
Telemetry, Now on Windows 7 and 8 - rosstex
http://www.forbes.com/sites/gordonkelly/2015/08/30/windows-10-spying-on-windows-7-and-windows-8/?utm_campaign=yahootix&partner=yahootix
======
pilif
To play devils advocate here: when it's their own startup project, everybody
is totally into analytics and data driven design. Heck, we even usually defer
our analytics to a third party (Mixpanel, Google Analytics) that will allow
them to form personal profiles aggregated over multiple vendors.

But when Microsoft wants to do the same kind of analytics we all swear by,
then the big outrage starts and everybody is all up in arms.

Personally, I'm against tracking and I fought the powers that be in order to
not get analytics into our products, but that's a battle I lost. So now I
really feel like I'm in no position to complain about MS doing analytics when
even my own stuff does it.

~~~
MichaelGG
Well it's easy enough to block Mixpanel, GA, etc. But details seem to be
unclear on exactly how you block everything Windows does. During the technical
preview, I noted that even the group policy settings to disable things like
web search simply did not work - all my searches were still sent off.

MS has had Customer Improvement Programs for quite a while, but most of them
were opt-in. The shift to not offering opt-out and making things deliberately
vague and confusing is what people are upset about.

Also, just because many startups do bad things doesn't excuse Microsoft.
Especially due to Microsoft's size and influence, "if you don't like it, don't
use it" doesn't always apply like it might to startups.

~~~
superuser2
> many startups do bad things

I'm sorry, do you think startups are morally obligated to not know how people
use their services? Care to justify that position?

~~~
MichaelGG
I view the increasing stance that people should be free with their privacy to
be "bad". Third party analytics increase the perception that it's normal,
common, OK, to-be-expected, etc. that your activity with one party should be
liberally shared with others. Adding GA is probably a fairly minor offense,
but I wouldn't call it a good or neutral thing, so it must be slightly bad eh?
(I use GA; I don't like to, but it makes economic sense).

Startups do much worse though. See, for instance, apps that try to get every
permission. Even if they don't use them, the fact that they ask for such
permissions again instills that this is acceptable behaviour in society.

What you said, "know how people use their services" can be OK. A site doing
its own analytics on data that users wouldn't reasonably expect to be private
is fine (the user is already using the site, and it's fair to believe the site
knows what they;re doing). Anything more invasive (in-app: web or otherwise)
should get clear consent first. It's hard to give consent for e.g. GA - is
that even a thing?

Windows "phoning home" for analytics introduces a new level of data
collection. And most of the harm here is because MS has done so in a vague
way, apparently with a broken opt-out (going off my Win10 usage and what
others have said they've seen with the final release).

------
slowmovintarget
It's getting more and more tiresome having to read every single KB article for
every single Win update to ensure Microsoft are not trying to pull this.

I avoided these updates already but I spent 30 minutes doing the research. I
may soon have to "opt-out" of Windows altogether as it is beginning to take
more of my time dodging the privacy bullets than I want to spend.

~~~
exodust
Instead of opting out of Windows, why not just opt out of the customer
experience improvement program?

It's not hard. Instead of "yes", choose "no".

~~~
MichaelGG
So long as there are clear and working implementations of opt-out, you're
right. Recently people were saying that even with the Windows 10 options
turned off, Windows was still making connections and even sending data when
search was initiated.

------
kijin
Fortunately, the article lists the exact KB numbers for the updates in
question, so if you don't want this "feature" to be backported to your OS, you
can go ahead and disable those updates. At least for the time being, you can
opt out of specific updates on Windows 7.

My Linux migration is almost complete... I only have a couple of apps that I
need Windows for anymore, and I'm planning to build a new PC early next year
that will be powerful enough to run them in a VM without discomfort. Five
years ago, I told myself that Windows 7 would be the last proprietary OS that
I'd ever use on bare metal. It looks like I'll be able to keep that vow :)

~~~
benbenolson
It's surprisingly easy to switch, even if you dive right into the deep end
like I did. Although I've been using Linux for years on all of my other
computers.

------
SignMeTheHELLUp
Time to seriously consider moving to Linux.

I just need a way to host a Visual Studio / IIS windows instance inside a
Linux window manager... is that even possible?

~~~
Nerdfest
Run Windows in a VM, try it under Wine, or use Microsoft's cloud version of
Visual Studio. Not sure about IIS for that one though.

Better yet, stop rewarding a company that treats its users like pests and
switch to open languages and servers.

~~~
51Cards
Nice thought but not practical if he's developing for clients on those
platforms.

------
trengrj
Anyone know good tools for monitoring inbound and outbound connections on
Linux? I'm starting to treat programs running on my machine in more an adverse
manner and would like to make sure these sort of problems are not happening on
Linux as well.

~~~
Nerdfest
Wireshark. Run it on a separate machine to be sure you see everything.

~~~
ianlevesque
But what about the ever growing number of TLS connections?

~~~
yuhong
You can still see the source and destination though of course.

------
aorth
Please edit the link to get rid of the tracking parameters in the query
string.

------
exodust
Just choose "No, I don't want to participate in the customer experience
improvement program".

But that would spoil the fun of these "spying" stories on Forbes and the like.

Funny how Forbes hides the site navigation behind a hamburger menu even for
desktop browsers. And scrolling down loads new content and auto-switches you
to a different URL. It's so clunky and awful, one can only guess at the design
decisions behind such a cluster-f __k. Suddenly the content at the top is not
there and you 're on a new page, just from scrolling down a bit. I guess this
is another example of mobile first gone wrong.

~~~
mappu
_> Just choose "No, I don't want to participate in the customer experience
improvement program"._

Have you read [http://arstechnica.com/information-
technology/2015/08/even-w...](http://arstechnica.com/information-
technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-
microsoft/) and
[https://news.ycombinator.com/item?id=10037753](https://news.ycombinator.com/item?id=10037753)
?

Anecdotally, i recently experienced this issue
[http://superuser.com/a/891516](http://superuser.com/a/891516) despite being
already opted out of the customer experience improvement program.

~~~
exodust
This thread is about Win 7 and 8. The first two articles you link to are about
Windows 10.

The stack exchange link you mention looks isolated to that user's CPU issue.
So isolated, he answers his own question. Comments under the answer from
someone else suggests that opting out of CEI solved the issue for that user.

So, as already mentioned, opting out of CEI is all it takes to not worry about
MS spying on Win7/8 users. Windows 10 might have issues, but that's another
matter.

------
yuhong
I think they have always existed on Win8 at least. The hosts file bypass if
true makes me feel bad I think.

------
benbenolson
Ask a guy who switched fully to Linux a week ago anything.

~~~
atomi
As a Windows 10 insider and switched to Cinnamon Linux Mint - so much happier.
I do miss gaming sometimes but I end up having more time to work or read now
too. So it's a net benefit.

~~~
Filthy_casual
I did the same a week ago - First tried Mint Rafaela with Cinnamon and this
week I got free time to tryout Arch. Turns out their wiki is amazing and with
a little google-fu I managed to install GNOME and any other application I
might need.

I honestly don't miss anything from Windows. I used to game a lot but that
changed and the few games I still play can either be accessed with Play on
Linux or have their own port.

And what's even funnier is that most of apps nowadays have a web version
(Skype, Spotify) so I really avoid meddling with emulating Windows for a good
while.

~~~
TsiCClawOfLight
Skype and Spotify also have native ports :-)

------
RachelF
Surely one would need to agree to new terms of service, or can Microsoft just
change the terms as they see fit?

~~~
McGlockenshire
They're pushed as updates to the existing customer experience program. To see
if you've already opted in, enter "customer experience" into the start menu
search bar, it'll pull up the dialog.

Just like under Windows 10, if you are not opted in to the customer experience
program, none of the data is collected or sent.

I do not know if the default was to opt in or out. I opted in when I went to
Windows 8, with the hopes of being another data point showing someone
completely avoiding everything Metro.

~~~
Animats
The default is opt-out. I just opened "Customer Experience" for the first time
ever on a Windows machine, and it was set to "Yes, send information to
Microsoft". You can turn it off, but whether that actually stops
communications someone else will have to check.

~~~
danieldk
To avoid confusion, what you describe is opt-out ;).

[http://www.wisegeek.com/what-is-the-difference-between-
opt-i...](http://www.wisegeek.com/what-is-the-difference-between-opt-in-and-
opt-out.htm)

~~~
Animats
Right. Thanks. Fixed parent post.

------
MichaelGG
I doubt this is the case, but it's an excellent response if users were
actually postponing updates due to privacy concerns. Burn the existing houses.
Most users aren't going to ditch Windows, but could easily stay on 7.

------
ddingus
I really don't care. Don't have time to care.

For years, I've run Windows on licenses other people paid for. I do the work
that needs to be done, and then I shut those Windows machines off.
Professionally, and that means CAD, PLM and related tech, Windows is where
it's at for the very vast majority of users.

Personally, I run Linux from time to time, and Mac OS for most casual Internet
use. My embedded projects are on Linux or Mac OS now, and I've moved to an
open software stack for all of that activity. Haven't purchased personal
software, other than a phone app or two, in a very long time.

What bothers me is I don't care. I know I should, but I struggle with a few
things here:

1\. Everybody is gathering data.

They are doing it because they know they will have gathered the things needed
to answer hard questions in the future they won't even know they will be
asking. Not to mention the ones they know they will be asking.

Seems to me there is a lot of value potential inherent in all of that
activity. We are likely to benefit overall. Question is whether the benefit
will be outweighed by abuses. I don't know.

(And I'm still not sure I care)

2\. I'm on a startup type project now, and I'm first in line to suggest we
gather data. I want to gather that data because I know serious value can be
understood and delivered by doing that and value added is the best way to make
a nice profit. There isn't any reason to abuse anybody, but security is a
liability and trust issue to deal with. Hope it all balances out. I'll be
doing my part in all of that, and the intent is good.

(and I do care very much about how that all plays out)

3\. With all this going on, how meaningful is it to me? Does anyone even care
about me, beyond the obvious revenue potential I may have?

I should care more about this, but I just don't anymore.

In the end, for the few things I may do that I may see somebody potentially
caring about, why not just do those on an older machine, well trusted, running
open stuff?

And I care about that. Those are getting harder to find. Maybe I'll stock up
and keep a cache for that purpose.

Overall, "we" and I mean ordinary people, seem to be losing. General purpose
computing may well continue to exist. Still seems like it might go away for an
awful lot of people, but maybe not. This is a worry.

But maybe it isn't such a worry. Maybe, just maybe, the compromise is more
data logging.

Maybe the end game is we really can't take general purpose computing away. So
we don't, but the compromise is that we log the shit out of people in the
hopes that we can catch the baddies and or keep them from doing too many
things we don't want them to be doing.

(and "we" there is in the most general sense as people for lack of desire to
define that more precisely)

If so, fine! I get to keep general purpose computers and if I really want to,
I can probably keep some future activity off the grid well enough to not worry
beyond that.

If not?

Well, maybe then I'll care a lot more. I'm just time and energy conflicted
right now. None of this makes me happy, and I wonder for my kids, who are
growing up with so many intrusive norms I can't even hardly relate.

But I have stuff I want to do and I feel very tired of fighting over it.

And I think that's selfish, and I'm sorry.

------
VOYD
And your ISP has all your online information anyways.

------
CyberDildonics
First things first.

Go to window firewall and make sure incoming and outgoing connections default
to blocked for anything without a rule.

Windows by default lets all outgoing traffic through.

Then create rules explicitly allowing the programs that need to access the
internet. Private is like your ISP, Public is like wifi or a vpn (they both
fall under the same category).

There aren't that many programs that need the internet, not much should break.
Your web browsers, maybe steam, maybe a torrent client, maybe a VPN etc.

You can change your torrent client to only go through your VPN by making it
only go through Public networks. Then if you aren't connected to your VPN,
your torrent traffic doesn't make it out.

I'm not sure if telemetry skirts these rules, but it is a very good start.

~~~
DiabloD3
Its already known that Windows 10 (and now presumably earlier ones because of
the Telemetry update), ignore the firewall (or, alternatively, have hidden
rules on it) when talking to specific Microsoft servers.

~~~
CyberDildonics
Is it? Is there somewhere to read more?

