
Every 30 minutes Windows 10 sends all typed text to Microsoft - cantrevealname
https://translate.google.com/translate?hl=en&sl=cs&tl=en&u=http%3A%2F%2Faeronet.cz%2Fnews%2Fanalyza-windows-10-ve-svem-principu-jde-o-pouhy-terminal-na-sber-informaci-o-uzivateli-jeho-prstech-ocich-a-hlasu%2F
======
czechdeveloper
About information source: Aeronet.cz is known Russian propaganda website in
Czech. Nothing close to credible source. I don't judge content, but this
should be noted.

Just try

[https://translate.google.com/translate?sl=auto&tl=en&js=y&pr...](https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Faeronet.cz%2Fnews%2F%3Fs%3DMH17&edit-
text=&act=url)

~~~
tired_man
despite being a propaganda rag, they still have brought to light something
that should not be happening, as others in this thread have noted. MS wants to
collect massive amounts of information from Windows 10 installs.

~~~
amlgsmsn
I don't see how making up lies is a good thing, unless one is pushing an
agenda.

Reminds me of the DRM FUD against Windows 7[1] and the fake benchmarks
claiming that Windows 7 was eating up memory and was slow[2].

And they end up getting a lot of attention and page hits from sites like this,
so it's a vicious cycle, with people repeating this 'information' to others.

[1] [http://tech.slashdot.org/story/09/02/16/2259257/draconian-
dr...](http://tech.slashdot.org/story/09/02/16/2259257/draconian-drm-revealed-
in-windows-7?sbsrc=thisday)

[2] [http://www.zdnet.com/article/why-we-dont-trust-devil-
mountai...](http://www.zdnet.com/article/why-we-dont-trust-devil-mountain-
software-and-neither-should-you/)

~~~
tired_man
You nailed it, exactly.

MS generated a great deal of FUD about for the linux desktop. And it's always
been a favourite of the people who own america's politicians and news
organizations.

That's how all that "marijuana causes brains damage" shit got its start. Dr.
Heath, "The scientist," and I use that term quite loosely, who published the
study, pumped marijuana smoke into breathmasks worn by monkeys. His monkey's
suffered brains damage and started dying and he published his government
funded study.

What he didn't publish were the details of his flawed methodology.

The monkeys were smoked up with the equivalent of 63 joints over a five minute
period. The masks were air tight and the only thing the monkeys could breath
was smoke.

He did that repeatedly for 90 days until the monkeys displayed symptoms of
brain damage and began dying. Okay! Time to publish!

Playboy and Norml obtained the records via a federal info request and
published the truth in 1986.

The monkeys' brain damage and deaths were caused by carbon monoxide poisoning
and asphyxiation.

------
Beltiras
It's in the privacy policy. I didn't believe what I was reading. Windows 10 is
unusable for anyone handling any sensitive data. Think doctors, psychologists,
anyone under an NDA.

[https://www.microsoft.com/en-
us/privacystatement/default.asp...](https://www.microsoft.com/en-
us/privacystatement/default.aspx)

~~~
ewzimm
This would be too big an oversight for a company trying to get more business
adoption. According to Microsoft, the data is anonymized and run through a
virtual shredder before being sent. Here's their statement on it:

“Some of this data is stored on your device and some is sent to Microsoft to
help improve these services. Data sent to Microsoft for product improvement is
put through rigorous, multi-pass scrubs to remove sensitive or identifiable
fields (such as email addresses, passwords and alphanumeric data) and strings
are chopped into very small bits and stripped of sequence data to prevent the
information from being identified or put back together.”

[http://blog.laptopmag.com/windows-10-privacy-issues-
exaggera...](http://blog.laptopmag.com/windows-10-privacy-issues-exaggerated)

It amazes me that this information isn't easier to find and I end up being the
one defending Microsoft. I definitely recommend using Free Software only if
you want to be absolutely sure of confidentiality.

~~~
linkydinkandyou
How do you think Apple gets their spell-check data, or improves Siri's voice
recognition?

In any event, during the installation process, you do see a screen where you
can turn all this off. It's not off by default, but viewing these settings was
part of my Windows 10 installation experience.

~~~
amyjess
I can confirm: I bought a Surface Pro 3 the other day, and when I first booted
it up, the setup screens explicitly asked me which privacy settings I'd like
to enable.

~~~
icewater0
Do you know if there is any information sent to Microsoft by default for which
they did not offer you a screen widget to click that says "off"?

Do you know what actual data is, and is not, sent to Microsoft as you use your
device?

Even if you do, will you still know once Microsoft pushes a mandatory update
and/or changes its 12,000 word terms of service?

------
knowaveragejoe
Analysis here:

[http://localghost.org/posts/a-traffic-analysis-of-
windows-10](http://localghost.org/posts/a-traffic-analysis-of-windows-10)

Doesn't look like the original source of the info is very trustworthy, will
need other people to verify this.

~~~
16bytes
Agree, this is large enough an issue to verify its validity.

If true, however, it is very problematic and of questionable legality (e.g.
unintended HIPAA data disclosures etc).

Apparently people will have to start to invest in configuring outbound
firewalls on their network to prevent various phone-home operations.

~~~
brador
Or stop using Windows and we can put the final nail in once and for all.

Linux, through Ubuntu, is (IMO) now ready for the prime time.

~~~
joshuapants
I say the following as a Linux enthusiast: Ubuntu is absolutely not "ready for
the prime time," as you put it.

It's not ready for home users, it's not ready for most businesses, it's not
ready for anyone except a small number of users.

~~~
cautious_int
Why?

~~~
joshuapants
In comparison to OSX and Windows running on the same hardware, Ubuntu is worse
in every meaningful way. Power management is terrible, window management is
terrible, the Ubuntu software center is slow as hell and has no selection
(amount of useful software is a huge concern, actually). It lacks polish in
general, things that people have come to take for granted in their OSs are
missing or badly implemented.

I'm sure the argument will come that most home users only need a web browser,
so the software selection isn't a problem, but at that point you might as well
just use Chrome OS and get something that actually works.

------
guardian5x
Is there any other reliable source for this? Extraordinary claims require
extraordinary evidence. Having a keylogger in the system by default sounds
like a move that would exclude MS from competing in any businesses in the
future. A move that seems illogical. So it would be nice to back that story up
with some more information.

------
signal11
I don't have a Windows 10 box near me but I remember an option to send typing
data back to Microsoft, which I switched off. I see they have a short FAQ
about it too: [http://windows.microsoft.com/en-us/windows-10/speech-
inking-...](http://windows.microsoft.com/en-us/windows-10/speech-inking-
typing-privacy-faq)

"Go to Start, then select Settings > Privacy > General, and then turn Send
Microsoft info about how I write to help us improve typing and writing in the
future on or off."

Does anyone know if this stops Windows 10 from sending typing data across?

------
llama052
What is it lately with Windows 10 privacy issues blowing up in Hacker-news
since windows 10 came out? I know most of you guys are Apple/Linux guys (I
myself love Linux like the rest of you) but come on, Apple does this, your
smartphone does this, most services you use do this. Just getting tired of the
big bad M$ hate bandwagon. This isn't even a credible article and people are
already going off about it. This is no different than Yosemite which logs your
location and searches that you make with Spotlight and Safari. Yet, I don't
recall seeing articles constantly on the front page about that? Seems a little
biased to me.

NOTE: Not that I condone what Microsoft is doing, just a little hypocritical
to think that big bad Microsoft is doing anything new in the industry,
especially when the products you guys are talking about jumping ship to, have
the same problems. This is nothing new

~~~
mattfrommars
Finally someone who isn't a hypocrite and speaks the truth. The same people
who are complaining about Microsoft data mining are the same people who don't
have issues using Google.

It's just so ridiculously stupid and it's as if it's funny.

~~~
ionised
> Finally someone who isn't a hypocrite and speaks the truth. The same people
> who are complaining about Microsoft data mining are the same people who
> don't have issues using Google.

Nope. You're making assumptions based on nothing.

I have an issue with both (or any) companies doing it, as do many other
people.

I don't even use Google search anymore, and I certainly don't want my Windows
searches consulting Bing.

------
dothis
I don't want the OS to talk to anywhere except for a clearly defined, lean,
verifiable process that fetches security updates.

That's why I use Debian. And hope they do the right thing.

------
wtbob
I wonder if Microsoft also send typed-in passwords to themselves.

~~~
antsar
_We collect passwords, password hints, and similar security information used
for authentication and account access._

Source: [https://www.microsoft.com/en-
us/privacystatement/default.asp...](https://www.microsoft.com/en-
us/privacystatement/default.aspx)

(Click "Learn More" under "Personal Data We Collect")

~~~
yk
This sounds like the reasonable interpretation is, they are reading the
passwords for MS accounts like hotmail. But IANAL, perhaps one should use the
most hostile interpretation possible.

~~~
antsar
When reading a privacy policy from a company like Microsoft, I think assuming
the "most hostile interpretation possible" is a safe bet. If it was only for
MS accounts, why wouldn't they say so?

------
splitbrain
However this will turn out (for now it looks like the source not very
trustworthy) I wonder if there's a small little tool you can install on a
fresh Windows 10 that will let you disable all the various privacy related
setting in one screen. Just a list of checkboxes with short descriptions of
the setting and what feature you will lose when disabling it.

~~~
userbinator
Theoretically it should be possible to do this even if MS don't provide the
configuration options by patching files, but there is a _ton_ of signing and
verification which gets in the way, not to mention things like Secure Boot.
Hopefully the crackers are still interested in breaking through all this and
giving the masses such a tool, like they did before with signed drivers.

------
amelius
When using Google Docs, the same thing happens :)

It is just part of the new trend, that everything runs in the cloud somehow.

~~~
tomswartz07
You're technically correct, but:

Do you type passwords and other private information directly into GDocs? What
about other things you type on your keyboard?

There's a difference between knowingly entering information into a 'cloud'
system, and having a core OS collecting _all_ keystrokes.

~~~
fixermark
> Do you type passwords and other private information directly into GDocs?

Of course! Why on earth would I trust passwords in some random third-party
password locker when I can instead store them in a heavily-secured Drive doc
behind the one account I have with a regular password rotation schedule and
two-factor authentication?

It's where I keep my bank account numbers and last will and testament too. ;)

------
mahouse
Off-topic, and please believe me _I 'm not trying to start a flame war_, but
I'm really concerned about this and I think it could be time to switch -- is
OS X any better in this regard? I had heard it has been phoning Apple since
forever. (I'm not going to consider Linux for a desktop)

~~~
UserRights
Linux is totally ok for a desktop, I would say much better than anything else!
You have several desktop environments you can choose from and you can
customize it to make it work exactly like you want it to. Once everything
setup to your liking, the configuration can be easily copied to any other
system because it is just files in your $HOME folder.

If you are a Hacker, you will be overwhelmed by the great amount of
development tools that are much easier to handle than on any other system.

There are very few reasons nowadays not to use Linux.

~~~
tfigment
Genuine question: What are the equivalent easy to use development tools that
map to sysinternals tools such as procexp, procmon, tcpview, ....? If it is
just lsof, ps, top, netstat then I'm seriously missing some thing. It is one
of my personal pain points with linux.

~~~
blackbeard
process explorer: htop, vmstat, iostat.

procmon: strace.

tcpview: netstat, wireshark.

They're all pretty easy to use.

~~~
lorenzhs
also iftop and iotop to monitor network and file system usage by application

~~~
blackbeard
Didn't know about iftop; thanks for the suggestion.

------
chris_wot
What is with these privacy violations? Lenovo just got caught out installing a
BIOS root kit on a wide range of laptops [0], now Microsoft is phoning home?

0\.
[https://news.ycombinator.com/item?id=10053419](https://news.ycombinator.com/item?id=10053419)

------
arca_vorago
First of all, as others have said, this source may be slightly dubious, but I
have seen a handful of similar sources saying similar things, but I have yet
to see an extensive reverse engineering effort. For the time being though,
because of the variety of similar reports and side effects, I am considering
Windows 10 an surveillance state approved operating system.

For example, in another HN submission where someone posted a tool to
delete/disable tracking services and add ip lists to the hosts file, a user
has reported startup errors. To me this indicates Windows 10 is trying to
communicate even during boot without the users knowledge! That's a big deal in
my book... I don't know about yall.

The one reason I have suffered the slings and arrows of Windows so long is for
gaming purposes, more recently because I wanted to release my hobby side-
project, a game in Unreal Engine 4, on Windows and so I have kept one of my
computers on Windows 8.1.

Last night that machine was compromised, and despite my fairly extensive
malware fighting abilities, I couldn't get rid of it. That means a complete
wipe and only moving data over that I must have, and not trusting that data,
not to mention never trusting the HDD again (going to have to throw it away).
I also question my bios, so I'll need to flash bios too.

I run three main computers, Windows on a Asus laptop, OSX on a Mac Air, and
Linux/DragonFlyBSD dual boot on a Macbook Pro 2014. I think Windows 10 just
might be the excuse I need to push myself completely away from the MS
ecosystem. I've been talking about it for years, but the power of their tie-in
is not to be trifled with.

I also fear for the state of linux in the same way though. At >10 million
lines of kernel code, I think the many eyes theory has a weakness, namely that
complex and huge codebases are antithetical to the many eyes theory working.
that's why I personally think the future of computing will be in code
simplicity and pairing down existing codebases. A good example of a try at
this is Minix 3. <10k loc. (of course lacks many features).

That's also why, even thought I'm a huge GPL/GNU guy, I am increasingly
leaning towards the top down ecosystem of the BSD's.

I think there are a lot of fundamental issues in personal computing that many
of us just ignore and don't want to discuss because the implications of the
conclusions could be uncomfortable. I think it's time for those of us who are
considered power users to start having this difficult discussions more often
and in more public ways.

------
steeples
Windows 10 and previous versions are known to be SIGINT enabled either by
design, or by accident. It would be very cloak and dagger to say by design,
but certainly more plausible to say by accident. There are numerous ways to
harden Windows however, and depending on how much time and money you're
willing to invest; you can get a pretty robust setup. Personally I use Zemana
Antilogger (try to get an older copy - the new one is possibly backdoored).
Download this:
[http://hardenwindows8forsecurity.com/](http://hardenwindows8forsecurity.com/)
(Some of the settings still apply on Win10 I think). And buy the new version
of Glasswire: [https://www.glasswire.com/](https://www.glasswire.com/) (Super
handy utility that stops all the phone behavior of Win10 that can get quite
intrusive/invasive). There are many other hacks to harden Windows but I won't
go into them here. But you can have those ones for free...

Here's Antilogger:
[https://www.zemana.com/AntiLoggerFree](https://www.zemana.com/AntiLoggerFree)
Please avoid the new version, as it's probably weakened by ICs. I'm sure an
older copy is lying around the net somewhere.

~~~
mattdotc
I have a hard time trusting either Glasswire and Antilogger without seeing the
source (especially since you mentioned possible backdoors in the same breath
as your recommendation).

Your first link looks like it's just a pack of local policies, so I suppose
there's some value, if that's the case, for people who don't want to go
through with learning how to set that up.

~~~
steeples
It might be closed source, but that does not equate to 'bad'. It doesn't
contain too many smaller parts it is easy to analyze what the binary is doing.
It does attempt to update, but this behavior can be blocked. Binary blobs do
not have to be a black box, and it is trivial to open up Antilogger in OllyDBG
and see what it is doing under the hood. It might sound like I'm fumbling
around in the dark here, and I admit I am; but Antilogger is one of the first
ten programs I install on a fresh Windows install.

Regular electronics consumers are not going to buy a Thinkpad with FreeBSD on
it, and then house the laptop in a Faraday cage to airgap it. It. Does. Not.
Happen.

~~~
emodendroket
> Regular electronics consumers are not going to buy a Thinkpad with FreeBSD
> on it, and then house the laptop in a Faraday cage to airgap it. It. Does.
> Not. Happen.

Nobody said it would but "regular electronics consumers" also aren't reading
this thread and don't have much to do with the post you're replying to.

------
steeples
Wait...what?

`oca.telemetry.microsoft.com.NSAtc.net`

~~~
hias
nsatc.net is registered by MarkMonitor Inc.

------
jand
Just in case anybody wants to know:

If you want a Windows 10 without Cortana, simply disable the sound card during
installation (BIOS or physically).

This is not a solution, but a workaround for those having no other choice.
Tested with Windows 10 Pro N.

------
adam12
I guess we won't be seeing any more of those Scroogled ads.

------
beauzero
...and I just watched Kingsman the other day too. I don't need this crap.

------
systemz
I never liked Cortana in Halo, apparently she is a spy

~~~
fixermark
Optimized for accessing secured systems with a military-grade suite of
intrusion routines hand-crafted by her creator, yes. ;)

------
CmonDev
Not to defend them, but in modern world my assumption is that everything I do
on the machine is recorded by someone. As long as my bank account is not
affected, not sure I care.

~~~
JustSomeNobody
It's very sad when people just give up like this.

~~~
fixermark
It's not giving up; it's embracing a set of risks for a reward. The question
is whether one feels the set of risks and the reward are too ill-defined to
make the trade worth it.

Microsoft appears to be in the business of trying to build a fully-functioning
virtual assistant. If they're solving that problem with big data, they need a
full stream of the user's behavior to operate on. But the tradeoff---an
actual, working virtual assistant---could very well be worth it to people for
whom that personal information is not worth hiding from a corporation with no
vested interest in undermining their customer base by irresponsibly divulging
that data.

If anything's sad, it's that we live in a world where some people do not have
the freedom to treat their private info so loosely. That's a true tragedy,
because there will increasingly be technologies they can't take advantage of.

~~~
RankingMember
I think they should definitely have the freedom to treat their private info
loosely, but I think that the decision itself should be an Opt-in rather than
an Opt-out affair. We shouldn't have to build our own tools to turn this off.

