
A (Terrifying) Traffic Analysis of Windows 10 - gregmolnar
http://www.disclose.tv/news/a_terrifying_traffic_analysis_of_windows_10/121544
======
JackuB
Word of caution, linked server aeronet.cz is well known for spreading pro-
russian propaganda[0], conspiracy theories and fake news.

[0]:
[https://cs.wikipedia.org/wiki/Aeronet.cz](https://cs.wikipedia.org/wiki/Aeronet.cz)

------
gregmolnar
I am not sure how legit is the source. It would be great if others could
confirm these findings too.

~~~
verandaguy
As eager as I am to hop on the Windows 10 hate bandwagon, I've gotta agree
with you. The author should disclose the original source if nothing else.

At this time, the closest thing to a source is "Some Czech guy did a traffic
analysis of data<link to an unrelated disclose.tv page> produced by Windows
10, and released his findings the other day."

This is just appalling journalism if nothing else, and hurts both sides of the
case.

EDIT: I retract some parts of that. The link to the source (in Czech) is
tucked away discreetly at the bottom of the page:
[http://aeronet.cz/news/analyza-windows-10-ve-svem-
principu-j...](http://aeronet.cz/news/analyza-windows-10-ve-svem-principu-jde-
o-pouhy-terminal-na-sber-informaci-o-uzivateli-jeho-prstech-ocich-a-hlasu/)

~~~
amyjess
And that "Czech" source is a Russian-affiliated propaganda mill that has a
vested interested in making US companies look bad.

~~~
verandaguy
Source on this?

~~~
amyjess
This came up the last time this article was posted on HN (that time, it was a
Google Translate of the aeronet source).

It was discussed in the top comment and the replies to it:
[https://news.ycombinator.com/item?id=10053420](https://news.ycombinator.com/item?id=10053420)

~~~
verandaguy
Thanks for providing a source. The translated link you provided doesn't
inspire a lot of confidence in their reliability. I'll believe what they're
saying once they provide the exact methods they used to get these results in
order to corroborate them.

------
6d0debc071
What, really? Your source is "some Czech guy?" I mean maybe it's true and
maybe it's not, but at the same time an article that presumably doesn't link
the original article because they don't want people just going directly there
and which might be quoting the most lunatic fringe conspiracy theory is not
worth taking particularly seriously. A five-minute search tends to indicate
that this guy:

[https://systemoverlord.com/blog/2015/08/16/so-is-
windows-10-...](https://systemoverlord.com/blog/2015/08/16/so-is-
windows-10-spying-on-you/)

hasn't been able to reproduce the traffic analysis on casual inspection.

Edit: Here's what I believe to be the original source of the claim:

[http://aeronet.cz/news/analyza-windows-10-ve-svem-
principu-j...](http://aeronet.cz/news/analyza-windows-10-ve-svem-principu-jde-
o-pouhy-terminal-na-sber-informaci-o-uzivateli-jeho-prstech-ocich-a-hlasu/)

And the translation:

[http://localghost.org/posts/a-traffic-analysis-of-
windows-10](http://localghost.org/posts/a-traffic-analysis-of-windows-10)

~~~
howdoipython
I highly doubt the source was a Czechoslovakian guy because Czechoslovakia no
longer exists. Maybe someone from the Czech Republic though.

~~~
6d0debc071
Ah, good point -edits-

------
jff
Here's another well-researched article suggested by this highly credible news
source:

[http://www.disclose.tv/news/The_Russian_Sleep_Experiment_dur...](http://www.disclose.tv/news/The_Russian_Sleep_Experiment_during_world_war_II/103410)

(creepypasta if you don't recognize it)

------
mark_l_watson
I am not sure that I buy this story. A second source would be good.

I was really enjoying Windows 10 and got beat up on HN after defending it last
week. That said a few days ago I switched from having 3 linux laptops and 1
windows 10 laptop to having 4 linux laptops.

I think that Microsoft, after fixing some privacy issues, has a winner in
Windows 10 but I decided to just make my life simpler.

------
ultramancool
Saw this claim the other week, while I've already disabled many of these
things, the largest point of concern to me here is the microphone transmission
and it's one I've been unable to independently verify or deny. Anyone done any
deeper digging on this?

------
nickysielicki
This is straight up blogspam. Notice how all the links in this article link to
the same website?

Here's the original source (In fairness to OP, it's not in English.) [1]

Here's a summary of his findings in English by a guy that isn't trying to
drive in ad-traffic. [2]

Now that that's out of the way, here are my thoughts:

Some of this is certainly true and they don't try to hide it-- just last
weekend I showed my father the above version of this article. He's a pretty
pro-microsoft/anti-FOSS/internet-privacy-is-a-ridiculous-idea guy, but even he
was a little shaken to see that we could open up control panel and disable
something like the reporting of all of your keystrokes-- assuming it actually
disables it.

With regards to data collection and report that users have no control over, I
think it's probably true that Windows 10 is capable of this and has code in
place to do it, but the idea that it's actually doing this at a large
frequency on every user is pretty ridiculous. If it were truly as bad as he's
painting it it would be as easy as opening Wireshark, right? We can look at
blobs in Windows 10 and find hardcoded strings, and while we probably can't
figure out what it's doing with them, we can at least confirm that this guy
didn't make it all up. So why hasn't anyone?

I dunno. But IMO the implications of this being true are moot. We already live
in a world where Chome is telling Google what you're saying to your
microphone[3], where OSX is telling apple where you are and what you're typing
into spotlight[4], and where the most popular Linux + GNU distribution is
putting out releases that tell Amazon what you're searching for in a default
install[5]. Is Microsoft jumping on this same wagon really such a monumental
shift when other operating systems and browsers are already doing it?

I'm glad that people are upset at the idea though, and if you're with me so
far I'd like to make the case that if you're upset about this you ought to be
upset about a possible future that is much worse. I'm willing to eat these
words 10 years from now if I'm wrong, but I truly believe that two imminent
events are going to be catastrophic for software freedom.

1\. From a software-engineering standpoint, LLVM is superior to GCC. It is
well-engineered and will inevitably outperform GCC to a great extent. It's
modular and that means that adding new languages and targets are far easier.
The future of compiler development is decidedly LLVM-like compilers. But this
modular nature (and the license) allows ARM/Intel/NVidia/Ati the ability to
simply put out blobs that extend LLVM. Nvidia/CUDA already do this. [6]

2\. Moore's law is dying, and it's going to result in a transformation of
hardware. (Cannot recommend this article enough, though my conclusion from his
reasoning is the opposite.) [7]

I know it sounds ridiculous at first thought-- "LLVM is under a FSF-approved
license", you say. "Even if it wasn't, nonfree tools have never meant that
free tools cannot exist besides them." "The author of that article made a
pretty compelling case that we're headed towards more open hardware, not
less."

And that's all true.

But consider Apple's iOS app-store lockdown and how anti-developer it is. A
$100 fee to even begin developing apps? Approval processes? It's completely
appalling that we develop backends for services on the shoulders of free
software and yet we're at the whims of Apple when we wish to actually get it
in the hands of users. But that's the small price we pay to be able to get our
software in the hands of the common man's iPhone.

The fatal assumption in the IEEE article is that developers decide what
languages or architectures we wish to target. I don't think we do. The market
does; rest of society does. We make software for the products they choose.
Open hardware is something that we care about, but the market doesn't.
Accessible development tools are something that we care about, but the market
doesn't factor that into their decisions. Compare the iOS app-store to Google
play-- one has free development tools available for all platforms and costs
$25 (to keep spam away). One is available only on OSX and requires a $100 fee
to debug on real hardware. If the market cared at all about these things, that
difference would have lead to Android dwarfing iOS. That has yet to happen.

So what happens when Moore's law slows down and every device is able to roll
their own slightly-different architecture? What happens when the only way to
compile on it is to use their linked library for LLVM? What happens when
you're forced to pay $100 for that? $1000? $10,000? What happens when
microkernels become mainstream and you're forced to compile for EC2/Google
Apps/etc. using their blobs? Can GCC be expected to stay relevant? [8]

Reading this over, I don't know if I've made as compelling of a case as I felt
I had before I started writing, but I do think that the future of software
freedom is unsure and that the more we are willing to put up with their
demands the worse the outlook gets. [9]

[1]: [http://aeronet.cz/news/analyza-windows-10-ve-svem-
principu-j...](http://aeronet.cz/news/analyza-windows-10-ve-svem-principu-jde-
o-pouhy-terminal-na-sber-informaci-o-uzivateli-jeho-prstech-ocich-a-hlasu/)

[2]: [http://localghost.org/posts/a-traffic-analysis-of-
windows-10](http://localghost.org/posts/a-traffic-analysis-of-windows-10)

[3]: [http://www.zdnet.com/article/google-listens-after-you-say-
ok...](http://www.zdnet.com/article/google-listens-after-you-say-ok-google-to-
your-desktop-chrome/)

[4]: [http://arstechnica.com/security/2014/10/mac-os-x-yosemite-
re...](http://arstechnica.com/security/2014/10/mac-os-x-yosemite-reportedly-
leaks-location-search-data/)

[5]: [https://www.eff.org/deeplinks/2012/10/privacy-
ubuntu-1210-am...](https://www.eff.org/deeplinks/2012/10/privacy-
ubuntu-1210-amazon-ads-and-data-leaks)

[6]: [https://developer.nvidia.com/cuda-llvm-
compiler](https://developer.nvidia.com/cuda-llvm-compiler)

[7]: [http://spectrum.ieee.org/semiconductors/design/the-death-
of-...](http://spectrum.ieee.org/semiconductors/design/the-death-of-moores-
law-will-spur-innovation)

[8]: [https://lwn.net/Articles/582241/](https://lwn.net/Articles/582241/)

[9]: [https://www.gnu.org/philosophy/can-you-
trust.en.html](https://www.gnu.org/philosophy/can-you-trust.en.html)

