This is an article, about an article, about a blog post, about a random comment. Someone grabbed the update's file change list, spotted files used by the Customer Experience Improvement Program (CEIP) and then said that because those files were updated that this security update "added telemetry."
Problem is that those files previously exist on Windows 7 as part of CEIP and may require legitimate updates (inc. security). You still need to opt into the CEIP so that telemetrics are sent to Microsoft, and there's no proof that this update has changed that.
I guess what I am saying is: There could be a story here, hypothetically, but this article lacks enough information to say that there is. This could be a legitimately security update to an unpopular part of the Windows 7 OS.
They are telemetry files that previously non-security patches have attempted to add on multiple occasions.
$ cat 4507456.csv | grep -i telem
Appraiser_telemetryrunlist.xml,Not applicable,"71,958",17-May-19,16:16,Not applicable,None,Not applicable
Appraiser_telemetryrunlist.xml,Not applicable,"71,958",17-May-19,16:17,Not applicable,None,Not applicable
OP's point was that ZDNet is stooping a bit low here by journalistic standards. In this case, it appears there's not enough evidence to publish a "question headline" -- much less question whether they deserve some benefit of a doubt.
We all know MS and others have engaged in questionable behavior - but at least wait until there's something substantive before publishing.
I can't listen to this naive way of dealing with these companies anymore. Use it if you want and also use it for your business but don't complain afterwards that someone stole something important etc.
As an interested but unaffected observer, I'd just like to understand accurately the state of things. It's quite right to call out biased reporting that misrepresents the facts, fails to cite evidence of claimed facts, or that misrepresents speculation as fact, since otherwise all we get is "fake news" and lynch mobs, which just polarises the population and helps nobody.
If you have a problem with a rebuttal, then argue against it on the basis of what it said, please, rather than on the assumption that it is automatically wrong based on previous history.
It's fine (and perhaps even appropriate) to speculate in a biased way on unknowns based on previous history, but that doesn't in any way invalidate proper journalism based on seeking the facts, and the two should not be conflated.
 In principle. You seem to be arguing against the principle. My comment isn't intended to pass judgement on the accuracy of this reporting or the accuracy of the rebuttal.
Perhaps, but one difference I see is that lynch mobs target disempowered individuals who can't defend themselves against the mob, usually people who were already very low on society's totem pole.
What's anyone going to do to Microsoft? They've been rightfully criticized for all kinds of bad behavior for decades now, and they're still hugely profitable. People have known about the spyware issues in Windows 10 for ages now, but it isn't stopping them from using it.
Furthermore, the user Someone1234 has been defending telemetry on HN for years, often ignoring two important facts:
* telemetry was invasive and non-transparent, but got toned down because of the backlash. They always refer to the current state and pretend that people are paranoid and exaggerate.
* MS used many dark patterns when rolling this out, essentially getting into an arms race with the customers that wanted to disable telemetry.
There are many HN users which repeatedly defend dark patterns and the nasty practices of companies and then don't reply or ignore counter-arguments.
It would seem to me that HN should be more concerned with those situations, than those that point the above out in a rather benign way.
That's certainly true in general. For example, if I post "Hey, I noticed that you've posted a lot about APL. Did you ever work with it professionally?", that's not a personal attack. But the pattern here was more specific than that. If you single someone out by name and insinuate bad faith in their comment history, that pattern-matches closely to the online calling-out and shaming culture. We want to avoid that culture here: its spirit is aggressive, we want HN's spirit to be collegial, and one can't have both. When we post moderation comments like I did above, we're always looking at the effect something has on the site as a whole. The calling-out culture is contagious because people are so used to it elsewhere.
It's perfectly natural for someone who disagrees with your view to have various comments in their history expressing that. The way to answer this is with better arguments, not by naming and shaming.
If you say that your intent wasn't to shame or insinuate, I believe you, but that's only a necessary condition for posting here, not a sufficient one. If your post pattern-matches to a standard way people do that on the internet, then readers will interpret you that way (like I did above) even if you intended otherwise, and the effect on the community will be just as bad. In such cases, the burden is on the commenter to make their benign intent explicit and disambiguate from the default pattern.
What are you implying, go to the link in the article and find
how it is described: https://support.microsoft.com/en-us/help/4507456/windows-7-u...
That page doesn't state what security matters the update address, nor does the page it links to (directly, maybe the information is there with more digging, but if I'm given a link on the pretext that it shows something I expect it to show that thing without needing to dig).
> What are you implying,
I'm not the OP, but I think what is being implied is fairly obvious: that the patch exists purely as a way to get the telemetry stuff installed and had no real security addressing content.
I very much doubt that is the case though, it is something that would not surprise me from the MS of old but they are at very least more clever these days and would not risk the resulting furory.
Were they there from the beginning? If not, which update(s) first added them? I doubt they were, because I clearly remember all the telemetry being in the news starting with Win10 and plenty of people refusing to upgrade to 10 because of it.
Even if it's a security update to CEIP, I don't think it should be offered to those who didn't install the original version of it.