Microsoft Launches Special 'Scott McNealy' Edition Of Windows
from the get-over-it dept
As you may have heard, a company called Microsoft has just launched version 10 of one of its products. Here on Techdirt, we don't do software reviews -- you might be able to find one or two online if you search a little -- but we do like to analyze privacy policies. In this respect, it seems that Microsoft is breaking new ground, as EDRi.org found when it looked at updated terms and conditions that came into effect on August 1, just in time for Windows 10:
We copied and pasted the Microsoft Privacy Statement and the Services Agreement into a document editor and found that these "straightforward" terms are 22 and 23 pages long respectively. Summing up these 45 pages, one can say that Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent "or as necessary".
If you want more details, the French site Numerama has picked out the key elements (original in French), summarized in English by EDRi:
When signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example "web browser history, favorites, and websites you have open" as well as "saved app, website, mobile hotspot, and Wi-Fi network names and passwords". Users can however deactivate this transfer to the Microsoft servers by changing their settings.
Other features include generating a recovery key when encrypting the drive that Windows is installed upon, which is automatically backed up online in the Microsoft OneDrive account.
Microsoft's updated terms also state that it collects things about you, your devices, and app data, as well as information about the networks you connect to. Then there is Microsoft's personal assistant software "Cortana." If you use it, here's what it will gather:
More problematic from a data protection perspective is however the fact that Windows generates a unique advertising ID for each user on a device. This advertising ID can be used by third parties, such as app developers and advertising networks for profiling purposes.
Your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.
And in case you thought that was everything, it also collects:
Your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nickname.
Any one of these would be enough to raise serious privacy concerns, even if some can be turned off; put together, they look as if an executive order has gone out to harvest the maximum amount of personal information, and to disregard privacy issues completely. Back in 1999, when Sun's CEO Scott McNealy famously declared "You have zero privacy anyway, get over it," he could be forgiven for living in an innocent era when the harm that might flow from that situation seemed circumscribed. Today, in the post-Snowden world, putting "zero privacy" at the heart of your latest product in the way that Microsoft seems to have done with Windows 10, is not just foolish and anachronistic, but downright contemptuous of users and their safety.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: privacy, scott mcnealy, windows 10
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
Microsoft helps out the NSA
In particular, I wonder how that feature will affect Tor users?
[ link to this | view in thread ]
From the Can't Beat Them Join Them Dept.
[ link to this | view in thread ]
Also, "When you share Your Content with other people, you expressly agree that anyone you’ve shared Your Content with may, for free and worldwide, use, save, record, reproduce, transmit, display, communicate (and on HealthVault delete) Your Content. If you do not want others to have that ability, do not use the Services to share Your Content."
Seriously? So if you send a copyrighted file (that you own the copyright for) to someone via Windows Live Mail, they can pretty much ignore the copyright and reproduce and distribute it for free?
[ link to this | view in thread ]
Re: From the Can't Beat Them Join Them Dept.
[ link to this | view in thread ]
I don't know
[ link to this | view in thread ]
Hate speech?
So you can't use Word to type up your racist fliers? Can't email your Senator advocating a gay marriage ban? Can't use Translate to tell your foreign neighbors to go back to where they came from?
Some people might think this is good. I don't. Microsoft should not be able to control its users' activities to this extent. Not to mention that "hate speech" is vague enough that you're often not sure if a particular thing is considered "hate speech" or not.
Would the prohibition on advocating violence mean that you couldn't do that whole "woodchipper" thing that's been going around lately?
[ link to this | view in thread ]
Re: Hate speech?
[ link to this | view in thread ]
Service improvement?
So if you store a picture using Windows Photo Gallery, or edit a movie using Windows Movie Maker, Microsoft could take it and use it in their products? I mean, you're apparently giving them permission to use any content to improve Microsoft products and services.
[ link to this | view in thread ]
[ link to this | view in thread ]
I wonder if they're doing the same thing they did with the XBone.
PUBLIC: OUTRAGEOUS!
MS: Okay, you can share some games. You can turn off the Kinect. But we still can brick the unit or your account.
PUBLIC: ACCEPTABLE!
[ link to this | view in thread ]
Re:
You, for example, by commenting here in this thread, have implicitly granted Techdirt permission to infinitely reproduce your comment for free, anywhere in the world, including in advertising.
What that means is that Techdirt can serve your comment on this webpage, and refer to your comment in any other story on the site, and could use screenshots of their site in adverts, some of which might contain your comment.
There's probably some boilerplate on the site somewhere that explicitly grants them those permissions too, but damned if I care enough to look for it.
That's all these Microsoft policies mean. It's just kind of unfortunate that the legal language around them also grants them tinfoil hat conspiracy level powers, too.
Glyn realises this, of course, but gotta get those sweet-sweet pageviews.
[ link to this | view in thread ]
Re: Re: Hate speech?
[ link to this | view in thread ]
Re: I wonder if they're doing the same thing they did with the XBone.
I also don't see the ability to block or remove your account from the server as being objectionable, since all companies can do this is they believe you're violated their ToS and that's been possible since XBox Live was first launched. Ditto the ability to block a particular console from Live if they believe it's been hacked to allow cheating or piracy.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: I wonder if they're doing the same thing they did with the XBone.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
Most do. Why, have you started your own blog rather than spending your time attacking the writers on this one?
[ link to this | view in thread ]
I think the difference is...
I have plenty of reasons to distrust Microsoft's sense of Good Faith. Many more than I would (say) Google (who's crossed the line a few times, but not to the degree that Microsoft has) and More by magnitudes than TechDirt.
Of course, I don't know the full history of TechDirt. You guys may know something about how they completely sell out those of us with accounts. But I'm not yet in the know.
[ link to this | view in thread ]
You can argue the point all you want, but he's been dead-on accurate since Corporate America has turned to advertising revenue for additional revenue.
As I said many times before: If you don't want your information shared, keep it in your house.
This bullshit of "every device connected" was a privacy destroyer from the start. If people can't understand why, then they've no reason to disagree with McNealy.
[ link to this | view in thread ]
Most people don't really care because they are apolitical and/or cannot see beyond how it will directly impact them.
But everyone suffers when the 1/1000000 whistle blowers, investigative journalists, civic leaders etc are shut down before they can fulfill their potential.
It is truly an affronterous situation. Microsoft, and the other US data thieves/collaborators, need to be muzzled and leashed. The direction we are heading in is intolerable.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
If Microsoft, and the other US data thieves/collaborators, had not spent millions bribing officials then we would have privacy/consumer protection laws to protect us from such predation. Microsoft has a monopoly. They collaborate with a regime that tortures people. They, quite franking, can go fuck themselves.
[ link to this | view in thread ]
Re:
Google Chrome v.1.0 made the same mistake in their EULA. It got better after users complained enough.
So, what are you waiting for, complain to Microsoft and boycott their services until they fix this.
[ link to this | view in thread ]
Re: Re: Re:
It's just that you chose not to exercise that option.
Or well couldn't because:
1) You didn't have the millions
2) If you had the millions they'd be better spent elsewhere
3) We're supposed to have laws against this kind of shit
But politicians didn't care back then and they don't care even now.
There should have existed a trust fund where consumers could donate so that their rights could be lobbied for.
[ link to this | view in thread ]
Re: Hate speech?
Cue this piece from 20 hours ago: https://www.techdirt.com/articles/20150801/00093531816/spanish-cops-use-new-law-to-fine-facebook-com menter-calling-them-slackers.shtml
Which begets the question is calling cops "lazy" hate speech?
Then you're running afoul of the EULA.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re:
Have you?
[ link to this | view in thread ]
Re: Microsoft helps out the NSA
[ link to this | view in thread ]
[ link to this | view in thread ]
Recovery Key?
I believe the word you're looking for is "backdoor".
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Recovery Key?
James Comey will be so relieved.
[ link to this | view in thread ]
Also, I wonder how this works when the Windows user is a child? My daughter's school hands out Lenovo Yoga laptops running Windows to all the kids. Is Microsoft targeting children too?
[ link to this | view in thread ]
Does Windows 10 still have Its keylogger?
In effect a built-in keylogger.
See for example:
http://www.theinquirer.net/inquirer/news/2373838/microsofts-windows-10-preview-has-permissio n-to-watch-your-every-move
Is that still a part of the final version, whether deactivated or otherwise?
If so, then they would be really handy for the hacking community. :-(
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
From his comment, I was just wondering if he'd finally developed a shred of intellectual honesty..
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Does Windows 10 still have Its keylogger?
[ link to this | view in thread ]
Re: I don't know
Lets look at this another way, you ask how is she expected to work without all that sharing. My question is, Why does she need to share all that? I can't think of a single thing she does that could not be handled locally on the computer.
[ link to this | view in thread ]
Privacy
[ link to this | view in thread ]
and browsing history .
How long will this data be retained for.
will data on eu users be sent to american servers or kept on eu servers .out of reach of nsa court orders .
IS the browsing data purely for use in tracking and sending ads to you .
Someone needs to answer these questions .
Basically if you sign into a ms account on a pc or phone or use cortana ,
you are giving up all your privacy .
This privacy policy if left at the windows 10 default
settings looks like big brother built into the os.
This is relevant as theres a court battle going on at the moment
re who can acess microsoft email data stored in ireland ,
The fbi to want acess to this data .
IT sounds like ms wants to be able to sell and track individual users and sell ads thru their browser .
Like google sells ads on youtube .
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Just in case...
[ link to this | view in thread ]
Eh..
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Alternatives?
[ link to this | view in thread ]
Re: Does Windows 10 still have Its keylogger?
[ link to this | view in thread ]
I get scared every time I do an Android app update. Why does something as simple as a calculator need network access and access to my contacts?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Alternatives?
Your choices for privacy are either Linux distros or non-networked machines.
[ link to this | view in thread ]
Re: Alternatives?
In the 80s people asked themselves the exact same question and built an entire operating system complete with desktop programs and distribution infrastructure. Just complaining about unfair privacy policies won't change them.
[ link to this | view in thread ]
Re: Recovery Key?
They'll be like the trusted neighbor that you leave a key with, so they can keep an eye on things for you. Everybody's neighbor. With a billion keys in the cabinet.
[ link to this | view in thread ]
Re: Alternatives?
[ link to this | view in thread ]
Other worries
It's supposed to be for funneling more effective advertising, etc.
However, I wonder what they'll do when someone in the government says, "Hi, would you mind if we borrowed some of that data?"
Not that they don't already. Gotta admit this is a perfect set up for the NSA.
I wonder if MS was 'consulted with' by those guys when building the OS and writing the EULA.
Or even more precisely, "advised" by them.
I still can't think of this without a mental picture of a great big hand coming out of the cloud and going into your computer..grabbing everything for whatever use they have for it.
All without your knowledge or permission-oops, you did sign that agreement, didn't you?
Damn right there's a security problem there.
[ link to this | view in thread ]
Re: Re: Alternatives?
[ link to this | view in thread ]
The flip side
As a multinational corporation, there is some question whether this sort of ambivalence to civil rights hazards the state directly in terms of espionage.
Based on some of the public statements that have come out of the FBI in recent history, it is reasonable to presume that they would actively endorse this sort of thing for a piece of the pie.
But Microsoft is very much like ITT was during WWII. They will, (and have) throw a bone to anybody if it makes a profit. So such a cozy relationship may be _easier_ for the Feds, but certainly not in conformance with their respective oaths.
[ link to this | view in thread ]
Re: Re: Recovery Key?
And let us not forget that the archives of the NSA, GCHQ, et al ingest ALL traffic on the Net. Which potentially means that Microsoft is not likely to wind up being the only one with a billion keys in its cybercabinet.
One further point. The very fact that so many encryption keys will be sitting in one place (in Microsoft's "cabinet") will make that cabinet a potential single point of failure for Windows 10 security, and as such a tempting target for hackers to crack open and steal the valuables within.
In other words, and especially given the tendency for Windows versions to come with security holes, large and small, Microsoft has set up the makings for a potential fiasco bigger than the OPM hack.
[ link to this | view in thread ]
Re: Recovery Key?
[ link to this | view in thread ]
Re: Re: Microsoft helps out the NSA
My recommendation: if you're running Win 8, upgrade to 10. If you're running Win 7, stay there.
[ link to this | view in thread ]
Re: Re:
Are you really arguing that we should ignore rule #1 of contracts? What counts is what they say, not what they "mean".
[ link to this | view in thread ]
Re: The flip side
[ link to this | view in thread ]
Re: I don't know
Clearly this is a matter of opinion. In my opinion, Cortana is spyware that should be avoided at all costs.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Recovery Key?
No, in mentioning this specifically in conjunction with encrypting your drive, it sounds like they're keeping a copy of your decryption key.
[ link to this | view in thread ]
Very Murky These Companies
Some day Microschtictit2u and Gaggle will cease to exist evermore. Just how many humans will actually witness this, couldn't even guess..
Sigh..
[ link to this | view in thread ]
When your grandchildren ask what you were doing when this shit was taking off - what will you tell them?
[ link to this | view in thread ]
Re: Re: Re: Recovery Key?
[ link to this | view in thread ]
@ "When your grandchildren ask what you were doing when this shit was taking off - what will you tell them?"
[ link to this | view in thread ]
@ "When your grandchildren ask what you were doing when this shit was taking off - what will you tell them?"
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Microsoft helps out the NSA
[ link to this | view in thread ]
M$ total capitulation to FBI's James Comey
[ link to this | view in thread ]
How bout some help on this question that windows 10 created
A salesperson comes in and needs wireless access while here. We give it to him/her and only then find out that this salesperson is using windows 10. How do I control which of this salespersons 500 contacts are now able to access our network thru the encrypted password microsoft just handed out to all of them? Am I really in a position where I have to change the SSID with _optout and then go thru hundreds/thousands of systems to get them reconnected? There is no ability on my side to prevent this from happening and with the visit of 1 sales person, 500 others can now connect too our network without our knowledge.
[ link to this | view in thread ]
What calculator do you use?
To be fair, there are plenty of Android apps that require excessive permissions and can use them in exploitative ways. But a lot of them are over-reported. A game with a proprietary inboard sharing function may require access to your address book. (I don't have friends who play the same android games so I don't share much and am distrustful myself). ...Or they could be collecting your social data for advertising purposes.
Android requires a different spectrum of vigilance than OSes such as Windows and iOS, but still, buyer beware.
[ link to this | view in thread ]
Yar Har, Fiddle Dee Dee!
Considering one of largest power grabs in the world has been about IP maximalism, it defines a lot of common human social activities as piracy.
Betcha you've already sign'd the book,
And Join'd with Captain Hook!
[ link to this | view in thread ]
But I also expect them to share with agencies who'll just leave it lying around in plaintext, or salted, but right next to the decryption key, since there's nobody but good folks in their house.
It will be a big embarrassment of the future if one of these agencies or other Microsoft affiliates becomes the vector by which the lolsec hackers get the plaintext version of the everyone's keys.
Then Microsoft gets to explain how they fucked everybody.
[ link to this | view in thread ]
Re:
Please make CISA look like it enhances privacy.
Thanks,
USG
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: What calculator do you use?
Much better would be for the game to maintain its own address book, so that you can control who its shares with, and what contacts it can leak.
[ link to this | view in thread ]
Optional
BitLocker recovery? Optional. If you want Microsoft to be able to help you unlock your drive, you send them your keys. If you don't want them to have your keys, you turn off the recovery feature. They're very clear and up-front about this. Of course, if you want the data to be protected from the nsa, you should disable the recovery key, since Microsoft can be subpoenaed.
[ link to this | view in thread ]
Re:
I suppose that burying this information in a 45 page legal document is technically "coming clean," but I don't think it counts in the real world.
[ link to this | view in thread ]
Re: Re: Re: Re:
Exactly. It's the free market of politician buying. Whoever spends the most on buying politicians wins the laws that they want.
"There should have existed a trust fund where consumers could donate so that their rights could be lobbied for."
Well, now that political ads are a form of free speech I don't see why we don't exercise that. We could elect a private organization similar to how big corps elect the MPAA/RIAA and the like; like the EFF, public knowledge, or even Techdirt and we can pour money at them to buy political ads that target corrupt politicians. Uber has had success putting out political ads against politicians that were previously bought and paid for causing those politicians to capitulate. That's because they act organized and have the money to defend themselves politically and they make it very clear to any politician that if they want to be bought and paid for and abuse their political power against Uber for personal or political gain Uber will not hesitate to spend a portion of their billions on making the politician's life very very miserable. They have been very very successful and regulators and politicians have now learned from experienced to be scared half to death when approaching Uber. We, too, must do the same thing.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Games with proprietary address books.
At some point we may have mobile equivalents to the Steam client (steam doesn't sell mobile games yet, so its own client doesn't really count) so there's no universal chat-and-stats related social network for mobile games to plug into.
At some point, maybe they'll make (say) a Facebook share plug-in that can connect to any other app, so you only have to affirm the plug-in's access to your address book and it will only use that access for Facebook-approved uses (e.g. sharing scores or screens). That leads to its own problems when Facebook wants to change its plug-in privileges in a disagreeable way (say to also give all your addies to third party advertisers). Then your refusal of the plug-in update shuts down utility of all the apps that use it.
And Facebook is known to do exactly that sort of thing.
So, it's a Knot of Gyges.
[ link to this | view in thread ]
Re: Games with proprietary address books.
SQLite makes such simple databases trivial to implement, is it not available for mobile OSs.
[ link to this | view in thread ]
Re: I don't know
[ link to this | view in thread ]
Re: Re: Games with proprietary address books.
I think the real reason why developers want to use the address book is because the alternative is to have the user actually enter in the information for his friends -- and if that's required, then almost nobody will do it.
Also, marketing.
[ link to this | view in thread ]
Re: Optional
I don't know what it is trying to send, and, apart from firewalling, I don't know how to stop it.
This is not informed consent.
And by all accounts Windows 10 is worse.
[ link to this | view in thread ]
Re: Re: Re: Games with proprietary address books.
Over sharing of data is one of the bigger risks to privacy as it enables leaks of things like doctors or clinics a person has contact with, and reducing the separation between work and private life/leisure.
[ link to this | view in thread ]
Re: Re: I don't know
This is not to say that this is a good development. Or a bad one. I'm not that comfortable with it myself, but I don't specifically mind as long as it's opt-in.
Personally, I think I'd keep any installations of this new version of windows behind a pretty restrictive firewall until I became more comfortable with what's actually being shared.
[ link to this | view in thread ]
Re:
What, you mean in the computer in my house?
I think if you don't want your information shared, keep it in your head.
[ link to this | view in thread ]
"Keep it in your head."
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Yar Har, Fiddle Dee Dee!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Does Windows 10 still have Its keylogger?
[ link to this | view in thread ]
Re: Eh..
[ link to this | view in thread ]
Re: Alternatives?
[ link to this | view in thread ]
Re: Re: What calculator do you use?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Mighte create revenue, but is also a damn security risk
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Microsoft helps out the NSA
Funny you should say that...
I have a Win 8.1 box and a Vista HP running Win 7.
The Vista has run flawlessly forever, albeit in a somewhat slower fashion than I would like. Takes about 45 seconds to a minute and a half, to shut down.
The Win 8.1 sucks in so many ways it would take a day to list them.
Unplug your mouse or keyboard after booting up the computer, and the OS refuses to acknowledge it when you plug 'em back in, without first rebooting.
First time I've ever had to use the "Safely Remove Hardware" button, and it is absolutely necessary or the hardware will fail on next connection of external hard drives and thumb drives.
It was however reasonably fast and fairly useable.
I upgraded the Win 8.1 to Win 10.
Pretty.
But it has so many apps that cannot be turned off or uninstalled that I'm surprised there's enough CPU left for the OS. Spent the day finding and killing what I could though.
Took three attempts to install because it kept reporting that my computer was broken and needed to be repaired.
I needed to type this into an Admin-run Command Prompt before it would stop reporting this and allow the upgrade to continue.
"bcdedit /deletevalue {badmemory} badmemorylist"
Windows and associated Updates are automatic apparently, as there is zero configuration allowed, and the old Win Update Icon is dead and no longer connected to anything. At least I have found nothing to allow control of updates so far.
Took me fifteen minutes just to find Internet Explorer.
There is something called The Edge that is like a facebook page filled with little windows of shit you're likely not interested in, but unlike Facebook, I have yet to find a way to disable any of them. The only configuration is to add more of the same.
Gonna take a couple more weeks to sort through the crap, but if you're a bad guy trying to hide shit on yer computer, Win 10 should not be your choice of OS.
Its pretty much just Microsoft's computer, but your allowed to use it, sort of, according to their rules.
Get a Mac maybe.
---
[ link to this | view in thread ]
Re: Re: Re: Re: Microsoft helps out the NSA
That is jumping from the frying pan into the fire. Microsoft is catching up with Apple in the amount of control they exercise over what users can do with their (Meaning Apple and Microsoft owned) computers.
[ link to this | view in thread ]
Re:
Sure they will. HIPAA enforcement is a joke.
[ link to this | view in thread ]