
Does Windows 10's telemetry include sending *.doc files if Word crashed? - chupa-chups
https://security.stackexchange.com/questions/204530/does-windows-10s-telemetry-include-sending-docs-if-word-crashed
======
vortico
NASA is finding exoplanets every day, and the LHC is probing quarks at high
energies, yet nobody seems to know what is and isn't sent to Microsoft on
Windows 10, despite the relative simplicity of doing so (and arguably equal
importance as this could be giving Microsoft access to billions of dollars of
trade secrets for example). Are any security researchers actively researching
this topic? Even if crash documents are encrypted over the network, couldn't
these questions be answered by patching root certificates, setting up fake
diagnostic servers, tracing the stack with a debugger, etc? Even a
reproducable test of making Word crash 10 times, measuring the bandwidth,
changing the document size slightly, and remeasuring could give some insight
into this question.

~~~
criddell
I wonder how much confidential health information Microsoft pulls from
computers in hospitals and doctor's offices?

~~~
oliveshell
Interesting question.

I would speculate (read: hope) that at least in a hospital, they’ll be running
the Enterprise version and have it properly configured not to leak data by IT
staff who know about HIPAA compliance.

The average small physician’s practice may be a very different story, however.

~~~
BentFranklin
I hate that there are special rules for "enterprises." Every person and every
business is an enterprise.

------
ChrisSD
The extremetech link[0] given in the answer is probably more generally
interesting. That article also explains how to access the MS Diagnostic
Dataviewer which allows you to explore the collected data after you switch it
on (from the Settings app go to Privacy -> Diagnostic & feedback). It also
links to Microsoft's explicit listing of everything that they might collect
for basic diagnostics[1].

Of course Microsoft could be lying but in that case you shouldn't be using
their OS. To borrow a phrase: They have root. If you don't trust them then you
don't trust your PC.

[0] [https://www.extremetech.com/computing/247311-microsoft-
final...](https://www.extremetech.com/computing/247311-microsoft-finally-
reveals-exactly-telemetry-windows-10-collects-pc)

[1] [https://docs.microsoft.com/en-gb/windows/privacy/basic-
level...](https://docs.microsoft.com/en-gb/windows/privacy/basic-level-
windows-diagnostic-events-and-fields-1809)

~~~
Wowfunhappy
> but in that case you shouldn't be using their OS. To borrow a phrase: They
> have root. If you don't trust them then you don't trust your PC.

Is this really an option? I'd posit that even many hardcore Linux folk keep a
Windows partition, VM, or secondary PC around.

~~~
linuxftw
Nope. I don't use Windows at all. If it can't be done on Linux, I simply don't
do it. I don't even bother with wine.

There's a whole planet out there. Your computer doesn't need to be the only
thing that occupies your time, it doesn't need to be perfect, it doesn't need
to do everything.

~~~
chrisBob
My customers often use Windows so my options are:

1) Don't bother testing what I write

2) Quit

Occasional Windows use seems like a great compromise.

~~~
PascLeRasc
3) Find new customers

~~~
AstralStorm
You mean in the 2% or less that do not use iOS, Mac OS, Windows or Android,
right?

------
drfuchs
I remember the NSA refusing to send a core file for us to debug a FrameMaker
crash they ran into, since they knew that their document could be extracted
from it. Perhaps this is the sense in which the .doc files are being sent; in
the trivial case, they may simply be mapped into memory, which is then part of
the dump that gets sent.

------
kevin_b_er
Are Windows 10 and Microsoft Office compatible with HIPPA given they may send
off protected health information without protecting it themselves?

~~~
techntoke
Would be very costly if actually pursued

------
Tepix
I use the free tool O&O ShutUp 10 to disable this

[https://www.oo-software.com/en/shutup10](https://www.oo-
software.com/en/shutup10)

Make sure you reboot after running it, disable telemetry again and do another
reboot. Only then all three telemetry features will remain off.

It‘s a shame that you have to work against your OS to protect your privacy.
Use Linux unless you need Windows for a good reason.

~~~
craftyguy
Using 1 proprietary application to 'lock down' another proprietary application
seems like an exercise in futility.

------
dgudkov
As a user I don't mind sending diagnostic information for debugging, but that
should be transparent to me and controllable. Why not just show a dialog
saying "a crash happened, here is what is going to be sent to us, uncheck
items that you don't want to share with us"?

Quietly retrieving documents without user permission is not acceptable.

~~~
parliament32
Probably because they're just grabbing a core dump of the crash and sending it
off. The dump of your memory may or may not include various items that you'd
like "checkboxed", but it's not easy to clean out unchecked ones from that
kind of dump.

------
kgwxd
Answer: you can't know for sure.

Absolutely ridiculous.

~~~
Someone1234
Diagnostic Data Viewer shows you the unencrypted data. The only way to get to
"you can't know for sure" is by this logical leap:

> But that does NOT guarantee or prove that there is documents privacy in any
> way.

Using that specious logic you could say the same about any software on your
machine.

~~~
sdfgsd3fgsdfg
You are missing the point:

If we dont trust the OS, why would we trust it to be honest and display what
it's actually reporting. You can't be sure until you wiretapped the
communication and looked for yourself.

~~~
bradford
I'm not sure if it's going to impact your trust in Windows either way, but
regulators _do_ 'wiretap' the communication sent off Windows boxes in an
effort to keep Microsoft compliant with law, and Microsoft is financially
incentivized to be honest (at risk of hefty fines).

Tech journalism is quick to print stories of malfeasance in the
privacy/security area, but they've done very little to inform readers of
accountability or legal obligations that are enforced by government entities.
This leads to general distrust and unproductive online conversations.

If you're interested in privacy/security, you _should_ be paranoid about this
stuff, but don't mistake yourself into thinking that Microsoft operates in
vacuum of unaccountability.

(Disclaimer, MS employee, and I have to state that this is my opinion)

------
pixl97
Any headline asking a question is generally no, but in this case yes.

In theory you want the file causing the crash as it makes figuring out the
fault many times easier. The problem comes in when this is your financial
records being sent off to Microsoft

~~~
cm2187
Or a document covered by attorney-client privilege.

~~~
chopin
At least in Europe using Win10 as an attorney (or physician for that matter)
may bring you into hot waters.

~~~
grecy
I worked for Defence for a year. I'd be shocked if they allow this

------
zwerdlds
But Scott Hanselman thinks it's all about MS killin' our pappies.

~~~
smacktoward
I appreciate Hanselman and his work a lot, but that answer riled me as well.
He seems to not understand that Microsoft's underhanded behavior in the past
_actually did_ kill a lot of promising, pioneering companies -- Netscape, Stac
([https://en.wikipedia.org/wiki/Stac_Electronics](https://en.wikipedia.org/wiki/Stac_Electronics))
and Digital Research
([https://en.wikipedia.org/wiki/Digital_Research](https://en.wikipedia.org/wiki/Digital_Research)),
to name just a few off the top of my head.

It's one thing to argue that they don't do that sort of thing anymore, but
quite another to pretend they never did it in the first place.

~~~
deogeo
> It's one thing to argue that they don't do that sort of thing anymore

Even if you argued that, you'd be dead wrong - they won't reveal which Android
patents they use for extortion, till very recently pushed for adoption of the
FAT32 filesystem so they could extract patent fees from that. Now that those
patents have expired, they're doing the same with ExFAT, all while lobbying
against open document formats, and deliberately making their own as difficult
to work with as possible.

That's all just from the top of my head, without even going into Windows 10.

