Latest Leak Shows Microsoft Handed The NSA And FBI Unencrypted Access To Outlook, SkyDrive And Skype

from the MS-US-Internet-Explorer-10,-now-available-for-download! dept

Microsoft has painted a picture that its relationship with the NSA and FBI isn't a cozy one, but one based on forced compliance. The company has recently been taking shots at Google with its "Scroogled" campaign, claiming it kept users' data more secure. Then news surfaced that Microsoft was providing intelligence agencies with zero-day exploits for deployment by the agencies before getting around to patching them, leading to questions as to its expressed concern for its customers.

The latest leak released by the Guardian paints the company as a willing "team player" working closely with the FBI and NSA to allow unfettered access to the data of its customers.

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

• Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
This damaging set of documents indicates that Microsoft talks a pretty good game when it comes to privacy, but the protection it actually offers is less than skin deep.
Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."

Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."
Microsoft's actions say otherwise. Skype alone gives the NSA and FBI access to over 600 million users worldwide despite Skype's earlier claims that these calls couldn't be tapped.

Microsoft has responded to this leak with a statement claiming its actions are above-board and completely legal. The NSA released a statement as well, claiming, as Microsoft does, that everything detailed is fully compliant with applicable laws. As usual, the NSA statement makes reference to "strict oversight" and "careful monitoring," empty phrases its deployed before that are ultimately meaningless without any corresponding transparency.

Again, speaking to the "legality" of these actions is nothing more than self-serving rhetoric. As has been expressed before, the real scandal isn't that large-scale surveillance is happening. It's that it's legal. Secret courts issuing secret interpretations that companies like Microsoft are compelled to comply with. Microsoft may say it "rejects" demands that it doesn't deem "valid," but does anyone not think these rejections aren't simply overridden?

There are ways to comply with government requests which don't take the form of working closely with intelligence agencies to undercut the same privacy you're telling the public you're so interested in protecting. (Maybe ask Twitter for some advice...) Giving intelligence carte blanche access to data pre-encryption doesn't sound like the actions of a company that regularly challenges government requests. It sounds more like the compliance of a company who'd rather not jeopardize OS sales and support to one of its biggest customers.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, nsa surveillance, pre-encryption access, prism, surveillance
Companies: microsoft, skype


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Alana (profile), 11 Jul 2013 @ 12:34pm

    Sounds like the word "Microsoft" also describes their efforts to keep users information private.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 11 Jul 2013 @ 12:36pm

    Untrustworthy...

    It seems that just about everyone involved in transmitting data, has been eagerly handing it to the NSA. It goes without saying that M$ is a conniving, crooked, dishonest and untrustworthy sack of sh*t, however is there nobody out there to trust anymore? Do I need to move to another country? Or would it not even make a difference?

    link to this | view in thread ]

  3. icon
    Rikuo (profile), 11 Jul 2013 @ 12:52pm

    Well, I'm dropping Skype at once, and am going to urge everyone I know to do the same. Anyone know of any VOIP service that isn't based in the US?

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 11 Jul 2013 @ 12:53pm

    I knew the moment I saw that cloud it could not be trusted.

    At least according to orig article there's massive (secret) oversight and accountability to (secret) courts.

    The reason we have laws is that people who "can", "do". If they can spy, they will. If they can railroad a person and take their property, they will. We can't really stop people from going on like this, but we can keep it illegal so there is some slice of hope for justice down the road for victims of those who "did".

    I'm just hoping that after all this we the sheeple don't make this crap legal.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 11 Jul 2013 @ 12:55pm

    Re: Untrustworthy...

    And those that aren't in a position to hand over all the data to the NSA are probably branded as "copyright infringement" organizations.

    Starting to become clear why the U.S. government went after Megaupload so strongly...

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 11 Jul 2013 @ 12:56pm

    Wow. Very few countries or citizens will be willing to run MS Spyware Software (MSSS) after this.

    If anyone has stock in Microsoft, consider selling it ASAP before the bottom completely falls out. It's already been falling out with Win8 and flopRT, but these new revelations make MS's bottom look like it's made out of wet cardboard.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 11 Jul 2013 @ 12:57pm

    Is the push for cloud solutions coming from the software companies or from the NSA?

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 11 Jul 2013 @ 12:57pm

    Good news! Now all the hackers know which end of the chain to attack. Nice own goal, MS - for all your talk of consumer privacy, you sure suck at it.

    link to this | view in thread ]

  9. icon
    That One Guy (profile), 11 Jul 2013 @ 1:00pm

    Might have jumped the gun a bit there...

    Going on the attack against other companies, talking about how 'serious' you take customer privacy, only to have it revealed that you're only serious until someone asks for customer info, in which case you do everything in your power to help them get it... yeah, just kinda screwed up the PR efforts there.

    On the other had, this does offer one heck of a PR chance for those other companies... 'Yes we may be forced to hand over customer data when ordered to by the government, but unlike companies like Microsoft, we don't go out of our way to assist in the collection of your personal data.'

    (Semi-related tangent)
    Honestly, with how close MS is proving to be with various government agencies, and the Xbone's mandatory, always on camera, I can only assume that anyone still planning on buying it is obsessed with the few games listed for the system, and/or is simply has no clue as to the MS/government connections.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:00pm

    Re:

    All of the above?

    Copyright-maximalist organizations love that cloud storage gives them the ability to remove your access to content too...

    And advertising-centric companies (Google, now Microsoft as well), love that they can force you to view ads or mine your data for marketing content whenever you use their services.

    What we really need are more free, convenient, "do it yourself" cloud devices. I know several linux-based solutions already exist that you can run from home, or from your own hosted server, but they don't easily integrate with all devices like dropbox, google drive, or skydrive would.

    link to this | view in thread ]

  11. icon
    John Fenderson (profile), 11 Jul 2013 @ 1:00pm

    Re: Untrustworthy...

    is there nobody out there to trust anymore


    There never was and there never will be. It's one of the main reasons why you should not allow any third party to hold or transfer data that you don't want anyone else to see -- that rule has always been true, and in these days of the cloud fad, it's even more important to keep this in mind.

    For best results, minimize the amount of data stored by third parties, and encrypt everything.

    link to this | view in thread ]

  12. icon
    Josh in CharlotteNC (profile), 11 Jul 2013 @ 1:00pm

    Re: Untrustworthy...

    Wouldn't make much difference, no. If you want to keep your information secure, you cannot trust companies, nor governments and their laws.

    "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."
    -- Bruce Schneier

    link to this | view in thread ]

  13. icon
    Shawn (profile), 11 Jul 2013 @ 1:01pm

    "• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases; "

    That may explain why I spent 20 minutes of reading web posts and clicking all over the outlook.com to try and figure out how to setup a quick email alias. I gave up and set it up on one of my gmail accounts.

    link to this | view in thread ]

  14. icon
    John Fenderson (profile), 11 Jul 2013 @ 1:04pm

    I can only assume that anyone still planning on buying it is obsessed with the few games listed for the system, and/or is simply has no clue as to the MS/government connections.


    While I don't think the camera on the XBox is as big of a problem as it's made out to be, the close and cozy relationship between Microsoft and various TLA intelligence agencies goes way back and has been common knowledge for decades, at least in the software industry.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:05pm

    Wonder if we'll see a proper audit of Linux due to the NSA playing a major part in the designing and coding of selinux in light of all the revelations.

    link to this | view in thread ]

  16. icon
    Mark Harrill (profile), 11 Jul 2013 @ 1:06pm

    More Porn!

    Prism to collect video of conversations as well as audio


    So the NSA's true motives come out! They didn't think there was enough porn on the internet so they recorded video and audio from Skype to get more?:)

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:07pm

    Re: Re: Untrustworthy...

    And furthermore - should you trust proprietary, closed-source software written by a third party?

    How do we know there isn't a government-mandagted secret way to circumvent the HTTPS certificate management in Internet Explorer to make man-in-the-middle attacks easier?

    Are our computers betraying us in ways we don't even know about yet?

    There comes a point where conspiracy theorists like Richard Stallman are correct - the only software you can trust is the software you can inspect, modify, and rebuild yourself.

    And then there's the hardware...

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:09pm

    thanks, microsoft.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:10pm

    Re:

    Jitsy. Google it.

    link to this | view in thread ]

  20. icon
    Designerfx (profile), 11 Jul 2013 @ 1:12pm

    outlook?

    outlook spying too?

    that means they're enabling FBI/NSA spying on enterprise customers, too.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:15pm

    It's that it's legal. Secret courts issuing secret interpretations that companies like Microsoft are compelled to comply with. Microsoft may say it "rejects" demands that it doesn't deem "valid," but does anyone not think these rejections aren't simply overridden?

    If a law is unknown it is not law. It is simply a codification of the practices of dictatorship.

    I know people like to play mental tricks to self-justify and pat themselves on the back... but really... secret laws? What the hell good is a secret law to anyone.

    There are no secret laws. Who is beholden to a secret law? The law is only good for the people with access to and protection under it.

    Law is our set of guidelines by which we can run a maintain society... agreed upon social norms that we set as standard expectations so that we can more peacefully get along in commerce and fellowship.

    A "secret law" is an oxymoron if there ever was one.

    Secret rules are only set to let secret men feel secure about doing awful things to lawful citizens.

    Their secret "law" is a farce. Time to burst their bubble.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:17pm

    Re: outlook?

    To be fair TOA only referenced the Outlook.com web service. Not that it has to stop there... but they didn't mention the stanalone clients and Exchange servers.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:17pm

    Re:

    Absolutely NOTHING in the cloud can be trusted. If the data is not on machines controlled by you (sitting on your desk) its almost certainly being passed around without your consent. And that so say nothing of spyware...

    There is a cyber-pearl harbor going on right now, its just that this "cyber-war" is being waged by the government against the people, not the other way around. Our privacy and security have already been sunk, and our civil liberties are burning and down by the head.

    Nonetheless, I hope all they have done is to awaken a sleeping giant and fill him with a terrible resolve...

    link to this | view in thread ]

  24. icon
    jupiterkansas (profile), 11 Jul 2013 @ 1:20pm

    "I am Jack's complete lack of surprise."

    link to this | view in thread ]

  25. identicon
    Simon, 11 Jul 2013 @ 1:22pm

    Microsoft's outlook advert sez "Your privacy is our priority!"

    Crafty buggers.

    link to this | view in thread ]

  26. icon
    madasahatter (profile), 11 Jul 2013 @ 1:27pm

    Re: Re: Re: Untrustworthy...

    "And furthermore - should you trust proprietary, closed-source software written by a third party?"

    You raise an interesting question because with third partry closed-source software you can not review the code for any back doors. With open-source software, you can review the code for back doors and it would be harder to hide a back door in the code. The issue is how much do you or I trust the specific vendor of the closed-source software. The openness of open-source software is inherently more trustworthy because the developers are not deliberating hiding anything.

    I wonder long-term how the NSA spying scandle will affect Windows or MS Office in particular if customers decide enmass MS can not be trusted.

    All commercial transactions rely heavily on the buyer believing then can trust the vendor and manufacturer (if different). Contracts are often used to codify and clarify the relationship but do not remove the element of trust.

    Oddly it may be in MS' long-term best interests to consdier making their products open-source.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:27pm

    Re: Re: Re: Untrustworthy...

    Just to make you really paranoid read On Trusting Trust by Ken Thompson. Just follow the plot and ignore the code details.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:29pm

    Re: Re: Re: Untrustworthy...

    Ha

    I find it hilarious every time someone calls Stallman a "conspiracy theorist".

    Stallman is probably the one person in the world who is fighting for your freedom to use a computer. He takes such ridiculous precautions when using his computer because he knows more than anyone that every last byte of info that's being transmitted is being used against him. We're only now finding that out nearly twenty years after he realized it.

    All I'm saying is: Branding people as "Conspiracy theorists" without taking the time to understand what it is they are saying is the move of a sheep. "Four legs good, two legs bad" and all that. I find it unreal that people are still calling him that when it has been revealed that he was right all along.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:33pm

    It's true. I was thinking about Stallman, too as I read this article. He did hit MS spying closer to the mark than I think any of us imagined.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:34pm

    Re: Re:

    Any Skype alternatives for iOS?

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:35pm

    Re:

    It is probably doing what it says on the tin, as the source code is open to inspection by foreign agencies and it is used by US agencies.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:36pm

    Re: Might have jumped the gun a bit there...

    With the Xbone, anyone who buys it at this point just doesn't care. They can't possibly fathom how a context-sensitive camera in their house could be used against them.

    link to this | view in thread ]

  33. icon
    Chris Rhodes (profile), 11 Jul 2013 @ 1:39pm

    Re: Re: Re: Re: Untrustworthy...

    Even worse: how do you know a closed-source compiler isn't inserting back doors into any open-source code you compile?

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:40pm

    Re:

    Linux, the kernel, is audited all the time. I'm pretty sure SELinux has had complete teardowns more than a few times because literally no one trusted them when they first announced they were releasing open source software.

    The thing to worry about isn't the integrity of the kernel, it's all the damn packages that every user feels they "need to have" in order to run a computer. All the driver blobs, and packages that aren't found on repositories, or extensions that are seemingly made out of thin-air? Those are the things that need constant, 100% scrutiny.

    It makes far more sense for the NSA to let the user bug themselves than it is for them to attempt to infiltrate a close-knit group of some of the best programmers in the world. It's why Facebook is so popular.

    link to this | view in thread ]

  35. icon
    Paul Renault (profile), 11 Jul 2013 @ 1:40pm

    Soo close. Was: Re: Re:

    Jitsi, no Jitsy.

    https://jitsi.org/

    link to this | view in thread ]

  36. identicon
    PRMan, 11 Jul 2013 @ 1:40pm

    And people made fun of me

    And people made fun of me for not wanting to put all my documents on SkyDrive.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:41pm

    Re: Re: Re: Re: Untrustworthy...

    Well, he IS a conspiracy theorist.

    The difference here is that the conspiracy is real.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:41pm

    Re:

    if a law is unknown, it is not law


    Tell that to the men with the guns.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:43pm

    Re: Re: Re: Re: Untrustworthy...

    "I wonder long-term how the NSA spying scandle will affect Windows or MS Office in particular if customers decide enmass MS can not be trusted."

    In all likelihood, not at all. Their biggest customers are the government, if anything this makes them even more likely to buy.

    And for the sheeple? They just keep using Windows, because its easy. Linux is still very hard to work with, often requiring knowledge of the command line to do even basic tasks. And although, most games work on Linux (with wine), they often don't work well, that's the only reason I still dual boot...

    And Apple, well, lets just say that hamfisted control over everything has been their game from day one. I'm sure they willingly hand over every byte of data to the NSA, after scrutinizing it carefully themselves of course.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:44pm

    Re: Re: Re: Re: Re: Untrustworthy...

    You don't... That's the problem...

    link to this | view in thread ]

  41. icon
    Paul Renault (profile), 11 Jul 2013 @ 1:45pm

    Re: Soo close. Was: Re: Re:

    I should have given a more complete answer:

    Linphone supports iOS.

    See here:
    https://en.wikipedia.org/wiki/Comparison_of_VoIP_software

    Of course, spend some quality times with the Wiki page, then with the various sites that look like good candidates.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:45pm

    Re: Re:

    Sorry but open to inspection means SFA until the code is audited and verified.
    Some coder alleged to have inserted backdoors into OpenBSD at the behest of the FBI, the devs went over their code with a fine-toothed comb to prove it was clean.
    A similar approach from the Linux devs certainly wouldn't go amiss.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:48pm

    Re:

    Is windows secretly recording all activity as well?

    link to this | view in thread ]

  44. icon
    pixelpusher220 (profile), 11 Jul 2013 @ 1:49pm

    Re:

    link to this | view in thread ]

  45. identicon
    Scott Dunn, 11 Jul 2013 @ 1:52pm

    Quid Pro Quo?

    Maybe they would appreciate some additional help with patent and copyright enforcement and compliance is the tradeoff.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:55pm

    Re: More Porn!

    This must be where all the porntube sites get there videos...

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:56pm

    Re: Re:

    Tell that to the men with the guns.

    Almost want to click insightful there. I'm cannot deny reality; firepower always wins hands down.

    However that has been true since well before the Magna Carte.

    This doesn't change the fact that a 'secret law' does not exist in a society of Rule of Law; only in dictatorships. If I recall correctly.. that's not (or was not) supposed to be how we run things here.

    link to this | view in thread ]

  48. icon
    John Fenderson (profile), 11 Jul 2013 @ 1:56pm

    Re: Re: Re: Re: Re: Untrustworthy...

    how do you know a closed-source compiler isn't inserting back doors into any open-source code you compile?


    You don't, obviously. However, there's an interesting historical event around this kind of thing that involves open source and should be kept in mind:

    Dennis Ritchie, the designer of the first C compilers and one of the authors of the original Unix, had put an administrative backdoor into the OS's login program.

    Just in case someone was looking through the source code and found it, he also altered the C compiler itself to check for this and to reinsert the backdoor if the login program was recompiled.

    This went completely undetected until he revealed it himself in his acceptance speech when he got a Turing Award.

    The lesson: just using open source -- although better than using closed source -- is no panacea for this sort of thing. Stuff can be hidden in open source code such that it's hard to find (if, indeed anyone looks).

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:56pm

    Re: Re: More Porn!

    or their videos...

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 11 Jul 2013 @ 1:57pm

    Re: Re:

    You have no reason to believe that it's not.

    link to this | view in thread ]

  51. icon
    John Fenderson (profile), 11 Jul 2013 @ 1:59pm

    Re: Re: Re:

    If you're so concerned about surveillance that you want to avoid Skype, you should also look seriously into avoiding iPhones entirely. They're pretty spyriffic.

    link to this | view in thread ]

  52. icon
    John Fenderson (profile), 11 Jul 2013 @ 2:02pm

    Re:

    At this year's CloudCon, Keith Alexander, director of the NSA, outright told everyone that they should be using cloud services. So there's that.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 11 Jul 2013 @ 2:05pm

    Wait a minute

    I have to put on my shock face

    link to this | view in thread ]

  54. icon
    John Fenderson (profile), 11 Jul 2013 @ 2:06pm

    Re: Re:

    Tell that to the men with the guns.


    Just because armed thugs says something is legitimate law does not mean it's legitimate law. Although when guns come into play, all that becomes academic.

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 11 Jul 2013 @ 2:20pm

    Everyone is missing the bigger story here. Microsoft just admitted they have back doors into the email service of choice for every large corporation out there. This is pretty huge when you consider that companies like the one I work for directly compete with Microsoft's other products. They've actively developed a backdoor into their competitors inbox. Regardless of the reasoning for doing it, that now exists.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 11 Jul 2013 @ 2:27pm

    Who wants to deploy on Azure now?

    I have a hard time believing this is true because Microsoft just isn't that stupid.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 11 Jul 2013 @ 2:29pm

    Re: Untrustworthy...

    Move to another country and you lose even the minimal "protections" against the NSA scooping up all your Internet traffic.

    link to this | view in thread ]

  58. identicon
    Alex Elsayed, 11 Jul 2013 @ 2:32pm

    Re: Re: Re: Re: Re: Untrustworthy...

    Worse yet: How do you know a closed-source compiler at some point in the past inserted a backdoor into an open source compiler it compiled?

    "Trusting Trust" is an absolutely brutal avenue of attack, although there are (fortunately) ways to beat it.

    https://www.schneier.com/blog/archives/2006/01/countering_trus.html

    link to this | view in thread ]

  59. icon
    John Fenderson (profile), 11 Jul 2013 @ 2:35pm

    Re: Re: Re: Re: Re: Untrustworthy...

    Linux is still very hard to work with, often requiring knowledge of the command line to do even basic tasks.


    This hasn't been true for a long time. I personally know three non-computer-geek people who switched to Debian and had no problems at all. They've yet to even open the command line.

    link to this | view in thread ]

  60. icon
    Zangetsu (profile), 11 Jul 2013 @ 2:51pm

    Clear Violation of Privacy Policy

    Since this seems to be a clear violation of their Privacy Policy can they be sued? Since they say that they are a TRUSTe certified site and this seems to indicate that they have violated that standard should they have their accreditation revoked? Regardless of whether or not what they did was illegal, their violation of their own Privacy policy and the violation of the TRUSTe guidelines seems to indicate that, at the very least, some innovative young lawyer is going to start a class action lawsuit against Microsoft on those grounds. I hope the John Steele fiasco is over by then because there are only so many court cases that I can keep track of.

    link to this | view in thread ]

  61. identicon
    FM Hilton, 11 Jul 2013 @ 3:18pm

    Worst fears realized

    About 2 years ago, when MS stated that they would be buying Skype, that was the end of the road for me and that program.

    I'd heard vague mutterings about the NSA and MS previous to that, and I assumed that they would hand over the keys to their newest acquisition promptly.

    I was right, and justified in not again using Skype. I don't do that anymore..because MS can't be trusted, along with all the other big tech companies.

    Pretty soon we'll be back to using landlines and coffee cans for communication, and FTP servers to send files.

    Yes, indeed, such a secure feeling now, isn't it?

    Let's just now assume every single tech company has been co-opted by the NSA, and assume everything is sent to them either voluntarily (most of the time) or involuntarily.

    Don't listen to their 'well, we really value your privacy."-with fingers crossed behind their backs. They're laughing at us, you know. We're idiots-we trusted them too much, and all the while they were selling their souls to the US government.

    Let's just shut down the Internet. It's done.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 11 Jul 2013 @ 3:53pm

    Another reason to trash Micro$oft and switch to GNU/Linux.

    link to this | view in thread ]

  63. identicon
    Anonymous, 11 Jul 2013 @ 4:03pm

    Never trust government or big business.

    link to this | view in thread ]

  64. identicon
    Anonymous, 11 Jul 2013 @ 4:11pm

    Re: Re:

    No...not secretly. Windows keeps all kinds of logs. From cache to history to thumbs.db, it logs everything. Use a good cleaning program like Tracks Eraser Pro or CleanUp!, and you will see many of the logs Windows keeps as the program is cleaning. And you can stop thumbs.db by cleaning it and then checking "Do not cache thumbnails".

    link to this | view in thread ]

  65. identicon
    Anonymous, 11 Jul 2013 @ 4:15pm

    Re:

    Or what Melinda Gates says about Bill's penis.

    link to this | view in thread ]

  66. icon
    John Fenderson (profile), 11 Jul 2013 @ 4:19pm

    Re: Clear Violation of Privacy Policy

    Since this seems to be a clear violation of their Privacy Policy can they be sued?


    No, because they didn't violate their privacy policy. Read it -- there's a clause in there about how they will give any or all information in response to legal requests from the government. Nearly all privacy policies include wording along these lines.

    link to this | view in thread ]

  67. identicon
    Degregger, 11 Jul 2013 @ 4:38pm

    Response to: Alana on Jul 11th, 2013 @ 12:34pm

    There is a way to circumvent NSA spying completely. Get a VPN tunnel that uses something that is known as perfect forward secrecy (as an example google: "HushTunnel") and run your Internet facing apps through it (web, email, Skype ...)

    link to this | view in thread ]

  68. identicon
    Degreggee, 11 Jul 2013 @ 4:41pm

    How to circumvent wiretapping

    There is a way to circumvent NSA spying completely. Get a VPN tunnel that uses something that is known as perfect forward secrecy (as an example: "HushTunnel") and run your Internet facing apps through it (web, email, Skype ...)

    link to this | view in thread ]

  69. identicon
    FM HIlton, 11 Jul 2013 @ 5:42pm

    An uncomfortable thought

    Ok, so now we know MS has been working hand in glove with the NSA to intercept data/information/user details.

    That much is a bit of a wowser, true.

    What if: they went a step further, and MS made a undetectable piece of software that got into all of their security updates for every single registered computer which allows the NSA to directly access the user's computer without detection by the computer user? It wouldn't set off alarms or your AV at all.

    Sort of a 'submerged subprogram' that innocently installs as part of the updates that MS is famous for.

    Don't tell me it can't be done. We know what they've done so far, and this isn't that far fetched, now, is it?

    Paranoid? Perhaps....but one never knows what kind of 'working relationship' the NSA is capable of making with companies do we?

    "We'll make you an offer you can't refuse-if you give us all this stuff, your company will never be prosecuted or sued again for whatever you did before."

    It worked in the Godfather, and it works in real life.

    link to this | view in thread ]

  70. icon
    Trelly (profile), 11 Jul 2013 @ 5:52pm

    How soon until they announce a merger? What would it be called?

    MSA?

    They already have an address, One MSA Way.

    Is this NSA version 1.0 or 2.0?

    Ohhh, the laughs go on and on. If all this were at all funny.

    link to this | view in thread ]

  71. identicon
    Lurker Keith, 11 Jul 2013 @ 6:20pm

    Re: Might have jumped the gun a bit there...

    It's revelations like this that makes those who are paranoid about the XbOne's camera & mike vindicated.

    It may be true that the NSA doesn't have access, but this is a "better safe than sorry" circumstance if I ever saw one.

    There is such a thing as not being paranoid enough, regarding certain things.



    Also, I finally understand the slow roll out of the leaks. It isn't so the Guardian can redact the damaging stuff. It's to give everyone involved enough rope to hang themselves w/!

    1. First leak that the NSA is spying, knowing they'll deny it, like they have in the past.
    2. Then leak the who they're using, & let them deny that.
    3. Then leak the how, w/ proof of who, & see everyone backtrack on the "not" & explain how they're forced to.
    4. Then leak that EVERYONE is spied on, & watch the denial wave & excuses come together. This was about where those in Congress in the know started talking about oversight... which appears to also be a lie. Just like the cake.
    5. Then leak that all the excuses have been lies so far, & that the "oversight" is a rubber stamp.
    6. Now they're starting to leak specifics.

    Since it seems to be the thing on Techdirt...
    7. ???
    8. Profit!?!?!?!?!?

    link to this | view in thread ]

  72. identicon
    Lurker Keith, 11 Jul 2013 @ 6:33pm

    Re:

    Currently, click on your name in the upper right corner -> Account settings -> Add or change aliases.

    I've set up a few once I worked out how (which was more difficult the first time than it is now).

    If the Aliases are posing the NSA some trouble, it sounds like they were actually set up properly; though, your name (the one you click on to get there) is still displayed as your name when someone gets an E-mail from you through the alias, which is kinda stupid. At least I didn't use my real name when creating the account. Anyone who does needs to take lessons on basic online safety.

    link to this | view in thread ]

  73. identicon
    Anonymous Coward, 11 Jul 2013 @ 6:54pm

    (credits: RyanNerd) We got a official statement from Microsoft:

    Yesterday it came to light that the NSA has been collecting millions of emails, chats and skydrive files from us each and every day. Since that news was released, many of you have called support with questions and concerns about this program. To save our time and yours, here are answers to three of the F.A.Q.s we’ve been hearing from you:

    *1. Will I be charged extra for this service?*
    We're happy to say that the answer is no. While the harvesting and surveillance of your emails, chats and cloud data were not part of your original service contract, we're providing this service entirely free of charge.

    *2. If I add email aliases to my account, will those also be monitored?*
    Once again, the answer is good news. If you want to add any additional accounts through our service, your emails, chats and other data will all be monitored by the United States government, at no additional cost.

    *3. Can Microsoft help me fix Windows crashing issues?*
    Unfortunately, no. Our close partnership with NSA to provide exploits / backdoors in our softwares may be responsible for some of the issues you're facing. Infact, we like to think of these as "features", some of which took us months to develop.

    I hope we’ve helped clear up some of the confusion about this exciting new program. But if you have any further questions, please don’t hesitate to call support. Your calls may be recorded for "quality" purposes.

    link to this | view in thread ]

  74. identicon
    Anonymous Coward, 11 Jul 2013 @ 7:29pm

    Re: An uncomfortable thought

    That's not paranoia, they could do something similar with the kernel and you would probably never know. They could even implement a hypervisor (if they haven't already) and there's literally no way any kind of AV system would pick up on it.

    Even then, let's be serious here, AV programs get false positives all the time. Any normal user that sees a windows process flagged is going to think "Oh, it just picked up a false positive" and ignore it.

    Windows, not even once.

    link to this | view in thread ]

  75. identicon
    Mr. Applegate, 11 Jul 2013 @ 7:38pm

    Re: Response to: Alana on Jul 11th, 2013 @ 12:34pm

    Not quite sure how this circumvents NSA spying when Microsoft, AT&T, Verizon, and probably others will gladly hand over whatever the NSA wants, and in all likely hood the NSA has gear at the server side to capture the traffic. All this really does is 'secure' your end of the communication and obfuscate the location of your connection. I can do that for free with a number of various methods and services. If they know the account is yours (and they do), and they can capture the data from the server side (and they can) what exactly have you accomplished?

    link to this | view in thread ]

  76. icon
    JMT (profile), 11 Jul 2013 @ 7:52pm

    Re:

    "While I don't think the camera on the XBox is as big of a problem as it's made out to be..."

    Actually it more evidence of Microsoft's untruthfulness. They say you can "turn it off", but the system won't work if Kinect is not plugged in. You'd have to be nuts to actually believe it's truly off given that restriction. If the customer has no need for it to be connected, why does Microsoft?

    link to this | view in thread ]

  77. identicon
    Anonymous Coward, 11 Jul 2013 @ 7:52pm

    Re: Re: Re: Re: Untrustworthy...

    Don't be so dense - there's nothing wrong with the term itself - only with the perceived stigma tied to it (which you obviously share with the rest of the idiots out there).

    I openly call myself a conspiracy theorist, and I'm proud of it.

    link to this | view in thread ]

  78. identicon
    Anonymous Coward, 12 Jul 2013 @ 1:32am

    Companies aren't, or at least shouldb't be compelled to decrypt stuff, Mike:

    http://paranoia.dubfire.net/2010/09/calea-and-encryption.html

    link to this | view in thread ]

  79. identicon
    The Real Michael, 12 Jul 2013 @ 6:11am

    Re: Re:

    Cloud storage is nothing more than data stored and accessed remotely off of a storage device you have no control over. Problem is, anyone can access that data. It's always best to use your own storage devices.

    link to this | view in thread ]

  80. identicon
    The Real Michael, 12 Jul 2013 @ 6:33am

    Re: Might have jumped the gun a bit there...

    They could make their intentions completely obvious by putting a huge NSA emblem on the box with the caption: "We're WATCHING you!" and people would still be ignorant and purchase it. "Dude, gotta own the new Halo."

    Would people pay Microsoft/NSA to set up a camera/mic in their house? Not a chance. Since they can't directly sell the public on the notion of having their privacy violated all day and night, they obfuscate their nefarious intentions by emphasizing all the fun features housed in their spy-box.

    If they give the NSA unfettered access to Skype, Hotmail, etc., what makes anyone think that they won't do the same with the Xbox One Kinect? Logic please.

    link to this | view in thread ]

  81. identicon
    The Real Michael, 12 Jul 2013 @ 6:39am

    Re: Re:

    Better yet, why not make Kinect optional? It seems possible that the NSA pushed for its mandatory inclusion.

    link to this | view in thread ]

  82. identicon
    The Real Michael, 12 Jul 2013 @ 6:48am

    Re: Re: Clear Violation of Privacy Policy

    Right, and even had they not included such in their TOS, rest assured that whenever the government requests info that it comes with perks like legal immunity.

    link to this | view in thread ]

  83. icon
    John Fenderson (profile), 12 Jul 2013 @ 11:15am

    Re: Re: Re:

    I doubt that's the reason why. I think it's much more likely that it's because Microsoft want to sell Kinects.

    link to this | view in thread ]

  84. icon
    John Fenderson (profile), 12 Jul 2013 @ 11:19am

    Re: How to circumvent wiretapping

    Even a 100% secure VPN tunnel will not circumvent NSA spying completely. You can still be spied on from the system at the other end of the tunnel.

    link to this | view in thread ]

  85. icon
    John Fenderson (profile), 13 Jul 2013 @ 3:47pm

    Re: Re: Re:

    Exactly. That Alexander wants everyone to use cloud services is a huge red flag that you should avoid using cloud services.

    link to this | view in thread ]

  86. identicon
    Anonymous, 14 Jul 2013 @ 6:44pm

    Re:

    Yep. CALEA, another law the dumba** American people simply let pass and have stood for. Will the American people ever take responsibility for what they have let their government do? Nah, "The Voice" is on.

    link to this | view in thread ]

  87. identicon
    Anonymous Coward, 22 Aug 2013 @ 5:21pm

    Re: xbone kinect

    there is no camera that is immune to a piece of chewing gum!

    link to this | view in thread ]

  88. identicon
    Anonymous Coward, 22 Aug 2013 @ 5:33pm

    lets all setup servers that send thousands of messages all day ,encrypted of course, and the unencrypted message is randomgibberish of course,or lewd insults ...as well as hi new personreply not nede but very welcome. i means flood the net on port 25 so extensively that theres no point in monitoring, due to the large noise to signal ratio

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.