The EFF Calls Out Microsoft's Ongoing Bullshit On Windows 10 Privacy Concerns
from the talking-out-of-both-sides-of-your-mouth dept
While Windows 10 is generally well-liked by reviewers and users, it's relatively clear that it's not the OS to choose if you actually want to control how much babbling your OS does over the network. While a lot of complaints about Windows 10 have been proven to be hyperbole or just plain wrong (like it delivers your BitTorrent behavior to Hollywood or it makes use of menacing keyloggers), Windows 10 is annoyingly chatty, sending numerous reports back to Microsoft even when the operating system is configured to be as quiet and private as possible.While Microsoft has been criticized for this behavior for some time now, the general response out of Redmond has been to tap dance over, under and around most of the key complaints.
Enter the Electronic Frontier Foundation, which last week effectively called on Microsoft to stop bullshitting everybody in terms of what gets collected and why. The EFF does a good job reiterating how Microsoft used malware-esque tactics to get users to upgrade, then once installed, Windows 10 collects user location data, text input, voice input, touch input, web browsing history, and general computing telemetry data, including which programs you run and for how long -- which would be arguably less of an issue if you had full control over how much of this data was collected and funneled back to the Redmond mothership.
Microsoft has made some modest changes to address ballooning concern about user privacy over the last year, but the EFF notes that the company continues to tap dance around how much data is collected, what the company is doing with it, and why users can't have full privacy control over an OS they purportedly own:
A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.Microsoft has tried to argue that Windows Update won't work if telemetry reporting is minimized and user privacy and preferences are actually protected. In short, Microsoft has tried to claim that giving users broader control puts the user at risk by hamstringing security updates. That's something the EFF is quick to call bullshit on, calling it a "false choice" that's "entirely of Microsoft's own creation." What Microsoft should do if it truly values its customers, the EFF argues, is dramatically ramp up company transparency and finally offer a meaningful, simple opt-out functionality:
Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.In response to the EFF, Microsoft has continued to do what it has always done: pretending that nothing is wrong, customer control and privacy are the company's highest priorities, and these privacy concerns are overblown because, shucks, most people really like the OS:
Microsoft is committed to customer privacy and ensuring that customers have the information and tools they need to make informed decisions. We listened to feedback from our customers and evolved our approach to the upgrade process. Windows 10 continues to have the highest satisfaction of any version of Windows.Granted that may say more about past interactions of Windows than of Windows 10. Even then, because people generally like the core OS experience Windows 10 offers doesn't magically dismantle concerns that Microsoft still, more than a year after launch, isn't actually listening to its customers when it comes to privacy and control.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: privacy, windows 10
Companies: eff, microsoft
Reader Comments
The First Word
“Which is kinda the whole point, since the first hand knowledge is being jealously guarded. When you mess with people's privacy but won't be up front about exactly what you're doing, expect to be called on it.
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I was going to add that I think that this is a case like #hillaryhealth. No matter how much Microsoft says the data is made anonymous or pooled in a manner that doesn't allow for individual data to be matched to user, there will always be those screaming "spying!". It's pretty unavoidable.
EFF's entire spiel here seems to be based on (at best) second hand knowledge.
[ link to this | view in chronology ]
Re: Re:
Which is kinda the whole point, since the first hand knowledge is being jealously guarded. When you mess with people's privacy but won't be up front about exactly what you're doing, expect to be called on it.
[ link to this | view in chronology ]
Re: Re: Re:
Just as an aside, I've just installed Linux Mint and installed Windows 7 in VirtualBox and it runs reasonably well. I don't think it would be useful for games but the software that I use runs fine (so far). Virtual Box can install Windows 95, 98, NT, 2000, XP, Visa, 7, 8, 10 and more. Really easy to install and has great features (like mounting iso's). I'm still playing around with it to see what it can do.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Sure, you can install Windows 95/98 on it, but like every single other virtual machine program out there, there's virtually no support for them. Meaning that they're pretty much useless for the number one thing most people would want to run those versions of Windows for: Games.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Welcome to 2005. LOL.
If you like virtualization:
https://my.vmware.com/web/vmware/details?productId=352&downloadGroup=ESXI550
I run my email, anti virus, web, and Minecraft servers in it. On an XW6400.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
A) Making it voluntary
B) Letting the users see exactly what is being set back.
Unless those two conditions are met, there will always be suspicions of nefarious intent.
[ link to this | view in chronology ]
Not for my district till they make it easier to opt out.
[ link to this | view in chronology ]
Re: Not for my district till they make it easier to opt out.
[ link to this | view in chronology ]
Other than the cancer, I'm perfectly healthy.
This implies that privacy and security are secondary concerns. Will we ever reach a point that a majority of people see these as just as important as other facets of evaluating the merit of a technology?
[ link to this | view in chronology ]
Re:
Sure we will. But it'll be after it's too late to go back.
[ link to this | view in chronology ]
Re: Re:
There have been some pretty dark times in human history and we've always managed to make a brighter day. The issues we face today pale in comparison to what our ancestors faced and are even less worthy of such a defeatist attitude.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Coming to Windows 7 in Oct
As far as keeping MS in the dark with your info goes all you need to do is block MS via your router. As far as I know just about every router has that ability.
[ link to this | view in chronology ]
Re: Coming to Windows 7 in Oct
"All you need to do is block it from your router" is probably good general advice for Techdirt's audience, but obviously that is not something you can expect a typical end user to do. An operating system should *not* require its users to set up blocking rules in a separate hardware firewall to get reasonable privacy settings. The tracking "features" should not only be easy to disable, they should be disabled by default.
[ link to this | view in chronology ]
Re: Coming to Windows 7 in Oct
I remember when in Office 2003, depending on what order patches were applied in, you'd end up with data being written to an exchange server being goofed up. I had a lot of people showing up to meetings at the wrong time or in the wrong room because of that at a large company. I would routinely uninstall and re-patch the system to the most recent version on a dozen machines then use mfcmapi to correct the exchange server data. Generated plenty of work, but it was make-work due to a fundamentally broken system. Some of the problem here really is the software developers, and frankly Microsoft's past sins.
It is absolutely not a legacy-friendly change or a change that is friendly to thick client software and when combined with the rest of Microsoft's actions, especially playing big brother in order to gather large volumes of data in order to train their azure-based neural nets so they can offer "cognitive services", it comes across as another strong-arm tactic.
And they should be hung for it. From the highest pole. Because the standard they are setting for the rest of the industry is atrocious.
[ link to this | view in chronology ]
Re: Coming to Windows 7 in Oct
www.autopatcher.net/forum/
The AutoPatcher software is freeware and independently developed. You can download all the latest security patches and updates directly from Microsoft through this software. At least this way You will be in control of the updates you install on your system.. :)
[ link to this | view in chronology ]
Re: Re: Coming to Windows 7 in Oct
[ link to this | view in chronology ]
Re: Re: Coming to Windows 7 in Oct
[ link to this | view in chronology ]
Re: Re: Re: Coming to Windows 7 in Oct
[ link to this | view in chronology ]
Re: Re: Re: Coming to Windows 7 in Oct
[ link to this | view in chronology ]
Re: Coming to Windows 7 in Oct
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
That's not rain, and no amount of lies will convince me otherwise.
Yeah, no. They somehow managed to handle updates and all that fun stuff without requiring that absolutely absurd amounts of personal data be handed over on a regular basis before, the idea that they just can't manage updates without access to that personal data now is rubbish. They could easily decide to make the handing over of personal data clear and opt-in, they just prefer to lie and claim that they can't and that the reason they can't is because they just care so much about their customers.
[ link to this | view in chronology ]
Re:
Dumbasses like you are the reason that x has gotten away with so much for so long*. It is you, dumbass, that needs to shut up.
* Also the political bribes and dirty deals / collaboration with spy agencies helped.
[ link to this | view in chronology ]
Re: Juan
No you do not have to pay with your privacy to use moderne tools. The makers of these tools just need to be forced to follow good privacy guidlines instead of just going for a bigger profit by selling out their users
[ link to this | view in chronology ]
Re:
- No, read the article?
If you have an Android device, you've already been facing similar tactics from Google for years.
- Classic whataboutery.
It sucks that it has come to this, but your privacy is the cost of modern convenience. If you don't like it, downgrade to an older blackberry and start running Linux. Otherwise, shut up and move on.
- If you don't like American police murdering people with almost no recourse, stop campaigning for change and just move to Finland. Otherwise, shut up and move on.
[ link to this | view in chronology ]
Re:
Because if you'll recall, that's the exact legal argument that MS made to defend its integration of IE into Windows. Which -- if you'll also recall -- was a security nightmare.
If you claim your software cannot function without the integration of unnecessary components that compromise users' security, then you're lying, your software sucks, or both. (In MS's defense, they've graduated from "both" to just "lying", so that's progress. Windows 10 is actually a pretty decent OS if you block all the tracking data at your firewall. Which, by the way, does *not* prevent the OS from functioning.)
By the way, Android *is* Linux.
[ link to this | view in chronology ]
Who else can get the data MS collects.
[ link to this | view in chronology ]
Re: Who else can get the data MS collects.
[ link to this | view in chronology ]
Re: Re: Who else can get the data MS collects.
[ link to this | view in chronology ]
To be expected
Makes me glad I switched to Linux a long time ago. At least I have control over my own systems.
[ link to this | view in chronology ]
Re: Windows Update won't work if telemetry reporting is minimized and user privacy and preferences are actually protected
From my experience this is factual.
I followed some guides to turn off the telemetry people found and upgrades -minus Defender Definitions- pretty much stopped. After I swapped out my smaller SDD boot to a larger SSD and reinstalled and left the settings alone, I received updates I hadn't seen when I had turned off telemetry.
Look I get it, Microsoft from Vista forward has collected information to better understand the thousands of configurations of hardware.
Thing is, after all the NSA stories broke (factual or not), how Google had a tap directly feeding the NSA and Microsoft's servers and Microsoft's botched XBox One launch where they knew better than all of us combined about what we wanted the confidence level of what they collect and who sees it really make users and governments concerned, for rightful reasons.
If there's nothing to hide, than share the details of what is collected.
If there's no issue, then let users decide what is best for them by allowing us to turn off EVERY feature we didn't want like Cortana which even after turned off still shows in my task manager.
Bottom Line: It's just creepy to believe the OS is doing something we don't have control over, when we didn't ask for it in the first place.
[ link to this | view in chronology ]
Re: Re: Windows Update won't work if telemetry reporting is minimized and user privacy and preferences are actually protected
Only because MS set it up that way, not because it's impossible to update an OS without gathering user data.
[ link to this | view in chronology ]
Just like Windows 98 just wouldn't run without Internet Explorer. Yeah, right.
Most funny of course is Nadella's mission statement that he'd want people to simply love Windows. Well done, dude!
[ link to this | view in chronology ]
Re:
IIRC Windows update used IE, so it was important.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Reversing the threat
Somehow or other, we need to turn this threat around. For example: "Microsoft, you need to stop watching us or it will reduce your security."
[ link to this | view in chronology ]
Poison the well?
Can't someone just write some sort of 'patch' or 'addon' for windows where all the private data that Windows wants to send to the Microsoft servers is spoofed, hidden, corrupted of otherwise changed in such a way that the entire thing becomes useless to MS? In fact, done well this could make a fake identity and just feed MS rubbish.
[ link to this | view in chronology ]
Re: Poison the well?
With all of the information collected by Microsoft, they will probably brick your system remotely as a consequence.
[ link to this | view in chronology ]
Re: Re: Poison the well?
[ link to this | view in chronology ]
Is there a reference to the original research?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
It isn't until the survey results start to come in from us losers in the real world, that the numbers start to drop.
[ link to this | view in chronology ]
data
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Am I the only one ready for the tinfoil hat?
[ link to this | view in chronology ]
No tinfoil - just facts from research...
...some tips?
Delete your FB account, you do not need FB, FB tells you that you need them, its complete BS, its all marketing - they are building digital profiles about you. Delete your G-mail and all your search history as they are building digital profiles on you as well. Do not search Google when you are logged into your Google account - MS account (Bing) - Yahoo account - hell anything tbh.
You should have a router capable of connecting to a VPN on boot up, PIA is probably the best anon VPN provider out there as they do not log. Your ISP can see EVERYWHERE you go, they have no right to peer into your online activities.
Create a VM with Linux/Win7 master VM if you are super paranoid (Ubuntu is pretty progressed at this point and Win7 is still ok-ish). When you are done? Delete the VM copy, keeping your master image for the next time you need to do some online activity.
Do not login to Windows 10 with your live account/apps.
Whitelist ONLY sites you want to browse then deny everything else in your routers EGRESS ACL (Internal -> Internet). A lot of sites spider to other sites without your knowledge, specifically they can spider to known malware ad hosting sites. .PW or .SU domain anyone? lol.
Privacy needs to be taken seriously. Big Data is Big Money and they are harvesting your data for free. They may claim to anon the data, but seriously, you really believe that?
Look at PRISM and what PRISM was. Tbh, it is probably still operational, just under another code name.
Corps will say they are not in collusion with Gov's, but they are. It's bullshit. I feel like they are taking advantage at low-information computer users (IE. those not skilled technically enough to understand how all this shit works)
//\\
[ link to this | view in chronology ]
Re: No tinfoil - just facts from research...
I have not upgraded to 10 but I have read a lot about it. They make it appear during installation that you have no choice but to log on to your account except Microsoft online. You have to go through extra steps to use a local account. If you click everything "recommended" they will hijack your browser, search engine and other apps to their products. The button to keep your defaults is small and easy to miss. They make it difficult to change back your defaults. Any new programs from them will require 10 and they will probably pressure third party software companies to do the same. Updates from programs will make them incompatible with 7 and 8.1. Programs you have paid for that phone home will deactivate unless you upgrade. They tried to shove 10 down our throats and now about 20% are using it. Eventually 7 and 8.1 will be as useless as 98 and 10 will cost you a couple hundred. Hopefully by then there will be a trusted add on firewall or app that blocks everything except the minimum they need to update security and bugs.
[ link to this | view in chronology ]
Re: Re: No tinfoil - just facts from research...
I do software testing for a living, and we've done plenty of Windows installs, and we stumbled onto the fact that if your computer is *not* plugged in to a network (for a laptop, you'd presumably have to be able to manually turn off wifi as well), it's a lot easier to get the Win10 initial setup to let you use a local account (I *think* it actually doesn't bug you about it during the setup other than saying you can make a Live account once you're connected to the internet, but it's been a while since I've done one).
[ link to this | view in chronology ]
MS has a history of lying
They also claimed Windows 95 wouldn't work without IE embedded into it and a college kid removed it and showed they were lying.
[ link to this | view in chronology ]
Re: MS has a history of lying
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Windows is crap
Windows is for those too inept to make the shift.
[ link to this | view in chronology ]
Re: Windows is crap
[ link to this | view in chronology ]
Re: Re: Windows is crap
Well, I guess you have half a brain or less. So do I. The only other possibility is that an anonymous internet commenter is wrong.
[ link to this | view in chronology ]
Who else can get the data MS collects.
[ link to this | view in chronology ]
Most people like Windows 10? Where did they get this false information?
[ link to this | view in chronology ]