Does this mean a Win10 machine setup to use something like Tor will leak the user's actual IP back to Microsoft? If you're VPN'd, is some traffic still leaking outside of the VPN?
From an engineering perspective, how is this happening? Does Microsoft have a second network interface hidden away using hardcoded settings for DNS, etc?
On a somewhat related note, if a Win10 app is cert pinning, is there a way to force it to use your cert so you can MITM it?
VPN traffic doesn't leak if the default route is the VPN interface. I tried it and my firewall went silent apart from the tunnel.
I have absolutely no fucking idea what it is sending out though. It's always talking to something. I've turned everything off that is documented and use a local account and remove-appxpackage'd everything. Sorry but this release is a write off. My host/vm relation is being inverted to Ubuntu as a host this week rather than a guest.
If I don't know what it's doing, how can I trust it?
And this is on a machine running Enterprise with privacy settings cranked, and most stuff disabled via group policy.
I'm trying to avoid blocking updates, but svchost is still out there talking to random microsoft servers. The worst part is that I can't differentiate between the servers used for tracking and the ones used for updates. I might have already blocked necessary stuff for updates.
At this point I'm really tempted to just wipe the machine and go back to 7, I've never felt so little trust in a machine I own. Even when I've run malware, at least I knew or could easily find out what was happening. This is just a big unknown to me. I'm seeing claims that it sends idle mic data even with Cortana disabled too, which is making me very paranoid even though the claims look sketchy at best.
No, it is definitely not.
This will change soon though, they're working on browser extensions which will keep all content client side too.
EDIT: Clarified some points, added a little more detail.
A better solution would be decrypting the image and then loading the image into an image tag with a data: uri in base64 encoding.
I could zoom normally with the browsers own zoom tools, I could right-click save normally, etc.
The site is perfectly usable. More than usable, even, because I get RES-style zooming for free, amongst other things.
You can right-click save normally already - just right-click and save. If you want the browser zoom tools, hit the "View in Browser" button or right-click and open in new tab
This website works in every browser I've used, and I've never heard of any problem even remotely close to what you say you're running into.
You might say your browser works fine, but I'd put my money on something there being the issue.
Neither "Save as" nor "View in new tab" work.
I said so on the github issue, too
Do you have running app for mouse gestures? That's the only thing I can think of that makes sense in your scenario. Try holding the right click for a few seconds, see if the context menu appears.
The service provider can still decode the info by MitM'ing.
If you are using Google Fiber, for example, your service provider can do whatever they want anyway – they control your browser, they are a CA and they are your ISP.
If not: As we’ve seen with CINNIC, MitM'ing is trivial because CAs give out root certificates far too often, far too easily
>The service provider can still decode the info by MitM'ing.
Yes, but as I explicitly mentioned, only if you visit the website. If NSA goes to the website and demands the data, they can't do anything with it until I visit, whereas if it was decrypted, they could. This is a non-trivial difference.
>If you are using Google Fiber, for example, your service provider can do whatever they want anyway – they control your browser, they are a CA and they are your ISP.
Google is not going to risk their entire reputation by abusing their CA. Notice how CNNIC was removed from trusted stores and basically lost their business. Mitm by compromising a CA is far from trivial. Also, certificate pinning can mitigate the CA risk almost completely.
Take Megaupload (not MEGA), they had unencrypted data, but complied fully with DMCA and operated fully legally.
Take MEGA, they have to comply with DMCA, too, even though everything is encrypted and they never can decrypt the data, either (MEGA does literally the same as up1.ca)
Additionally, Certificate pinning only works if I visited the site before the MitM started. And some carriers like T-Mobile just strip every Certificate Pinning header anyway, as they use proxies to compress data. (Chrome’s Turbo mode does the same).
MEGA is only able to comply with the DMCA when the link is provided with the full hash.
MEGA is technically unable to remove similar or matching files based on content.
> And some carriers like T-Mobile just strip every Certificate Pinning header anyway, as they use proxies to compress data.
I question the t-mobile thing, unless they're installing certificates on end-user's phones that should not be possible. This is SSL traffic, remember, all those headers are also sent over SSL so unless T-Mobile is performing MITM, this shouldn't be a problem.
As for the Chrome Turbo mode thing, it is disabled for SSL traffic, as are most of these other things.
That is a very baseless and false conclusion.
What crypto? I didn't provide any key, so both the content AND the key came from the same place. Looks like completely useless crypto.
That part is not sent to the server by your browser. That's a seed, it's run through sha512 then split into parts, including a key, iv and filename to fetch from the server.
Now, as I said, in this instance, since I distributed the link on a public website, it's pretty pointless. But when I link my friends and colleagues on a private XMPP server or via textsecure, it's a pretty nice feature to have, as I can very easily share private screenshots.
There is a reason you do actual crypto differently. Encrypt the image with the public key of your friends and send it to them, that is privately.
Giving a foreign entity control over your data and key is not "privately".
Yeah, if you have this concern strongly, well, we're working on browser extensions which will prevent any potential risk here. However, like I said to someone else, unless you reverse engineer every update to your OS, you really shouldn't be commenting. This is just as much "giving a foreign entity control over your data" as using an OS provided in binary form is giving a foreign entity control over your CPU, which would be far, far worse really. Unless you're manually validating the code in all cryptography products you use, there's really no argument to be made here.
> Encrypt the image with the public key of your friends and send it to them, that is privately.
When you do this, say using PGP, PGP generates a static key, encrypts that key to their public key and encrypts the message using the static key.
This is essentially the same thing, the only difference being that the Up1 does only the static key portion and does not provide the public key portion, which you can do out of band using whatever method you prefer, be it PGP, SSL to a private server, OTR, TextSecure, etc.
And it allows the transfer of images and small files in this secure form to be incredibly simple and fast. Pipe into a command line tool or use ShareX, paste that link over a secured protocol and you've securely shared a file.
Of course, if you don't trust the public Up1 instance, feel free to run your own, it's all open source, server included.
It's a trade-off, privacy for a slightly increased risk of security, these days you're more likely to get exploited by a fucking web font than by a script though.
Worst case, like I said, don't trust the public instance if you don't want to (well, if you're the type who doesn't trust their OS provider at least). You can always run it yourself or wait for the browser extensions.
Anyway, for posting on a public forum it’s pretty useless, as it provides no benefit and requires the users to have JS enabled, which is, especially on Hacker News, not really a given.
Even the mods complained when an up1.ca link was used as submission link recently.
Using a standard protocol would be an advantage here most definitely.
The link of the comment I replied to was just as bad as the sites that block right-clicking.
But it's entirely possible, and there's even a dedicated button to view just the image. ("View in Browser").
Make sure your browser is functioning properly - this isn't an issue with the website.
Hacker News is a site I browse on my phone because it works without eating up RAM or anything.
This feels more like a pretty network monitor than a real firewall.
It's not enough to examine software: if you don't trust the company, then anything they say or promise is worthless. Automatic updates can change anything, including the TOS! This is the same company that sells a 1984-Telescreen (XBox) with an always-on camera and microphone. _NSA shouldn't be forgotten.
Oracle likes to tout Java as GPL, but what does that matter when we know the company can't be trusted? Who controls a software project is the key, not the licenses or corporate promises. There's no point in trusting iOS because we've examined it, we also have to trust Apple.
Tell that to Google.
They worked out it's easier to get at our data out and on home territory (cloud, telemetry) than actually have to break into your kit.
In the case of software vendors, you have to trust the vendor.
You cannot independently verify everything. You do not have the expertise nor the bandwidth.
Edit: and if you have the software audited, are you not then trusting the auditor?
But I can just disable networking on the host (which shouldn't be running anything anyways), or at worse, route it though a VM.
I'm more concerned about how to run it in a VM, since I need day to day Win dev tools with Internet access.
So if you can't trust the company offering the service, you shouldn't do business with them. It's the same with food and food supplies: if they can't be trusted to serve/sell you stuff that doesn't make you ill, don't do business with them. Very simple.
I literally have an IMAP box and nothing else.
Currently digging a financial company out of a royal mess of 20 years of bad technical leadership leading to sprawling infrastructure and cloud dependencies.
In your experience, what are the "worst" cloud dependencies? I'd imagine SalesForce and AWS would have very different impact?
Salesforce is the root of all evil. Once you're in the ecosystem, you're stuffed. You know it's bad when the entire business team start running round clucking when the EMEA salesforce instance goes down hard...
AWS is fine. Most of the platform's concepts have real world parallels for example.
That somewhat multiplies the problems.
If so, I suppose you have big issues with your system administration team.
Realistically we don't want to deploy a host file and AFAIK it doesn't work anyway; we want to control the network itself which we do via firewalls and DNS but it's a compromise between flexibility (our users still need to use the internet) and security.
Yes I can see how that would complicate things a little :)
Also change your default DNS servers on the Windows 10 install to point to the UNIX install. If you know how, set up DNS on this computer. I recommend using your own cache listening on 127.0.0.x, not a public one.
Then monitor traffic being forwarded by the UNIX install.
This is not difficult for anyone familiar with UNIX. Plenty of good and bad software to help you.
Do people need instructions? If there is interest in blocking this nonsense I for one would be willing to help.
There are a lot more Windows users than Apple users so this is fun to watch how the Windows users react to the incessant connections to the mothership, which is par for the course with Apple products. Would love to see the stats on how much cumulative user-purchased bandwidth Apple and Microsoft are usurping in order to track the people who have to pay for it.
If you want to block this nonsense, then the easiest way to do it is from another computer acting as a gateway.
Trying to block these connections from the computer on which Windows 10 has been installed will probably be an exercise in frustration for most users and they will give up. (Most Apple users do not know or care so they do not try to block.) I am sure that Microsoft is counting on their users acting like Apple users.
The privacy settings that do not work were pretty good hidden already and many are scared away already. This second level is even worse.
What we need is a simple tool where you set check boxes to fix it all. That would be a solution for the target audience.
In the case of other users, I'm not sure because I do not fully understand it, but it seems like this would not be necessary?
I don't want to be a brat, but what is the possible overlap between people caring to use Tor (for whatever reason) and people using Windows 10 as the host OS ?
You're at the absolute cutting edge of spyware-in-the-home, defective by design, obscured infrastructure that was designed from the ground up to be user hostile in every conceivable dimension. And you're going to run Tor on that.
There's a phrase for this and that phrase is "clown college".
There are many journalists who need to cover sensitive topics, who are not particularly technically literate. They need to be able to buy a system off the shelf, do some minimal and easy amount of installation of privacy protection, and be reasonably confident that it will work and they will not be outing their sources to whatever particular despot is listing in.
Of course, Tails is a better solution for that. But in terms of being able to allow them to do their job as easily as possible, it would be preferable for them to be able to install the Tor browser bundle on their existing OS rather than having to learn an entirely new one (and possibly dual boot in order to run some Windows-only software, and not keep it isolated well enough and thus leak information accidentally).
It apparently took a while to teach Glen Greenwald enough of how to use Tor and GPG in order for Snowden to be able to communicate with him. We need to make this process easier, not harder.
Not everyone interested in Tor is educated enough to reinstall an OS. Or they need Windows for something else they do. Or 50 other things. Or maybe we're concerned about VPN leakage, or any other thing than tor that we might use to obfuscate traffic.
Those people make Tor worse for everyone.
Notably, it's still possible to MITM the traffic, just not as easy as if the system respected the proxy settings. You need to spoof the destination IP and try to terminate the TLS with your own trusted cert. If the connection still fails, only then would you know there is a cert pin. I haven't heard if anyone has tried this with the "CDN"-bound traffic, or the persistent bing.com/live.com traffic.
If a VPN was being used, I would expect traffic would still be routed through the VPN interface. The HTTP(S) proxy code is higher up the stack than a VPN interface.
It does raise a huge red flag though, if you are not fully in control of your own network routing using standard tooling, IMO it's not an appropriate OS for any enterprise environment.
Yes, and they were widely mocked. Privacy fears don't really sell, especially when deployed 10 years too late by a company that is the definition of "establishment".
In general, the average user doesn't care about privacy or security at all.
I develop a network virtualization product, and I spent a ton of time on security aspects of it. Sometimes I feel like that time might have been wasted, because it has thousands and thousands of users and so far not one single person has inquired about anything related to its security. Not one. It blows me away.
With windows 10, I have to pay for the software, and somehow I'm still the product? I don't know their end game, and its really sketchy.
Microsoft lost the internet and mobile platforms to Google. They are going to fight tooth and nail for the PC.
If the average person doesn't give a shit about privacy (and they truely don't), then Microsoft will not be able to charge for products Google supports for free with spying/ads.
Did anyone actually fall for that?
Intelligent systems need information to function, and when the intelligence is personalized, it needs personal information. One of the reasons Google has succeeded is because of that personal information, providing services that have enough context that they are three quarters of the way to my destination before I've even started.
It is enormously jarring how over the top Microsoft went with Windows 10, with insane defaults and little justification, but this is the manifestation of the whole "cloud like" platform. Increasingly we expect a world where a device is just a terminal into a platform, and we can jump to different devices and form factors and the world is almost the same. That is what Microsoft is trying for, clumsily.
For the handful of people who care deeply about data collection, yeah. For the rest of the 900+ million, it's really not a concern.
Edit: I know it sucks to hear, but your concerns about privacy are hardly shared among the general populous.
I really don't think most people expect their operating system to be spying on them.
It's one thing if you're on gmail.com or facebook.com and those sites collect info about you. People expect that. Most people probably don't expect Microsoft to install a keylogger on their computer. (Not that Google and Facebook are in the right, but I don't think they are equivalent.)
Also, your link does not appear to have been updated on Jul. 29 when the author says the final release should have been available. The Ars Technica article we are discussing is from today, Aug. 13, while the ZDNet article is from almost eight months ago (Jan. 27).
Yet, you unquestioningly repeat it.
Local system search while sharing some basic diagnostics data with Microsoft does not share the search queries.
WiFi passwords could be shared with your Windows 10 using Facebook friends, if you allow it. If you care about privacy that much, don't allow it, or better yet, don't use Facebook.
I couldn't find any evidence that Windows 10 shares any worthwhile application activity data.
Yet, it is somehow perceived as a Watergate-level of betrayal, but at the same time it is ok to praise Google for scanning your entire mailbox.
To me this just looks like a bunch of 90s kids struggling to shake off the "Evil Micro$oft" groupthink.
"I couldn't find any evidence that Windows 10 shares any worthwhile application activity data."
Somehow I don't think you actually looked, given how aggressively you have attempted to defend Microsoft in this whole discussion.
No one thinks Microsoft is evil, but rather that they tried to out-Google Google (not very long after their terrible series of anti-Google ads that you even mentioned), taking the basic principal of Google's activities and multiplying it.
Although it is possible to turn it off.
I think it would do them good to be more clear on how exactly they use and collect that data.
In fact I think this page should be read by everyone here: http://windows.microsoft.com/en-US/windows-10/windows-privac...
I didn't find anything huge about application data, I'm sorry. Worst case scenario: your computer crashes and an error report contains a memory snapshot with some of your data. Like any other mainstream operating system today.
This discussion shouldn't defer evidence to either mine or your authority or personality. It doesn't matter if I was aggressive or not. In fact, my defence of Microsoft is relative. In my opinion, it is stupid to feel offended about Microsoft's privacy practices, while supporting an even more invasive behaviour by Google. Among those two it is Google, whose business model of selling targeted ads actually depends on collecting personal data from their users. Yet it seems, they are above any scrutiny.
That's what I've been trying to say. I didn't say anything about any anti-Google ads, because I have no idea what those are.
Finally, seeing people selectively whine about privacy on a social network, even a rudimentary one, like HN, seems absurd.
Joking aside, you realize what you just have said is naive?
Any form of privacy invasion can be - and eventually will be - used for nefarious purposes.
1. Do the different versions of Windows (Home/Pro/Enterprise/Education) behave differently? If so, how?
2. Do the pro/enterprise versions behave differently when they're connected to a domain?
I'd imagine that the answer to at least one of these questions would be "yes." This kind of behaviour would be a deal-breaker in many enterprises.
What is scary is the lack of GPOs to turn this stuff off which you'd expect in an enterprise product. Technically we can't apply policy to make this compliant with our data protection requirements.
Their funeral to be honest.
Can you give some examples of the stuff that does actually have switches?
Yeah, if you disable the Search thing in the start menu for example, it _does_ stop sending your queries to Bing. That switch does work. It just sends a bunch of tracking info instead.
On Enterprise, you can also disable telemetry which does appear to work.
(Supporting Windows is 10X more work than all other platforms combined due to stupid "can't reproduce here" problems on rotted and unpatched Windows machines and general Windows driver API hell. I am including Android and less-commonly-used OSS operating systems like FreeBSD and OpenBSD.)
MS probably doesn't even know. I recall reading that there were 6 different versions of the Service Pack update for Office 2000 depending on where you got them from, and they weren't all compatible with each other. Do you think after another decade of Monkey Boy and his winning business strategy of pitting all the departments against each other that they've improved? Nardella actually seems like a grown-up, but he's still a dyed-in-the-wool Microsoft exec.... less stupid certainly, but just as evil.
One of the biggest problems with Microsoft is that they are too big and disorganized. They have no vision, and no guiding principle, other than maintaining the lingering shreds of their monopoly. This is obvious from looking at the designed-by-committee, piecemeal UI for Windows, which is getting worse every release and not better. The best you can hope for for any particular feature from release to release is that it's just arbitrarily different and not broken or hidden or completely removed.
Windows clearly peaked with XP, but their UI peaked with Windows 2000. The only reason 7 is liked is because they backed off most of the bad things they did with Vista, and the only thing, the _only_ thing I think is better in Windows 8 than any previous version is Task Manager, which is not something I use often. But it is nice.
My #1 wish for Windows post-7 is that I could just use the "Classic" theme, but apparently Windows is now too sophisticated to do what it could do 15 years ago. Their UX department has gone totally off the rails or maybe was taken over by wild monkeys. Microsoft used to be _the_ place for good UI design back in the 90s. They were very scientific about it, and their designs were very well-thought out, based on CUA, and an absurd amount of user-testing and most of all, consistent. Not perfect, but they were very good. But as soon as graphics cards could do more than 256 colors and Photoshop was invented, everyone went wild and UI became the lawless, Wild West funhouse it remains today. Except in the past few years, everyone decided that the "flat look" is cool (news flash: it's ugly and hard to make out) and now we have UIs that are as usable and good-looking as Windows 2, but without the consistency.
I'd thought Microsoft had run out of sharks to jump with Windows 8, but they keep finding more. But here's the thing. I still like Windows. I just wish I could make Windows look at work like it did when it looked and worked well (I'm not referring to the underlying technology, which is presumably improving all the time, although I still think Windows 8 is absurdly slow compared to 7 and much worse compared to XP... and I have empirical evidence. I do a lot of work in a Windows 2003 VM running on VirtualBox (long story) and it's much faster than the Windows 7 host and doesn't suffer from the, oh gee, everything's going to go "Not Responding" for 30 seconds to 2 minutes for no apparent reason that I see with the apps (at least MS apps) on the host.
That's a bold claim, considering that until recently Windows was exactly what you used if you didn't want that kind of always-online emphasis and instead wanted to retain a degree of control and running your software locally.
Like many of the software companies moving in user-hostile directions, Microsoft's biggest competition is still themselves from a few years ago. And we know from both Vista and 8 that even Microsoft do not automatically have sufficient influence to get people to upgrade to a system that is perceived as being worse than what everyone already had.
[Edit: Perhaps instead of numerous people downvoting, someone could actually reply and say what they object to about this post? I don't think either my characterisation of Windows or my characterisation of Microsoft's competitive situation is unreasonable.]
However, my big concerns with a lot of modern technologies are firstly that non-geek users don't understand what they are really signing up for and secondly that even if people do understand what they're signing up for it doesn't matter if effectively the only choices available to them all have the same problem.
I've lost track of how many friends and family have said just-plain-wrong things about what social networks do with their data, for example, or think that posting some comment on their Facebook page about how they don't consent to it will actually have any practical or legal effect.
And to pick on another example that's been much discussed recently, it won't matter that you have security and/or privacy objections to your car spying on you and phoning home with your location 24/7, if insurers are all offering car makers serious money to install those features, and since drivers are often required by law to have motor insurance they have no choice but to "opt in" if they want to drive at all. At that point, there is a complete failure of competition in the market, caused by the artificial distortion of having actual laws that constrain even well-informed people from making the choices they might otherwise prefer to make. We are fast heading that way with general computing as well, where for practical or even legal purposes we are required to do some things on-line, yet the only tools being offered to get us on-line come with these strings attached.
Everyone thinks they're sophisticated. They're correct. The people collecting data are sophisticated too. That's why they brought an AFV to the shoving match. Running away from the firepower effectively means living the digital life of Stallman. Networks are networks because every resource announces its presence.
Writing as someone who has been the victim of a data-driven screw-up and spent several months of having life turned upside down while trying to fix it, I am increasingly wondering if Stallman has been right all along.
More practically, privacy is not a binary measure. We all interact with other people and organisations, and data gets shared as part of those interactions, and often there's nothing inherently wrong with that; some degree of communication is both desirable and inevitable. That doesn't mean we should just give up and condone covert collection, arbitrary sharing, and unrestricted use of personal data by whichever disproportionately powerful organisations can get hold of it.
For example, Facebook can't effectively follow me around the web. I have installed simple browser plug-ins that mean it is not technically possible using the usual techniques like phone-home Like buttons. The sites I visit would have to actively and covertly send data about my visit to Facebook behind the scenes, and most sites aren't going to do that.
For the record, I do also have a problem with the likes of Google being able to operate a mail service that is actively scanning things I wrote or even blocking messages I've sent to colleagues, which they can do if a recipient of my message uses their service. In effect, they have co-opted someone else to provide data I might have sent that person in confidence, just as mobile apps scan my name and number from a friend's address book often without even their knowledge never mind mine. (Of course that kind of action is probably already against the law in my country, but that doesn't matter very much unless the relevant authorities have the resources to enforce that law effectively.)
I believe almost everything is better when essential infrastructure is neutral and serves a specific purpose. Organisations like Google don't so much blur that line as totally erase it, and because I have no way to know that I am participating in their system in the first place, in practice I can't even choose not to send that e-mail to that recipient. I'm sad that Microsoft now appear to be joining that group.
It is clear that Stallman was and is right in regards to the technical dimensions. It's not like we can go back to the time when email was private. STMP never was, that's why Stallman chose his course so long ago. Email is more private today thanks to STMPS. The same is true for HTTP/HTTPS. But even in the old days, there was nothing to prevent someone from publishing your love letters in the school newspaper. It was just more difficult.
Privacy generally breaks into security or anonymity. The issues surround either authorization and identification. Both have always been mostly limited by interest more than anything else. Computers have reduced the cost of being interested and so long as we use computers the djinn isn't going back in lamp.
Privacy is much more general than that. It is about having control of what information about you is shared, who has that data, and how it can be used.
The legal protections for privacy cover a lot more than just a few corner cases as well, but they lag behind what technology can do in 2015 and need updating.
Should you feel the need to use evil apps like Facebook or Google+, make sure the 3 or 4 account names are random (but pass their filters), and that you make sure LOTS of people use those same accounts. Just understand that social media is a drug, and you are a drug addict.
Details of economic spying -- may not be the best article but the easiest to find:
Since upgrading to Windows 10 she's been hit with $200 in overages.
Every time a large iOS, MacOS or Windows update goes live, we can literally see the difference in the overages people pay. It's a big problem that lots of people don't understand.
Microsoft, please get your stuff together. Hire some privacy aware people.
I know I won't get any money back. But I wonder how many other people ended up paying more for Windows 10 by downloading it then had they been able to purchase it on a DVD.
The $200 is likely from the automatic updates, which were pretty big. How much extra in MB was it?
That large companies accept this state of affair is extremely surprising.
That we accept that our electricity and communication bills are being diverted to serve the interest of an operating system's creator.. that sounds crazy. It's like letting the creator of your fridge eat your food and drive your car.
And then you would decide if you take advantage of that or if you would not use it because of fear that the fridge would be sharing more than just the items you bought.
I think that Microsoft looked at the Google Now user experience on Android phones and decided to emulate that type of AI assistent in Windows. Google collects all sorts of user context information and Microsoft decided to do the same.
This is a guess but the difference may be that (some) people are willing to have less privacy on their smartphones but care more about privacy on their computers.
I don't mind that (Cortana).
I do mind that when Cortana and its supporting options are explicitly disabled, Win 10 apparently still won't stop chattering back with HQ constantly. Not only for privacy reasons either; it seems (though I'm not certain of the relationship) to have a substantial, though intermittent rather than constant, impact on performance.
(Utilities::HashMapContains(_qosUXScenarioDataById, scenerioId) == false)
Assertfailed: (Utilities::HashMapContains(_qosUXScenarioDataById, scenerioId) == false):
Instrumentation is active when we try
An operating system that is sending random internal data to random places on the internet seems to violate both a wide selection of national laws related to data privacy, and many corporate policies relating to trade secrets, privacy, internal operations and so on.
Microsoft must have thought of this. What's their plan for continuing to sell to these customers?
Well there you go. If you ever wondered whether this is happening only on the Microsoft Account(tm).
The "send search data to an internet endpoint even if it's patently obvious that the search is for local resources" reeks strongly of Ubuntu's Amazon Shopping Lens. Did Mark Shuttleworth switch gears from Canonical to Microsoft when I wasn't looking?
Perhaps pedantic, but that's redundant; HITECH doesn't define breaches separately from HIPAA, it establishes standards for when HIPAA data is "unsecured" and reporting requirements, etc., related to HIPAA breaches.
Of course, this is speculation right now, and perhaps my concerns are unfounded, but I can already imagine some old doctor typing "J. Random Hacker biopsy" into that Start Menu search field in the hopes of finding some document and inadvertently sending the fact that J. Random Hacker had a biopsy to Microsoft and potentially some advertising partners (depending on the nature of such transmissions).
I did like Windows 10 though, but then they kinda ruined it
you mean you did "tail -f /var/log/secure".
> God forbid Microsoft give 7 the boot for support like they did XP.
god forbid Microsoft try to deprecate OSs after nearly 13 years. note that in 2001, the newest Linux kernel available was in the 2.4 series, with many people still using 2.2.
You seem to have invented a decade. Windows 8 RTM was just over 3 years ago.
Also, while I have some sympathy with both the idea that software isn't perfect and the idea that Microsoft need a viable business model, I don't think it's unreasonable to expect a product like Windows 7 to come with essential support for a significant period of time, perhaps based on the expected working lifetime of devices where the software is normally installed.
It's true that we don't know how to make perfect software yet, but it's also still the case that those security and bug fixes are only necessary because the product as originally provided was defective. If you're making as much money from a product as Microsoft do from Windows, and if defects in your product cause harm on the scale that bugs in Windows do, I think it's fair to expect you to make good your mistakes for a reasonable period as well.
It also seems to me that Microsoft could do very well from stating a reasonable period of guaranteed support with the purchase but then offering reasonably-priced ongoing support afterwards so it have a real revenue stream to fund long-term maintenance if it turns out that devices running Windows 7 are in use for a long time. This also conveniently removes the incentive to ship successive products that are seen to be worse than what people had before.
Under Microsoft's software lifecycle policy, operating systems are normally supported for 10 years. So, for example, we already know that support for Windows 7 ends in 2020, unless it's extended.
The best LTS on Linux is 5 years, and used to be 3 years. The best lifecycle support on OS X is, oh well, pick a number. A small number.
If you bought Windows 7 in 2009 and took a free upgrade to Windows 10 then you're supported until 2025, if your hardware lasts that long. So you'd have got roughly 15 years' use of an operating system for roughly $40. It's obviously terrible value....
All I'm saying is that a significant period of support -- longer than the 3 years the posts I was replying to seemed to be suggesting -- is a reasonable expectation for this sort of commercial software, because the developers are supplying an imperfect product in the first place.
In contrast, if the new version of Windows with its compulsory updates removes that ability to keep what you actually bought working as well as it was when you bought it, that is not a good thing, any more than it is when Apple have dumped support for old versions of iOS or OS X well before the end of the useful lifetime of devices they ran on. The position that the software industry wants to keep changing things so everyone else should be forced to keep up whether or not it's actually in their interests is not something I can support.
Oddly enough, Microsoft already tried that. They ended up with people running 14-year-old code (which cost them money both short term and long term) and a major malware problem.
Check out conficker devastating businesses and costing people a fortune ... almost wholly because they didn't install the patch for it. And these idiots are running supposedly-competent businesses or government departments.
The business branches offer more control over taking updates, but this is a consumer operating system.
As a personal anecdote, the only serious malware that has ever hit any system I run, as far as I'm aware, was a zero day exploit. The system was fully patched when it was hit. In contrast, the amount of productive time I have spent over the past few years recovering from problems caused by non-security-related software updates that I didn't particularly want but couldn't avoid if I wanted to keep the security patches is probably measured in weeks by now.
I'm all for keeping systems secure, but when updates start to take priority over keeping systems useful, you have a problem. Most security patches are fairly low risk and have few if any unrelated side effects anyway, but that is certainly not the case with modern software updates more generally. Just look at the frustration of browser users with Mozilla constantly rearranging the UI or Google actively removing functionality from Chrome, or of course the number of users who never moved from Windows XP to Vista or from 7 to 8 because the changes weren't considered improvements.
In the brave new world of Windows 10, the average individual user will be stuck with all the updates, security or otherwise, whether they want them or not. There's really no excuse for that, even in a consumer-focussed OS. Install updates by default, so less technical users get what they probably want? Sure. Block even knowledgeable users from choosing whether to install specific updates? The only time that makes a difference is if Microsoft want to force an update that the user does not want.
Welcome to the brave new world. (Apple removing functionality as well.)
Windows 10 is moving to a continuous update process that is exactly like Gmail, Facebook and all web apps, and for exactly the same reasons.
At least this avoids the "big bang" updates that left incompetent organizations running buggy, insecure 14-year-old code. (The buggy insecure new code actually does work a lot better ;-)
> Block even knowledgeable users from choosing whether to install specific updates?
How many are of those exist? As far as I can see, the number is between very, very small and zero, and even the best know far less about updates than Microsoft (because Microsoft can see tens of millions of PCs, and it has the source code).
That very small number has a problem because Microsoft is trying to cater to a billion users who don't even pretend to such arcane knowledge.
Otherwise, there's a business branch where you can delay updates for a few months, and one where you can effectively delay them forever.
> You seem to have invented a decade. Windows 8 RTM was just over 3 years ago.
> > God forbid Microsoft give 7 the boot for support like they did XP.
I'm more wondering for my own selfish reasons (I'd like to stop the majority of this junk effectively if possible).
As if they're thinking we all don't give a shit. But if we all didn't, why the downturn in trust in USA tech corporations post-Snowden?
I can't help but think that this is either massively naive from their part (people/companies won't care, they will buy our stuff and services regardless) or very short-sighted (as it will hurt their cloud services offerings in the long run, the more they hammer down the trust from their own users in MS' wares.)
I stayed in Ontario (Mississauga) last year for six mo. and I was on Rogers, capped at 80 Gb/month. My alternative was Bell. Same price. Same cap. Week-long activation date.
I was paying what I had been paying for in the US for unlimited data. There were uncapped plans available, but they're pricier. Considering the building was hooked up to fiber (at least Bell suggested it was), getting 80 Gb seemed a bit stingy.
The best way to illustrate how broken our system is to our American friends is to point out that, when I returned to the US, I was thankful to return to Comcast.
Which is like being thankful to getting reinfected with Ebola.
This actually brings up a great point which is that systems need some sort of bandwidth conservation setting. We recently were traveling and had a couple of laptops and pads with us. Having no data connection at the hotel we were at, I enabled tethering on my smartphone.
Last than an hour later I got a warning that they had blown through my 5GB. This wasn't active use, but literally was largely laptops auto downloading patches (they hadn't been turned on in a couple of weeks, backlogging GBs) and browser updates, pads pulling a tonne of updates, etc. It is becoming completely unmanageable.
Once i saw that option, I immediately set it because I also use my mobile data connection for access.
I say this, not because I think that this is OK, but to reflect, that even the change of the settings do not save you from the harm, that was done from the privacy terms!
Why downvoted? When you disagree, than give arguments, not gutless clicks!
An OS sharing all your data even with snooping disabled falls under this regulation, and multiple EU data privacy officials are already investigating and preparing a case.
Microsoft once already was under EU investigation and the whole thing was settled with minimal efforts for Microsoft (the only thing I remember was, that they had to provide a browser selection screen).
When the OS sends encrypted data to their servers, who will prove, that their is an offense made? Even when the terms are troublesome in the EU, they will just make some cosmetic changes to the terms for Europe. There are other terms, that are not valid in the EU, but Microsoft did even not change them yet (as much I know), even when it gets problems to enforce them on the courts.
Privacy might be a issue in Europe, more than in the US, but don't forget: the privacy officers in Germany have nearly no power, and are laughed at or ignored by most politicians.
Microsoft has nearly nothing to fear, IMHO from the EU, so long the US jurisdiction is also holding its peace. In Germany/the EU, nobody has the guts to fence to hard against a large US corporation -- but that is my opinion.
It would be nice, when the EU would act on it, but I don't trust it!
They fought many battles, especially against Facebook, which led to court rulings in the manner of "Instant change of terms, instant destruction of data, or 6 months jail for the CEO".
Internationally, many might laugh about the ULD, but you do not risk a fight with them. And now, with them starting to look at Microsoft, I would not want to be in Microsofts place.
The terms that they changed had several opt-out (as opposed to off-by-default opt-in) features that are mentioned in OP's article.
That's almost exactly what he said - Legally, user is at MS' mercy, ethically that's not OK.
Am I supposed to consult a lawyer each time I want to install a software ?
I also think, that Microsoft should be held accountable -- but it starts with those terms!
I think, many people just rushed into Windows 10, because it was free. But free, seldom means free in deed. A clever trick of Microsoft to trick people into this.
As long the privacy terms are not effectively changed and the OS stops to send coded data to servers, this OS can not be trusted.
And this is absolutely unexpected. That's why there's a very popular post on ars technica and hacker news and reddit with tons of well-informed technical people surprised about it and pretty pissed off.
If you don't like 300 pages of ToS then don't buy Windows. It's your free choice. Software should be protected speech. I don't like Windows 10, but then I also think that Microsoft should have the right to write Windows however they like as long as they don't factually lie in their privacy statement and other documents.
> to use a product you've already purchased
The person who sold you Windows should've informed you of the license.
No, it isn't. Very few choices in a very capitalist society are actually free, they are free in the sense that choosing to comply or not with a gun to your head is "free". Which is why regulation is necessary. Burying anything significant in a ToS is in our society meaningless, because if it actually had teeth it would be fraud.
But Microsoft is on the secure side, because you confirmed the terms -- and not many judges in the world will blame Microsoft in this situation, even when you argue, that you haven't read the terms. When you sign an other contract, you also can not argue, you haven't read the terms (even when they are in very small letters).
Sure you can. And if it's a contract of adhesion between a business and a consumer where the terms are unreasonably loaded in favour of the business, you might actually win, too.
(I am not a lawyer, your jurisdiction may vary, etc. I have however worked with real lawyers on real terms and conditions documents, and have been consistently advised that it's preferable to avoid surprising terms and that if any do need to go in then they should be early and prominent to maximise the chance of them standing up if anything ever got to court.)
But I have seen worse contracts and the companies are coming threw with it most of the time, but maybe in your country the juristic system is better and not the size of the company or the number of lawyers are important.
I for my side, would not bet on winning a trial against Microsoft in such a case.
See my answer here:
Can you name examples, where big corporations got "Serious" penalties for privacy issues? I don't know any. I only know, that in Germany, we always say, how important the issue is, but at least under our current government, privacy issues and the officers are laughed at by the big politicians. They might say different, but that is the reality (in Germany, everything is double-correct, until you look under the carpet!).
The trouble is, besides the juristic impact here, when you go on this level, it gets political and many influential German politicians don't want to mess with the US and with big corporations (their motto: "Sozial ist, was Arbeit schafft!"), particularly in the current government! And don't think, that the EU is an independent entity -- the German government likes to make it look as such, but in reality, the EU does nothing, what the governments of the most influential countries do not want.
(I also don't think, that the current German government will change soon -- it is a mess!)
Not yet, but I would argue that's because organisations like Google and Facebook have changed their behaviour when challenged to avoid things going that far.
However, Europe has imposed heavy fines in the past on the likes of Microsoft, and various nations in Europe have also formally investigated and taken legal action against major tech firms in relation to privacy concerns. For example, see http://www.bloomberg.com/news/articles/2015-05-06/facebook-p..., which is about an ongoing investigation.
That are the cosmetic changes I mentioned. I know nobody in the EU, that really wants to mess to much with the big corporations (I mean, the really big ones). And privacy concerns are mostly laughed at -- in Germany, the government itself even forces new privacy troubles without need on the people (like the "smart meter" or the "health card").
This is something, that definitively should be changed in our legal systems, but they are far from perfect, even when there are sometimes some honorable judges around (much to seldom in my country!).
Better way of arguing for your point would be to say that you cannot consent if you are uninformed, but if you were presented with the privacy statement then whose fault is it that you are uninformed and still went ahead agreeing to something you don't understand. Do you also take candies from strangers? I don't think what Microsoft is doing is ethical, but then I think it would be much more unethical for us to take Microsoft's right to free speech. I think you are arguing for nanny state.
There is no practical way for the average person to have a significant enough understanding of privacy policies due to the wordings and the 'as provided by law' type clauses that require understanding of even more complex documents (and possible even court cases). That people agree to it anyways is because it cuts one out of so much to not agree to privacy policies. Even going to the doctor involves a policy that includes 'as allowed by law' that makes it very difficult for anyone other than a specialized lawyer to understand.
Microsoft knows that people aren't understanding this and using it to their advantage. A ban on taking advantage of this is no more a nanny state than already existing bans on many cons and scams (those that don't rely on lying but on confusion and misleading others). For example, I can't hand out checks for $100 that include really nasty terms of repayment ($200 due in one month, else I get to seize any items I wish from your possession). This isn't a ban on any freedom of my own except my freedom to take advantage of others.
To relate it to your example of taking candies form strangers, if I'm handing out bad candies and someone else is eating them, who is at fault? Even if they should know better (which with these being complex legal candies that means most people shouldn't know better) I'm still at fault for handing out bad candies.
And I'm arguing that this should not be a concern. If you do not understand something then you shouldn't agree to it. People should ask their lawyer, consult Microsoft, consult websites dedicated to such issues, etc. Unless you can prove that privacy statement is misleading to laypeople then it should be user's fault for not bothering to inform themselves.
> A ban on taking advantage of this is no more a nanny state than already existing bans on many cons and scams
I'm arguing for this (even though I severely disagree with choices Microsoft made) because it's a slippery slope that leads to precedents for government to introduce regulations that clearly aren't in public's interest.
Software as protected speech was established at the end of crypto wars, when encryption programs stopped being classified as munitions and restriction on strength of cryptography were lifted.
If we let Microsoft not exercise their right it might set a trend for the governments to go back in other areas like cryptography, using old scare tactics to reverse what was achieved before in the name public's interest by appealing to the fear of terrorism. You fight for Windows to not be compromised for its users, but it could be that this fight would lead to other curtailments of speech that would not only paradoxically harm Windows but any other reasonable alternative that we currently have.
that's probably my fault for being so naive.
Unfortunately, the OS is then loaded with so much extra crud, like all the privacy snooping problems, the crapware (even an ISO downloaded from MS contains junk adware-loaded 3rd party games and software), and so on.
From a technology standpoint, the base OS is far more than lipstick-on-a-pig. Windows XP -> 7 -> 10 has been a decent progression.
I'd still never recommend Windows 10 to anyone though. The evil outweighs the good.
It does disappoint me, though. Microsoft was one of the few major players in IT that could realistically have offered an antidote to the always-online, spy-on-everything, everything-is-a-service, subscribe-not-buy, force-updates-you-don't-want madness of recent years. Instead, they seem to be throwing good money after bad in what I'm already expecting to be a repeat of Vista/8 level failure. They have about as much chance of actually out-Googling Google as Mozilla do with Firefox, yet like Mozilla they persist in trying and in doing so alienating the substantial user base who valued their products precisely because they weren't like that.
I felt the same way after they came out and said they really believe in protecting data and people's privacy. This is the exact opposite of all the big talk over the past few years. Disappointing for sure.
I tried upgrading to Win 10 this past weekend and it was a disaster. My 3 year old video card wasn't supported (no dual monitors) and then after I reverted back to 7, it killed all my network adapters so I couldn't connect to the internet. I had to nuke my entire OS and start fresh. I'm not upgrading anytime soon.
Here's some of those articles:
But, that's pretty much a well-established pattern (Microsoft has done it with lots of things before, but so has Apple and lots of other companies, its not particular to Microsoft) -- if someone realizes an opportunity you didn't, you attack them for it and try to get the market to see the product as unnecessary or even abusive, right up until you are ready to push something that exploits the same opportunity.
Fair enough, they actually create big holes in the market that startups can eventually fill in. Albeit it won't be easy (replacing Active directory, Exchange and Office suites), rewards are worth it. With that, Microsoft as desktop and server solution provider is a history.
Still not getting why they want to copy Google's revenue stream, when they have solid base in vastly different areas...
I'm half-wondering whether the plan has always been to prioritise the consumer market with Windows 10, and they're taking a reasonable punt on the fact that most businesses won't upgrade for a considerable time anyway, giving them enough opportunity to push out updates that address those businesses' concerns based on the early feedback before it really makes much difference. If that is the case then it's still possible that they have misjudged their market and they'll never fully recover from the negative initial reaction they've been receiving in recent weeks, but the strategy itself would be reasonably logical.
And since Windows 10 is to a large extent a move into remote PC management, Microsoft obviously wants to manage them with as much info as possible. Telemetry is the quid pro quo for free upgrades for the life of the device.
The handful of geeks (somewhat less than a billion users) who are capable of managing their own systems obviously don't like this. However...
> the negative initial reaction they've been receiving in recent weeks
Public interest has been phenomenal, the reviews have been overwhelmingly positive, and most people seem to be very happy with it.
This is where I start to challenge what Microsoft should (as a matter of law and/or regulation) be allowed to get away with. As I've stated in other posts in this discussion, I think there is a reasonable expectation of support for a significant period for this kind of software product given that the only reason those updates are actually necessary is that the original product someone paid for was defective. We don't know how to write perfect software yet, but I don't think software companies should be allowed to ship defective software and then change the deal retrospectively in exchange for putting right what was their own mistake in the first place.
I wouldn't know. Among people I actually know personally in real life, whether professionally or friends and family, geeky or not, I'm aware of literally no-one who has actually installed Windows 10 other than for testing purposes. On the other hand, I do know plenty of people, again both professionally and personally and both geeks and not, who seem quite convinced that they don't want it for now in light of things like forced updates, privacy concerns, hesitation after being disappointed by the Windows 8 touch-biased UI, hearing about paying to hide ads just to play a game, and other negative aspects. Moreover, so far no-one I've talked to seems to have found any good, concrete reason to upgrade, other than the not-really reasons like "it's free" and "it's the new version". The occasional gamer mentions DirectX 12 and the occasional web developer mentions Edge as something they might need to test with, but the general reaction seems to be a resounding "meh" in the circles I move in. YMMV, of course.
I'm also curious about where these positive reviews are, because the Internet I've been reading for the last few weeks has been one disaster story after another as far as Windows 10 coverage is concerned. In light of my previous point, I assume the Internet all those other people have been reading has looked similar. But again, YMMV.
A quick google....
Windows 10 review: Why the new Start menu, Edge browser, new apps and Cortana make Windows 10 the best Windows yet
Windows 10 review: The OS upgrade we've all been waiting for
Windows 10 review
Microsoft Windows 10 review
Are you a Windows 8 user? Still using Windows 7? Either way, you'll love Windows 10.
That seems where we disagree.
With other kinds of product I buy, at least in my country, there are consumer protection laws about the being of sufficient quality and fit for their intended purpose. If a product doesn't live up to those standards, I am entitled by law to have the situation put right or compensated one way or another, for example through repair, replacement, or ultimately a refund of some or all of the money I paid to buy the product. If a product is so bad that it causes other harm as well then in some cases I would also have grounds for further compensation. (The situation is also somewhat different when selling to businesses vs. private individual in my country, so I'm oversimplifying here.)
With software, developers have historically been given a lot of slack, in part because none of us know how to write bug-free programs so expecting everyone to achieve that standard before being able to sell anything is unhelpful. However, the same basic legal principles do still apply, and they have sometimes been used in practice. Part of the reason that big software developers like Microsoft don't fall foul of those rules more often and wind up paying back a lot more in refunds and/or other compensation is that they do make reasonable efforts to fix defects in their software for a reasonable time after purchase.
My point is that providing a reasonable degree of support is not really optional for them and they are not really being generous in providing it. If they stopped doing so, and their customers then started suffering real damage because of bugs or vulnerabilities in Windows, then Microsoft would risk being sued until either they fixed the problems or their business failed.
This has absolutely nothing to do with any other kind of update. Microsoft has, to my knowledge, no obligation after a customer has already purchased their copy of Windows to provide ongoing development of new features, drivers for other vendors' hardware, or their UI. They might choose to do that, and they might choose to offer those things to customers in return for money, data, or any other agreed form of compensation.
But whether or not they do that, it doesn't change the basic obligation they do have to provide a decent product if they're charging real money for it, and to make reasonable efforts to fix defects or compensate for them if their original product is flawed. The customer is entitled to get what they paid for, not a broken version of what they paid for, and not a version where a defect was fixed but some other unwanted change was also made so it's still not what the customer was originally supposed to be buying.
I'm not sure how much credibility I'd give reviews from that kind of source. Of course they look favourable, because they seem to make little effort to be at all critical of anything and almost completely gloss over the widely reported problems and backward steps in favour of... ooooh, shiny!
For example, several of them highlight robustness as a big point in favour of Windows 10. Given the huge amount of negative comments from people who were in the beta/preview programme and the multiple, widespread, system-breaking forced updates that have already been pushed out within just a few days of launch, I don't see how any unbiased review could possibly conclude that stability is a strong point for Windows 10 so far, and I see no basis for the blind faith several reviewers seem to have that Microsoft will fix the fundamental risk of bad updates bricking boxes. Few of the reviews make a big deal of removed features like Media Center, or hardware incompatibilities with older devices, which are the kinds of issues that won't trouble the majority of users but will be very bad for those who are affected. I don't see much mention there of clunky search tools or the confusing division of what used to be in the control panel into multiple areas. None of the reviews that I looked at even mentioned things like privacy concerns, or spamming ads at you unless you pay subscription money to turn them off, or the WiFi Sense security concerns.
Try Googling a few other relevant terms, like say "Windows 10 laptop reboot loop" or "Windows 10 WiFi Sense security" or "Windows 10 search", and see how overwhelmingly positive the commentary looks then.
Compared to who?
They're selling Home OSes for roughly $10 to $40 (sometimes free with Bing) and even a trivial support incident costs 2x to 3x revenue.
Further, most people have never actually bought anything from Microsoft. They "buy" it from the PC manufacturer, who is actually responsible for supporting their product.
> I'm not sure how much credibility I'd give reviews from that kind of source.
They're the sources most people use.
"Windows 10 laptop reboot loop" doesn't apply as it came after the launch; "Windows 10 WiFi Sense security" just shows a lot of ignorance, and "Windows 10 search" doesn't show anything very much. Paranoia, maybe? I looked that one up on Google, which probably now means "sending personal information to Alphabet without my consent".
That's their problem, just as it is the chair maker's problem if he sells defective products on tight margins and then has to repair them at an overall loss when someone sits on them and they break. They're perfectly entitled to sell their software for more, if people are willing to pay more for it, but whatever the price, the buyer is entitled to have the working software they reasonably expected to receive in return for their money.
That is basically true, though as soon as Microsoft start arguing anything about EULAs being binding agreements they're probably going to be on the hook as well. Third party rights and liabilities are an interesting area of the law, particularly when it comes to software.
But yes, if you buy a PC then the shop that sold it is primarily responsible, if you get a phone with your plan then the shop/network that provided it is primarily responsible, etc.
"Windows 10 laptop reboot loop" doesn't apply as it came after the launch
OK, but you were arguing that "most people seem to be very happy" with Windows 10. I suspect those people were not.
"Windows 10 WiFi Sense security" just shows a lot of ignorance
That is unfortunately true. However, it also shows quite a few people dismissing a genuine security concern because as long as everyone who ever uses a network fully understands the implications of the feature and makes no mistakes in configuring it (i.e., they leave the entire feature turned off), no harm should be done.
Of course, the moment a single person in your company accidentally hits share instead of don't share, your sysadmins can look forward to a fun day changing all the credentials and notifying everyone of the new arrangements, and your executives can look forward to explaining the resulting regulatory investigation and fines for not security data properly to the shareholders.
"Windows 10 search" doesn't show anything very much.
That's funny. When I googled it before writing that post, it found a rather lengthy list of articles and blog posts commenting on how poorly the new search feature actually works, mentioning several different points about the order results are shown in, not searching parts of the local network that were searched in previous Windows versions, and generally more work being required to find useful things that search found before. Plus there's the less favourable perception of Bing search results, and the privacy concerns, of course.
Most people are happy, as far as I can tell. Clearly some are not, but if 50 million people were unhappy they'd be making a lot more noise....
>Of course, the moment a single person in your company accidentally hits share instead of don't share, your sysadmins can look forward to a fun day changing all the credentials and notifying everyone of the new arrangements, and your executives can look forward to explaining the resulting regulatory investigation and fines for not security data properly to the shareholders.
I'm assuming companies are run by people who are not complete idiots. There's a simple way to make sure your corporate (or other) network is never shared, and it's covered at in the FAQ.
I wasn't kidding when I said the coverage "showed a lot of ignorance". I was too polite to mention the incompetence.
> blog posts commenting on how poorly the new search feature actually works, mentioning several different points
Works fine here, for what I use it for....
Regardless of your opinion or mine, the corporate sysadmins and decision-makers evaluating a possible move to Windows 10 aren't going to be forming their opinions based on the kinds of reviews you linked to before, and they're going to be well aware of the kinds of issues raised by the less favourable coverage. What really matters isn't whether you can convince me that, say, changing a corporate WiFi SSID used by hundreds or thousands of people is no big deal, it is whether Microsoft can convince the sysadmins and the team running the help desk. And based on the reactions I've seen so far from people who are in those kinds of positions, Windows 10 certainly isn't making a great first impression, so I do think Microsoft has left themselves a bit of a mountain to climb.
Not quite. It doesn't cause me any problems that I regard as unsolvable for what I get in return. Android, for example, is a much tougher proposition. That's a bigger privacy leak and the only real alternative is to go to an AOSP-based ROM.
Just using the web requires some effort (Ghostery, uBlock Origin, Google Search link fix etc).
> so I do think Microsoft has left themselves a bit of a mountain to climb.
We shall see. I expect Microsoft has actually talked to its business users, and it doesn't expect them all to defect (though, as I said, it's got until 2020 before it becomes critical).
Bank of America CTO Talks Windows 10 Plans, Security
Reilly promised a Windows 10 upgrade is on the horizon for Bank of America. "We're looking to adopt as early as we can," he said. Such a project will be a massive undertaking given the sheer multitude of Windows devices within the organization, but he appears optimistic about the process.