Hacker News new | past | comments | ask | show | jobs | submit login
Text entered into Windows' Run dialogue gets sent to Microsoft's telemetry (twitter.com/netresec)
274 points by NKosmatos 4 months ago | hide | past | favorite | 172 comments

Can't duplicate. Also, I'm a bit curious how this person is able to see HTTP2 contents in Wireshark, given its almost-mandatory TLS. Also, I'm extremely surprised that Microsoft would send telemetry without encryption.

Also, I'm a bit curious why this looks more like a request that it would send when someone types a search into the Startmenu rather than the Run box.

In fact, when typing into (or even running from) the Run box, I see no network requests over ports 80/443. When typing into the Startmenu, I see network requests going to the same M$ IP shown (, but they are, of course, TLS-encrypted on port 443. Even if I block port 443 in the Windows firewall, it does not fall back to port 80.

This is either false, or version dependent. I would lean towards the former. Frankly, if this is real, a bigger problem than the sending of telemetry is the sending of unencrypted telemetry.

As with many things, the initial outrage will get much more publicity than any follow on correction. This blog posts talks about how you can see everything Windows sends with its telemetry system here: https://www.neweggbusiness.com/smartbuyer/windows/should-you...

I wish more people would follow the maxim, "extraordinary claims require extraordinary evidence".

That app doesn't show some requests which I know Windows does make, like Start menu searches. And frankly I wouldn't trust it to be accurate even if I couldn't find anything which wasn't included.

Agreed w/r/t outrage and the maxim, though.

With Microsoft these days, claiming that they won't backstab you is the extraordinary claim. You may disagree, but their track record is pretty poor.

You are correct. This traffic was not generated by typing text into the "run box", it was generated by typing text into the "start menu box". We are very sorry for the confusion this has caused. The wireshark screenshot shown in our tweet was showing TLS traffic that has been decrypted by PolarProxy. That’s why it shows up as HTTP/2 traffic over TCP port 80.

Wouldn't the safest option be to delete the tweet?

It took reading around to see that this is incorrect.

EDIT: Thanks for deleting it

We first tried to post replies with corrected information, but it didn't seem to help. The tweet has now been deleted and a correction tweet has been posted instead.

> Also, I'm a bit curious how this person is able to see HTTP2 contents in Wireshark, given its almost-mandatory TLS. Also, I'm extremely surprised that Microsoft would send telemetry without encryption.

Install your own root CA then MITM it?

You are completely right. The traffic was sent as TLS encrypted HTTP/2 traffic to Microsoft. We decrypted it using PolarProxy in order to see what was transmitted. The screenshot in the tweet shows the decrypted PCAP generated by PolarProxy.

I wonder if this is the result of some tool that intercepts all traffic in Layer 2 and rewrites everything to put a MitM proxy while keeping the original IP addresses. It can even be running in a different machine, with the traffic coming through an actual NIC and cable (so the OS being analyzed does not see strange network interfaces nor changes behavior when it detects that it is running in a VM).

Does somebody know about such a tool?

It does not explain the port 80, however.

I wrote such a tool once: https://github.com/SySS-Research/Lauschgeraet

Unfortunately, no one really uses it (not even me) and it is probably full of bugs.

The PCAP in the referenced tweet was created using PolarProxy, which decrypts and re-encrypts TLS traffic while saving the decrypted traffic to a PCAP file.

Well, firstly, it wouldn't be port 80 in that case.

Could be an artifact of however the proxying or decryption is done, particularly if the goal was to have the traffic be decrypted as it went across the NIC not just to get a copy of the data being proxied locally.

Or it could be an artifact of bad editpcap-ing. Same with the all 0s Ethernet source/destinations.

Either way I don't think it was the run box that triggered it. Either they didn't know the original run box is still a thing and the field in the taskbar is a search box or they have clipboard history enabled and didn't realize that's a cloud function while they were ctrl+c and ctrl+v-ing into the box.

Frankly, I can't think of any way to proxy or decrypt it that would result in the packets still being destined for the same Microsoft IP, but with port 80 instead of 443.

The only explanation I could think of was that it falls back to HTTP if HTTPS is unavailable and they blocked port 443, which not only would be bat**** insane, but I tested and that does not occur.

"Many also interpreted the screen shot as if the traffic was sent in clear text. That is not the case, whatever you type on the Win start menu is sent using HTTPS over TCP 443. We used a TLS proxy to decrypt the TLS traffic in order to show what is being sent to Microsoft."


Yeah, turns out their capturing proxy just creates inaccurate pcaps. Who woulda thunk.

Only if you also disable all ciphers with perfect forward secrecy and hope that there is still a cipher overlap with the server.

MitM'ing the traffic using a trusted root CA allows TLS traffic to be decrypted, even if perfect forward secrecy is used. That's what we did to produce the decrypted PCAP shown in the Wireshark screenshot.

If you use an HTTP proxy or terminate the TLS connection in some other way, yes. I was thinking of the situation where you use Wireshark directly on one of the endpoints, i.e. a passive MitM attack.

After reading the full twitter thread, that tweet got called out fairly quickly. For, as you say "search into the Startmenu rather than the Run box" - which turns out is encrypted (443 / start menu - not run box). Also the PCAP is said to be more than a year old (which in fairness, is still pretty shoddy)

OP has posted an update, it was not the run dialog but the start menu search after all...

Yes. Sorry for the confusion. The original tweet has now been removed and a correction has been posted instead.

This is actually a huge deal because if others are anything like me, I paste into the run dialog to strip text formatting, before copying it elsewhere.

Haven't used Windows in a decade so not sure if there's a better way now.

"Haven't used Windows in a decade so not sure if there's a better way now."

no, not running windows in a decade is still the better way.

only sort of joking. I run windows 7 and haven't upgraded.

I've never run windows, ever. The last MS OS that I used was DOS.

I'm going to wait this whole windows thing out.

Windows 7 is horribly insecure now. Please reconsider.

From the article, I'm under the impression Windows 11 is horribly insecure now.

Which security issues are worse?

A built-in cloud command logger is quite bad if you don't know it's there, and is a security risk even if you know.

Some people occasionally enter things like private URLs, tokens, UUIDs, pathnames and query value onto the command line. Which is fine if they're the sort of thing that's ok in your local, private command history. Not so much if it's sent upstream.

It entirely depends on your threat model but if yours is similar to most people, holes that let anybody on your network hijack your system via `tcp.sys` RCE's might be a showstopper...

What about HIPAA issues like 'notepad.exe john_doe_health_info.txt'

You're likely to have even worse HIPAA issues if someone manages to get full access on your user account.

The Windows 7 issues are worse. Far worse. But you do you, man

Care to elaborate? Without additional arguments it sounds like pure FUD to get more people on to the win11 spyware wagon

I mean, there is an entire field of study in cybersecurity. You're asking me why using an EOL OS that is 7 years out of patch compliance is worse than using Windows 10 and being in patch compliance. That's something you can easily Google and get 15 second answer from an authoritative source.

But like I said, you do you. You'll figure it out eventually, probably at great cost.

Would you prefer an OS that lets Microsoft spy on you, or an OS that lets the entire world spy on you?

Obviously the correct answer is "neither," but if you're deciding between Windows 7 or 11, that isn't an option you seem to be considering. Random people on the internet in countries with lower costs of living than yours will happily install malware on your computer to drain your bank account or cryptolocker you for a couple thousand bucks. Microsoft makes way more money than that (as does every single Microsoft engineer) and doesn't care about attacking you, at least not in that way.

(Also keep in mind that Microsoft surely has a bug tracker with a pile of WONTFIX'd security vulnerabilities in Windows 7 that they just didn't get around to fixing before EOL, and almost certainly that bug tracker is less locked down internally than raw telemetry data, so if you assume Microsoft or its engineers do care about attacking you, that's probably easier on Windows 7.)

I assume this is pure speculation, but one could also speculate that win10 or 11 also has a bugtracker full of security issues marked as wontfix or someLaterSprint

Normally yes, but you can pirate the extended support updates, which last until 2023.

I think this form of telemetry is far worse than the unlikely event someone uses an unfixed exploit against my OS to be honest. Although I would expect this kind of telemetry already implemented in Windows 7.

All it takes is going to one random website, that embeds ads, that embed an exploit kit. Not a new thing, we had this happen even with popular news sites. So yeah, it is more likely than you think.

I think in most cases the browser is far more relevant than the OS.

I didn't install the windows 7 telemetry updates (or the force upgrade to 8 updates, etc...)

to clarify: I use it offline for games and my primary systems run macos or linux.

FUD. MS gathers more information about you than ever.

Both of those statements can be true.

It's downright fearmongering --- classic MS-style --- to say something is "horribly insecure" when it has has been around for over a decade and all the major bugs have already been found.

Nevermind the fact that everyone is almost always behind a NAT and are basically unreachable for attackers to exploit remotely.

If anything, the newer versions of Windows are "horribly inescure" because they contain so many "unknown unknowns". But that wouldn't fit the narrative MS wants to propagate...

> and all the major bugs have already been found

Excuse me while I die of laughter.

People are still finding bugs which existed in XP. Which was supported for 12 years and was released 20 years ago.

7 was supported for 11 years and was released 12 years ago.

> Nevermind the fact that everyone is almost always behind a NAT and are basically unreachable for attackers to exploit remotely.

Sure, except that the vast majority of malware doesn't come from a remote attack.

People are still finding bugs which existed in XP.

Ones which existed only in XP and not later? I doubt it. On the other hand, as for the bugs which exist only in the later versions...

Sure, except that the vast majority of malware doesn't come from a remote attack.

...then where does it come from? Don't say "users installing it", because that's nothing more than an authoritarian excuse to take away freedom --- and as the saying goes, "Those who give up freedom for security deserve neither."

> Ones which existed only in XP

When did I say that? Finding a bug in Win10 which has existed since XP is just as dangerous as finding a bug only in XP, given that the patch Microsoft releases for Win10 will not be released for XP.

> ...then where does it come from?

Vulnerabilities in locally installed software? Supply-chain attacks, drive-by attacks, clickjacking attacks? Or, you know, users installing it? Believe it or not, users frequently install malware; otherwise, there wouldn't be such a proliferation of fake "driver" sites on the internet. I'm not sure how you reached the conclusion that facts are an authoritarian excuse to take away freedom, particularly since I have never and would never advocate for disallowing people to install whatever software they like.

I wouldn't use an Android phone for anything safety critical if it was more than 6 months behind the latest security patches. Why would it be any different for Windows?

Of course, we can play the asterisk game and expressly state that if the machine is not connected to the internet and not used to browse the web, then it's probably safe. Or if you like browse the web in a VM. I still have to wonder if the patches for these kinds of issues[1] get backported to Windows 7.

As to the appeal for age, I think software ages like seafood in terms of security. Just because it's been deployed for years doesn't mean that there aren't vulnerabilities lurking in that code. Although I will concede that as Windows 7 loses users, the payoff for finding a vulnerability will decrease too.

[1]: https://www.sentinelone.com/labs/cve-2021-3438-16-years-in-h...

> Or if you like browse the web in a VM.

What if you just browse the web in an up-to-date web browser? In both cases, the browser has a sandbox that should keep you safe.

Multiple layers of defense are of course better—but in both cases, someone would need a zero day to escape the sandbox, right?

Plenty of new CVEs are in code that has been around for decades. For an example recently in the news: https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

> It's downright fearmongering --- classic MS-style --- to say something is "horribly insecure" when it has has been around for over a decade and all the major bugs have already been found.

Have they? We just had printernightmare (CVE-2021-34527) a few months ago. In certain configurations you can even get RCE.

We just had printernightmare (CVE-2021-34527) a few months ago.

That's a remote authenticated code execution...

What are you trying to say here? "it's been 10 years so surely they ironed out the critical vulnerabilities (eg. eternal blue) by now. all the vulnerabilities left are probably the lame ones like printnightmare".


I guess the FUD-spreading paranoia-shills are too busy downvoting to actually check the facts.

...which is how this fucking corporatoracy will try to maintain its power. You can point out the very clear and visible truth, but they'll just deny it. Fortunately, the number of people who realise they're being fleeced is slowly rising.

You’re missing the point of why you’re being downvoted. Go actually reply to people engaging you, rather than ranting to yourself.

Have all the insecurities been patched? There's pretty much only downsides to unpatched, known vulnerabilities vs. unknown vulnerabilities with the slight exception that you'd be a little more justified assuming you're safe when you're not. The likelihood of suffering a loss is much higher.

The same problem exists on Linux when copying from browser to LibreOfice.

I usually gedit it first

LibreOffice supports Ctrl+Shift+V.

Please elaborate.

I've always used a Notepad, but now I wonder whether that also phones home in the newer versions of Windows...

Notepad ++

- its the beesknees

No built in better way I know of, but I have

    ; Type in the clipboard
    MyClip = %clipboard%
    StringReplace, MyClip, MyClip, `r, , All
    SendRaw %MyClip%
in my AutoHotkey script for a long time now to let me hit Ctrl-Alt-V and have it type in the text of whatever's in the clipboard. (Type instead of paste to get around random situations where the clipboard won't do what I want)

I use the address bar of the browser to quickly strip formatting :-)

FYI, chrome/edge have similar behavior in their omnibox.

If you ever find the time, open up fiddler and keep it visible on a second monitor while you browse. You'll be amazed by how much data is sent back to microsoft/Google.

I'm not sure if other chromium browsers also do this, I know ungoogled chromium doesn't.

Shouldn’t be surprising if autocomplete results appear immediately after typing in the box.

They didn’t magically appear from thin air for sure.

At least the address bar lets you know it gets uploaded by displaying search autocompletes

It makes me happy that others do this too, I make use of pretty much any plaintext field in proximity to strip formatting

Ctrl-Shift-v in many applications e.g. Word.

In many places, but not word (sadly).

word its CTRL-V then CTRL-T

Preserving text formatting is probably one of most useless features I have to workaround with on an almost daily basis by using Notepad. It makes me wonder how much productivity was lost vs. gained globally by this “feature”.

I just use Notepad for that.

In case you're feeling left out in Notepad, you can right-click › "Search with Bing..."

Only for selected text.

notepad pros:

* doesn't send your text to the botnet

* works with multiline text


* isn't 2 keys (win-R) away. I personally had to type win + N + O + T + E + P until it showed up, then hit enter.

> notepad pros: > * doesn't send your text to the botnet

hm, yet? And are we even sure about that? Who expect that what you type in the Run dialog being spied on and sent to MS? Is this even documented anywhere?

At this point I'm considering all MS softwares have become mainly hardcore spyware, with maybe some secondary legacy functions remaining (but in lots of cases being stripped slowly, while getting more bloated at the same time).

probably you can be confident with a copy of wireshark

Unless I do that all day, not really (and then I would need to configure tons of things to block the traffic), and things are getting worse and worse. I just received an update from Dell of Intel integrated graphics driver and it seems they phone home (to Intel, most probably, I doubt Dell receives a special version that send to Dell instead of to Intel whatever they thought it would be interesting to spy on), although I'm not sure the original ones did so, nor if I have even been warned that they do.

Probably illegal under GDPR laws, but like that kind of company gives a shit...

I will just abandon Windows, it's not worth it anymore. Win 11 incompatible with most not-so-old PCs will be a good occasion.

The mothership only got "notep" :/

Not great because when they see how many people use Notepad, they're going to replace it with a piece of shit like they did with the snipping tool and Freecell.

> * isn't 2 keys (win-R) away.

Unless it's always on - an Alt-Tab away. I use Notepad++ for that, it comes in handy with seemingly infinite undos and autosave.

You can just add a shortcut named "n.lnk" pointing to your favorite editor and put in a folder that's in your %PATH% and then you can just type "n<enter>" in the Run dialog.

There's also a way to add aliases via the Registry, but it's way more cumbersome.

That con is why I've used Authotkey to bind notepad to win-N.

Personally, I just type Win+R and then `no`, down, enter.

It's probably false, as others in this thread are struggling to validate this Twitter user's claims.

CTLR + Shift + v

You're welcome ;-)

I wish I could edit this, because something even better I had forgotten about (since I use Mac for work these days, and I wish there was alternative to this in Mac)

best ever - ClCl [0] https://www.nakka.com/soft/clcl/index_eng.html

It basically a clipboard manager, but the best one Ive ever used. Can create templates, use Alt+v to paste from list.Super intuitive. Its better than I am describing for sure, and its free. (cannot find equivelant for Mac)

At some point in the last few decades the whole concept of privacy has shifted from "your data known only to you" to "we will protect your data from small-time unsavoury actors, but in exchange, WE ourselves will collect and mine everything about you.

The WE here is perpetually growing, where once it was the government and spy agencies, now it has become platform providers, service providers and pretty much everyone who can get a vendor lockin or near-monopoly established.

Nobody can duplicate/repro the behavior.


So, what's everyone's favorite desktop/workstation Linux distro as of 2021?

Edit: Anyone tried using NixOS as a desktop OS? I like the idea of scripting my setup.

Debian with KDE

It's a major distro with excellent security support, it's completely non-commercial, and KDE has a traditional GUI layout with all the optional trimmings (snap to window edges, thumbnail previews in taskbar etc)

Debian seconded, but with XFCE here.

I'm a long time arch user, but recently installed the latest Fedora on an old lenovo x220 an was impress by how polished it is and how fast it runs! Flatpaks makes it super easy to install the latest version of both free and non-free software, which always was a pain to acomplish on Fedora a couple of years ago.

Fedora may be the best options for new linux users who do not want to customize everything, but just wants a clean, fast and polished "works-out-of-the-box" experience.

I'll keep my higly cusomized arch (sway) install for my programming needs for now, but will probably choose Fedora for my "personal" laptop where I do some light video and photo editing.

> Anyone tried using NixOS as a desktop OS?

Yes! Works great actually.

Even running Windows-based games on Steam with Proton. All my hardware worked out of the box(including my Wifi6 module) - only tweaking I had to do was for Vulkan with my GPU. Even then, not that difficult and instructions are in their wiki.

I have little reason to run Windows now. Only software I really miss is Fusion 360.

Four replies so far, all different. I'll add a fifth: Pop_OS!

Edit - now 9 replies, all different. Great to see so much choice!


Best "works out of the box" desktop Linux experience I've had; which made me stick with it. I recommend the Budgie edition for a clean desktop environment that stays out of your way and doesn't confuse you with a billion configuration options. The packaging process is also quite easy in my opinion. In case you want to add some software that isn't yet available in the repository; either for everyone or just for your own use.

As a possible pain point starting out I've heard the installer can be a bit finicky (I myself had no problems with it though).


Give Manjaro+XFCE a try. I find it to be well balanced so that it can offer many features without being bloated. https://manjaro.org/

User guide here (.pdf) : https://free.nchc.org.tw/osdn//storage/g/m/ma/manjaro/Manjar...

> tried using NixOS

Yes, I use it daily and it’s been the most reliable distro I’ve ever used. My current install is 6 months old, completely shadowing anything I ever got before that. It’s package repository nixpkgs is the largest and most up to date out there, when counting unique packages.

The learning curve might be very steep in the beginning, but it’s very much worth it!

I love how many different answers there are to this.

I run openSUSE (with KDE) pretty much for one reason - the repos available are completely comprehensive. They have everything I ever need in them, even some pretty obscure stuff, and because it's a rolling distro everything is up to date.

The amazing YaST graphical configuration tool is a nice bonus.

I'm using NixOS with i3 as my daily driver, can recommend.


It's a ubuntu based with a i3 desktop manager but with newer perfect configurations out of the box.

+1 for this, particularly if you've never tried i3 but still want to know what the workflow feels like. I run Regolith on my homelab and it works like a charm!

manjaro with XFCE + https://github.com/davekeogh/xfce4-docklike-plugin (check the original repo for the screenshots)

Pop has been pretty good on my gaming PC (is a Thelio, so probably not coincidence. :)

Really depends on what you want. (I run Gentoo otherwise, but that's probably not everyone's preference. ;)

I've been using ElementaryOS, coming from MacOS. Have to install a package to be able to tweak it and replaced the file manager with nautilus, otherwise fine.

I'm using ArchLinux with MATE. It pretty much got out of my way and I don't even think about it...

Manjaro with KDE Plasma. Gnome is nice too, but I feel like Plasma matched my taste more.

Arch is Linux nirvana. Some work to set up, but absolutely a dream once it’s running.

Mint with XFCE is quite nice

LUbuntu currently

Ubuntu with i3.

Isn't this the clipboard history? Did anyone verify this claim independently? It's incredibly hard to believe they would upload plain text for 'telemetry'.

Its not true, read the entire twitter thread. Its been dubunked already as BS

It will send (encrypted / 443) if using start menu search (as it uses bing to inter search as well. But doesnt do this for Run as the tweet is claiming. The PCAP file is also more than a year old (which is not great in fairness)

I would guess it's either the clipboard history or the typing data telemetry. Both of those can be turned off. I'm sure someone will say that those have turned themselves back on with updates, but I'll believe that when I see it.

Edit: actually just noticed that there's nothing to back this claim up. I didn't realize that the reply here was from a different account and not the one that's talking about the whole Win-R sequence. It's entirely possible that this is a packet capture from typing into the start menu search with the web search feature enabled.

It's true. I'd recommend ShutUp10 to disable this and other 'features'

Unfortunately it's not that hard to believe. Let's not forget Ubuntu did this as well and sent everyone's data to Amazon.

> It's true.

[citation needed]

What’s interesting is the fact that telemetry is a feature at this point (how old is Windows 10?) and you can’t win a fight against a core OS feature. Why are people still trying to fight this?

You've always been able to turn it off with group policy and disabling the reporting service. It still bugs me, on principle, that you can't easily disable it even on the Pro edition.

That’s like trying to disable all those similar things in Firefox. But you can’t really, not unless you stop updating it, because you’ll miss something at some point. And that’s not even an ‘evil corp’ we’re talking here.

I've had it disabled for years, without it reporting home. So far, Microsoft seems to respect group policy and disabled services on Pro edition.

>So far, Microsoft seems to respect group policy on Pro edition

the group policy description explicitly says it does not respect it unless you're using enterprise or education.

> [...]

>If you enable this setting, you can decide what level of diagnostic data to send to Microsoft, including:

>- 0 (Security). Sends only a minimal amount of data to Microsoft, required to help keep Windows secure. Windows security components, such as the Malicious Software Removal Tool (MSRT) and Windows Defender may send data to Microsoft at this level, if enabled. Setting a value of 0 applies to devices running Enterprise, Education, IoT, or Windows Server editions only. Setting a value of 0 for other editions is equivalent to setting a value of 1.

>- 1 (Basic). Sends the same data as a value of 0, plus a very limited amount of diagnostic data, such as basic device info, quality-related data, and app compatibility info. Note that setting values of 0 or 1 will degrade certain experiences on the device.

> [...]

Disabling the relevant service might stop it regardless, but it's definitely not the group policy.

Because a lot of people are forced to use Windows 10 and for whatever reason cannot use a Linux distro even with Looking Glass?

Are we talking about ‘at work’ scenario? Which is probably fine, because that’s a business decision.

It would be prudent not to use company equipment for anything personal anyway.

We are talking both in-person enterprise, remote working, and even hobbies. Lots of music production hardware won't work in Linux as there aren't the drivers.

For hobbies and even general PC hardware, there are definitely companies out there that are hostile towards Linux. When possible, vote with your money towards better alternatives.

As for remoting, rdp-ing from linux is a solved issue, as long as VPN is not too esoteric… at which point driver compatibility is not an issue anymore. That’s Looking Glass scenario for me :)

Not disagreeing, but sometimes there is quite literally no alternative, especially in the CAM space.

I would rather use Red Star OS, at least that's based on Linux

I like Windows 10

it having un-disablable telemetry and mandatory updates finally made me switch to Linux everywhere

otherwise it's no longer My Computer... it's Satya's

"Who controls your computer? Is it you?"

"Either the user controls the software, or the software controls the users":


It probably should only send to the telemetry endpoints when you try to run the command. Otherwise it doesn't seem nefarious if you have telemetry enabled on the OS does it?

Knowing the commands people often use the Run dialog for can be a useful input for making usability and stability improvements. (Eg: a sudden influx of people running explorer.exe might hint at something etc. )

Of course, MS telemetry is in many places and it's not always clear where so it is often a surprise to find these spots when you start looking.

Interestingly, the people least likely to disable Windows telemetry are the people MS is most likely to want to hear from because they're the least capable of solving their own issues in Windows and thus represent the most pressing needs for development to fix.

Thats my preferred explanation of how windows went downhill so quickly after win7.

It used to coexist with linux, now basically everyone of "google engineer" quality single boots linux.

Another mail in the coffin. Why should I use Windows, when Linux is catching up and not using these horrific anti-patterns?

> Why should I use Windows, when Linux is catching up and not using these horrific anti-patterns?

Don't worry about choosing, little by little the Linux ecosystem (distros, applications) is/will be catching up with these horrific anti-patterns too. After all, it is now in the hands of the same type of guys, who apply the same reasoning (1. how could I improve my piece of software if I don't put telemetry everywhere? 2. Security! Security! Security! Please let me auto-update 3 times a weeks, put a camera in your house, oh and by the way, give me your car keys, it's for your own good.)

Unlikely, Most linux users usually use foss tools , And whenever any company tries to pull that , it usually leads to outrage in the community to the point even minimal telemetry usually has to be removed.

Except Mozilla

How did the pr people ever spin it so that we call “keyloggers” and “spyware” simple “telemetry” now? Let’s call it what it is

I’m wonder how it remains legal in the EU. Legislation really needs to step up on these things.

It’s an American company that’s keeping taps on something like 600 million European citizens. I don’t care what sort of “license agreement” it comes with, that’s just not ok.

At this point most governments and companies are dependent on Windows and don't want to or can't pay the price of a switch. Legal or not, I doubt anything will happen as long as this doesn't change.

I don’t agree with that. I work in the public sector of Denmark and we haven’t had issues getting Microsoft to change things to meet our needs.

Well we’re still struggling to get them to commit to never having Azure support work on our things with workers who aren’t EU citizens. But AWS complied with that rather quickly and Microsoft is bound to follow or lose a lot of business. And that last part is what’s important. It’s also why we can turn the telemetry off in the enterprise setups. So all you really need is someone high enough in the EU to make it stop and Microsoft will end it because it’s too valuable for them not to do so.

You’re right that we can’t easily leave Microsoft in the public sector, and we don’t really wish to do so either as the education of millions of workers alone would be so expensive there is no business case, but we’re not as reliant on Windows as we once were. Almost all our systems have become platform independent, including office365, and more and more of our new hires have never used a Windows PC when they join us.

> It’s also why we can turn the telemetry off in the enterprise setups

Good. But I'd prefer if the average EU citizen can have it turned off as well, by default.

I can't pressure them with my single OEM license. Windows 10 is most likely not GDPR compliant and everyone knows it (I'd be very surprised if the hidden and sometimes impossible opt-out is fine). But aside from a ban in german schools[0] nothing is being done it seems. Amazon, Google, Facebook were all fined, I can't find anything about MS.

[0] https://mspoweruser.com/german-privacy-commissioners-ban-win...

Legislation exists, enforcement is what's missing.

M$ terms and conditions, just like Android's terms and conditions, are very verbose and do tell you that you can either accept those terms or decline. But if you decline you can't install/setup the OS. So basically agree or go away. And since usage of either software isn't a human right, they're in the clear.

It’s 2021. Can we stop with the childish “m$”

There are tools for this, don't go alone (block telemetry via hosts file): https://github.com/builtbybel/privatezilla

Also, I block MS telemetry hosts on my router's dns server: https://github.com/crazy-max/WindowsSpyBlocker/blob/master/d...

I had a huge hosts file which I found (cannot find the site now, I seem to have lost the URL), it was so massive, I needed to change some service on Windows to prevent issues on start up. Sometime last year, Windows defender completely blanked out the Hosts file to default empty state. I re-downloaded the file and added an exclusion for it and I just checked it now, and its blank again. After the first time I invested in a pi-hole.

Microsoft is somewhat transparent about it:

Inking, typing, and speech utterance data

This type of Optional diagnostic data includes details about the voice, inking, and typing input features on the device.

Samples of the content you type, write, or dictate on the device. Details about status of transcribing input into text


We deleted this tweet earlier today. Thanks to everyone who fact checked our statement and reached out to notify us about the mistake! A correction has been posted here: https://twitter.com/netresec/status/1440298935868743686

Helpful for passwords and other information you might want to share.

Time to contact your state legislators and ask for state specific privacy laws ban tracking even with consent.

Entire departments at big corps code such "features". What a waste of brainpower. Go dev some OSS stuff for less money guys, the world needs you.

if they're gonna do this you'd think they'd have the courtesy to spiffy up the ancient dialog a bit at least

Nice! Let's use it to tell them what we think about it!

Why can we not see what our computers are sending over the internet?

If you say Wireshark then you are the problem.

It would need to be in something as easy as Task Manager.

Ideally you could also just set a token string that if it ever gets sent over the internet you'd get a immediate flag. Then just shove it everywhere. And let the worlds power users work it out.

I assume it's a technical issue.

> Why can we not see what our computers are sending over the internet?

That's a feature, not a flaw, of TLS.

TLS is meant to protect data in transit. On your own machine, where you have full privileges, there is in principle nothing that stops you from observing traffic before/after it's encrypted.


* https://github.com/SySS-Research/hallucinate * https://sourceforge.net/projects/echomirage.oldbutgold.p/

Just a mess. Click on start… type updates … searching… wait … wait … oh updates in control panel

Such a simple search but somehow microsoft manages to make it such , first it searches the web (why? we have browsers for this ) sends a copy to micsoft… then finally pops up with what you want.

I know this is not the same as the run dialogue but just reminds of how borked some of microsoft products have become.

Edit: Deleted my original posting. Getting some pretty hostile vibes on basic attempts to contribute to this thread.

What does that have to do with the Run dialog?

One of the relies makes sense to me: it's because the win10 search bar is also a web search and this is intended functionality, normal for search bars. they send a new request every time you type a character i assume for predictive search and fast results. you can also see this in bing for sure.

search bar != run dialogue

This isn’t the search bar though, it’s the “run” window (Win+R), which has no search functionality and is more-or-less equivalent to typing a command in Command Prompt.

I'm actually fairly certain that the Twitter post is referring to the start menu search. I see exactly 0 network requests when typing into the run box.

OP has posted an update... It was actually the start menu search instead of the run dialog...

It has search functionality. I slightly mistyped something the other day and was mystified to see the correct answer in a mini browser window while Windows itself was failing to match it up with the software I had installed and run every day. You can also just start typing search queries and it will try to launch MS Edge as soon as you hit enter.

> Windows cannot find 'foobar'. Make sure you typed the name correctly, and then try again.

Maybe you're not using the latest version. I get a mini browser window inviting me to try www.foobar2000.org. Windows 10, 21H1.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact