
Windows 8.1 Bing passes local PC searches to advertisers - tanglesome
http://www.computerworld.com/s/article/9241524/Steven_J._Vaughan_Nichols_Microsoft_Bing_bang_bungles_local_search
======
JonFish85
"Do people at Microsoft ever talk to anyone outside their own groups?"

From friends of mine who have worked at / are working at Microsoft, sadly this
is a fairly common question, and the answer is "no" more often than you'd
hope. Hopefully the new re-org helps them, because they desperately need to be
rowing in sync.

~~~
yuhong
Some examples:

[http://channel9.msdn.com/Forums/Coffeehouse/VC11-Firefox-
Met...](http://channel9.msdn.com/Forums/Coffeehouse/VC11-Firefox-Metro-
Win8-SDK-and-XP)

[http://arstechnica.com/civis/viewtopic.php?f=15&t=1209093](http://arstechnica.com/civis/viewtopic.php?f=15&t=1209093)

~~~
freehunter
In that first example, I kind of agree with some of the guys there. Why would
VC++2012 need to officially support an officially unsupported OS? VC++2012 was
released more than a decade after Windows XP was released. Windows XP support
ended in 2009, extended (security) support only goes through early 2014.
Ubuntu LTS only goes for 2 years, Windows XP "LTS" goes through 14 years.

Unless I'm missing something, Microsoft really has no reason to care if you
want to target Windows XP. Their official response should be (and is) to
upgrade to a supported release. Windows 7 was released almost 4 years ago and
is supported until 2015/2020\. How long can you complain that an ancient OS is
no longer supported before you accept that fact?

~~~
IbJacked
I agree with your points, but Ubuntu LTS releases are actually supported for 5
years, not 2 (with new LTS releases coming every two years).

~~~
freehunter
Good catch, thanks.

------
bashinator
So now MS is playing catch-up with Canonical?
[http://arstechnica.com/business/2012/09/ubuntu-bakes-
amazon-...](http://arstechnica.com/business/2012/09/ubuntu-bakes-amazon-
search-results-into-os-to-raise-cash/)

~~~
ihsw
There are a variety of other "lenses" (most of which are third-party):

[http://askubuntu.com/questions/38772/what-lenses-for-
unity-a...](http://askubuntu.com/questions/38772/what-lenses-for-unity-are-
available)

* search AskUbuntu.com questions

* calculator

* search Google Books

* find map, time, temperature, wind speed for a particular city

* search ThePirateBay

* search Wikipedia

* search YouTube

You get the picture. But you are correct, Canonical did it first.

------
lowmagnet
"Our goal is to make search advertising easier for our customers, while
providing the best consumer experience with the most relevant results for the
tasks they are looking to accomplish."

I can imagine the conversation now:

Exec 1: It's for our customers.

Exec 2: Like the people who pay for the OS?

Exec 1: No, not those customers, the ones with money. You know, advertisers!

So frustrating.

------
mtgx
This is one step away from identifying your "pirated" songs and movies, and
then sending the data over to RIAA/MPAA, and (if they're really insane) a few
steps away from allowing DCMA's on those files, and deleting them from your
PC. Then Richard Stallman vision of the future would be complete.

Think it's not possible? They were already blocking TPB links in MSN a year or
so ago, but thanks to backlash I think they reverted that.

Oh, and I won't even go into the many ways this data could be given to the NSA
- your local data. Plus, your documents now get saved by default in Skydrive.

~~~
mpyne
Strictly speaking, aren't we always one step away from being one step away
from being one step... etc. ad infinitum?

Sending your local search details across a network just because is bad on its
own merits, you don't need to link in a dystopia as _everything_ can be Kevin
Bacon'd to the Brave GNU RMS84.

Edit: And as indicated in a separate comment in this thread by someone who
actually tried to reproduce, the search queries aren't even sent to the
advertisers directly, but to the _search provider_ just as with any other
search!

------
mtgx
Why is this getting flagged? It's not like the story is false. I've been aware
of this for a few months, but for some reason the media hasn't picked up on it
yet, and I was wondering when it was going to blow up, because it's exactly
what Microsoft has been campaigning against Google about.

------
na85
This is HN where we defend spammers and cold-callers.

Waiting for the CEO of some go-nowhere marketing startup to come in here and
tell me that this is a good thing.

~~~
dictum
This is HN, where some people run small businesses and know how hard it is to
acquire customers.

Newsletters aren't spam and most cold callers only call once, or will stop
calling if you ask them.

~~~
ferongr
>Newsletters aren't spam

Unsolicited marketing e-mails are spam. Unless I have explicitly opted into
them I mark them as spam in GMail.

~~~
dictum
Yes. By "newsletters" I meant "marketing email you've subscribed to".

Personally, I'm okay with receiving a newsletter from a service I've
subscribed to (but only from the company—no "special partners"), even if I
didn't specifically input my email address in a "subscribe to our newsletter"
form, as long as there is a permanent way to unsubscribe.

------
DoubleMalt
But you can easily turn it off by apt-get remove ... wait ...

~~~
WayneDB
Actually, it's even easier than that in Windows because you don't have to
remember some cryptic command or package name - you can just go into search
settings and flip the switch to Off.

~~~
bad_user
Just like in Windows XP/Vista when you configured the updates to always be
manual? Yeah, except that Windows is their OS and your settings are just
guidelines ;)

~~~
WayneDB
Yes, just like that. Please show me a case where the setting is not followed
because I have no clue what you're talking about nor can I find anybody
complaining that it has not worked as advertised.

Furthermore, you're also free to disable the clearly labeled "Automatic
Updates" service and then you can happily spend your time downloading and
manually installing update packages. You can even get separate software to do
this for you or even build your own.

You sure are right about one thing though. Windows _is_ their OS...and it's a
good thing too because I have just never had the time or the inclination to
build my own ;)

~~~
bad_user
Microsoft has the option to override your settings, just as it happened when
they pushed the WGA validation tool in the wild. When it happened several
years back, you had to completely disable updates, because if you had it set
on manual, it was still automatically installed. This coupled with the fact
that the WGA validation wasn't working properly / had bugs, has led to serious
problems for many users.

Also, with Ubuntu for example, you don't have to build it yourself, but it's
_yours_ in a way that Windows will never be.

~~~
WayneDB
There are all sorts of things in Ubuntu that I'd have to "completely disable"
in order to make it do what I want. So what if I can pick apart the code and
rebuild it? I don't ever want to do that.

Honestly - let's weigh the options here. With Windows I may have to beat the
OS into submission once in a while, but I'd have _even more work_ making Linux
even fulfill the most basic requirement like...oh say, having "file creation
time" stamps. (Now I know Ubuntu currently defaults to Ext4...but seriously -
why did we need to wait so long for that?)

I'd rather pay Microsoft every month to use their tightly integrated, high
quality computing ecosystem because it actually offers what I need _with the
least amount of hassle_.

~~~
bad_user
I hear this argument a lot. Do you fix your own car dude? Do you change the
oil by yourself? I don't but I have a trustworthy mechanic that does it for me
and I don't have to suffer the inflated prices of my car's manufacturer. This
is even more important for transportation companies that have their own
mechanics, just as many companies have their own IT department.

On the _quality_ of Windows my experience has not been the same. For me
working with it is like death by a few thousand cuts. Skipping over the fact
that the developer tools that I need do not work well on Windows, every time I
had problems I could find no way to debug what happens, so really the standard
is to just reformat and install everything from scratch. How IT departments
live with Windows I'll never know.

~~~
WayneDB
The difference here is that I don't need a mechanic _at all_ to get what I
need from Windows because Windows is not missing many very basic features.
Five years ago, if we wanted file creation timestamps in Linux, we'd have to
use an alpha or beta filesystem and hire a "mechanic" to fix or even install
it. That's why everybody is using Windows and that's why you hear that
argument a lot.

Furthermore, if you're not using Microsoft tools to develop for Windows then
you're using the wrong tools. If I go try and use Visual Studio on Linux - it
won't work. Go figure.

------
velodrome
If they sell ads, then chances are they pass your information along to others.

Google, Apple, Microsoft, Ubuntu. At least with Ubuntu, you can disable/remove
it.

Switch to Debian, or some other alternative. Privacy comes at a cost...Crappy
thing with Microsoft is you are paying them to pass your info along.

~~~
yuhong
With Microsoft you can disable it too:

"Fortunately, you can turn this functionality off without much trouble"

------
AaronFriel
There's a bit of FUD here - all web searches (Google, Bing, whatever) go to
first parties that sell tidbits of information about your searches and a bit
of space on their web pages to third parties. That much has always been known.
The allegation that it passes local PC searches directly to advertisers well,
that seems a little unfounded. So I checked, I installed fiddler, set it up to
proxy my Windows 8.1 preview Surface Pro, and typed in some search terms.

Here's what I found as a result of typing in "procmon":

With "Use Bing to search online" disabled

\--

When I _begin typing_ in the search box, there is a single GET request to
[https://www.windowssearch.com/settings?setlang=en-
US&cc=US](https://www.windowssearch.com/settings?setlang=en-US&cc=US) with
generic cookies that indicate my device type (the User-Agent is
WindowsConnectedSearch/1.0 (Windows NT
6.3.0.0.9431.7;x64;Microsoft+Corporation;Surface+with+Windows+8+Pro;Slate;6.3.0;Touch;)
and some cookies that may indicate a device or installation ID. It appears
consistent between search results. However, "procmon" is not sent, nor is the
first letter of my search result, and typing additional letters doesn't result
in any more queries.

With "Get search suggestions and web results from Bing" enabled but
"personalized results" disabled

\--

Bing gets my search term when I finish typing. An explicit GET request for
[https://windowssearch.com/suggestions?qprocmon&cc=US&setlang...](https://windowssearch.com/suggestions?qprocmon&cc=US&setlang=en-
US&inlang=en-US&adlt=moderate) is sent and the response is, of all things, XML
formatted with an <rss> element and tags that appear to indicate it's valid
RSS. The cookies sent are the same as above, and no requests are sent to
"advertisers", except it's reasonable to believe Microsoft might set the price
for keywords based on their popularity.

With full personalized results enabled

\--

Bing gets the above, plus a request was sent to
[https://www.windowssearch.com/fd/auth/signin?..etc.](https://www.windowssearch.com/fd/auth/signin?..etc.).
to sign me in when I ticked the box. The request also sent a header indicating
my current latitude, longitude, and accuracy, and appeared to send additional
headers. But none of that went directly to advertisers, although Microsoft I'm
sure can share it with whomever they like.

Now, lastly, until I actually click one of the non-local search suggestions
that show up (not the files that show up) I don't get any more search queries.
If I click one of the suggestions, like "procmon64.exe", I don't get any
requests to any domain except "www.windowssearch.com". Even though I get
thumbnails of web pages and snippets of relevant text below them, my request
never went to an advertiser directly.

As well, even if I type a loaded search term like, I'll use the band "One
Direction" for example, and select the search suggestion, I get a page with
some local files (apparently One Direction matched EntityFramework.xml in some
Visual Studio projects... interesting), artist information, tracks by them,
albums and videos, web pages, Store apps, and related searches. But most
importantly, my machine never contacted any remote host other than
www.windowssearch.com.

So what Microsoft is doing is more innocuous than what the privacy-paranoid
users of Ghostery already prevent. There were no third party domain names
reached, no advertisers directly sent my search results, and _never_ was the
content of any local file uploaded. None of the GETs had a body.

Also, and finally, group policy can be used to completely disable the requests
and businesses could always filter or block the domain windowssearch.com.

I'm a proponent for privacy, but let's not spread FUD.

~~~
acqq
So you confirmed that _every local search_ goes to MSFT servers? It is
default, isn't it? And it's hard to turn off? You mention group policy -- I
know that tool and it's harder than "just change in the registry" which is far
from easy for plain users.

That's really, really bad. Local search sent to MSFT by a hard to change
default is crossing the limit IMHO.

~~~
AaronFriel
Typing "Bing" or "search" or "personalize" or many other variants in the
search all give options to configure that data sharing directly from the OS in
a very easy manner.

------
toyg
Your privacy is our priority! I mean, it's our priority to _sell_ your
privacy.

------
guyzero
SCROOGLED!

------
azakai
> I'm not saying that this type of functionality is unprecedented. Google has
> long incorporated that kind of capability in Android and Google Instant
> search. But it's a new move for Microsoft.

~~~
tanglesome
Since when does "Google Instant Search" search my PC?

------
junto
I often give Microsoft the benefit of the doubt, but if this is true then they
have truly screwed up. Whoever thought that this was a good idea should be
fired. This would never have happened with Gates.

