
Microsoft Admits Windows 10 Automatic Spying Cannot Be Stopped - bontoJR
http://www.forbes.com/sites/gordonkelly/2015/11/02/microsoft-confirms-unstoppable-windows-10-tracking/?utm_campaign=yahootix&partner=yahootix
======
Someone1234
Regardless of how you fall on this issue, this article is clearly highly
biased.

If you read their link "detailed data"[0] you can see there is an issue but
you can also see that the level of invasion is low with most telemetry
disabled.

This article links to that, but then ignores that author's conclusions (that
it is a relatively light level of privacy invasion) to draw this conclusion:

> So how concerned should users be about Windows 10’s default data collection
> policies? I would say very.

But the author's articles are only really pro-Apple and anti-Microsoft, just
look at their back catalogue [1]. They've written about Windows 10 problems
weekly for months, getting more and more inflammatory each time.

So how concerned should readers be about the author's obvious bias? I would
say very.

[0] [http://arstechnica.co.uk/information-
technology/2015/08/even...](http://arstechnica.co.uk/information-
technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-
microsoft/)

[1]
[http://www.forbes.com/sites/gordonkelly/archive/](http://www.forbes.com/sites/gordonkelly/archive/)

~~~
marssaxman
"Relatively light level of privacy invasion" is still privacy invasion.

~~~
Pharaoh2
But it still doesn't validate the need for a clickbait title or a highly
inflammatory article. Say it how it is... no better or worse.

~~~
marssaxman
From the perspective of a person whose standard for an operating system is
"zero invasion of privacy", there's nothing particularly inflammatory about
the article.

It's fine if your expectations are less rigorous; you simply aren't part of
the article's intended audience.

~~~
Pharaoh2
I know ubuntu, osx and windows 7 phone home for certains scenarios. Until you
are running some *BSD box, you aren't getting that "zero invasion of privacy",
you just think you are.

~~~
yuhong
The browsers do so too BTW. Win7's telemetry settings was very different, but
yes CEIP dates back to even Office 2003.

~~~
sp332
CEIP was always opt-in before.

~~~
yuhong
I think in some cases it might have been enabled by default, but it still
could be disabled.

------
bitL
Microsoft has essentially forced me to turn off Windows Update on all my
Windows 7 machines/partitions and migrate everything I can to Linux. All I am
waiting for is SteamOS delivering AAA games to Linux and I won't need to touch
future Windows ever again.

How can you justify using Windows for enterprise work if due to new policies
you can't be assured you can keep anything you work on secret? I am not
willing to keep the possibility open of sharing my competitive advantages with
whomever is in bed with Microsoft's management to capitalize on my ideas. Can
somebody please tell them to get back to their senses and become trustworthy
again?

Do I need a dedicated NUC running super-secured *BSD/Qubes filtering out
traffic towards known Microsoft servers while using Windows 10?

~~~
Quiark
Wait, how do I prevent automatic update to Win10? I actually like the UI but
the system Does Not Work (tm) on my hardware (I tried). I'm finding it hard to
believe MS is going to auto-brick my laptop overnight.

~~~
mindcrash
They will when Windows 10 becomes a preferred update.

Before that head into Control Panel > Windows Update > Change Settings

Oh, btw: if you have let Automatic Updates run until now it's probably best to
do a fresh reinstall of Windows 7 or Windows 8, because they retrofitted
almost all of Windows 10 telemetry services in those operating systems in a
series of "updates" released around August.

Which gave me enough reasons never to trust any update from Microsoft ever
again.

~~~
yuhong
They did not retrofit "almost all of Windows 10 telemetry services". I
recommend that you read the TechNet article.

------
criddell
I don't understand how Windows 10 can be used in a lot of small business
environments.

If you are big enough to get the enterprise version, everything apparently can
be tweaked. But there are a lot of tiny businesses that order a PC from Dell,
install some software for their vertical, and then do little more than
regularly install updates. My old dentist was a two person operation. They
aren't going to get the enterprise version yet they need to handle medical and
billing records securely.

Either I'm totally misinformed, or the professional version of Windows isn't
suitable for many professionals. I'd be happy if somebody could explain why
it's the former.

I also wish Microsoft were more transparent about the data that is sent to
them. Why is a machine with all the options set with privacy in mind still in
constant contact with Microsoft?

~~~
jakejake
Putting on my trusting hat, I would think that MS is only transmitting enough
data to keep the machine running and virus free without any intervention from
the non-technical people. So it would be a safe machine for a small company
without any IT staff. A lot of those companies just take the computer out of
the box and plug it in and don't do anything further anyway.

I don't see why they don't just add the option to disable that with
appropriate labeling, though, if nothing else to satisfy the more vocal,
privacy-concerned folks.

~~~
criddell
> trusting hat

If you are wrong and Microsoft suffers a breach, your defense for HIPAA
violations has to be better than "but I trusted Microsoft!"

> I would think that MS is only transmitting enough data to keep the machine
> running and virus free

I don't think that's true. It uploads what you type, your calendar, contacts,
etc... so that things like Cortana work better. What makes me nervous is that
even if you turn off all the Cortana things that you can, Cortana is still
always running. Plus, how often to business users use Cortana?

------
username223
Ugh, the "cloud" comes to the desktop. Companies like to have all kinds of
telemetry and forced non-security updates, both of which are easy to have with
a hosted application. "You'll take whatever we throw up on the server, and
we'll watch you like it."

Some of us poor software users don't always like one or both of these things,
and client-side software is great at avoiding them: you choose when to install
newer versions, and whether the software talks to the developer. Sadly,
companies are figuring out how to "cloud up" client-side software with forced
updates [1] and always-on telemetry, and Microsoft is jumping on the bandwagon
in a big way. Maybe reverse firewalls will catch on like browser ad blockers
have; probably not, but there's always a chance.

[1]
[http://www.forbes.com/sites/gordonkelly/2015/07/17/windows-1...](http://www.forbes.com/sites/gordonkelly/2015/07/17/windows-10-forced-
automatic-updates/)

~~~
yuhong
Yea, MS has make it clear "Windows as a Service" is deliberate. Win10
Enterprise has the LTSB for long term servicing.

------
RexRollman
This, combined with Microsoft trying to trick people into thinking they _need_
a Microsoft account in order to create a user account, shows how far they have
fallen.

~~~
yuhong
Dates back to Win8 I think, Win10 actually improved this.

~~~
RexRollman
I know it started with 8 because my father, a computer novice, ended up with a
Microsoft account because of how things were presented during setup.

If Win10 improved on this, that is good news.

~~~
yuhong
In particular, Win10 provides an easy link to skip it, unlike Win8.1.

------
lvs
What's amazing about this telemetry issue and the forced upgrade path is that,
at the same time, they're trying to fight the PR problem by claiming that they
might soon have a more reasonable FOSS (or at least OSS) mentality, will
contribute to openssh, etc., all as part of their new "customer-oriented
culture." It's really just a carrot-and-stick, isn't it?

~~~
TheOtherHobbes
It's more like carrot and nuclear fail bomb.

Is there anyone in MS management here who can explain how and why this is
supposed to be a customer winning idea, and how it won't launch a stampede
towards OS X and Linux?

"Okay, so we do the spying thing with everything you type. But - scout's
honour - we don't do it all that much. Honest!"

Corporate dementia is becoming more and more of a problem in enterprise scale
IT. HP, Yahoo, Apple, Oracle, IBM, and Google all suffer from it to varying
degrees.

But MS appear to be trying to win a special best-in-class award for it.

~~~
yuhong
It is called "Windows as a Service" for a reason.

------
newman314
I posted this in a different thread but am reposting here for the folks that
do move to Win10.

\--

PSA: For people with Windows 10 installed, I've found the following tool quite
useful in shutting down the large amount of information collected and
transmitted.

[http://www.oo-software.com/en/shutup10](http://www.oo-
software.com/en/shutup10)

~~~
pdkl95
Please, don't use these tools. Yes, they may fix the immediate problem, but
you're still rewarding Microsoft with money and/or market share. You're
sending them the message that you are loyal even when they abuse their power
in obvious ways. By continuing to use their platform, you're conditioning[1]
Microsoft to continue with stronger spyware in the future.

Unless they see an actual reduction in revenue and fewer people using their
platform, this problem is only going to get worse.

[1] operant conditioning (Skinner )

~~~
coolnow
Okay, tell me how i can play all my Steam games then (no, not just the Source
Engine ones).

~~~
pdkl95
1) wine is quite good these days. It has played far more than Source Engine
games for like 5+ years. Ever since steam went to Linux and the Unity engine
became popular, compatibility problems became much less common even on new
games.

2) If you are always going to rank _playing games_ as more important than
spyware, then you're an easy mark. If you aren't willing to make a few
_sacrifices_ to invest in your future, then you're made your decision. Why do
you care about spyware if games are more important?

The costs of leaving are only going to get worse with time. I recommend paying
these costs _now_ instead of waiting for the problem to get worse.

~~~
krompus
Linux gaming is getting better and better. Yes, we have a few sacrifices to
make in the form of _not getting to play every mainstream title_ , but many of
the ones worth your time have great Linux versions, and if not, they might run
well in Wine.

I wiped Windows nine months ago and installed Arch. The only things I missed
were Dark Souls and Insurgency.

I found out a week ago that Dark Souls runs like _butter_ in Wine, and
Insurgency just got native Linux support the other day. I am a happy Linux
gamer.

As for the titles that choose to avoid supporting my operating system, well I
guess I won't be supporting them with my dollars.

~~~
ionised
Do you have any issues with drivers for things like mice, keyboards,
joysticks?

I have a RAT5 mouse and am X-55 Rhino HOTAS for Elite: Dangerous and as far as
I am aware, there are no drivers for these under Linux.

------
MichaelGG
Does anyone know the status of using the Windows Firewall to block this stuff?
Since Search and other parts of the OS are actually apps it seems, if you set
a default deny, then whitelist only certain parts, wouldn't that sort itself
out?

And any idea why MS is acting this way? Certainly offering a hidden opt-out
registry key would satisfy a lot of customers, and not impact the telemetry
data in a meaningful way. For Office, they literally discarded/sampled the
telemetry data as it was simply too much to use.

~~~
yuhong
I think some traffic do bypass the firewall, but it is mostly licensing stuff.

~~~
rasz_pl
Do you have any details? backdooring own firewall would be a HUGE deal.

~~~
click170
Firewalls on hosts should really only be used for protection against inbound
traffic, trying to use firewalls on a host to block that host from sending
traffic a) doesn't scale on a network of many hosts and b) can be overriden if
the thing trying to send traffic has root access to modify the firewall.

Gateway firewalls are much less susceptible to malicious modification this
way, and IMO are the best way to protect yourself from this type of corporate
spying in general.

------
mark_l_watson
I generally support privacy issues (donor to EFF and ACLU).

But, I see some hypocracy in criticizing companies like Microsoft and Google
about the danger of private information being leaked. What about github repos,
data on AWS, etc.? Most people seem willing to trust those companies.

I believe that companies like Microsoft and Google will immediately fire any
employee caught improperly accessing user information.

We also trust our doctor's office and our bank with critical information.

I trust Microsoft and Apple to a large degree because I believe that their
interests and my interests are aligned. I trust Google and Facebook, as
sellers of data for advertising, less.

In the last five years I have gone through two "phases" where I used Linux on
my laptops almost exclusively - for privacy and control reasons. The problem
is both times I was a bit less productive during the periods when I used
Linux. Personal efficiency trumps some of my concerns over privacy, especially
given that the NSA and other intelligence agencies around the world record
most of what we all do anyway.

------
blackoil
Is there a layman's guide to this whole. Does Cortana sends only explicitly
told to it or everything I speak in vicinity of computer. Also, if I create a
text file notepad that uploaded. My email, contacts, photo, messaging all
already live in cloud. I am ok with Cortana having some access as long as I am
aware of what it is.

------
mmastrac
Does Windows 10 actually log keystrokes? If so, that's pretty disturbing.

~~~
McGlockenshire
No, Windows 10 does not generally log keystrokes.

The one and only place that things like keystroke logging are mentioned in the
privacy policy is in the context of interacting with Cortana and the related
search service, where the phrasing is similar to "things you enter here get
sent to us, and we log those things."

The vast majority of the Windows 10 privacy concerns are mitigated by turning
off the Customer Experience Program stuff and never turning on Cortana.

~~~
bhrgunatha
It's been reported elsewhere that key strokes are logged. Whether it is
limited i nature or not, the ability is there and is used.

Why?

What's the need for key strokes to be logged rather than just a complete
edited search term sent to a server. Why does anyone need to know which keys I
press on my computer?

~~~
ecnahc515
This is how autocomplete works. You progressively type, it progressively
adjusts the results so you can stop typing and just select the result you
want.

------
vardump
Microsoft arbitrarily cripples or how it's called in business lingo "market
segments" their products. Maybe their marketing felt Windows 10 was too good
of a product and needed to make it artificially less desirable? Surely no
professional or business user wants to be spied on?

There are a lot of examples in the past too. Arbitrarily limiting 32-bit
consumer versions to just 4 GB RAM. Letting just one user having an
interactive login in the same time. Not having remote desktop server in
consumer versions.

Microsoft, please just make one version of Windows. If you must, make a
separate server version. But please stop this segmentation madness.

~~~
korethr
I disagree that the 4GB RAM cap is entirely arbitrary. Guess how many GiB of
memory you can address with 32 bits? 4. Now, x86 CPUs have been capable of
addressing more memory since the Pentium Pro [1]. But even then, not all
motherboard chipsets supported that, probably because back in 1995, RAM was
more commonly measured in megabytes, not gigabytes. Then consider that
Microsoft discovered that some drivers became unstable when addressing more
than 4GiB of RAM.

From a tech support perspective, the decision makes sense. Most target
consumers probably aren't going to have enough RAM to hit the limit, but are
going to notice and complain when their computers become extra-crashy. I may
well have made the same decision.

1\.
[https://en.wikipedia.org/wiki/Physical_Address_Extension](https://en.wikipedia.org/wiki/Physical_Address_Extension)

~~~
vardump
Why are you talking about 1995? Talking about 2005 is more relevant here.

> I disagree that the 4GB RAM cap is entirely arbitrary. Guess how many GiB of
> memory you can address with 32 bits? 4.

That's completely irrelevant. You could still simultaneously a lot of
processes each taking up to 3 GB RAM individually. All that matters is that
different processes and drivers could utilize whole installed physical memory
range. 2.5-3.5GB limit was already an issue in Windows XP era, when computers
started to commonly have 4GB or more. 32-bit Windows XP could have handled up
to 64 GB RAM just fine.

> Then consider that Microsoft discovered that some drivers became unstable
> when addressing more than 4GiB of RAM.

I've heard this one often, but never seen any concrete examples of drivers
with such problems. What are these drivers actually? What kind of bugs? Say
DMA buffers? Well, if the developer was incompetent enough to set 4GB max DMA
buffer bit for PCI[e] hardware that can't address 4GB+... All other memory
buffers would have mapped behind 32-bit pointers anyways, regardless of where
they actually are in physical memory. You seldom deal with direct mapping even
in kernel mode drivers.

For example, how about drivers that use PASSIVE_LEVEL functions at DPC or
higher? Should they not trigger IRQL is less than equal blue screen as well?
Buggy drivers are buggy drivers, period.

> complain when their computers become extra-crashy

Why would their computers be extra crashy? Windows 2003 server versions worked
just fine with very much the same drivers without any crashing. Why would
Windows XP have been any different?

By the way, I have written Windows kernel mode drivers.

------
click170
"Cannot be stopped"

What a crock.

All you have to do is care enough to install a proper gateway firewall that
can intercept and block these requests before they leave your network.

Companies will only encroach more and more on your privacy all the while
telling you there's nothing wrong and it can't be disabled and that its just a
little bit of your privacy [that they're forcibly stealing].

Stop being complicit in it and do something about it. You'll feel much better
about everything when you do.

~~~
beeboop
I am a developer and pretty computer savvy, but I don't know the first thing
about configuring a firewall and I suspect it would be pretty time consuming
to even make an attempt at doing so. Regardless of what I did, I would not be
confident that I actually blocked everything I needed to. This isn't a
reasonable request of pretty much anyone except professional network
administrators.

I just made the switch to Linux full time after all this Win10 privacy
bullshit. Been Linux full time for 4 months with no problems, never going back
to Windows.

~~~
click170
That's a fair point, but you gotta start somewhere (if you have an interest
and an inkling that is) or just give in and let them take what they want.

I started by configuring it to block everything by default and white listing
the traffic I wanted to allow. Most systems will log dropped or anomalous
traffic so its very easy to work out what traffic needs to be allowed when
some new game's multiplayer features don't work as expected. And as an added
bonus you learn a lot about networking at the same time, possibly opening up
new career opportunities.

It might not be for everyone but if you value your privacy you owe it to
yourself to explore your options. I suggest the Sophos UTM if you're just
starting off, the UI is very friendly and helpful.

[http://www.sophos.com/en-us/products/unified-threat-
manageme...](http://www.sophos.com/en-us/products/unified-threat-
management/demo.aspx)

------
htmk
Another reason to never use windows again.

------
PhantomGremlin
I'm not trying to start a flame war, but an honest discussion. Two words:

    
    
       Satya Nadella
    

He seems even more tone-deaf than most CEOs, e.g. his comments about women
asking for a raise in pay.

So, here's the delicate question: is this cultural? He's originally "not from
around here", but he's lived in the USA for at least 25 years.

In contrast, Tim Cook seems to have staked out the opposite ground, i.e. that
user privacy matters.

~~~
rustynails77
I'm not a fan of Satya, but you are trying to start a flame war. This is what
Satya is on record saying

"I believe men and women should get equal pay for equal work. And when it
comes to career advice on getting a raise when you think it’s deserved,
Maria’s advice was the right advice. If you think you deserve a raise, you
should just ask."

He also said "[I] Was inarticulate re how women should ask for raise. Our
industry must close gender pay gap so a raise is not needed because of a bias"

So you've made a conclusion because he said something that was wrong and
silly. I would go as far so say that it's a big leap of faith that you've
drawn, or that you're trying to be inflammatory on purpose.

Now it would be more accurate to say that Microsoft is seeing how much money
Facebook and Google make from knowing people's secrets.

~~~
PhantomGremlin
It's not fair to quote Nadella saying "I was inarticulate". That comment only
happened after, as Wikipedia puts it, "a strong backlash". Melissa Waggener (a
very smart lady who I've met) probably gave him a good talking to.

