Hacker News new | comments | ask | show | jobs | submit login

You agreed to the privacy terms, so you are at the mercy of whatsoever Microsoft implemented. Windows 10 even could totally ignore your settings.

I say this, not because I think that this is OK, but to reflect, that even the change of the settings do not save you from the harm, that was done from the privacy terms!

Why downvoted? When you disagree, than give arguments, not gutless clicks!

Very few people will read the privacy terms. Just because they have a document people clicked 'agree' below without reading doesn't mean that MS should not be held to account for what Windows 10 is leaking. For many users not using Windows isn't an option.

We need a complete rework of our entire legal system in regards to consent to contracts. The problem is that it'll never happen because there is so much of an advantage given to the capital owners by having it so the rest of the population doesn't really understand what they are signing up for.

Yet, I believe he has a point, and he had pointed to the very core problem.

If you hadn't read the EULA/ToS/Privacy Policy/etc, but had consented to those (by clicked "agree" in case of click-wrap packaging thingy), the fact is Microsoft is very unlikely to be held accountable if their actions are perfectly conforming to the agreement you had agreed without even reading. Something is surely not right with this whole situation.

EULA, ToS, etc do not apply in Europe if they contain terms that the user can not reasonably expect.

An OS sharing all your data even with snooping disabled falls under this regulation, and multiple EU data privacy officials are already investigating and preparing a case.

Could be, but also could not.

Microsoft once already was under EU investigation and the whole thing was settled with minimal efforts for Microsoft (the only thing I remember was, that they had to provide a browser selection screen).

When the OS sends encrypted data to their servers, who will prove, that their is an offense made? Even when the terms are troublesome in the EU, they will just make some cosmetic changes to the terms for Europe. There are other terms, that are not valid in the EU, but Microsoft did even not change them yet (as much I know), even when it gets problems to enforce them on the courts.

Privacy might be a issue in Europe, more than in the US, but don't forget: the privacy officers in Germany have nearly no power, and are laughed at or ignored by most politicians.

Microsoft has nearly nothing to fear, IMHO from the EU, so long the US jurisdiction is also holding its peace. In Germany/the EU, nobody has the guts to fence to hard against a large US corporation -- but that is my opinion.

It would be nice, when the EU would act on it, but I don't trust it!

Look up Thilo Weichert, or, his replacement and long-years assistant Marit Hansen (Dipl.-Inf.)

They fought many battles, especially against Facebook, which led to court rulings in the manner of "Instant change of terms, instant destruction of data, or 6 months jail for the CEO".

Internationally, many might laugh about the ULD, but you do not risk a fight with them. And now, with them starting to look at Microsoft, I would not want to be in Microsofts place.

The other thing to note is that they've changed the terms during an automatic update.

The terms that they changed had several opt-out (as opposed to off-by-default opt-in) features that are mentioned in OP's article.

So, Microsoft did unethical but legal move.

That's almost exactly what he said - Legally, user is at MS' mercy, ethically that's not OK.

Even if people were to read it, how many are able to understand legalese ?

Am I supposed to consult a lawyer each time I want to install a software ?

With such an argumentation, you could just trash any terms. As long as they are not against any law, they are valid, as long as they do not contain something that is totally unexpected (for example that you must pay Microsoft additional fees above the normal price).

I also think, that Microsoft should be held accountable -- but it starts with those terms!

I think, many people just rushed into Windows 10, because it was free. But free, seldom means free in deed. A clever trick of Microsoft to trick people into this.

As long the privacy terms are not effectively changed and the OS stops to send coded data to servers, this OS can not be trusted.

Terms and conditions as a requirement to use a product you've already purchased shouldn't ever count for anything. So I think you should trash any terms. And I'd hope in a civilized country if a company tries to use mandatory-accept 300 page terms and conditions to abuse their customers a judge would step in and say "no."

And this is absolutely unexpected. That's why there's a very popular post on ars technica and hacker news and reddit with tons of well-informed technical people surprised about it and pretty pissed off.

> in a civilized country if a company tries to use mandatory-accept 300 page terms and conditions

If you don't like 300 pages of ToS then don't buy Windows. It's your free choice. Software should be protected speech. I don't like Windows 10, but then I also think that Microsoft should have the right to write Windows however they like as long as they don't factually lie in their privacy statement and other documents.

> to use a product you've already purchased

The person who sold you Windows should've informed you of the license.

> It's your free choice.

No, it isn't. Very few choices in a very capitalist society are actually free, they are free in the sense that choosing to comply or not with a gun to your head is "free". Which is why regulation is necessary. Burying anything significant in a ToS is in our society meaningless, because if it actually had teeth it would be fraud.

I've currently got a system with the Windows 10 downloaded, but I am hesitant to actually proceed with the (up?)grade. Like many people I assumed that it was just the same old Windows with more enhancements, not something with batshit crazy privacy defaults, that even when disabled still leak data.

That is the point. People are tricked into this and most of them did not read the terms or just ignored them.

But Microsoft is on the secure side, because you confirmed the terms -- and not many judges in the world will blame Microsoft in this situation, even when you argue, that you haven't read the terms. When you sign an other contract, you also can not argue, you haven't read the terms (even when they are in very small letters).

When you sign an other contract, you also can not argue, you haven't read the terms (even when they are in very small letters).

Sure you can. And if it's a contract of adhesion between a business and a consumer where the terms are unreasonably loaded in favour of the business, you might actually win, too.

(I am not a lawyer, your jurisdiction may vary, etc. I have however worked with real lawyers on real terms and conditions documents, and have been consistently advised that it's preferable to avoid surprising terms and that if any do need to go in then they should be early and prominent to maximise the chance of them standing up if anything ever got to court.)

Sure, you can try with any contract -- and go to trial.

But I have seen worse contracts and the companies are coming threw with it most of the time, but maybe in your country the juristic system is better and not the size of the company or the number of lawyers are important.

I for my side, would not bet on winning a trial against Microsoft in such a case.

In reality it probably wouldn't be an individual customer against Microsoft anyway. It would be someone like the national data protection regulator or European authorities, acting on behalf of the population as a whole, and they would probably be looking at the actual behaviour of Microsoft and whether it violated data protection laws. If Microsoft attempted to argue that weasel words in their terms permitted their behaviour but the evidence showed that in the real world users didn't know or understand the implications, I doubt that would work out very well for Microsoft. Those authorities are generally more pro-privacy than the US, and they have handed serious financial penalties to big tech companies before.

It would be nice, if it would be that easy.

See my answer here: https://news.ycombinator.com/item?id=10055866

Can you name examples, where big corporations got "Serious" penalties for privacy issues? I don't know any. I only know, that in Germany, we always say, how important the issue is, but at least under our current government, privacy issues and the officers are laughed at by the big politicians. They might say different, but that is the reality (in Germany, everything is double-correct, until you look under the carpet!).

The trouble is, besides the juristic impact here, when you go on this level, it gets political and many influential German politicians don't want to mess with the US and with big corporations (their motto: "Sozial ist, was Arbeit schafft!"), particularly in the current government! And don't think, that the EU is an independent entity -- the German government likes to make it look as such, but in reality, the EU does nothing, what the governments of the most influential countries do not want.

(I also don't think, that the current German government will change soon -- it is a mess!)

Can you name examples, where big corporations got "Serious" penalties for privacy issues?

Not yet, but I would argue that's because organisations like Google and Facebook have changed their behaviour when challenged to avoid things going that far.

However, Europe has imposed heavy fines in the past on the likes of Microsoft, and various nations in Europe have also formally investigated and taken legal action against major tech firms in relation to privacy concerns. For example, see http://www.bloomberg.com/news/articles/2015-05-06/facebook-p..., which is about an ongoing investigation.

Right. Investigations. But most of them are settled with a rather small fee for the corporations or with some small changes in the behavior (like the browser selection screen, that already was changed again in Windows 10, as much I heard).

That are the cosmetic changes I mentioned. I know nobody in the EU, that really wants to mess to much with the big corporations (I mean, the really big ones). And privacy concerns are mostly laughed at -- in Germany, the government itself even forces new privacy troubles without need on the people (like the "smart meter" or the "health card").

Uninformed consent is not consent. This needs to be applied to the business world and all other legal contracts.

You are right. But I have seen so many cases, where companies come away with it.

This is something, that definitively should be changed in our legal systems, but they are far from perfect, even when there are sometimes some honorable judges around (much to seldom in my country!).

> Uninformed consent is not consent.

Better way of arguing for your point would be to say that you cannot consent if you are uninformed, but if you were presented with the privacy statement then whose fault is it that you are uninformed and still went ahead agreeing to something you don't understand. Do you also take candies from strangers? I don't think what Microsoft is doing is ethical, but then I think it would be much more unethical for us to take Microsoft's right to free speech. I think you are arguing for nanny state.

>whose fault is it that you are uninformed and still went ahead agreeing to something you don't understand.

There is no practical way for the average person to have a significant enough understanding of privacy policies due to the wordings and the 'as provided by law' type clauses that require understanding of even more complex documents (and possible even court cases). That people agree to it anyways is because it cuts one out of so much to not agree to privacy policies. Even going to the doctor involves a policy that includes 'as allowed by law' that makes it very difficult for anyone other than a specialized lawyer to understand.

Microsoft knows that people aren't understanding this and using it to their advantage. A ban on taking advantage of this is no more a nanny state than already existing bans on many cons and scams (those that don't rely on lying but on confusion and misleading others). For example, I can't hand out checks for $100 that include really nasty terms of repayment ($200 due in one month, else I get to seize any items I wish from your possession). This isn't a ban on any freedom of my own except my freedom to take advantage of others.

To relate it to your example of taking candies form strangers, if I'm handing out bad candies and someone else is eating them, who is at fault? Even if they should know better (which with these being complex legal candies that means most people shouldn't know better) I'm still at fault for handing out bad candies.

> There is no practical way for the average person

And I'm arguing that this should not be a concern. If you do not understand something then you shouldn't agree to it. People should ask their lawyer, consult Microsoft, consult websites dedicated to such issues, etc. Unless you can prove that privacy statement is misleading to laypeople then it should be user's fault for not bothering to inform themselves.

> A ban on taking advantage of this is no more a nanny state than already existing bans on many cons and scams

I'm arguing for this (even though I severely disagree with choices Microsoft made) because it's a slippery slope that leads to precedents for government to introduce regulations that clearly aren't in public's interest.

Software as protected speech was established at the end of crypto wars, when encryption programs stopped being classified as munitions and restriction on strength of cryptography were lifted.

If we let Microsoft not exercise their right it might set a trend for the governments to go back in other areas like cryptography, using old scare tactics to reverse what was achieved before in the name public's interest by appealing to the fear of terrorism. You fight for Windows to not be compromised for its users, but it could be that this fight would lead to other curtailments of speech that would not only paradoxically harm Windows but any other reasonable alternative that we currently have.

If what a vendor is allowed to do is buried in a EULA that the world knows is never read, then that vendor is hiding something. There's a difference between the letter of the law and truth. Obfuscation is not truth.

That doesn't make it okay

I did not say that, but I wanted to make clear, how people are tricked into this situation, where they can not trust even the OS.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact