with our public product. We offer a free trial if you'd like to try it out.

------
tunap
"Most" being the operative word.

"These improvements are unlikely to appease that minority of users that regard
the mandatory telemetry as an unacceptable intrusion..."

by "minority", I assume the author means those pesky, conscientous types who
prefer not to have every action disseminated for exploitation. Analytics make
the world a better place, and they can be abused as spyware... it all comes
down to trust. MS's history speaks for itself.

~~~
nathanaldensr
Precisely. Let's paint privacy-conscious users (read: virtually all of
humanity, given the choice) as the "minority." Let's make it seem like they
are just an annoying vocal minority, complaining for the sake of complaining.
This is just a basic marginalization tactic. Disgusting.

~~~
sametmax
The real problem is they are right. We are a minority. Most people don't give
a damn about it. We are talking about a world in which you can lie to
presidency, ridicule yourself and the entire country and still people believe
in you. So privacy ? It's not even on people's radar.

~~~
pseudalopex
People accept data collection in part because of the lengths companies go to
to hide, obscure, and spin it. Those efforts wouldn't be necessary if people
truly didn't care.

------
calcifer
To be honest, publishing _most_ of what they are collecting makes me trust
them less, not more. Why not publish _all_ , what are they hiding?

~~~
warp
If I understand the article correctly, they are publishing all they are
collecting by default.

They are not publishing exactly what they are collecting for the "Full"
telemetry setting, which is opt-in. I'm guessing they don't want to commit to
that because they want to be free to add and remove metrics they're interested
in.

~~~
hedora
Note the Orwellian use of the word "telemetry." They are using it to mean
"data collected by the telemetry team" at Microsoft.

This is not a list of "telemetry data collected by Windows 10".

I am beginning to suspect that they do not have adequate internal safeguards
to control the collection of personally identifiable information across the
entire company (including office, bing, skype, linkedin, etc, etc).

That would mean they are actually incapable of enumerating all the information
a clean Windows 10 install and office 365 will phone home. It would also
explain discrepancies between todays's list and third party audits of Windows
10.

~~~
WorldMaker
I don't think that is true: the list includes telemetry from the Windows
Store, which while a bundled part of Windows 10 I would be hugely surprised if
its telemetry (which includes marketing concerns) is anywhere a part of the
same "telemetry team" as say crash/error reporting telemetry.

The impression I get is that this information took so long to produce because
they did have to sit down with all of the various teams involved.

They also don't seem to be attempting any Orwellian use of the word
"telemetry", though it is technically explicit. They start the document by
establishing the definition, if you care to question it more directly:
[https://technet.microsoft.com/itpro/windows/configure/config...](https://technet.microsoft.com/itpro/windows/configure/configure-
windows-telemetry-in-your-organization#what-is-windows-telemetry)

------
meddlepal
Honestly there is a lot of hypocrisy here in this thread. How many of us work
for startups that either collect data on users usage of their app or rely
heavily on the data Google/FB/Twitter etc have mined?

Answer: Probably all of us.

~~~
hendersoon
There's a huge conceptual difference between my data being collected by a
service I decided to use and my operating system.

I play games, so I have no choice in the OS. Windows is the only choice. I can
choose not to use Google or Facebook.

~~~
meddlepal
I didn't realize Microsoft was forcing you to play games that only run on
Windows.

~~~
hendersoon
Ahh, the old "nobody's holding a gun to your head, you didn't have to spend
$50 for dinner, you could have had Kraft Mac & Cheese!" argument. Good one.

------
chrisper
>All crash dump types, including heap dumps and full dumps.

Maybe I should not have used Windows Insider after all which forces you to
have it on full...

~~~
simion314
Wow, this means they will store in their databases your private data you had
in RAM when something or Windows crashed? Am I wrong? because this sounds
horrible, you should have an option on sending your memory dumps.

~~~
chrisper
Yes, you are right.

I wonder how this affects something like Keepass. If I had it unlocked open
while Windows crashed, does Microsoft now have all my passwords?

~~~
sqeaky
Yes it means microsoft has your passwords and you have technical recourse.

If you attempt to use legal recourse you will likely fail and your passwords
could become publicly viewable evidence.

Change your passwords and don't store them on a close sourced system, this is
the only mitigation I see you having that is sure to work.

~~~
chrisper
Actually, if you look here [1], it says:

>While KeePass is running, sensitive data (like the hash of the master key and
entry passwords) is stored encryptedly in process memory. This means that even
if you would dump the KeePass process memory to disk, you could not find any
sensitive data.

Either way, it is bad that Microsoft does not really warn people about this.

[1]
[http://keepass.info/help/base/security.html#secmemprot](http://keepass.info/help/base/security.html#secmemprot)

------
icc97
> "Marisa Rogers, the "privacy officer" of the Windows and Devices Group, told
> us that the telemetry data is genuinely useful to making Windows better. As
> an example the company offered us, there was a problem with the Windows
> Alarm app. "

So massive levels of enforced data collection are justified by them fixing the
Windows Alarm App.

~~~
hendersoon
I don't think anyone is seriously arguing that telemetry isn't useful to
improve Windows. It very clearly is, very much so.

I just want the ability to opt-out.

------
acd
One can run Windows virtual machine on a Linux host at near native GPU
performance with PCI passthrough and KVM for gaming and then besides Windows
registry use Iptables to block Microsoft Atlas telemetry. I use that setup for
playing Windows PC games which are not yet available native on Linux.

[https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVM...](https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF)

~~~
JCDenton2052
Sounds very interesting. Can I please ask what sort of games you play and what
FPS you're getting?

~~~
acd
I am playing strategy FPS Fallout4 2560x1440 it runs at 60fps ultra setting,
car, train simulators. Hardware i7 6700k, Nvidia Geforce 1070p, Samsung 950
Pro M2.

Passmark score 4937, 93th Percentile 3D graphics score 12610, 99th Percentile
2D graphics 710, 72th Percentile Memory 2420 82th Percentile, Disk Mark 10435,
99th Percentile

Passmark link [https://imgur.com/a/mu0ln](https://imgur.com/a/mu0ln)

If you decide to try it do not miss the kvm ignroe msrs=1 setting, otherwise
KVM will crash. /etc/modprobe.d/kvm.conf options kvm ignore_msrs=1

/etc/default/grub pass in setting intel_iommu=on and hugepages.
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on hugepages=4096"

~~~
JCDenton2052
Thank you kindly, gaming was the final reason why I was hesitant to jump to
Linux. It is nice to see high quality workarounds.

------
mankash666
I'm unsure if Macs send as much data. For a fact, Android combined with Google
apps know A LOT more.

Microsoft tends to get singled out while being the better option, sometimes

~~~
partiallypro
Sometimes? More like all the time. Microsoft still gets unfair criticism when
what it is doing is usually less than its competitors (Apple, Google.)

It's pretty astounding, HN reads like early 2000s Slashdot sometimes in
regards to its complete hatred of Windows. This entire thread is almost
verbatim early 2000s Slashdot, "I just switched to Linux and I love it" along
with all the OSS evangelists piling on. It's more annoying than insightful.

~~~
Teckla
_Microsoft still gets unfair criticism when what it is doing is usually less
than its competitors (Apple, Google.)_

This is a subjective opinion (i.e., subject to debate), and also a harmful
one. "The other guy is worse" is _never_ a good defense.

~~~
partiallypro
Actually I think the defense of "Microsoft should never adapt to market
standards that others have set, because they are Microsoft" is never a good
defense.

------
tetraodonpuffer
Why couldn't microsoft offer a Windows 10 "developer edition" allowing
telemetry to be set to "security"? Make it cost $200 more, so typical users
won't buy it, but why not make it available at all?

~~~
cwyers
It's called Enterprise.

~~~
flyinghamster
Are mere mortals even _allowed_ to buy the Enterprise edition, quantity 1?
Somehow, I doubt it.

~~~
JoelTheSuperior
As far as I'm aware it's only available via a volume licensing agreement.

Enterprise still doesn't let you disable telemetry though - just lets you set
it to basic.

If you want to disable it fully you need the LTSB version.

~~~
gruez
>Enterprise still doesn't let you disable telemetry though - just lets you set
it to basic.

you can set it to security through gpedit

~~~
hendersoon
Correct, Enterprise and Education versions will work on Security, which is
essentially disabled.

------
doubleplusgood
Is there a traffic pattern I can block on my home network that will disable
telemetry but won't mess with updates?

~~~
sounds
Probably (until they change the telemetry traffic pattern). I don't know what
it is.

Why engage in their game and try to whack-a-mole their software, if you have a
choice.

I admit, for some, there is no alternative. And that's why there's the
outrage.

~~~
doubleplusgood
I actually am keeping several computers in my house on Windows 7. A work
laptop came pre-installed with 10 and I haven't yet installed Linux on it.

I think I'll just dump its traffic with no network apps open and see which
addresses it calls home on.

~~~
microcolonel
I found this further down the thread, it might be of interest to you.

[https://github.com/crazy-max/WindowsSpyBlocker](https://github.com/crazy-
max/WindowsSpyBlocker)

~~~
doubleplusgood
Thank you, I'll be researching this further

~~~
microcolonel
As for my take, I have a little shell script that translates hosts files into
unbound configuration files, with always_nxdomain rules for each superdomain.
I then use that unbound instance as my DNS.

~~~
doubleplusgood
I'd use my rpi for this, but it's on the wrong vlan...

------
youdontknowtho
There is nothing that they could do to placate this crowd. even if they
stopped collecting telemetry then there would be a vocal contingent of people
complaining that it isnt open source. if it was open source and people didnt
like the way it handled init a loud contingent would complain.

------
ksk
Although I've managed to neuter this crap, we really need a table which
details all the data MS, Google, Apple, various Linux apps collect under the
guise of 'usage data'. I'm willing to grant that most of this is not
nefarious, but there should definitely be an opt-out. As the owner of the
machine, I do not want my CPU cycles going towards this, or JS scripts that
track me, etc.

~~~
dilap
I don't think Apple collects anything, unless you say explicitly say "Yes,
share usage data" during installation.

(Maybe I'm being naive.)

I feel like what we really need might be a legislation mandating easy opt-out
(or even better, requiring opt-in).

~~~
ksk
AFAIK, I think its enabled by default on iOS, but you can opt-out.

[https://support.apple.com/kb/PH25654](https://support.apple.com/kb/PH25654)

On OSX this document seems to say no data is sent without explicit
instruction, but then it says "data can be sent automatically if one of these
events occurs".

------
5ome_guy
I've switched my desktop computer to linux (Mint) with Wine. It's great. Very
easy, stable and feature rich. Easier to deal with and customize. There are
still some issues with software compatibility or security but it's on par with
Windows enough that I haven't really noticed. The only problem I have is
games. I hibernate and boot back into Windows 7 for GTA5!

~~~
TremendousJudge
linux is useless for sound production as well

~~~
5ome_guy
Yeah, not gonna lie. I've tried most of the free DAWs and they all have
stability issues. Random crashes or audio glitches.

------
Insanity
Even if they would provide a full list of evertyhing they are collecting about
you, how could you even prove that is really _everything_ as long as window is
not OSS?

I suppose you'd have to take them on their word, but do they have that much
trust from their users?

~~~
MichaelGG
Well it's possible to inspect the system and determine if they were exceeding
that, and then the backlash would be pretty heavy, perhaps even legal? Sure
they could secretly leak stuff, but then we have to think a ton of engineers
are in on truly spying on users, not just getting telemetry.

Doesn't stop them from sending down targeted updates to turn on deep
telemetry, say, under a legal order.

This is similar to the WhatsApp situation. They claim all this crypto. If they
were lying, someone could figure it out and FB would get slammed.

~~~
CaptSpify
Sure, someone _could_. But it's easy enough to obfuscate it so that it would
be extremely difficult to tell for sure. There's a reason why making things
verifiably FOSS is such a big deal. "Someone would surely catch them and
embarrass them" isn't a great reason to trust them.

~~~
MichaelGG
Of course. But is it worth a billion dollars or whatever the, say, EU, might
decide to fine them if caught? Plus the added compliance costs of whatever a
court decides they need to do? Not to mention press and loss of government
contracts, etc.

There should be a project to fund some research into this, verifying some
popular closed source clients.

~~~
CaptSpify
It probably is worth it. Look at VW, "surely someone would catch them" worked
out for them for years, and was quite profitable for them.

~~~
MichaelGG
I suspect Microsoft's upside in capturing more details (websites visited?) for
use in what, advertising?, less than VW's upside in circumventing physics.

Ads make money but it seems hard to capitalise off of secret collection - too
many People involved and you can't advertise your capabilities to clients.

~~~
CaptSpify
> Ads make money but it seems hard to capitalise off of secret collection -
> too many People involved and you can't advertise your capabilities to
> clients.

Why would it be? You don't have to tell advertisers how you got the data, just
that you can show their ads to a certain demographic. And "websites visited"
is just one of the things they can collect. Being able to advertise based on
your documents, work-flow, social interactions, etc is probably much more
powerful.

------
winstonlove
This change in the settings menu fixes absolutely NOTHING. Suppose that as the
article describes, you go ahead and chose the Basic setting for telemetry.
What happens next week when some update is published and reverts back your
settings to Full telemetry? This is not a theoretical scenario, many past
updates have changed the state of the user chosen settings (including
telemetry) without the users knowledge. In Computer Science parlance, the
settings menu is non-deterministic, meaning you cannot be sure what state it
is in now, as compared to the next minute.

So for example if you are a lawyer, a doctor, or a stock broker, and are
typing a sensitive document for a client, even if you are diligent and checked
that telemetry was set to Basic, before and after you typed the document,
there still exists the possibility that for a few minutes the setting was
changed to Full telemetry due to a background windows update, and minutes
later reset again to Basic telemetry due to another update, thus leaking the
sensitive document without you even knowing about it. That is what being non-
deterministic means and is obviously unacceptable for certain professional
software usage scenarios.

But the greatest flaw in Windows 10 is not the keylogger. The greatest flaw is
the Delivery Optimization module, its new peer-to-peer software delivery
system. Basically, with Windows 10, the DLLs that compose your kernel do not
come from Microsoft servers directly, but come from Joe down the street, or
worse from Boris the hacker from some other country, due to peering. What
could possibly go wrong with that? In effect, your attack surface is the
entire internet, and all that it would take for someone to compromise your
system is some buffer overflow to nullify the hash thar Delivery Optimization
uses to validate the peered DLLs.

Windows 10 has many great features, and one can see truly the significant
positive progress Microsoft is making every month. But Microsoft really needs
to purge the telemetry DLL and the delivery optimization DLL from the base
windows install. They introduce unacceptable risks in several professional
usage scenarios.

------
draw_down
It's still so crazy to me that they do this _in their OS_. But I guess a lot
of people either don't mind or just don't know.

------
wdr1
Does anyone know how the "advertising ID" works or what's included?

E.g., is my web browsing traffic collected by Microsoft?

------
MS_Buys_Upvotes
What about the other subsystems that silently collect data?

------
duncan_bayne
This is the company behind the Halloween Documents:

[http://www.catb.org/esr/halloween/](http://www.catb.org/esr/halloween/)

Why anyone would choose to trust them is beyond me.

~~~
minikites
You really think the Microsoft of today is the same as the Microsoft of 20
years ago?

~~~
mikestew
20 years ago, Microsoft was convicted as an abusive monopolist. It's up to
them to convince me that they've reformed, and they're doing a kind of poor
job of it.

Are you arguing that I am to just _assume_ that they've changed due to the
passage of time?

~~~
minikites
How hard does a 28 year old person need to work to convince you they're not
the same as they were when they were 8 years old? Microsoft has changed CEOs
and lower leadership a number of times in the last 20 years. I submit that it
would be difficult to find ANY company that can go 20 years without changing.

~~~
duncan_bayne
Change? Sure.

But they've done nothing to suggest they've shed their utterly user-hostile
philosophy from 20 years ago. It just manifests in different ways.

To run with your analogy: imagine you ran into someone at 40, someone you
hadn't seen in 20 years. 20 years ago he was into petty theft and vandalism.
These days, he works as a lawyer for a patent troll. The specifics have
changed; his character has not.

