Hacker News new | past | comments | ask | show | jobs | submit login
I noticed some disturbing privacy defaults in Windows 10 (porta.codes)
965 points by jonathanporta on July 30, 2015 | hide | past | web | favorite | 574 comments



Windows is now essentially a personalized, cloud-based operating system with the primary interface as a personal assistant, so I expected to see all these things as defaults. The advanced features just couldn't work without it. I'm glad there's at least an opt-out, but I do think that Windows needs an OS-wide incognito mode, just a simple switch to record or not record data.

I generally use that on my browser for when I hand my laptop to someone else and don't want their activity polluting my history, but now there's the risk of the entire OS learning someone else's habits when they just need to use the computer and don't want to log in. Sometimes, guest accounts are too restrictive.

I do like having the option of a personalized experience, and Microsoft is generally one of the most restrictive companies when it comes to sharing data. With their push toward more personal cloud services, I hope they will take special care to maintain that record, although everyone knows that certain groups like government have ways of getting whatever they want if it's available.

Hopefully, some of the fine-grained permissions of Windows Phone will soon carry over to the unified platform for those who want it, but either way, I would still do any especially sensitive work on Debian or a similar system.


"Windows is now essentially a personalized, cloud-based operating system with the primary interface as a personal assistant."

Who wanted that for desktop computers or laptops? This is not going to fly with business customers. Microsoft has already bombed twice in the business space, with Windows Vista and Windows 8. This looks like another bomb.

Windows 7 is still pretty good, and it will probably be the main Microsoft desktop OS for years to come, despite what Microsoft wants.


>Who wanted that for desktop computers or laptops?

I did. Linux and OSX are still available for whoever wants them. You can stick with Windows 7 if you want, that's just fine. I like Cortana. I like my software knowing what I like and what I'm interested in. It makes my life easier, which is what computers were invented for.

I can see why some people might not, and to be fair I use Linux on my work laptop because the work I do demands it. I would never put my client data on a Windows machine.

But like I can see your side of the argument, you have to be able to see that some other people want personalization and learning and all that. Pandora and Apple Music are both heavily tailored that way. Google Now on your phone knows everything you do. Netflix can find videos for you to watch based on what you've watched before. Amazon will recommend purchases to you based on what you like. Hell, half the people on this site build these systems. You know how many machine learning articles there are on the front page every week?

So who wanted that? I did. And so did several million other people. For the people who don't want it, I mean it's not even really opt-out. They ask you up front do you want the default or do you want to pick your own privacy settings. If you still don't trust it, Windows 7, OSX, and Linux are right there, just a click away.


> But like I can see your side of the argument, you have to be able to see that some other people want personalization and learning and all that. Pandora and Apple Music are both heavily tailored that way. Google Now on your phone knows everything you do. Netflix can find videos for you to watch based on what you've watched before. Amazon will recommend purchases to you based on what you like. Hell, half the people on this site build these systems. You know how many machine learning articles there are on the front page every week?

But that's the thing, right ? People want their computers to be more intelligent, reactive, adapted to their needs. They don't want Google, MS or Apple to know everything about them. How did the first came to automatically imply the second ?

Apple, Google, MS and others could deliver the same products (software that learn user behaviour and adapt accordingly) without sacrificing privacy, invading personal space and storing private documents on the cloud in order to parse it to deliver relevant ads.

Machine learning should keep on trying to be machine learning and not solely data scraping for marketing tuning and exploitation.

What does it bring me that MS or Google knows my search terms of the day ? I want my quad-core CPU to know that when I browse HN it should automatically split the screen in half and open my media player to listen to radio music because that's what I do most morning. Why do I have to do that by hand ? Can't it know or guess my routine by now ?

Or is all the tech just a glorified lexical parser to fine tune ads to increase their efficiency ?


> Apple, Google, MS and others could deliver the same products [...] without sacrificing privacy [..]

Could they? My amateur understanding is that a lot of today's success in machine learning is due mainly to having enormous amounts of data to work with.

When I look at Google Now, for example, I can't imagine a way to build it without collecting an ocean of detailed personal data. Or your example of finding common behaviors and having computers do the right thing: that gets much, much easier if you have the daily behavior data of 10m people so you can start extracting concepts like "typical morning routine", testing recognizers for that, and having them not do anything in low-confidence situations.


It's not just about advertising. By looking at customer data in aggregate you can learn more about behaviour patterns and support the things your customers might be interested in doing. Buying products is one of the things you might be interested in doing.

That said, this whole thing gives me the creeps and I'm glad I'm no longer a Microsoftie.


"By looking at customer data in aggregate you can learn more about behaviour patterns and support the things your customers might be interested in doing."

That could be done locally, without sharing the private data. The local computing agent can then look up in the public (like the pool of those who deliberately published content for all to see) for information that may be of interest to the user. That would have been a moral solution to please everyone. What we see happening now is a nightmare!


> That could be done locally

It could be done locally, but in order to not share any data with the server you'd need to run the analysis (with all of the associated data) on the local machine, which unless I'm missing something would add some non-trivial constraints, e.g.

- Getting research-grade analysis code up to local-install quality levels, keeping that code updated

- Bandwidth and HDD space for large datasets

- The additional load on the CPU, memory, battery, and messaging that to the customer

- The legal and privacy implication of all that opt-in data being transferred and processed on thousands of opt-out customers' machines

- The need to have an entirely duplicated system because some people would rather opt-in and not have to run all this stuff run on their already-creaking-under-the-weight-of-windows-and-outlook-and-word-and-antivirus laptop

Maybe I'm misunderstanding something, but from this view I can understand why they didn't want to do it this way


Frankly, I don't buy it when it's on Google, FB or MS scale. Their incentives is to maximize profits, not the user's happiness, wants or needs. Sometimes the later might help optimize the first but it's not the objective behind all the scraping.

Those improvements could be done with much less intruding anyway (be it for the sake of it or because johnny hacker is going to release those data someday).


> Their incentives is to maximize profits, not the user's happiness, wants or needs

Sure, although user happiness (broadly) drives market share so they need to maximise that to maximise profit.


I like my software knowing what I like and what I'm interested in.

So do I, but I don't like my software vendors knowing it too.


I especially don't like trusted partners knowing.


Or the guys who will hack the trusted partners


Once something is somewhere it will eventually be everywhere


I like my software knowing what I like and what I'm interested in. It makes my life easier, which is what computers were invented for.

Philosophical question: is it really your life, if your software may be subtly persuading you in a different direction than what you would've taken if it hadn't been making the suggestions to influence you?

There is no doubt it will make things easier for you if all you do is effectively accept and follow everything others want you to with no resistance. However, that's not what I'd consider "your life" anymore.


> Philosophical question: is it really your life, if your software may be subtly persuading you in a different direction than what you would've taken if it hadn't been making the suggestions to influence you?

No less so than if your friends, family, coworkers, and society at large may be subtly persuading you in a different direction than what you would've taken if they hadn't been making the suggestions to influence you.

Does only the hermit truly own his own life?

> There is no doubt it will make things easier for you if all you do is effectively accept and follow everything others want you to with no resistance.

While that may be a danger to keep in mind, that's not what's being suggested. In fact, I'd argue much the opposite is being suggested.

Instead of being told what we want and adapting to our corporate overlords, would it not be preferable to communicate what we want, and have the companies adapt to us instead? To service our wants and needs?


>No less so than if your friends, family, coworkers, and society at large may be subtly persuading you in a different direction than what you would've taken if they hadn't been making the suggestions to influence you.

In spite the fact that in the case of friends, family, coworkers I can be the one persuading them in a different direction and I also know a bit about them (you cannot suggest that in the case of person-company relationship both are as strong in influencing each other, maybe in large numbers of people protesting and that's a huge maybe):

The thing is, there are 5 billion people on Earth but far less operating systems. So, when they tell you "my way or the highway" while at the same time more products support their way, you'll eventually end up stuck somewhere in the past, like the old nut in the hut living on top of a mountain, while everyone is throwing their personal data to Microsoft and friends telling me that it's going to be ok because "the functionality provided is convenient". Which makes zero sense.


> In spite the fact that in the case of friends, family, coworkers I can be the one persuading them in a different direction and I also know a bit about them (you cannot suggest that in the case of person-company relationship both are as strong in influencing each other, maybe in large numbers of people protesting and that's a huge maybe)

Companies, in many ways, strike me as amazingly straightforward to manipulate. So easily swayed by the almighty dollar that such trite as "the customer is always right" gets dolled out as actual management policy at times.

We block company ads, our eyes scan past the ads that remain, we spam-list their emails and rip into them on our various review sites when they wrong us.

Companies realize, though, that talk is cheap, and see through our bullshit a little better. And, sadly, there's very little self control by consumers at times.

> you'll eventually end up stuck somewhere in the past, like the old nut in the hut living on top of a mountain

It's not so bad here. I don't even have a Facebook account. There's enough ad blocking options out there to kill several news companies several times over. That's before installing a proper separate firewall box.

> while everyone is throwing their personal data to Microsoft and friends telling me that it's going to be ok because "the functionality provided is convenient". Which makes zero sense.

It makes zero sense if you lack agency and choice. You have an opt out. It makes zero sense if you provide what you didn't will to. Opt ins are superior, I'll certainly grant. It makes zero sense if you haven't recognized the full ramifications and potential impact of sharing the data you share. They don't know what they're getting into.

But it also makes zero sense to dismiss "convenient functionality" as a reasonable rationale to give data freely, by choice, if you understand the impact and potential ramifications of it. There's a reason this stuff works. Ignoring that merely blinds you to the beast, and robs you of taking as much advantage of it, or to defend against it's detriments.


This discussion is such a deja vu. I had this exact back and forth with a colleague the other day (them on the give-away-all-data side). I have a reply based on this comment, thank you.


> No less so than if your friends, family, coworkers, and society at large may be subtly persuading you in a different direction than what you would've taken if they hadn't been making the suggestions to influence you.

I'd add to that list things like Toxoplasma gondii.[1] Who knows, maybe it is the viruses controlling us all. Maybe there are behaviour modifying viruses that cause little to no overt symptoms of infection, or maybe the viruses are changing the DNA of bacteria that impact all living creatures microbiomes. Scary stuff.

1. https://en.wikipedia.org/wiki/Toxoplasma_gondii


At least it isn't Cordyceps Fungus.


"No less so than if your friends, family, coworkers.."

There is a difference between those and MS.


Pedantry about "MS" being different than the "software" aside - Microsoft consists of a specific sub-sampling of those people.

So I challenge you: How? In what way? Does it meaningfully change the calculus of your total life ownership? Why?


Along those lines, how dangerous is the "filter bubble" effect? Totally a reasonable social psychological/philosophical question, IMHO.

Reference: https://en.wikipedia.org/wiki/Filter_bubble


How's that different from listening to any other human you interact with? Is it somehow worse because it's a computer rather than a human? That's the kind of bigotry that gets you robot uprisings.


I'll bite.

Your mind is wired by evolution to assess, evaluate and react to human behavior. It is equipped to defend you another humans' attempts to influence your behavior for their own ends when you interact with them in person. Software that you run daily should be able to bypass those built-in protections in a more subtle and personalized manner than traditional advertising or propaganda could ever dream of. In an untrained mind it won't meet resistance but the mind can be trained; the "bigotry against 'robots'" (really, human organizations acting at a distance) on the part of humans who read enough stories like this one emerges as a result and is completely justified.


By evolution, or by socialization?

And if it is by evolution, that immediately presents the trivial solution that we will naturally evolve to relate better to machines, making this a nonissue.


It's different in the sense that you know that your firend cares about you, where as for software you can't be sure if it's in your interests.


People also lie. A lot.


If you were a woman, you'd have two dozen kids by now.


Are you saying that listening to what you have to say and writing what you have to say on wikipedia is the same thing?


Are you hung up with the speech vs text thing? Because that's so not the point.


This should be an optional feature. Not a feature that's the default of most computers on the planet. It's fine that you wanted it, and it's fine that it's available. It's not cool that it's the default on anything.


As far as I can tell, it is an optional feature. It's the default option, but still an option. On top of that, a fair argument could be made that most people who don't care enough to change their privacy settings probably do prioritize convenience over maximal privacy, so this might even be a reasonable default.


This. Majority of people don't care about having any of these privacy issues on their cell phones which infact is far more capable and something you always keep next to you. Heck I have even seen hackers here recommend ChromeOS, an operating system where everything lives on the cloud. Even though I am cautious about my privacy, I have come to learn that most are not and there is nothing wrong with it. It is just not something that bothers them enough to care about. Privacy is not black and white, some try to maintain an absolute fence while others are willing to trade some for convenience in return.


[flagged]


It's a fine line for sure. I recently recommended ChromeOS for my mother. Her problem is that she runs programs that compromise her OS. The malware I've removed from my parent's computer is hugely invasive and it is usually tied to her account. Given the choice of Google having some of her privacy details or some unknown crackers, I'd much rather have her expose that information to some cooperation that has public scrutiny over how they handle that data.


Heh, I got one for my wife, cause all she used her computer for was Facebook. Who gives a shit if Google gets all that stuff now too, Facebook already had it in their datacenter.


No. That's not a fair argument at all. Just because someone is scared away by an "option" screen like this:

> you get presented with a customize wizard. The first screen has a large chunk of text on it, a large and clearly visible button to proceed using the default settings, and a small hard to see text link that lets you choose your own setting values instead of the defaults.

> Everything about this screen is urging me to just accept the default configuration and get on with life.

Doesn't mean those people "don't care enough" about their privacy. Those people are my parents and my friends and I know that they do.

We know our computers, we can fight back, many people cannot. I believe that when a piece of software tries to provide "sensible defaults" for people that fear they might break stuff, or simply not understand the "advanced options", that those defaults should be SAFE and TRUSTWORTHY.

Windows 10 obviously breaks that trust, and the people who can't spend an hour digging through advanced options (for many reasons) are just pounded into submission against systems they feel slowly slip from their control.


I do not consent to you and others giving Microsoft (or Google or Facebook etc…) all the personal information this necessarily reveals about me when you accept their terms and have any electronic interactions with me.


That's not your consent to give. If you tell me your name, I'm free to repeat that to whoever I want. If you aren't ok with public information being re-broadcasted, don't go outside.


If you aren't ok with public information being re-broadcasted, don't go outside.

Rights and freedoms that you can only exercise by giving up any semblance of normal life are no rights and freedoms at all. The idea that the moment you step outside of your home or go on-line you forfeit any right to the slightest respect for your privacy and we should just accept this is silly.

And if you think the only people who care are a few internet warriors, please consider the likes of Google's Glass and Street View, where some people have felt strongly enough about the invasions to resort to actual criminal violence in response, and some entire countries have clamped down on the surveillance in response to public concerns.

In any case, with many of these systems, we aren't talking about public information. We're talking about technologies that systematically abuse friendships and commercial relationships by getting one party to tell the technology operators information about another party without that other party's knowledge or consent and potentially even if that information had been given in confidence.


So you agree that you have no such rights and freedoms. That seems like the practical view. The alternative is the path of craziness, filled with things like the "right to be forgotten".


So you agree that you have no such rights and freedoms.

No, I think that just because we can do something, it doesn't mean we should.

In a literal sense, you have no rights or freedoms that you are not prepared to protect with your life. You can lose anything else to someone willing to try hard enough to take it from you. Fortunately, in civilised societies, we do not generally require everyone to die to defend basic human rights that most of us think are worth protecting. Instead we adopt laws and punish those who would break them.

The alternative is the path of craziness, filled with things like the "right to be forgotten".

And as you can probably guess, I support the basic idea of the right to be forgotten as well. I have no problem with requiring companies that specialise in providing easy access to data -- and that make huge amounts of money because of the immense volumes of data they deal with -- to make it harder to access information about, say, victims of abuse or mistaken identity. When the statistics came out about who was really making use of the right to be forgotten ruling in Europe, contrary to all the naysayers, it mostly wasn't people like criminals and politicians who arguably invited negative publicity.

That said, I have no problem with reducing the profile of criminals with spent convictions either, nor those who have done things that were not criminal but which society frowned upon at some point in history. A society that never forgets, full of people who want to hold everything someone ever did against them for all eternity, is not a healthy society. I believe most people can be rehabilitated even after a dark past, and the evidence about how successful different legal systems around the world are at preventing recurrence of damaging behaviour overwhelmingly supports that position as well.


Actually in the UK it is covered by the Data Protection Act. Interesting times ahead. If you knowingly or unknowningly give personal information away without my consent this is illegal.


I would challenge you to show something conclusive that states that I am forbidden by law from stating "I know this person. His name is batou." while pointing at you.


Doing this as a person is fine. Storing and processing that information on a computer is covered by the DPA.

https://ico.org.uk/for-organisations/guide-to-data-protectio...

Refers to Schedule 2: http://www.legislation.gov.uk/ukpga/1998/29/schedule/2

Additionally, there are "Sensitive" personal data: http://www.legislation.gov.uk/ukpga/1998/29/section/2

So if someone were to ask your computer "Do you know any trade unionists?" and it were to reply "I know this person. His name is batou.", and you weren't covered by the Schedule 3 exceptions, that would be an offence. This is an attempt at preventing employment blacklists.


That's fine. That's no different to an IP address or a DNS record or something that you'd put on an envelope. That is public information.

The content of our communications is the matter under consideration i.e the content of the envelope.


And yet your original post was in response to this:

"If you tell me your name, I'm free to repeat that to whoever I want. If you aren't ok with public information being re-broadcasted, don't go outside."

to which you said:

"Actually in the UK it is covered by the Data Protection Act. Interesting times ahead. If you knowingly or unknowningly give personal information away without my consent this is illegal."

What you're saying now and what you said then are two different contexts.


He wasn't broadcasting his name in the first place; only you had the information (in the limited knowledge of the context). In case you are using this for anything damaging to him or for profit, that is what the Data Protection Act covers. That suddenly his name becomes public knowledge has little to do with this law.


I'm not talking about public information. I'm talking about private communication between you and I. Like truly private, private where you are happy to keep our communication confidential. Except now you have to have the technical know-how and proactive burden of keeping it confidential because Microsoft (and Google in other cases etc) sweep up everything you do.

In other words, if you consent to Microsoft tracking you, it means I cannot trust you in private communication even if you would otherwise be trustworthy person.

This is completely distinct concern from what is true public information.


Can you cite a source that describes that freedom?


Traditionally, the (legal) argument begins with Warren and Brandeis, "The Right To Privacy", December 15, 1890:

http://groups.csail.mit.edu/mac/classes/6.805/articles/priva...

That's been considered the foundation of privacy laws in the US. Europe generally has stricter laws -- for instance in Norway, until recently, it was technically illegal to keep an electronic[1] list of names and phone numbers of parents in a school class, or an electronic membership list for a club (esp: minor members).

That's now changed, and the requirement for being granted a "data license" are less stringent -- most electronic record keeping is legal -- everyone being granted a pre-emptive licence of sorts. However, that license is subject to things like a) being responsive in giving out/responding to requests to correct data, to show what data you have on an individual to that individual, and b) making a reasonable effort to keep the data safe.

Breach of those can lead to fines, and the revocation of the implicit license -- meaning you're not allowed to keep such electronic records any more.

Understandably Germany have a stronger emphasis on privacy, being a) a fascist dictatorship under Hitler recently, and b) half of Germany being under the Stasi also recently.

Why people in the US aren't more afraid of personal data ending up in privately held data banks where they are subject to National Security Letters, hackers, anti-union organizations working with big business, anti-native American rights activists and whatever else -- I don't know.

Maybe most people think that the next group to be frozen out of the job market won't be communist but Muslims -- and, hey, I don't know any Muslims -- so why should I be worried?

[1] Note the electronic bit. This is due to how trivial it is to link digital data, and how trivial it is to copy/get hold of a copy without the original missing etc.


I appreciate what you're trying to say, but ultimately... Sucks to be you. If you don't want others to share that data, you'll have to stop interacting with them.


Do you hold such a hard line stance on the moral correctness of revenge porn, I wonder?

After all, if you don't want others to share the data, you shouldn't interact with them.


I think its probably pretty good advice to follow: If you don't want someone posting revenge porn after you break up, don't give them nude photos/videos. Its always a risk you either accept or avoid.


There is a clear moral distinction to be drawn between people who use Windows 10 knowing that it might be sharing some data with Microsoft, so its algorithms can streamline certain everyday tasks and those who maliciously upload their exes' sex tapes to the Internet without their consent.

There are huge differences here on at least three crucial dimensions: intent of the sharer, the audience with whom it is shared, and the sensitivity of the data shared.


This is specifically in the context of your windows 10 install uploading data about me, without you asking me if that's ok. My wifi password over wifi sense, for example.


Yes. I understand that this is about "my" Windows 10 install sharing data about "you." I should have been more clear (and, unfortunately, the editing window has closed so I can't clarify). But if you re-read my comment with this in mind (as I had intended) it remains the case that while this a Bad Thing, and I see the analogy to revenge porn, it also is radically different in degree from revenge porn on several morally significant dimensions.


I've done that. They revert to traditional methods like phone calls when they want or need something. Every time.

Sucks to be you if your relationships, be they business or personal, are as fragile as a volatile technology.


And let me guess, they don't have your phone number memorized; they probably save your phone number in their phone's contacts list alongside your name, which is automatically backed up in the cloud in either Google Contacts or iCloud depending on what phone they use.

Expecting your friends not to use cloud services seems a bit unreasonable and unenforceable. Are you really going to tell all your friends they should write down or memorize your phone number instead of storing it in their phone?


No as that information is public.

What we talk about isn't.


While your name and phone number are public, the list of people who have your phone number saved is not public. These companies can effectively map who you associate with only by looking at other people's phones. They can profile you by association, and that is very wrong.

At some point privacy is no longer a choice, not a real choice anyway. You get to chose between participating in society or keeping your privacy. It shouldn't have to be this way, but it is.


Oh, uh, I thought you were talking about your name.

Microsoft collects your friends' names so it can spell their names correctly when you use speech-to-text or related features. I thought that's what you were objecting to. What kind of data are you talking about?


Conversations (SMS backup), photos (onedrive), email (outlook/office365), calls (skype) etc etc.


If you really are as charming in real life as you are online, people might indeed accede to your quaint insistence on anachronistic media, until they don't.

Personally, I require that all my so-called friends communicate with me in morse code over short wave radio. It works a treat.


I was a QRP operator so that's actually quite funny.


I like CW too :)


You mean "sucks to be any normal person today."

The ramifications of the destruction of anonymity and privacy affect everyone whether or not we understand enough right now to get this.

Also, "sucks to be all these people who would benefit from interacting with me but where I may stop interacting".

This is not a problem that is a personal, individual problem. This is a social problem. Period.


> You can stick with Windows 7 if you want

Not indefinitely. It will get EOL'ed, and at that point it might not be possible to opt-out of the upgrade.

Which isn't bad given that MS isn't going to keep supporting W7 forever: It's a genuinely bad thing to have unpatched OSes with known security holes (zero-decade, I suppose?) out in the hands of non-technical users. That kind of thing was moderately acceptable when Average Windows User was behind a dial-up line, but those are going away, too.


a genuinely bad thing to have unpatched OSes with known security holes

If the OS is popular enough, once they get known, they will be fixed by the community if not MS. Look up "Windows 98SE Unofficial Service Pack" and "KernelEx". In fact the 98SE community is still very much alive... and has added support for a lot of things that MS didn't.

Gradually, I predict the same will happen with XP, and possibly 7 when MS stops supporting it.


Not indefinitely. It will get EOL'ed, and at that point it might not be possible to opt-out of the upgrade.

It's always possible to opt out of the upgrade with Windows 7. I have a perpetual licence to use it, and I can turn off any automatic updates that would break it.

The worst that will happen, short of Microsoft as a business going under or similarly dramatic changes, is that I will only enjoy free security updates from Microsoft until the end of the guaranteed support period (still several years away) and then I will have to use alternative means to secure my systems against any remaining threats.

As demonstrated by the large organisations still on XP, one of those means may simply be paying more money to Microsoft to continue supporting an older platform you want to keep using.


I would never put my client data on a Windows machine.

But how many people will?


There's a danger of looking at things from within the tech bubble. Perspective is everything and I'm not convinced mainstream will be so accepting when the privacy concerns gain greater visibility. The same drive that is making ad blockers a concern will probably come into play. It'll take one successful hack for reality to set in for many. I personally don't want that type of personalization or targeting.


> I can see why some people might not, and to be fair I use Linux on my work laptop because the work I do demands it. I would never put my client data on a Windows machine.

How do you handle business e-mail ? Only on the linux laptop ? Is the windows device only for personal and entertainment purposes ?


Correct. I have all my work stuff on my work laptop and the Windows desktop is just for Netflix and games and reddit and stuff that happens when I'm done with work. In fact I can't even have business emails on my personal computer because you need to be connected to my work's VPN to get email and you can't connect to the VPN with Windows without getting in serious trouble.


Windows 7 but with more features would be nice.


Windows 7 with speed of 8.1 and virtual desktop support is all I ever wanted. Not the Metro abomination.


Absolutely no one wanted it. No one asked for it.

We were spun a load of marketing disguised as listening and attention. This turned out to be exactly what Microsoft wanted which was another aggressive move against customers both business and consumer. Despite all this the noise and confusion and dubious love for the products is shining out of the arses of every non technical news source.

What did we expect?

I've left the party now. Closed my MS accounts, cancelled MSDN and AP subs, rolled out CentOS 7 on my laptop and have moved the remaining windows dependencies I have to a VM. If you don't like it, now is the time to make it known.

This is after using MS products since about 1993. No more loyalty or milking.

The software industry is moving away from the model of servitude to a vendor. Good riddance.


Now if can only do the same with Google and Android, we'd be all set. Why does Google get a get out of jail for free card in this? Android is like the spying on everything you do operating system. Your location, your voice, your pictures, your passwords, I mean fuck... There is nothing Android doesn't know about you that it doesn't share with Google and on request the US government.


Google are just as bad. I've moved to a dumbphone and an IMAP mailbox at an independent company. I tried Android but that was pretty much impossible to keep control of (Moto G 2, Android 5.0)


I want a Jolla. Sailfish is probably better in this respect (or at least the company is smaller).

That said, all that data harvested and used to customize the interface for you is indeed convenient.


I'm using Nokia 106. Calls. Texts. Nothing else. I turn it off at 6pm and on at 9am.

Doesn't have data, GPS, Bluetooth or WiFi so that's not a problem. The best it gives is rough triangulation data from cell towers but I can leave it at home and do nefarious things to my own heart's content if I so desire (not that I intend to).


Also makes decent voice calls, which seems to be more than most smartphones can manage ;-)

PS Are you sure it doesn't have Bluetooth?


Yes. It's as dumb as a 3310.


OK, thanks. My wife has just bought a cheap Nokia 103 (she's used Nokias for ages) and I was surprised that it had Bluetooth. It showed up on the laptop I was using at the time, but I couldn't find any way to connect to it. (They didn't pair.)

I checked and it did have Bluetooth on the Nokia 103 menu.


My mistake: it's a Nokia 130. (I'd assumed a 103 would be close to a 106 in specification.)


Are you really this paranoid? You must be loads of fun at parties. It's interesting though because your British government is tracking your phone, your texts and watching you as you traverse London on CCTV. But luckily Microsoft doesn't know about your affinity for Yorkshire Terriers and love of Bass Ale.

Don't get me wrong, I value privacy, but all things in moderation, including paranoia. I personally don't think most peopke's lives are that controversial to be so concerned about their privacy that they'll avoid the grid altogether lest some lewd fact trickle out amongs the billions of other lewd facts trickling out about everyone.


I spent a number of years working for nefarious defence contractors so the paranoia is somewhat justified. My paranoia is clearly required as I've been responsible for the security architecture at a number of financial companies and have a lot of experience dealing with both the human and technology aspects of data.

Safety in numbers is only valid if it's difficult to discern facts from the flock. But it's not. The technology logs and correlates specific data for fast retrieval rather than collecting noise and then discerning the signal later on.

Oh and I'd never drink Bass; maybe an Abbots or two ;)


> I personally don't think most peopke's lives are that controversial to be so concerned about their privacy that they'll avoid the grid altogether lest some lewd fact trickle out amongs the billions of other lewd facts trickling out about everyone.

This sounds suspiciously like 'nothing to hide nothing to fear'.

I don't think batou is being overly paranoid at all. Especially not with the last year or more of news.

If anything, this is massive tech company overreach on the part of Microsoft, Apple and especially Google and Facebook.

More protection in law is what is needed, not for people to suck it up and accept it.


> Your location, your voice, your pictures, your passwords,

However, it will ask you first about that. And it is not actually Android, it is Google Play Services. For snitching your pictures, you have to download an extra app by yourself.

If you don't like that and you don't want to say 'no' when asked, use Cyanogen without Gapps. That way, you'll get non-spying vanilla Android. (That means without Play Store too).


To add: you can use software like Raccoon: http://www.onyxbits.de/raccoon

Use it with a throwaway Google account to download apps from the Play Store, then use adb to install them on your device. This works fine for apps which don't rely on specific Google libraries or services being installed on your device.


Why does Google get a GOoJF card? Well, they don't.

I'm going to ditch Android for a free-er OS when I have the money, although if possible I want to get a [Fairphone](https://www.fairphone.com/) (tl;dr 1. no shady business practices/exploitation, 2. modular with replaceable parts (bonus points for having an integrated protective case), 3. Fairphone V2 will be 100% Free Software (or at least, the firmware/drivers will be), 4. costs $800 as a result).

I'm actually really interested in seeing the Fairphone be a thing.


It's a little better if your device can run Cyanogen. Not great, but a little better.

I'm hopeful that Firefox OS and perhaps Ubuntu/Full GNU/Linux on phones will help. Canonical hasn't got a perfect record when it comes to privacy or openness -- but if they manage to invest the resource to develop a truly open stack that works on real hardware, I expect people to make other distributions that do pretty much whatever one wants.


You were always free to not use new MS operating systems. Nobody forced you to make any MS accounts or use Window 8,10 or whatever, so if you installed Windows 8 and didn't like it, that doesn't make MS evil, just don't use it. Anyone who inclined to use CentOS as their daily driver probably was never going to like MS OS's anyway. You probably only ever installed it just to find out what you hate about it.


I'm actually not free to not use it. I have to test our product on these systems and therefore I will need at least a virtual machine instance of it. I have no option not to use a Microsoft account because the majority of the functionality has shifted to behind the privacy wall.

Actually I installed it to test our desktop windows product against it as well as our web application in Edge.

This was a decider for us: do we move it to Windows Runtime or move it to Qt/JavaFX, to the web or something else?

We're evaluating Qt and JavaFX going forwards.

As I said I've been using Windows since 1993 as my primary operating system. I've used Unix (Solaris, HPUX, Linux, FreeBSD, OpenBSD) over the years but never in a desktop capacity.

Also one of our clients, a big financial company has rolled out RHEL6 as a desktop platform instead of windows 8/10. They are not trend-setters either.


That's pretty specious. Your work requires you to use it. So presumably you'll only be testing on your VM instance. And if you are using at work, then use the Enterprise version, which doesn't use a Microsoft account whatsoever. And lets you control all of these privacy concerns, including telemetry.

You bitching that your job requires you to test a product against Windows in a VM is not the same as Microsoft holding you personally hostage to give up all your personal information, however you try to spin it.


I assure you this is not specious.

We have to test against the lowest common denominator so we're not using Enterprise or VL for this nor are the machines domain members.

The privacy policy changes violate our network AUP, security policy and compliance with a number of regulations. We handle confidential financial, insurance and medical data.

That's where the catch-22 is. There is no possiblity for us to use this and remain in compliance.

Not only that, every version of windows since 8 has called home. There is a lot of traffic outgoing from our network we block from machines. And that is with a heavily locked down GPO and custom WIM deployment.


The argument "Don't use it if you don't like it." certainly applies to many things, but when a company gets to the scale of Microsoft, Google, Apple, etc, the context is not the same. It seems reasonable to hold these behemoths to a higher standard than scrappy startups.


This argument is specious at best. We must hold all parties involved to the same level of standard as any, at all levels because a breach of trust at any size is seriously damaging to the consumer. It doesn't matter about the size of the Corp.


It does matter for a couple of reasons.

One is having approximately equivalent alternatives. If something is wrong with a particular kind of chewing gum, I can easily switch to the next brand over. But when that's not the case, standards should be higher, because normal market forces no longer constrain players in the same way.

The other is the size of the potential impact. If one corner-store merchant keeps their credit card receipts in a box under the counter, it's a much smaller problem than, say, Target or Home Depot keeping them in a poorly secured network.


I think it matters, if only because it's more efficient to complain about the big corporations that everyone is familiar with than about some unknown startup few people care about.

If you only have limited time and energy for activism, you have to go for the bigger targets (to make it easy to collaborate with other activists) or go for the most local targets (because you may have a comparative advantage).


Imagine if we could bring them to court over bundling malicious software with their OS and not giving the user a choice.


You were always free to not use new MS operating systems.

Are you also free not to have your private information (personal data, trade secrets, whatever it might be) given to Microsoft by others you interact with who do use Microsoft's new operating systems?


I am hearing the "if you don't like it don't use it" loud and clear. I did that for Windows 8. Looks like I will do that again.


I don't know about no-one. I have three laptops, one desktop, one media PC, one server, one tablet, and one phone. The cloud movement has been helpful to say the least.

Obviously I don't speak for everyone, but I think "no one wanted it" is a stretch.


No one wanted this implementation. There are plenty of ways of solving exactly the problems without the amorphous concept of the cloud without introducing any burden on the user.

I have a 3 desktops, 2 laptops, a NAS and 2 servers and have solved the problems transparently without any cloud services.


Yes you did, you just did it at a personal level. Most consumers are not that tech-savvy. Windows may not be for you, but it is for the masses.


> Absolutely no one wanted it. No one asked for it.

How so? Billions of people choose to pay for services/software with their privacy these days. Microsoft isn't to blame for that. If anything they were really late to the party


I think that's not true. They do not consider their privacy nor understand the consequences.


Who wanted that for desktop computers or laptops? This is not going to fly with business customers.

...nor with some private customers. Microsoft seems to be overlooking that not all nations are so happy about "the cloud" as the average American seems to be. Germany for one, where I currently live, is much more sceptical of sharing personal data -- potentially motivated by some of its 20th century history.

But all that aside, a lot of people only used their computer occasionally, say to write a letter (again, Germany, a lot of bureaucracy still requires paper letters over here). Transparently syncing documents with an external server that you have absolutely no control over is really nothing such a user wants.


And yet to do your tax online in Germany you'll have to use Elster which is Windows only. Telling them I'll sign my pdfs with SHA-256 didn't help... So back to cellulose data carriers


Does ElsterOnline not work for your usecase?


> Transparently syncing documents with an external server that you have absolutely no control over is really nothing such a user wants.

Onedrive on Windows 10 explicitly asked me "what folders do you want to sync?" when it first popped up.


Do you have the option to say "none"?


> Who wanted that for desktop computers or laptops?

Everyone who is switching over to cloud connected OSs on their tablets and smartphones.

Why should I have to reinstall and resetup every new computer? My contacts have been following me around on my phone for 8 years now, why the heck shouldn't they be just as accessible from my PC?

My favorites, they should always be there. Chrome does a great job of this, it is nice that Microsoft has decided to catch up.

Windows 8 had some of this, having wallpapers, theme colors, and OneDrive follow me around already made my computers all seem closer together, now just a little bit more is happening.

There is so much common sense in this. If I schedule an appointment while I am at home for me to leave work early to go pick up my cat from the vet, it should show on my work PC because that damn well makes sense.

All this does is bring Windows fully into the 21st century.

> Windows 7 is still pretty good, and it will probably be the main Microsoft desktop OS for years to come, despite what Microsoft wants.

About 6 hours ago I was apprehensive about Windows 10. Now I'm using it and it is lightening fast and responsive.


do you realize, as many others here and everywhere else, do not care a bit about some cloud or anything else? I can install my computers on my own, thank you. the whole discussion about people justifying is a bit ridiculous, to be honest.

why don't you all pro-MS or pro-let's-lose-privacy people don't get a single thing - as per moral standards, any kind of option should be disabled by default (meaning 95% or more people on this planet will never enable it) and you should chose only enable that if you will? It could be the first screen welcoming you on first start of OS, whatever. not even having an option to disable it on cheaper windows is just plain wrong & smells cheap, again in moral sense. As we all know, corporations, any kind, are not high on morality these days. Increasing shareholder value at all costs and similar is the mantra. that google and others are doing it doesn't make it any more right (i have all these things like google one disabled on my phone anyway, at least that's what I like to think :))

As to why we want to not use it, I do believe Mr. Snowden made a point or two in the past.


What irritates me is the language.

We're making a choice based on a button with a one sentence dumbed down description. But what is the full legally binding extent of what we're agreeing to with each click?

Nobody knows. "We share with our partners". What's being shared? Who are the partners? Who are their partners that will also have access? What's being done with it? Am I personally identifiable?

Etc. Even if they wrote a page for each box, which they haven't, it will still be pointless because there is probably some other waiver in the 300 page EULA.


I agree that these features all make sense but there is no reason for the invididual's data to have to travel hundreds or thousands of miles through third party servers during a synchronization. It should be no harder than pairing two Bluetooth devices together and then the data will move directly between these devices, or at least encrypted through a third party router. The internet was designed to be decentralized but it's not working that way due to business interests.


p2p connections don't work when one device is borked!

Computing as an appliance, imagine some day logging into any machine in the world and having it setup just as you like.


I'm not sure, it really depends in Microsoft's execution of the vision.

Over the years, if they really make Cortana useful and seamles pdates and systems maintenance the default due to the new "cloud" nature of Windows, they might see a similar adoption or switching pattern as SaaS solutions have seen in business.

At this point most traditional or slow businesses still using licensed software with local IT admins are being outcompeted by more agile competition using SaaS solutions.

Then again, what alternative do corporates have? They could stick to an older version of Windows, and become less competitive (assuming Microsoft pulls it off), or switch to Linux, which is doubtfl for most office workers (though our entire devshop uses now Linux ultrabooks).


i also suspect that they are slashing their cash cow (corporate users among them) for the vague promise to be like google and facebook (the promise of add dollars).

Good luck with that one.


I would be very wary of using windows 10 as a company. If they are sending all key strokes that a user types, then any illusion of privileged information between company and customer goes out of the window. It makes me wonder how the legal team of companies would say if they caught the magnitude of data being leaked through default enabled services.


This is incidentally why I run a hefty firewall for outgoing traffic and most endpoints can't access the internet at all.


I might well be remembering this incorrectly, but wasn't that a part of the Insider Only pre-release EULA?

I've not checked to see if it's in the more recent release EULA, but the assumption was that it was there for the beta diagnostics as opposed to the day-to-day use.


Business customers still retain all the capabilities of managing the deployment and activation of Windows features, settings, and updates.


Businesses actually have very different privacy arrangements than individual consumers. Its a function of how much they spend.


On the contrary businesses would prefer an OS where they will have to pay much less fee each year than paying one large amount occasionally. Vista and Windows 8 were needless OS which did not offer any value. Windows 10 on other hand has a lot to offer to both consumers and businesses.


> This is not going to fly with business customers.

If businesses fall too far behind adopting modern software/features their employees are familiar with using on personal devices they will have to accept reduced productivity.


It's possible to do all this personalization without giving away your data to advertisers. Unfortunately Microsoft chose not to.

Why do people seem to gloss over the fact that we can implement these technologies without losing privacy? e.g. voice recognition has been possible on home computers for decades now. You don't need the cloud for it.


> Why do people seem to gloss over the fact that we can implement these technologies without losing privacy? e.g. voice recognition has been possible on home computers for decades now. You don't need the cloud for it.

The experience is not quite the same. We have voice recognition since at least late 90's but you have to spend long hours training (> 20 hrs) in order to have a decent result (not even comparable). The fact that is cloud based now enable the software to fit better to different accents and pronounciations.

Another thing is that personalization is not really possible in today devices if you want more than 3hrs battery.


I had better results in late 2000s with less than an hour of training MS Speech API than I have with Google Now today. Either off-line speech recognition isn't that bad or my English really sucks.


I don't know about Google Now. But Cortana does have way better results than local MS Speech API. My english does suck, so it is very impressive to me that Cortana got me right most of the time.


Maybe I'm not using it right, but Cortana on my Lumia 640 Windows Phone seems to blow Google Now right out of the water in terms of capability and usability except for punctuation in voice recognition.

On the other hand, generally I'm pretty impressed with just the voice recognition/transcription by Google on my Android phones (exception: "ferociously"). Transcriptions in Google Voice on the other hand are, hm, marginally good enough to often get a general gist of a call before I return it, but if I need the actual details of the message there's no choice but to listen to it. This includes calls made by me, from my phone that I also do voice recognition on, into a Google Voice number that I use for some tracking.

It is interesting that the transcriptions in the web interface show how confident they are of the quality for each word by how dark the word is.


>We have voice recognition since at least late 90's but you have to spend long hours training

Microsoft could ship their pre-trained dataset with the computer, or make it available as a download. They choose not to.


gok covered this fairly well in this comment: https://news.ycombinator.com/item?id=9978755

It's a big, really big dataset, and things get far better the more data you have. In order to even have it, let alone keep it up to date, a significant amount of space and memory would be needed.


That dataset contains languages and accents that are not relevant to me. It could easily be culled to a size where it's no compromise on language+region of birth alone.


It's multiple gigabytes for a single language and accent. I wasn't even talking about the full dataset across languages.

You don't seem to understand the size requirements for getting a good dataset. Don't you think Microsoft would have loaded up the dataset if it was easy and cheap? They didn't have a desktop cloud-based recognition service until literally yesterday, so they had many, many years to include this magical dataset that solves all your problems without cannibalizing another one of its products. They didn't because it's not feasible right now. In the future? Maybe, hell, probably.


>It's multiple gigabytes for a single language and accent.

I have 602 GB free on my first hard drive, 519 free on my second, 699 on my third, 1.06TB free on my forth, 405GB free on my fifth and 46 free on my 6th.

If Microsoft would be kind enough to release it to me, I think I can probably find a corner to squeeze it into.

>Don't you think Microsoft would have loaded up the dataset if it was easy and cheap?

No, I don't. Microsoft wants our voice data, it's extremely valuable to them. They've figured out that there's gullible people like you who will swallow the "it can't be moved onto a local computer" tale hook, line and sinker, and thus give it to them for free.

Why are you doing that? Grow some cynicism.


Do you also have that much memory? The dataset would need to be loaded into memory at all times recognition is used to be useful.

I never said storage is the limiting factor, in fact, I even said you need a significant amount of "space and memory".


> That dataset contains languages and accents that are not relevant to me.

You are assuming that they have a different model for each language and region, which I don't think is true since Cortana understand my foreign accent besides of being using USA as a region (Canadian version works really well too).

> I have 602 GB free on my first hard drive, 519 free on my second, 699 on my third, 1.06TB free on my forth, 405GB free on my fifth and 46 free on my 6th.

Good for you, but I don't have that many free space. Gee, I only have 20Gb free on my laptop. I think you might be bias about your situation but not everyone has +1Tb of free space waiting to be used for a voice command.


My colleague wrote his diploma thesis with a voice recognition software (the market leader) because he sucks at typing. Desktop voice recognition can't be that bad.


I have second hand commercial support with a leader software in the market (that is I had coworkers doing the commercial support) and the amount of bugs and trickery some users had to go through with it makes you wonder how they can sell any copy at all.


I mean, you have to admit that desktop-based recognition is just not as good as cloud-based offerings. This is true across the board, having more data and power available will give better results.


Sure, but desktop-based recognition has been improving all the time and may well be good enough. It still doesn't mean we have to lose our privacy just because a slightly better technology might be out there.


Not nearly as fast as cloud recognition has. Especially with all three of the big companies having serious cloud-based recognition offerings and focusing on them.

And seriously, Cortana would be useless without the cloud aspect. Half the things it does revolve around connecting your digital life together by accessing various things about you. Without the cloud, it's literally just Windows 8 search.


> Not nearly as fast as cloud recognition has.

How is that? Desktop systems respond quickly, cloud systems often respond after a second - it takes time for data to do a round-trip over crappy mobile connection. Mobile latency is a big thing.

I agree wrt. Cortana (and Siri, Google Now) - most of the things you use them for will require Internet access. But there are still a lot of things that you could do with voice that shouldn't require a network connection, and we're missing the ability now. Not to mention you have zero customization options for cloud-based recognition. I could make good ol' MS Speech API recognize pretty much anything I wanted it to. No problem making it recognize a limited subset of two languages at the same time. With cloud-based systems, if the voice recognition doesn't like my accent, I'm out of luck.


I was referring to the improving part. joosters said desktop recognition has been improving, I meant that cloud has been improving faster. Which is true, all the big companies are focusing on cloud-based recognition. The improvements might eventually come to desktop recognition systems, but even that's not a guarantee given where the focus seems to be.


Fair enough. I didn't realize that you were just referring to that. And I agree with your assessment about relative speed of improvement.


1. Know everything about a person store it and mine it at scale.

2. ???

3. Profit.


Yeah there should definitely be a "Hey Cortana, off the record,..." query mode.

I'm a bit conflicted now. My girls are 7 & 9 and they've been using Microsoft Accounts. With the final Win10 build having all this (none of these settings worked a few months ago), it looks like I've got a lot of reading and explaining to do for them.


If you don't have any Windows-only applications keeping your younger-than-double-digit children on Windows, well then now is your chance to put them on anything-other-than-Windows.

My own children are still using computers with Windows 7. They play Spore (Windows only), Sims 3 (Windows only) Minecraft (Java, so playable anywhere), Osu! (no idea, really), and a couple of other games. I have no intention of upgrading Windows on their computers past 7. Take a look at your options, you might be surprised how easily Windows is replaced with anything else.


My son, who mostly plays Minecraft, does not understand why many of his friends use Apple PCs. The "render distance" and framerate in Minecraft on our home PC (running Windows 8.1) is twice that of his friends, and our PC cost half what a similar Apple costs.

As a parent, I'm also not sure if an equivalent of Family Safety exists on other platforms. Windows sends me weekly overviews of our kids PC use and blocks inappropriate content. Also, our kids log into their own profiles, I don't give them Administrator level access, they have to aks me if they want to install something.


On my desk now I have two MBPs and one windows PC. The macs are for work, the PC is for games (and occasional windows testing). I use the same kb/mouse/monitor for all 3.

After being out of the PC scene for 10+ years -- and as a rabid apple fan -- let me say this: PC gaming is AWESOME. Games I'd only played on Mac before come to new life on a proper gaming PC. That said I would probably go into a different line of work if I had to use Windows as my primary dev box.


Your only two choices are not an overpriced Mac and a cheap PC. You can build/buy a reasonably priced PC and install a GNU/Linux distribution on it.

As a Java application, Minecraft runs perfectly fine on any operating system.

As for your parental controls, if you wish to apply them you can do the exact same thing on any GNU/Linux platform.


This performance disparity between OS X and Windows for gaming may finally be diminished now that Apple’s bringing Metal from iOS to OS X (far faster than using OpenGL):

http://www.imore.com/metal-os-x-so-huge-i-no-longer-need-mac...


MSFT has done this by buying itself into the graphic API market long ago. Since then the last two main graphic hardware vendor have been poorly receptive to develop drivers for any other platform.

Hopefully, Valve OS's initiative might bend this and allow the Linux world to be at least on par with MSFT when it comes to graphic drivers. Considering that from the three main console out there, both the Playstation and the Nintendo are using a flavor or another of OpenGL, there is some hope for the future of alternative to MSFT outside the office and MSFT centric software development.


I'm really hoping STeam OS becomes a viable desktop gaming OS (play most if not all PC games) at some point.

I would drop Windows in a heartbeat if that happened. There is no other reason keeping me using it other than games.


I still think Win2k was a great operating system and I wish I could go back to it, but you do eventually have to upgrade. I eventually had to upgrade Win2k to Win7 because of the many performance benefits and the lack of support for the OS.

Even though I personally hate literally almost every new feature of Windows 10 and the design of the entire OS, I'm still running it, simply because I get much better performance out of it than I do on Win7 - and I can generally customize my UX.


I have no idea about the Sims, but I've run Spore under Wine without noticable issue.


Have you looked at Linux with WINE? That could be a good transition from Windows into, eventually, pure Linux.


Linux Mint has many usability features similar to Win 7, is free/free, and I've not had any issues with Win games ( wine / etc ) - plus they can learn command line & packages!

worth the time it takes to check it out, imo...


This is a great suggestion. I'm getting sick of having to open incongito mode on Chrome unless I want Google Now to happily repeat whatever I was looking at later. Uh, I don't need reminders for sales on hemorrhoid medicine or news alerts about the side effects of MDMA. I don't need that popping up where others can see it.

Some kind of "off the record" mode would be invaluable for voice interfaces. Hell, it would be nice if there was a check box under the Google search box as well, but I imagine Google would never make it too easy to avoid their data mining. I feel like we never had the proper privacy conversation we needed to have with companies like MS, Google, Facebook, etc. I think some level of easy to use yet strict segregation between what I consider my public life and my private life should be cooked-in, and enabled by default, into all this software.


I agree completely. The split between public and private life is so natural that we sometimes forget how important it is. Sometimes people need to be able to experiment and access information privately so they can think it over without being judged. It leads more genuine expressions in public life, even in simple ways. Maybe I want to experiment with listening to all the worst pop music to see if there's something in there I like without my music player thinking I love all of it.


Absolutely. Or take for example my friend, who's a literary translator - she sometimes has to research online the most outlandish and obscure subjects, which have no bearing on her own interests...


> I'm getting sick of having to open incognito mode on Chrome unless I want Google Now to happily repeat whatever I was looking at later.

Isn't that what incognito mode is for? If don't want your searches in cards at all, you completely opt-out of the cards that are strictly based on your search history. Ctrl+Shift+N seems like a small, reasonable step to go off the record. What is the alternative?


Why are you complaining about having to wear a bag over your head whenever you go out to pick up your prescriptions or meet your mistress, citizen? It's a small, reasonable step to go off the record. What is the alternative?


I mean, if you wanted to be sure you wouldn't get caught with your mistress, you basically would have to wear a bag on your head, no? Or at least her meet her indoors. You certainly wouldn't complain about invasion of privacy when your wife's friend sees you with the mistress on a date.


Hyperbole much? You can still simply not log in to Chrome and/or Google Search. But if you want to be logged in by default, then you'll have to tell the browser when you occasionally don't, no?


Most people don't intend to log in to Google Search, as far as they're concerned they're logged in to their email account. This is why Google got in so much trouble in France and the EU over the past couple of years.


This. I don't use gmail, but I use youtube. And when you've logged into youtube, you've logged into your "Google Account". So you can't have youtube open in one tab, and not have your history from other (non-incognito) tabs logged (modulus some tweaking of various preferences that aren't obvious or intuitive).

There's no reason why they couldn't to the same thing Mozilla does: a) have a pretty clear account thing for "sync", b) have a pretty clear page for opt/in out on what to sync, c) Have working self-host sync solution, d) have an open source sync solution so you can easily see what's going on, and how things are encoded/stored.


Here's the thing - I want my history to be available and searchable to me, because I often want to go to a page I visited previously. However, I'd prefer if others couldn't read it and I wasn't showed ads based on that. At the moment, Firefox provides a good browser that doesn't profile me or share my history with "trusted third parties".


One of the best things ive done is to shift my kids onto Linux computers. They really enjoyed "Tux" the built in Mario like game featuring the Linux penguin and it helped them connect with the 'Linux brand'. Now when my kids are wanting to install more advanced things they are naturally exploring package management and typing into the terminal to get a new thing going. Wish I'd had better Unix terminal exposure as a child.


For the US market, the way you frame the concern is the legal reality for Microsoft...parents who will blame Microsoft when information about their children passes online...are why there are no privacy guarantees in Microsoft's new policy. It's just too easy for a lawyer to convince a trier of fact that Microsoft "should have known".


Doesn't the US impose privacy guarantees on those storing data about the under-13s anyway?


I don't think Cisco's routers or Youtube's CDN or the typical iPad application have that capability. Stuff gets cached and logged automatically. Microsoft is a big target for lawsuits.


Sure. The way around that is to simply not allow users under 13 to have an account. If a user lies about his age in order to get an account, Microsoft is no longer liable.


Yep. We use fake birthdays for my kids' accounts. First it is an opportunity to explain to them that you simply don't need to answer questions truthfully just because a form asks. There's zero benefit to being truthful here; only potential downsides. Same with real name.

Second I explained that under 13 means stuff won't work, so let's add 10 years or so to make sure they don't have trouble.


My girls are 7 & 9 and they've been using Microsoft Accounts.

Well, maybe Child Protective Services should be involved? They intervene when children walk home alone from the park, perhaps they'll start to intervene when children are raised to use Microsoft products? http://www.usatoday.com/story/news/nation/2015/04/13/parents...

Just kidding, of course. But my daughters are now 14 and 17 and I don't think they know how to use Microsoft products. We've been on OS X for about 10 years.

So maybe CPS should investigate me? Am I doing my kids a dis-service by not exposing them to the dominant OS?


but now there's the risk of the entire OS learning someone else's habits when they just need to use the computer

They already do pollute the OS history with their behaviours. Examples would be the DNS cache, the thumbnail database and the temp directory. Most people just don't know about these or look at them. But they can be very revealing. The problem I have is that the OS is so ready to upload things. I don't want my OS to upload anything at all, unless I command it to do so.


"The advanced features just couldn't work without it."

I don't know much about Windows 10, so I'm curious what features you are referring to that require heavy tracking like this.


Skepticism of heavy tracking is absolutely justified, so I want to address that first. I've read Richard Stallman's blog for the last 15 years, and he has had a lot of good thoughts about it. I think everyone should have access to privacy, but I don't think everything should be private.

Games are a good example. Nobody would expect a baseball player to object to tracking statistics. That's a big part of what makes the game. Online gaming is the same way. Tracking achievements adds to the fun for a lot of people.

But there are also larger social issues where tracking can be beneficial. We live in a world with a lot of diversity and an increasing amount of information. People get overwhelmed and tend to revert to tribal thinking, attacking anything that doesn't fit their group's perspective. I don't know if people on their own could ever get over this type of behavior in a world that's impossible to keep up with without taking mental shortcuts and relying on summaries of what's happening.

Personalized deep learning is an attempt to create a relatively neutral arbiter of all this information, distill it into something useful based not only on the user's behavior but also the aggregate of everyone's behavior. The algorithms don't just learn from what you like but have the potential to uncover interests and information that you might never be able to access outside your bubble.

Cortana brings that kind of aggregate information gathering to your desktop. It's an early example, and it needs lots and lots of data to learn, and the more diverse the data set it can analyze, the closer it can be to doing its job of feeding relevant information.

Windows 10 is also meant to be an Internet of Things OS. Lots of companies are working on connected devices that depend on syncing with your account. A common example for today is telling Cortana to remind you to pick up milk when you're at the store. The reminder goes to your account, and when your phone detects you're at the store, it reminds you to pick up milk.

Of course, there are people who are going to try to use this to sell you things, but that's always been the case. The hope of people working on these things is that it can bring you actually relevant suggestions instead of just the products with the largest advertising budgets. Old advertising models were very centralized and only the largest ones could really win. Personalized advertising might be able to bring the smaller but more relevant products to your attention.

Personally, I don't like advertising, and I'm not especially excited about this part of it, but that's definitely the monetary angle for it. The part that does excite me is the possibility that we can start to break down some of the communication barriers between people, get people outside of their bubbles, and bring relevant information to people based on large trends instead of isolated social groups.

There's plenty to be skeptical about here. Money tends to push things in directions that only benefit the ones with money. Microsoft and all the other IoT companies have a lot to prove before their products can be considered actually relevant for people. There's a good chance most of them will be no better than the old way of doing things. But there's a lot of potential there too.

Privacy should always be an option, but having a public online life can be good for people too.


You hit the nail on the head: ADVERTISEMENT.

If you do go through the installation/setup screen you will see that you have now a "advertizing ID". This made me feel edgy and I cannot shake the memory of the tattoo on the victim's forearm from the Nazi solution of its undesirable population, powered by no less than state of the art technical solution, provided by a top technical solution provider at the time.


> Personalized deep learning is an attempt to create a relatively neutral arbiter of all this information, distill it into something useful based not only on the user's behavior but also the aggregate of everyone's behavior. The algorithms don't just learn from what you like but have the potential to uncover interests and information that you might never be able to access outside your bubble.

That's an interesting statement considering how most recommender systems tend to suggest things related to your interests, further keeping you within the confines of your bubble. How is Cortana different?


We had speech recognition back in the 1990s on computers less powerful than a Raspberry Pi V1. We're talking 200-400mhz 32-bit Intel boxes. So yes, the cloud dependency is very dubious.

If leveraging a lot of data allows for better speech recognition, why can't your computer access a remote speech recognition data set that stores and shares the results of its machine learning algorithms rather than uploading actual audio data? Instead of sending actual audio, send and receive very non-personalized non-specific derived model data to/from a repository somewhere (or even peer to peer).


>We had speech recognition back in the 1990s on computers less powerful than a Raspberry Pi V1. We're talking 200-400mhz 32-bit Intel boxes. So yes, the cloud dependency is very dubious.

And did you ever use it? Forget sentences, it used to even struggle on a handful of keywords. Even now offline recognition are way far behind the online ones. I have pocket sphinx installed on my raspberry pi and even in a quiet room it has false positives with just a list of 10 keywords. Ohh what I would do to have an offline recognition system that is on par with Cortana/Siri/Google Now.


Not sure if you're being facetious or not but if you were right then we would just do it on our existing phones now.

In the 90s we had slow voice recognition that took a long time to train, that would only ever work for a single user, in a silent room... If it worked at all... Which wasn't very common.


> Not sure if you're being facetious or not but if you were right then we would just do it on our existing phones now.

The point is, some of us don't believe that this was an engineering choice.

> In the 90s we had slow voice recognition that took a long time to train, that would only ever work for a single user, in a silent room... If it worked at all... Which wasn't very common.

And in the 2000s we had fast voice recognition that took a little bit of time to train and that would work over a crappy microphone with loud music playing in the room, all of that running along other software on a $500 PC. I know because in 2007 I made my own Star Trek-like (with proper computer sound and voice feedback) voice recognition system I used to control music that was played on Hi-Fi speakers. It took me like 20 minutes to train it and it worked pretty much flawlessly from anywhere in the room. The voice was captured by a crappy mic I soldered myself from parts and placed on a wardrobe.

And the single-user-only mode? That's actually a feature, not a bug.


>Not sure if you're being facetious or not but if you were right then we would just do it on our existing phones now.

If we did it that way, then Marketing couldn't datamine their customers lives to find better ways to extract money out of them.


Android's supported on-device speech recognition in the keyboard since like 4.2 (maybe even 4.1)


It's not the words that need to be processed, it's the context.


Modern cars have offline voice recognition that just works, without training.


Hear hear. Of course the cloud is not necessary for good speech recognition. There is no magic there, it's just servers running against a corpus that gets updated often. No reason why this couldn't be done locally, and text queries sent out for non-local requests (such as, what's the weather gonna be).

But I gotta say, I have the feeling that the pendulum is gonna swing back pretty soon. I'm noticing more and more (regular) people being fed up and creeped out with the massive harvesting that Google, Facebook and Microsoft are doing. Opportunity awaits!


Do you remember how much training time you had to spend on Dragon Naturally Speaking?


... on a Pentium I, using 1990s machine learning algorithms, sure.

Nobody's answered my question as to why The Cloud is the magic pixie dust that solves this problem, and why it could not be solved locally with modern compute power and modern ML techniques.


There are several tremendous advantages to server-based speech recognition.

Firstly, the models (particularly the language models) needed for state of the art performance are huge. It's not atypical for papers to discuss using a billion n-grams, for example ( https://wiki.inf.ed.ac.uk/twiki/pub/CSTR/ListenTerm1201415/s... ). That's several gigabytes of memory and storage at the very least, and you'd need a copy of that for every spoken language you'd want to support. Plus you need to keep that up to date with new words and phrases; it's much easier to keep models fresh on a server than on everyone's computer.

Power and CPU time are also a concern. Big beefy server farms can have trouble keeping up with state of the art speech recognition algorithms; a laptop, tablet or phone is going to struggle, especially when running off a battery, is at a huge disadvantage.

But the biggest advantage to server-based speech recognition is indeed that more data is critical to improving accuracy and performance. There's no data like more data. And you don't just need more data, you need a lot more data. You can get big gains from just doing unsupervised training on 20 million utterance rather than 2 million: http://static.googleusercontent.com/media/research.google.co... There's simply no way you're going to get anything like 20 million utterances without getting data from millions of real world users.


This isn't actually true.

The large data size affects the training, but the model itself is pretty small now (after some hard work on Google's part).

The thing everyone seems to be missing is that Android's (English) voice recognizer is offline[1]. While you can use the online model I suspect that is more about continual update of the model (so it understands new words and changing accents etc) rather than recognition.

[1] http://stackoverflow.com/questions/17616994/offline-speech-r...


Android's speech recognizer has a compact/offline mode, but that's definitely not what's run by default.


Good speech recognition is that expensive?

... and people think sentient AI is on the horizon. :P


Because many people speak similarly. If a number of people who speak similarly can train it, it can learn how you will say words that you haven't even said to it yet if a number of other people already have.

Machine learning algorithms haven't changed that much since the 90s, what's changed is the amount of data we have access to, and the amount of data we can process.

When you're training it yourself the data is what's limited. The fact that we can process more data doesn't matter if we don't have access to more data because you can't speak any faster.

But if you have millions of people speaking to it, then we can take advantage of the fact that we can process so much more data.


You realize the 'personal assistant' functionality of today is slightly more complex than just speech recognition, right? Because, it is.


Can you give me an example?

And why not have all the features that can be done locally be done locally. If it's possible for my computer to understand me entering an apportionment, why should that go to a MS sever to be stored forever?


How do you think your computer can understand 'entering an appointment'?

There's a lot more that goes into understanding than JUST speech recognition. First of all, speech recognition by itself isn't exactly trivial, and that's become more and more obvious as we've seen the smallest accent mess with the digital assistants on all the major phones. Yes, technically, Dragon Naturally Speaking existed a decade ago and worked somewhat, but needed a LOT of training, and was dumb as a brick. It doesn't compare.

But beyond that, understanding the meaning of the spoken word is difficult too. Yes, NLTs exist, and they can be very good, but you really need something that a team is administering. They can identify pain points and do regular updates to help... things like an odd band name that is ALWAYS misunderstood, some odd combination of words that confuses a question with a 911 call, etc., otherwise you're just going to end up frustrated.

I should also mention that a digital assistant really needs the power of a full search engine behind it. This allows for auto-correction of mispronounced words, but it also allows near-instant lookups for relevant information. If this was running on your local machine, not only will the processing be slow for some things, it will also be more limited in it's ability to fully process all possible meanings, and it will need to be updated CONSTANTLY.

These companies, by putting the language processing in the cloud, are throwing teams and hardware at the problem, and yet they STILL have embarrassing difficulties when it comes to actually understanding sometimes. Consider that for a moment... hundreds, even thousands of servers running the latest software for processing natural language for multi-millions of people aren't capable of getting your meaning 100% of the time.

Incidentally, I realize that there some open source projects out there that do some rudimentary voice recognition and processing, however they suffer from the same issues addressed above and are MUCH more limited in many many ways. Many of them still make use of cloud-based services for processing the audio, btw. The one advantage, I will say, is that you have to ability to add your own custom commands and actions, which the major systems obviously don't allow.


Does it say that it will send actual audio data?

I mean more of my problem has to do with the fact that it's an open door than what they will actually do. It doesn't say they will send audio data, it at most says "associated input data" which for all I know could be a database from their algorithms, or it could be a live 24/7 stream from my webcam and audio device.

I guess the thing is that some things are not acceptable, and whether there's a disclaimer or not, people aren't going to like it if we find out that all of our audio is being recorded and uploaded to Microsoft. But it's not, not as far as anyone can tell yet.

But again, we're only worried because they're what, giving us the option to opt out? I mean, if they wanted to they could just go ahead and stick somewhere in the privacy policy something like "from time to time microsoft will upload certain input data for improvement of service quality, depersonalized information may be sent to partners." down in paragraph 24.c.iii. Or they could just not mention it at all.

The question is are you willing to trust the OS. I mean, hell, Ubuntu Linux went and sent all of your search information to Amazon without even giving you the option to opt out in the install process at one point. It could be disabled, but unless you knew about it in advance there was no option to do so. And Ubuntu is open source.

I can see use cases for it, and one actually ties into the location services. Say you're from a region with a specific accent. If the system can tell how you speak, and how other people speak around you, it might be able to create an accent subset for you based on the collective data from all of those speakers. It might be able to guess from a few sentences and your location that you're Glaswegian and start to understand you, not because you trained it, but because across the region many people have trained it a bit. Then with the location to tie the regional accent together, even if you're in the US once you've spoken a few phrases it might be able to identify you as belonging to that regional language group.

But uploading of all spoken data to Microsoft would be silly, not just because it would piss people off, but because it wouldn't be something you could hide, and it would end up being quite a lot of data that's really not that useful.

But could it be possible? Sure. But they could also do it without tipping you off or giving you the ability to opt out.


I've been waiting for this comment, I can see how the first set of customization options really seem like they'd help with the personal assistant. It would be interesting to get a full audit of where your data goes and what they can use it for (training your personal assistant, improving their algorithms, responding to Govt data requests, improving ads, etc).

As for incognito, can you sign into windows as guest now? Or even have multiple accounts on the same pc? If so you could create a guest/dummy account if you are interested in giving the personal assistant pure data.


It's still possible to create a local guest account, but that means giving up a lot of settings that I might want to maintain on the regular account, and it's a hassle to have to log out and in again just because I don't want to record something. Maybe I want to plan a surprise trip for someone who also uses the computer or get information about a strange rash that might be nothing without making that part of my permanent record. Maybe I want to let someone else use software which requires an account, like edit a file on Adobe CS or fix a bug inside Visual Studio, without having everything they do become part of my profile.


> It's still possible to create a local guest account

Is it? I haven't tried the release build yet but this was removed from the preview.


Good point an incognito button would make it a lot easier, but this could be a work around.


I love this idea - I just submitted it as a suggestion in the feedback app.


> fine-grained permissions of Windows Phone

What do you mean by that? Not only you can't set any access rights for applications (they get what they ask for and you can either accept all or not install the application), but the OS also synchronizes your main account's contacts and calendar to THE CLOUD without asking you, telling you, and even without a way to opt out of it.


> OS-wide incognito mode

Great point...

Where's that utopian future where we bounce between a dozen purpose-built VMs, each customized to the task we're doing?


There's an OS project run by Joanna Rutkowska and some other folks called Qubes that does exactly that. It's really interesting work by sharp people.

https://www.qubes-os.org/


> I do think that Windows needs an OS-wide incognito mode, just a simple switch to record or not record data.

Sounds like switching to a guest account. Not as quick as a simple "toggle data recording" button, but that functionality is definitely already in Windows.


"I expected to see all these as defaults".

It would be fine if they were defaults if you actually saw them.


What are you talking about? From the article, the "get going fast" picture displays the settings you're agreeing to when using the express settings. It's one page of content. And clicking on "customize" gives you more detail.

I mean, I agree with the article that the layout is definitely pushing people who don't care to just pressing "agree", but if you care about privacy, it's not like it's hidden from you.


I dunno, it's not nearly as clear as the individual setting explanations.


> Microsoft is generally one of the most restrictive companies when it comes to sharing data.

Citation needed?


>I expected to see all these things as defaults

Really? You expected what is basically a built-in keylogger?


Windows is now essentially a personalized, cloud-based operating system with the primary interface as a personal assistant

They should have called it "Clippy's Revenge"


It looks like Microsoft has installed the "back door" that FBI Director Comey wanted.[1][2] That may be the real motivation behind these "features". The "backing up" of the local drive encryption key to Microsoft servers is one of the things the FBI specifically asks for. Any press reading this, ask Microsoft what communications they've had with the FBI regarding backdoors.

[1] http://www.theguardian.com/technology/2015/jul/08/fbi-chief-... [2] http://www.theguardian.com/us-news/2014/oct/16/fbi-director-...


I get this whole skepticism thing, but Microsoft has been backing up BitLocker keys in OneDrive since at least Windows 8.

I have personally used the feature several times to recover my drive keys.

There's no evidence here that Microsoft has installed a "back door" for the FBI.


Would you assume that they haven't and trust your secrets to that assumption?


And what secrets are those? If you think that you are secure because you don't use bitlocker or windows AND THAT'S ALL that you do...you aren't secure, you just have bad UI.


I might be blind, but where was that assertion made?


I might just be tired of hearing the same arguments over and over, but it I did see the assertion that BitLocker shouldn't be used to keep your "secrets". As if the choice of which drive encryption software you use on your laptop should be your primary concern when securing yourself against an adversary. (The primary concern is to thoroughly evaluate your adversary and look at your available options for opsec and InfoSec. Maybe you need drive encryption. Maybe you need burners. Maybe you should only use public terminals. Etc. It also means seriously asking yourself if you actually have an adversary or just like to think that you might some day.)

Just sort of saying..."How can you trust MS NOT to have backdoored bitlocker just use Linux. Suck it NSA." Won't actually make you secure.


Right but 'they reached too far during Windows 8' isn't an argument for reaching too far on Windows 10 (plus, Windows 8 really wasn't that long ago so it's still a pretty new policy).


I find it shocking how people readily accept Google's far worse policies, and yet are so concerned about an easy opt out.

For instance, in Android, Google tracks with GPS accuracy your whereabouts constantly. This isn't just what IP your desktop is attached to. Furthermore, there is no prompt telling you this happens with a very easy way of undoing. In fact even if you knew about this it is very hard to find a way to disable.

Secondly, Chrome send every website you visit to their servers to be logged. Again, this is not explained in some easy opt-out screen and in fact the only way to get around this is to use SRWare Iron, where they removed that code.

But Microsoft makes it easy for you to choose the privacy options even telling you about them on install.


> I find it shocking how people readily accept Google's far worse policies, and yet are so concerned about an easy opt out.

For me it's because I control my interaction with Google. I don't use their search for things I don't want them recording, I don't use gmail for conversations I expect to be private. Once your talking about the private files I store on my hard drive and access with the OS, the keystrokes I enter on my keyboard for every application, then the reach is far greater. Having a company like Google say "You can use these services, but we're going to spy on you" is not the same as MS saying "we will be watching and have access to everything on your computer, oh and you can't disable all of this spying without an enterprise license."


And MS made it hard to change operating systems. On linux, you get live oses, and easy multi-os with a boot menu. With msft making it hard/impossible to change oses with secureboot, it's just not possible to suspend disbelief that your interests have any reasonable parity with msft's own interests.


This is completely false. For one thing, SRWare Iron is a scam:

http://www.insanitybit.com/2012/06/23/srware-iron-browser-a-...

For another thing, Chrome doesn't log every website you visit. The closest thing they do is suggest autocompletions for searches/URLs you type in the URL, which is a straightforwardly-explained checkbox in Chrome's privacy settings.


> Chrome doesn't log every website you visit

But it does. If you get a new android phone and log in with a google account then it updates your browser history on chrome. Which could only be done if your non-incognito history is stored in google's servers.


Oh, I forgot about that - that feature wasn't available when Chrome was launched.

To be fair, that feature also isn't very hidden; the sync settings let you turn off history sync or use a sync passphrase which prevents Google from seeing your browsing history.


Microsoft was caught with their pants down returning google search results to microsoft via internet explorer. They call it "a signal" for bing. The difference between google and microsoft is microsoft isn't as forthcoming regarding what information they retrieve. No dashboard to browse everything microsoft tracks... You just have to trust microsoft. Good luck with that.


The Google updater is the main reason that I don't install Picasa or Chrome... that's a good thing if Iron doesn't use it.


>I find it shocking how people readily accept Google's far worse policies

I find it shocking how hypocritical Microsoft was towards Google all these years only to find out their even worse than Google because they baked these privacy "violations" into their browser.

>Secondly, Chrome send every website you visit to their servers to be logged

Utter bullshit. I don't login to Chrome when I use it and none of my URL's are sent to Google.


> Secondly, Chrome send every website you visit to their servers to be logged. Again, this is not explained in some easy opt-out screen and in fact the only way to get around this is to use SRWare Iron, where they removed that code.

Citation?


My experience:

A while back I put together a Linode server for a small project. Because I was lazy I made a private page of web links for the site logs and made the URL something long and obscure with plenty of backslashes that couldn't be spidered or guessed. The main site had no Google analytics and barely any traffic.

When I checked the logs a couple of days later my private log page had been accessed externally. The visitor's IP address was in one of the ranges that belongs to Google.

So... I changed the URL, looked at the new URL in Chrome, and checked again a day later.

Same thing. Someone - or something - from Google was accessing my private URL, based on my Chrome history.

I changed the URL again and switched to Safari.

Nothing.

Clearly, Chrome phones home and Google feels entitled to check new URLs that it can't spider. Safari doesn't phone home. (Or if it does, no one at Apple cares enough to check weird URLs).

I don't think any other conclusion is possible.


Have you tried Chromium? Just curious because this is my go to browser instead of Chrome and I am under the impression that it should not do this. Although I could be mislead. easy download through the following: http://chromium.woolyss.com/


I prefer Safari because I always thought it weird to let a company who's primary revenue is targeted advertising control my browser.


So instead you use a browser from a company whose goal is to control all your purchasing?

Yesterday one of my friends bought a mac. He needed a credit card before he could install vim... vim needs brew, which needs xcode, which needs the istore, which needs an appleid, which needs (well, wants) a credit card on file.


Hmm, I don't think you need a credit card on file. You can select "None" as your payment method. This should allow you to download anything that's free (they'll still ask you for a credit card if you try to download something paid, of course). You installed XCode dev tools and you're set.


You're probably quite right - I'm just going off my friend's report.


> Google's far worse policies

While I don't disagree that Google does consume a lot of user data, I'm pretty sure most of these are opt in or at least explained fairly up-front, and that their resultant policies are no worse than Microsoft's.

Can you give an example of where their policies are clearly worse?


Read more than the first sentence?


> Secondly, Chrome send every website you visit to their servers to be logged.

Well, I thought Google already tracked you whichever browser you use, via its advertising networks.

However, it does offer good control and opt-out cookies for the (whatever) 0.0001 percent of people who find out about this and actually give a damn.


phone tracking and triangulation always existed, even before Google. Honestly you can't compare Google to Microsoft.


I've never understood how people can truly believe that by checking (or unchecking) a checkbox their privacy will be fully protected. Especially since we're talking about a closed-source OS.

I mean I cannot possibly verify what exactly goes on in the annals of the operating system and what happens to my data, where it is logged and where it is stored and how it is sent.

So regardless of the settings, I always assume that my data is logged and read by some creepy agent in the Ministry of Truth.

If it's not, then I'm just lucky.

Having grown up in a totalitarian state, that's the default way I think about this stuff and no amount of promises (except the source code which I can personally compile) can make me trust any 3rd party corporation.


> I've never understood how people can truly believe that by checking (or unchecking) a checkbox their privacy is fully protected.

You mean besides the fact that collecting personal data without your consent is illegal?


I guess you missed this part:

> Having grown up in a totalitarian state, that's the default way I think about this stuff and no amount of promises (except the source code which I can personally compile) can make me trust any 3rd party corporation.

He does not trust corporations or governments to act within the confines of the law.


Unless, of course, the government is requesting or demanding your data without your consent.

I can't imagine any company in the pockets of the NSA getting in trouble for over-collecting user data.


How quaint.


When the President does it, it is not illegal.


Like Microsoft haven't done illegal things before?


There is some risk but it's not high. Microsoft is a huge, rich company. If it leaked they were violating their own privacy policy that blatantly, there would be the mother of all class action lawsuits.

There would federal CFAA, Economic Espionage Act, etc., investigations plus antitrust abuse investigations.


How do you explain PRISM and similar revelations about surveilance and spying ?

The corporation itself might behave like an angel, but there are agencies which can force it to open or install backdoors. Given that the number of such requests is relatively small, the probability of it being detected is low and even if the victim does notice it, then the corp can always say - "they twisted our hands".


As far as I can tell, PRISM was about getting access to data the company was already keeping. So the NSA would get your Google Location data, but only if you were giving to Google. As far as I know, the NSA hasn't made someone collect it anyway.

Legally, the heart of the NSA legal basis is the 3rd party doctrine that states that data held by a third party isn't private. It would be a very illegal search to have Microsoft invade your privacy under NSA order.

Of course, there is also some risk that the NSA or some other party goes rouge as does it anyway. But you have that problem with essentially all software and hardware.

You'd have to compile your own OS from source code you inspected thoroughly. And even then, the NSA is almost without a doubt sitting on linux 0-days.

And literally (and I don't mean figuratively) nobody knows whats on all the firmware in all the components in all your devices.

The risk of being an NSA target is super low. The harm in being a false positive target is pretty low too. Even if the NSA hacked your windows install, they won't find any plans to blow up the Sears tower and then go about their business.

Compared to risk that a car accident will destroy your existance, who cares about this tiny risk.

I probably wouldn't windows if I were a KGB agent, but other than that, why worry.


> Even if the NSA hacked your windows install, they won't find any plans to blow up the Sears tower and then go about their business.

This is just a restating of "if you have nothing to hide, you have nothing to fear". That's already been discussed recently [1] already so I won't re-tread.

> Compared to risk that a car accident will destroy your existance, who cares about this tiny risk.

Because it's not about the risk, it's about the intellectual climate the situation creates. Notice that because of car accidents there is a lot of focus on car safety, stopping drunk drivers, texting while driving, etc?

Surveillance is like that. As in a panopticon [2], when there's a chance you're being surveilled, certain conversations and ideas feel dangerous. Sometimes because they're antiestablishment but other times just because you're worried they'll be misconstrued. The net effect is censorship through fear.

[1] https://news.ycombinator.com/item?id=9869755

[2] https://en.wikipedia.org/wiki/Panopticon


What's more, opting out essentially marks you as more interesting to spy on.


An OS which doesn't have any checkboxes at all could do this too. Do you trust an OS without any checkboxes?


The OP was clearly saying that you should never trust any proprietary OS. Period.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: