Here are the KB links from an earlier discussion (https://news.ycombinator.com/item?id=10110316). Thanks vetinari.
It seems a common practice somehow that since some time their updates aren't "hand picked" but generated by the computer without too much human control or that the programmers don't have time, or simply nobody cares there anymore.
I'd be glad if somebody would sensibly explain all that. Including these recent "everything you type will be transferred" and "the list of all your files will be made" claims.
"Information transmitted: All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:
oca.telemetry.microsoft.com.nsatc.net pre.footprintpredict.com reports.wes.df.telemetry.microsoft.com"
On another side, MSFT never issued the statement what they actually collect, probably because their lawyers will need a month or two to clear that up.
If the quote is true, it's a real full-blown keylogger. It's hard to believe. But there should be the pressure to find out the truth.
The worst thing is that it seems the users also don't care.
Do read kstrauser's top post in this discussion regarding automatic snooping of kids and emailing the parents, implemented by MSFT in Windows 10.
He posted the snapshot later. Unbelievable. But it seems they really do this. Built in spying, then sending reports by e-mail.
So, Microsoft is not only rifling through the contents of my OneDrive camera roll, they are then transmitting the photos to my email unencrypted, without ever asking me to opt in to this service. I used to praise Microsoft for being opt-in as opposed to Google's opt-out; I guess that's all out the window now (no pun intended).
I guess it's finally time to flip the switch on the OwnCloud account I've been testing and drop OneDrive.
Also – potentially – incredibly dangerous, as other posters mention. I don't think that we can have the possibility of one without the possibility of the other here.
The currency letters are since forever nicely separated from the code in the data NLS files, I thought I knew.
Whatever, there are enough problematic actions we're sure of, seen in the other posts here.
systeminfo|findstr /LI "3068708 3075249 3080149 2976978"
Nothing seems malicious, but you never know.
According to Microsoft's Family Safety FAQ (https://account.microsoft.com/family/faq/):
> On Windows 10, you’ll need a Microsoft account in order to use Microsoft family whether you’re a part of a family as an adult or a child. When kids are added to a Microsoft family with a Microsoft account, any time they sign in to a Windows 10 device, their settings will be applied and their activity will be reported to the adults in their family. Adults can always turn off activity reporting or remove kids from the Microsoft family at account.microsoft.com/family.
By default, unless you log in and explicitly disable it, Windows 10 collects kids' usage activity and uploads it to Microsoft's servers. Presumably the same mechanism is disabled for adults. Presumably.
I definitely didn't enable it, and I'm sure my son didn't check any "narc me out to my parents" checkbox.
Edit: we already had a family account set up for our Xbox. I suspect that's how Microsoft determined that the emails should go to me.
(And that's terrifying.)
Statistically, it's almost certain that a kid somewhere has been beaten because of what their parents read in that report. When we're developing new features, we have to take into account ways they'll be twisted and abused. If anyone evaluated this before its development, and they were intellectually honest with themselves, these consequences had to have been dismissed as collateral damage. That makes me sad.
In another comment, you say that I had to enable these TOOLS. That is factually incorrect. I do not want to use them and did not enable them when initially setting my son's Windows 8 laptop. I did not enable them when upgrading to Windows 8.1. I did not enable them when upgrading to Windows 10, but received the spy report the next business day after performing the upgrade.
These TOOLS are on by default, until you explicitly disable them. I am not calling for them to be outlawed. I'm calling for them to be turned off unless and until parents personally and explicitly choose to turn them on.
Yes, and surveillance of their every activity is not the way to go about preventing such incidents. Parents need to be able to trust their children and allow them privacy. These incidents should be prevented by talking to children and explaining risks.
> People in this thread arguing that TOOLS shouldn't exist for parents to parent are insane.
No, they aren't insane. Parents should not have the right nor the ability to spy on every single aspect of their children's lives.
There are no circumstances where this is acceptable or ethical.
> You want parents to parents? Well sorry then they need TOOLS to do so.
No they don't. They need knowledge of parenting. Children have been parented for millenia without GPS trackers and Internet surveillance.
Tools are actively detrimental to good parenting. Maintaining complete surveillance of a child's activities destroys any trust they might have in their parents.
That would not go over well.
"Microsoft outed me, and now I'm homeless", says 17 year old.
Yes, it is.
> It is on when you've told Microsoft "hey, this is my kid's account, I am their parent." Seems like a pretty reasonable default in that very specific scenario.
So you're admitting that it's on by default in that scenario. Which scenario did you imagine I was referring to?
This is a horrible, terrible, unreasonable default setting. Also consider that the same mechanisms that make it possible for you to spy on your kid could make it possible for your significant other, employer, or any other interested party to do the same against you.
Face it: Windows 10 is pwned by design and default. It is an unacceptable risk in any situation I can imagine it being used for.
You seem to be confusing monitoring with minute scrutiny.
So public Minecraft servers, public minecraft forums, and /r/minecraft?
Surely you don't think that kids and pedophiles are meeting on forums specifically designed for it, right? I imagine that kids are preyed on by pedophiles who join spaces that are interesting for kids. How do you prevent that, or even know when it's going on?
The tools they're giving to parents are no more powerful than a browser history.
> It's a tool that can be used for good or bad, but will depend on the parents.
The potential for bad outcomes has been highlighted by other readers. What good can this feasibly do? And is that good worth the potential for abuse and the obvious security concerns that it places in Windows for users who aren't kids? I think not.
You should also expect that any mobile device accessing company resources (including - and especially - email) is effectively giving your employer root access. This is almost certainly the case if you use a mobile device with Microsoft Exchange.
In other words, in the context of employee workstations, Microsoft's spying is effectively a non-factor for employee privacy.
Now of course, this is all describing intra-organizational surveillance. Microsoft's data collection is inter-organizational, which has rather significant implications for healthcare organizations (since now Microsoft is the single-point-of-failure for a HIPAA breach), financial institutions, law firms, the works. That's all a bit of a digression from the point of children being automatically spied on, however.
It is one thing for a company to do so. I really really doubt that companies are OK with microsoft having a copy of all activity from all their employee's workstations.
Of course from a company's perspective will the distinction actually be meaningful, but that didn't seem to be what the parent comment was going for.
Of course we are still in a position where most kids know more about what goes on inside the computer than their parents so many will find ways around this if they need to...
 though I feel this is changing, at least here, as the 90s (and to an extent 80s) generation have growing families: they grew up with tech around them so were far more attuned to it than their parents, and to many kids these days tech is just commodity items so they can use them well but don't bother to understand them.
Bear in mind that it's nearly empty because we'd only just recently upgraded to Windows 10, but note that it has an entry for "Latest searches". Wouldn't that be one hell of a way for a kid to come out of the closet to his parents, or for someone to find out their daughter's pregnant?
Consider that this data is linked to each kid's email address. When this database is hacked, won't that be an interesting week in all the local schools as everyone learns what their peers are really doing?
The schools provide laptops to the kids. And then make them "kid accounts". Then the school process all of those reports and punishes based on them... or sells them to advertising firms.
I'm not entirely sure how much I believe the "MS sniffs your keyboard every half hour". However, with that kid-sniffer (search this page for imgur); that's built in. That terrifies me.
And I'm thinking of LGBT, other religions, TOR, abortions and women's health, medical searches, domestic abuse searches, and more. And the allegations that the torrent sites are levying are also insane too.
I'm glad I've been working on Ubuntu and FreeBSD for the last 12 years. Unfortunately, I'm getting a nice writeup to the 2 directors I've passed an Intel Compute Stick to with Win10, alerting them of the situation.
They haven't even said they're going to fix the stuff you can't disable ( see http://arstechnica.com/information-technology/2015/08/even-w... ).
I'm worried that they're just going to ignore problems like this and in a few years, there will be no choice but to run this if you want to be able to run the latest versions of other software.
And this is legal under COPPA? If so, the law needs to be fixed sooner rather than later.
- KB3080149: "The diagnostics tracking service collects diagnostics about functional issues on Windows systems that participate in the Customer Experience Improvement Program (CEIP)."
The second update is short on details, but it's specifically targeting the UAC "Run as Administrator" dialog (which is implemented by consent.exe), presumably to collect information on unsigned applications which request admin privileges. Microsoft should provide further details here for sure, but I see nothing nefarious. One might guess that the information collected here might be the hash of the exe requesting admin privileges.
- KB3075249: "This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels."
Compare this with the ridiculous claim in the article that this is "allowing for remote monitoring of everything that happens within the operating system."
Windows 10 has been launched and already installed on more than 50 million computers worldwide. It is now a known fact that Windows 10 user data is being sent back to Microsoft servers back in Redmond, Washington. Well, now new updates that are being deployed to all Windows 7, 8 and 8.1 machines will turn their computers into a big piece of spyware, just like their predecessor, Windows 10.
The updates in question are KB3075249 and KB3080149. if installed, these updates are known to report your data back to Microsoft servers, without user interaction. KB3075249 Microsoft Update adds telemetry points to ‘consent.exe’ in Windows 7, 8 and 8.1, allowing for remote monitoring of everything that happens within the operating system. KB3080149 ensures that all “down-level devices” receive the same updates and treatment as Windows 10 boxes get.
As you would guess, forums are lit up with speculation on these updates and more. Below you can find a list of other Windows updates that some users have questioned. Please keep in mind, avoiding some or all of these updates may cause your environment to be unstable and/or unsecure.
KB2670838 – Windows 7 Only (corrupts AERO and blurry fonts on some websites)
KB2976978 – Windows 8 only
"This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights."
"This article describes an update that adds telemetry points to consent.exe in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1."
It's the updates to consent.exe (adding telemetry points) which are cited in this thread that are the issue.
Never do updates again (which is what I will be doing this evening) and make system perm insecure
Or let MS and the NSA rape me for even more data than they already have
Go [insert abusive word] yourself Microsoft and to think just last week I got a 3rd windows 7 license because I was planning to stay on 7 long term and not upgrade to 10.
Steam hopefully will push linux gaming that i can finally get rid of this crap.
Sometimes I like to go back and play old stuff too.
Now, this isn't to say that Wine is totally up to par with Windows in terms of compatibility, but performance hasn't been a significant issue for quite some time.
This might be enough of a barrier to stop me using it right now.
I do not see a performance penalty at all with WINE. Most games that work play at speeds matching or better than windows. WoW is usually a big example of that, as are emulators.
Running either in wine is a fine benchmark on performance.
I initially had that problem, but it seemed to be the fact that (on top of some phoning-home options that I missed disabling originally, which seemed to play some role in the slowness -- disabling them helped) the Windows 10 update from Windows 8.1 also, for some unknown reason, rolled WLAN drivers back to the versions that were several years old (pre-Win8.1 at least) and fairly broken and couldn't automatically locate new ones; redownloading the latest (for Win8.1 -- no Win 10 specific drivers were available for the hardware in question) drivers (which is what had been installed prior to the update) resolved the slowness problems.
Steam OS is a Linux-based OS designed primarily for gaming. Any and all cloud-integration will be specifically gaming-focused.
Can you not see the difference between that and a general purpose OS like Windows harvesting data everything you do on your system?
I won't be using Steam OS to do anything very sensitive like sending or receiving personal e-mails, editing word documents or spreadsheets, or browsing the internet for whatever reason.
Unless you consider firing up a shooter or a city-building sim sensitive.
The two OS's have very different purposes and use-cases.
There's a big difference between 'allowing' and 'requiring'.
Can we all just be honest with each other and call this behavior an addiction already?
kb3080149 - "...Telemetry tracking service..." (https://support.microsoft.com/en-us/kb/3080149)
kb3068708 - "...Telemetry tracking service..." (https://support.microsoft.com/en-us/kb/3068708)
kb2976978 - "...performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program..." (https://support.microsoft.com/en-us/kb/2976978)
kb3021917 - "...Telemetry is sent back to Microsoft..." (https://support.microsoft.com/en-us/kb/3021917)
kb3035583 - "...installs the Get Windows 10 app..." (https://support.microsoft.com/en-us/kb/3035583)
kb2952664 - "...ease the upgrade experience to the latest version of Windows..." (https://support.microsoft.com/en-us/kb/2952664)
For those who don't speak Czech:
-It sends all text you type anywhere (not just into search) every 30 minutes to MS. If you type about a holiday to your blog, next day you'll see holiday ads.
-Every 30 minutes it sends your geo-location and network information.
-If you type a telephone number into Edge it sends it to MS after 5 minutes.
-If you type anywhere in Windows a name of some movie, Windows will start indexing all your media files after a while and will send it to MS after 30 minutes of your inactivity.
-After installing W10, it will send about 35MB of data once.
-After turning on your webcam for the first time it sends data to microsoft once.
-Everything you say is transferred to MS, it works even if you disable and remove and uninstall cortana. Parts of Cortana are needed for the core of the OS to run.
-Voice is transferred every 15 min, 80MB of data.
-After 15 minutes of your inactivity or when screensaver is on, network activity ramps up and everything else is being sent to MS.
-Blocking in hosts doesn't work, IPs are hardcoded into their code and DLLs.
What would be even more interesting would be for someone to intercept the spying data that is being sent back so we know for sure what's being sent.
Privacy is important, and I don't think either I or David Tomaschik would ever argue otherwise, and there should definitely be an opt-out, but I think there are more serious problems with Windows that would be more worth objecting to than searching the Web from a search box.
And Canonical has received a barrage of flak for it as a result. I outright stopped using Ubuntu as a result. Users expect the search box on their computer to search their own computer, not bombard them with ads.
> GNOME does it.
By default? Which distro? Last I checked, the GNOME search tool is limited to local objects. Maybe if you've explicitly integrated an online account, but I've yet to encounter that if that's the case.
> Android does it. iOS does it.
These systems aren't nearly as oriented around local file access, so the online-first approach for search (while I personally disagree with it) is not as jarring. Siri and Google Now are specifically marketed for online searches as well.
> OS X does it.
Again, by default? Because I've yet to actually see online results when searching for things in, say, Finder. Not that I wouldn't hold it above Apple to pull such shenanigans, of course; they love fucking over their users for the sake of a "more beautiful" (please) product.
> Windows is very nearly the last one to do it.
Hardly. None of the BSDs (that I know of) do it - even the desktop-oriented ones like PC-BSD. None of the KDE-based GNU/Linux distros (again, that I know of) do it - that category includes Kubuntu, openSUSE, and quite a few others. KDE itself certainly doesn't do it, nor do LXDE or Xfce, last I checked, and nor do the distros which use those particular DEs by default. I'm pretty sure none of the GNOME-based distros do it; in particular, I'd be very surprised if Debian stooped anywhere close to such a level of depravity.
> Again, by default? Because I've yet to actually see online results when searching for things in, say, Finder. Not that I wouldn't hold it above Apple to pull such shenanigans, of course; they love fucking over their users for the sake of a "more beautiful" (please) product.
It's in Spotlight from at least OS X Yosemite.
> > Windows is very nearly the last one to do it.
> Hardly. [...]
These are not consumer-oriented products.
PC-BSD certainly is. openSUSE arguably is (while it has quite a few enterprise features, it has plenty of consumer features, too, especially when paired with KDE or GNOME). Kubuntu certainly is. KDE certainly is.
And we haven't even gotten into the other consumer-oriented operating systems that don't compromise privacy to the same degree as Ubuntu+Unity, iOS, Android, or (now) Windows. I haven't even mentioned Linux Mint (with Cinnamon, MATE, KDE, or Xfce), which is certainly consumer-oriented (it sure as hell ain't enterprise-oriented, in my experience). Then there's ElementaryOS, PCLinuxOS, Mepis, Vector, GhostBSD, AmigaOS, RISC OS... the list goes on. Said list goes on even further once you factor in some more experimental - yet still designed to be consumer-oriented - systems, like Haiku and ReactOS. As far as I know, zero entries on this here list have fallen into the trap of siphoning user data by default.
I'm not arguing that having control over your computer is important. I think people should be using exclusively free software, but it's really hard to sell them on that. Just about the only thing going for it is honesty and consistency. I'm worried that if people start exaggerating issues and get exposed for it, the free software side will lose credibility.
Right, and so does KDE (to an extent), but I don't recall either actually using those online sources for searches. Maybe GNOME3's managed to get worse since last time I tried it, however ;)
> OS X Spotlight does online by default.
TIL. I guess I don't use Spotlight enough to notice...
> but it's really hard to sell them on that.
It depends on the approach. I've managed to get quite a few people switched over to openSUSE (for example) on the simple grounds of "your Windows XP machine can't handle Windows 7 very well; here's something better that will save you the cost of a Windows license and the cost of upgrading your machine and won't slow down after a few months of use".
You could argue as others have that there should be a default search which is local only, but why is it so important that everyone uses Microsoft's default programs rather than the millions of third party programs available? There seems to be a double standard where people say that it's important that Microsoft not push its own software over alternatives but also that Microsoft's default programs should fit every need of every user.
There's plenty that Microsoft does wrong, but providing a search that uses their search engine while allowing users to install whatever search they like is not so bad. You are already contacting their servers for updates and other things. Having to install an alternative search is really no worse than having to install a web browser. Now you might say that the menu is basic functionality but the browser is not, but what's really the difference?
At least now we know why they're offering the update for free.
As for being safe and maintaining privacy, it is well established that the solution is to move to an open system.
Of course not. We should make blind, fear-based assumptions about businesses and reject the "rudder of rationality", so that we can be blown about by the winds of whatever viral fearmongering hits the top of our feeds for the day!!
Anyone know about any good unix distros that wont be too much of a culture shock to someone who has used windows his entire life?
If you want to have to earn back every single piece of hardware in your computer, and end up becoming a Linux superhero when you're done, install Gentoo.
If you're concerned about privacy or rights, avoid Ubuntu and Redhat distros, as they have a history of exploiting both users and the free software licenses they purport to honor.
The most software-compatible is Debian, but games/steamOS run on all x86-based distributions.
fwiw though I took a quick look at their -stable forums (http://chakraos.org/forum/viewforum.php?id=32) and there are several recent threads related to updates breaking things. I realize that will to some extent be a problem on any platform, but it seems disproportional on Chakra.
And in any case, that probably makes it a poor recommendation for Linux novices switching from Windows.
Also, avoid the problem of "privacity" with normal Ubuntu, as not use Canonical desktop stuff.
* UI is designed to be very familiar to Windows users, with a Windows-looking taskbar complete with start menu and system tray (if you pick KDE, Xfce, or LXDE for your desktop environment; GNOME is a bit... well, out there).
* openSUSE ships with YaST, which provides rather extensive graphical system-wide configuration. It's arguably the closest thing to a proper and fully-featured Windows-style Control Panel you'll find in the GNU/Linux world. Thanks to YaST, it's pretty rare that you'll ever need to touch the command line for the vast majority of tasks.
* If you're running in an Active Directory environment, openSUSE's builtin support for joining AD domains is abso-fucking-lutely phenomenal; the YaST-based configuration blows even Windows out of the water, let alone other GNU/Linux distros.
* Pretty stable (openSUSE is the testbed for SUSE Enterprise) without being totally behind the times like Debian Stable tends to be.
I've set it up on the formerly-XP-running machines of multiple elderly, computer-illiterate people with effectively zero issues (other than one user complaining about the default desktop background; I showed him how to change it, and he since managed to figure out how to set up his own without further intervention on my part). If computer-illiterate old people can figure it out, I'm confident that someone who knows that Hacker News even exists can figure it out ;)
To be clear, I do NOT recommend it for folks who don't want a learning curve. But once you've over that curve, it is a haven from shitty operating systems.
Funnily enough, I recently switched back to Windows from Arch. Linux's ecosystem was just too depressing for me. Windows 10 makes me sad though because it had the potential to be great were it not for all the privacy issues.
Edit: bury me if you want, it doesn't make what I say any less true.
I don't know why you would assume to know me so well.
This one really hard to believe. All the others are kind of believable.
>-After 15 minutes of your inactivity or when screensaver is on, network activity ramps up and everything else is being sent to MS.
But what is everything else?
I sincerely hope it backfires because it's just insane. If MS wants to collect on my hard drive or log my key strokes , it should ask for my approval first and not hide it behind a license.
People are outraged with the AM hack scandal, well nothing guarantees that MS will never be hacked. And when a database like this get hacked , every windows user data will be in the wild. That's just crazy. Is the the "new microsoft" , a lot of HNers like to boast about ? Same as the old one.
Microsoft needs to do something convincing to reassure it's users or Windows 10 will likely become synonymous with "Big Brother" regardless of what's actually going on.
To reiterate, we're leaving territory in which it would have been reasonable to "do nothing and hope it all blows over". MS needs to respond quickly or they're going to have another dud release on their hands, in spite of giving it away for free.
For the kind of people who care about this sort of thing.
Also puts "Scroogle" into perspective.
Storing company confidential information on services not controlled by the company is explicitly forbidden at many large corporations. They run their own email servers (not Google Apps), and often ban & block things like Dropbox outright.
2) Microsoft's "spying" has been going on since Windows Vista was released, and speculation has gone along with it.
3) Since the 1990's, next year has always been "the year of desktop Linux."
And to me it seems like a lot of HNers care that Windows is sending all this telemetry. (Aren't we the same group that is obsessed with A/B tests and recording analytics on everything a user does on our website?)
>2016 is the year of desktop linux.
I don't care if it is Linux, Apple or Windows. As long as someone can guarantee a certain degree of usability and a common sense of privacy, I wouldn't mind switching. However at this point where even open source is taking a nose dive (eg: "Ubuntu and Amazon Search", "Chrome and proprietary blobs", "Firefox with Hello and Pocket"), I am not sure anymore. If it keeps up this rate, in the future people might look back and see privacy as a silly idea /sad.
Ps. Sorry for the accidental downvote :(.
I also had a separate copy of WordPerfect for Linux for a long time. It still worked fine until I sold it on eBay, thanks to libc5 compatibility in most distributions. Even though I stopped using it at some point, I continued to use the Type 1 fonts that came on the CD.
Both run well on Linux.
FOR %%X IN (3075249 3080149 3068708 2976978 3021917 3035583 2952664) DO ...
wusa.exe /kb:3075249 /uninstall /norestart
wusa.exe /kb:3080149 /uninstall /norestart
wusa.exe /kb:3068708 /uninstall /norestart
wusa.exe /kb:2976978 /uninstall /norestart
wusa.exe /kb:3021917 /uninstall /norestart
wusa.exe /kb:3035583 /uninstall /norestart
wusa.exe /kb:2952664 /uninstall /norestart
Your fault for clicking "Agree". Didn't anyone watch the Human Cent-iPad episode of South Park?
" Unilateral modifications are not supposed to alter the material or important terms of the original contract. "
You have 72 hours (10 business days by mail) to undo your consent to the Windows license changes after clicking "Agree". Did you submit your notice in a timely fashion, or did you let the clock run out?
How likely is it that we'll ever have a "firm" finite list?
Behold everyone - this is the "new" Microsoft, worse than it ever was.
No, but they keep nagging you every time you turn your computer on.
"Recognizing that the United Nations has, in the Universal Declaration of Human Rights and in the International Covenants on Human Rights, proclaimed and agreed that everyone is entitled to all the rights and freedoms set forth therein, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status,
"The child shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of the child's choice.
"No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, or correspondence, nor to unlawful attacks on his or her honour and reputation.
"The child has the right to the protection of the law against such interference or attacks."
Given that Microsoft is a US company and the US is one of very few countries that hasn't ratified the convention, the concept of children having human rights might seem strange and foreign to them, but almost everywhere else, the state is (it seems to me) obligated to protect children from this kind of intrusion. (Maybe the EU could look into forcing them to release a special spyware-free edition...)
I hope Windows doesn't do worse than spammers and malware programmers.
I will at least give it a try ;). But before that I am moving all my personal files to my NAS and I will only be using windows for playing a game or 2.
In society we have all kinds of protections for people that make a lot of sense, that take away individual responsibility. For example, even if a person wanted, you're not allowed to become a slave, it's simply not allowed. Even if a person wanted in most of the developed world, you're not allowed to work for less than minimum wage, or in a toxic environment. Similarly even if a person says 'I don't mind if people are misogynistic towards me at work, or discriminatory, I just want this job no matter what because I need the money', that's not allowed, either.
Similarly, I think it's time we start to think of legal protections again this level of spyware. We shouldn't put the burden of acceptance on individuals when you'll have millions of people who'd prefer to live in a world where they don't have to use this software at home or at work, but have no choice (particularly at work), and thus accept spyware because the loss of their job works as a blackmailing force, just like in the above examples.
That doesn't mean I'm saying there is no legal place for software like this under any conditions. But the notion that it can't be turned off is insane. Even 'on by default' is a step too far, but now Windows is saying whether you use windows 7, 8 or 10, we're spying on you, and you can't turn it off, and if you tamper with our software manually you'll fail because we've hardcoded it. That's not acceptable and my point is, it shouldn't fall upon users to boycott such harmful parts of software they paid for (in the case of Windows 7, half a decade ago).
It should fall upon the rule of law to prevent this and allow at least an opt-in, a choice, a choice that isn't 'use any Windows product, or use no Windows product'
If OSs were more free like say, the automotive industry, I wouldn't mind as much. Like if Toyota one day decided to record audio in cars, that's one thing. You can switch to more than a dozen top-quality car manufacturers who don't do this, and it wouldn't affect your jobs or anything like that. But we're talking about a desktop/laptop market where <2% of marketshare is Linux and OS X is ~10%, the remainder is virtually all windows and its got hardcoded spyware features.
Rules must apply over time. A "turn everything off" request shouldn't be able to transform into "except these new on-by-default features added in patch 1.01".
Software has bugs, including "off switches"; as such, even if there appears to be a way to shut everything off, I always assume that these may fail. The "over time" problem applies here, too; a year from now, some poor new guy tasked with maintaining these protection switches might screw up an update and break an off-switch that used to work fine.
Information is currently too valuable. As a society we really have to get to the point where the value of bits of data is so low that leaks don't matter. We sure as heck shouldn't have ways for criminals to screw you by knowing a single number that belongs to you!
Information is inherently hard to protect. Photos are very hard to protect; even if you had a new file format, encryption, low-level hardware that was physically incapable of accessing pixels without a key, memory that could not cache plain-data versions of the image, etc. there is still an easy way for someone to take out an iPhone and snap a copy of what they see on their screen and keep it forever. True photo security would practically require what is mandated for photocopiers with respect to counterfeiting; all cameras and all displays would have to be equally mandated to use watermarked images that encode encryption keys (e.g. your camera can only take a picture of another image if the associated key is one that has granted you access). And of course, that level of assurance could also be abused.
Ideally the average citizen would be able to grant and revoke keys for any and all organizations like Facebook or Microsoft, and systems and formats would be such that information is impossible to use once a key expires or has been revoked.
Getting them to enact and defend the opposite will take a Herculean effort to make the citizens aware, let alone care.
Disclaimer: I have not used their online version so I don't know how well it works. I have been running their Windows version in a VM the last few years because I'm not wild about putting any more of my tax information "in the cloud" than I have to.
I would expect TurboTax to support online filing too, but did not see it on a quick search.
I've used H&R Block's online service for filing federal and state taxes for the past few years with no issues.
But yes, ReactOS could certainly use some love, from Russia or otherwise. Can't wait for 0.4.0 to come out; should be a nice push toward general usability.
More on point, I've been planning to buy a cheap laptop to test more experimental oses, like react and harvey.
I've recently considered setting up a separate wifi SSID where everything outbound except DNS, and tcp 80/443 is blocked, as well as TLS SNI and plain HTTP logging just so this sort of thing can be monitored.
> We configured our test virtual machine to use an HTTP and HTTPS proxy (both as a user-level proxy and a system-wide proxy) so that we could more easily monitor its traffic, but Windows 10 seems to make requests to a content delivery network that bypass the proxy.
Surely the data will be transmitted using TLS or equivalent; HTTP logging won't do you much good unless you can (a) MITM the TLS setup, or (b) extract the keys that the spyware is using.
Enable 'Deny all outgoing' and start adding your own Egress filtering rules.
Why is it a big uproar when it happens at the OS level? Seems like it's pretty much the same thing. We always have the option of using Linux if we don't like it.
Because you paid for it and because it's a tradition and because it's the way it should be™. Chrome is bad enough with url bar suggestions, sign in for syncing is equally bad, but at least you are aware of it and you didn't pay for it. But Chrome being bad isn't a reason Windows should become bad as well.
Those permissions are required in the context of Cortana, so Cortana can work. Keep Cortana off and turn off the services, and nothing gets transmitted.
It's literally no worse than the conditions you agree to when using Siri or Ok Google / Google Now.
> FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information.
Now who is posting FUD? Apple would never do something so egregious as to upload a copy of all the filenames on my computer.
I wouldn't otherwise have used Windows had I known they'd be shoving their telemetry reporting down my throat.
whataboutism and has nothing to do with a current discussion. Chrome the browser is not an operating system.
It's also strange to see Microsoft making this move given that this invasion of privacy is probably illegal in many ways in countries that are forward thinking enough to have laws against this type of thing.
Maybe they see it as a short term ploy to try and collect as much data as they can before there is a big enough uproar against it and then decide to pull the "feature(s)". They may see it as worth the controversy if they can gather enough data for future products/improvements.
You may find the drivers you need are available in a separate 'restricted' or 'non-free' repository. It is unusual these days on desktop/laptop oriented installs to have to 'hunt down' anything.
Very very recent hardware can still be problematic mind you.
For most modern distros, you don't have to hunt down third-party drivers; at most, you might need to enable some first-party or second-party "restricted" repo, at which point you can install the necessary drivers from there. And last I checked, Ubuntu and Linux Mint (among others) provide a "restricted hardware wizard" in the normal settings screen to do precisely this.
With all the backlash that has resulted from the Windows 10 privacy issues, you'd think their next thought wouldn't be "we should piss off our customers with more of the same".
It also now seems like we need two computers. One that is open for "spying" so the government looks at my usage and white-lists me as a "good citizen" and another computer that basically is encrypted and hides anything I don't want anyone to know about.
I can't come up with any at least.
Feedback & pull requests welcome. :)
Edit: Here's the pastebin link: http://pastebin.com/RZW74Npk