Microsoft Sort Of Addresses Windows 10 Privacy Complaints With New Privacy Dashboard
from the hoover-up-ALL-the-data dept
For the last few years, Microsoft has been under fire because its Windows 10 operating system is unsurprisingly chatty when it comes to communicating with the Redmond mothership. Most of the complaints center around the fact that the OS communicates with Microsoft when core new search services like Cortana have been disabled, or the lack of complete, transparent user control over what the operating system is doing at any given time. Microsoft has since penned numerous blog posts that claim to address consumer concerns on this front -- without actually addressing consumer concerns on this front.This week, Microsoft penned a new blog post claiming that the company has been listening to annoyed customers and privacy activists, and will finally be making substantive changes to Windows 10 privacy settings to give users more control. Among them will be new operating system-level privacy controls that make consumer options more granular. But Microsoft also says it is building a new privacy dashboard the company says will be doled out to Windows Insiders in an upcoming build, and will look something like this:Microsoft says the company will simplify the operating system's diagnostic data collection levels, so that it's clearer what telemetry data is being sent back to the company’s servers. As it stands, Windows 10 currently has three snooping levels, but in the Creators Update (expected sometime in the Spring) there will be just two: an option to switch between "basic" and "full" data collection levels, depending how much invasive snooping you like with your morning coffee. Said basic tier is the lowest the settings will go, and includes collection Microsoft claims is necessary for the functioning of the OS. Basic includes:
"Data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft."The problem is that Microsoft has often hidden behind claims that it has to collect a lot of this data or the operating system won't work, and there's still no option to eliminate the collection of telemetry data completely. "Full" data collection, in contrast, will collect everything that the basic setting covers, as well as "inking and typing data." That can include sending Microsoft the document you were working on that caused a system crash, and giving Microsoft support permission to access the OS remotely for troubleshooting.
The entire goal, Microsoft claims in the post, is to make consumer privacy easier to understand:
"When it comes to your privacy, we strive to make choices easy to understand while also providing clear visibility and control over your data. We believe finding the right balance is one of our most important tasks in delivering great personalized experiences that you love and trust."We'll have to wait until Spring to see if these changes address concerns of the EFF, which last August criticized Microsoft's malware-esque forced upgrade tactics and its refusal to answer consumer privacy inquiries in a straightforward fashion. Microsoft's also trying to appease French regulators, who last summer demanded that Microsoft "stop collecting excessive user data" and cease tracking the web browsing of Windows 10 users without their consent. Of course if having total, granular control over how chatty your OS is over the network is your priority, not using Windows whatsoever probably remains your best option.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: privacy, privacy dashboard, windows 10
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Not actually. Corporate administrators can disable more data collection (proving it's not "necessary for the functioning of the OS"). Clearly MS is concerned about corporations avoiding their software, but they know users aren't going to do anything except complain.
I don't have to wait: I'll say "no" right now. If the only choices are "fully on" or "mostly on", you're ignoring the choice of everyone who would have preferred "off".
[ link to this | view in chronology ]
Privacy dashboard = Microsoft account
So in a way, this is even worse than what already exists? At least now I can use certain apps to turn off most of the collection.
[ link to this | view in chronology ]
Off
Off
Off
Off
Accept
[ link to this | view in chronology ]
Re:
Off
Off
Basic (dammit)
Off
Off
Accept
[ link to this | view in chronology ]
Note it is granting the users full and total control.
[ link to this | view in chronology ]
Even better
# Windows SPY sites
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 ad.doubleclick.n et
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0 .0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choic e.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 co rpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0 .0 diagnostics.support.microsoft.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 feedback.micr osoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 i1.services.s ocial.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft .com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn .com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.micr osoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0 .0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetr y.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 survey.watson.micr osoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsat c.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 telemetry.microsoft .com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-sandbox.data. microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.co m
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.tele metry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com
I imagine that I should hunt about for an update to that list, as no doubt they're aware of some of us trying to stop them spying, but it's a good start.
[ link to this | view in chronology ]
Re: Even better
I wouldn't put it past M$ to totally ignore the HOSTS file altogether in their sneakiness, or just use raw IP addresses.
[ link to this | view in chronology ]
Re: Even better
Note: I don't have Win 10, so I can't really test the software myself.
[ link to this | view in chronology ]
Re: Re: Even better
It might, but in general a program cannot be relied on to police an OS it runs within. Future Windows updates could easily break it, intentionally or not.
Realistically you'd need to run Windows in a VM to prevent it from doing this. But "realistically" is the wrong word, because in practice a VM cannot easily decrypt traffic to tell the difference between Windows Update downloads and telemetry uploads, so you'd have to disable networking entirely.
[ link to this | view in chronology ]
Re: Re: Re: Even better
Well, that or block those IP's on a hardware firewall rather than within Windows itself.
[ link to this | view in chronology ]
Re: Re: Re: Re: Even better
Not really -- the internal Windows firewall will be good enough for blocking. The _SECOND_ Microsoft gets caught bypassing it's own firewall rules is the same second all of the security pros begin to dump Windows. You might not trust every program not to do something stupid, but if you can't trust the OS to enforce blocks then it's pointless.
Yep, you could kill it at the outgoing border gateway but if Windows won't support it's own firewall rules there's no reason to use it. (There's less and less every day -- inertia, both programmatically and human. AD however, won't go away. Shame it wasn't Novell's NDS, out years earlier than MS.)
Ii wouldn't be surprised if there wasn't someday an automatic AD-enforced rule that disabled some of the call-home stuff -- that way Win HOME and Win Pro non-AD could be configured out of the box that way and no one would gripe.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Even better
That's optimistic. They were already caught bypassing the hosts file. I expect if they're ever caught bypassing the firewall, they'll just say it was to protect against malware that was interfering with Windows Update. People have been threatening to dump Windows for years due to privacy invasion, ever since the mandatory product activation in XP, and now MS are calling the bluffs of home users (not corporate users though--MS lets them disable telemetry because they might not be bluffing).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Even better
How many security pros do you know who don't use hardware firewalls?
[ link to this | view in chronology ]
Re: Re: Re: Re: Even better
A Windows computer is opening an encrypted connection to microsoft.com:443. Do you allow or block it? If you block too much you're not going to be able to update the OS. And if MS don't want you to have privacy, which they seem to not want, why do you think the traffic will be easy to identify? The IPs and hostnames could change at any time, and you can probably use domain fronting to access any MS domain through any MS hostname/IP anyway. (You could block every domain related to MS, but then why are you using Windows?)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Even better
Well, yes; using an operating system implies a certain level of trust. (This is especially true of proprietary OS's, but it's even true of free/open-source ones. Even if you're compiling the OS from source yourself, and even if a checksum is provided so that you can confirm that no unauthorized code has been injected by the compiler, it's unlikely that you'll personally have the opportunity to audit every single line of code in every program you use. Unless your workflow is very limited.) That's what Shuttleworth meant when, in response to an outcry against Ubuntu sending its launcher's search data home to solicit ads from Amazon, he responded, "We have root." It was a foolish and arrogant thing to say, but he's not wrong -- if you're using Ubuntu, that means you're already giving Canonical a substantial amount of trust not to take advantage of your most intimate information.
That list of domains provided by Dr. David T. Macknet is a list of places we know Windows 10 is sending private data. You're correct that it could just be sending it encrypted to microsoft.com. It could also be sending it to any other domain, including ones not obviously owned by Microsoft, or funneling it through a third party. And how do you know it's only Windows 10 doing it? How do you know Windows 7 isn't doing it too?
The answer is that you don't. On some level, if you're using Windows, you're trusting Microsoft, at least a little bit.
Somebody who blocks that list of domains at the firewall trusts MS less than somebody who doesn't. But you're right, if I'm using Windows at all, I'm trusting MS at least a little bit.
[ link to this | view in chronology ]
Re: Re: Re: Re: Even better
Just exactly which IP's would those be?
See the problem?
[ link to this | view in chronology ]
Re: Re: Even better
[ link to this | view in chronology ]
Re: Even better
www.msdn.com
msdn.com
www.msn.com
msn.com
go.microsoft.com
msdn.microsoft.com
office.microsoft.com
mic rosoftupdate.microsoft.com
wustats.microsoft.com
support.microsoft.com
www.microsoft.com
microsoft.com
up date.microsoft.com
download.microsoft.com
microsoftupdate.com
windowsupdate.com
windowsupdate.microsoft. com
That's as of last summer. The list could change with an update.
[ link to this | view in chronology ]
Re: Re: Even better
[ link to this | view in chronology ]
Re: Re: Re: Even better
[ link to this | view in chronology ]
Re: Re: Even better
This is for a very good reason. Microsoft has had issues with malware altering the HOSTS file in older versions of Windows and redirecting people from MS sites to other sites in the past. So, they hard coded their websites to always go where they're supposed to go. If you don't trust Microsoft though, don't use Windows.
[ link to this | view in chronology ]
Re: Re: Re: Even better
[ link to this | view in chronology ]
Re: Re: Re: Even better
That's kind of the point.
[ link to this | view in chronology ]
Re: Even better
[ link to this | view in chronology ]
Re: Even better
[ link to this | view in chronology ]
Re: Even better
You do realize that since Microsoft controls the operating system, it can also make it ignore those entries when it wants to, don't you?
[ link to this | view in chronology ]
Re: Even better
Instead use firewall rules as primary and HOSTS as a secondary backup. Destroy Windows Spying (DWS) has a good rule set.
Even if you can't actually read and understand all of the code, you can still get a good impression of what's going on and what they're doing.
https://github.com/Nummer/Destroy-Windows-10-Spying/releases/tag/1.6.722
File MainDwsForm.cs. Code:
private void AddToHostsAndFirewall()
string[] hostsdomains =
"a.ads1.msn.com",
"a.ads2.msads.net",
"a.rad.msn.com",
and so on. These lines add HOSTS blocks to 0.0.0.0 to stop DNS lookups. [They're actually created in the "/C" code at the end of the array.] Then later on they block actual IP addresses,
private void BlockIpAddr()
string[] ipAddr =
"104.96.147.3",
"111.221.29.177",
"111.221.29.253",
These block the actual embedded IP addresses using the native Windows firewall. [literally adding null routes via the trailing "/C" code again.] The second Microsoft is caught bypassing it's own firewall to communicate home I think is the second they get dumped.
This is the same type of thing that PeerGuardian / Peerblock does, only they target ever-changing RIAA/MPAA IP addresses.
MS changes IP collection addresses only occasionally and sometimes it's not even their fault. But don't rely on this 100% to block mothership access; they'll someday add a new patch that'll not be blocked. Gee, if only there were a monthly update system in Windows that could update this.
[GEE, IF ONLY THEY WOULD QUIT COLLECTING THIS DATA TO START WITH. IT'S ONE THING TO HOLD PROGRAM LAUNCH NAMES AND TIMES ON MY PC, BUT ANOTHER to store them all in Redmond. You don't need to know I've got VLC playing My Little Pony in an endless loop. And you SURE don't need to know I'm controlling a botnet of LOIC nodes. In this case I guess it'd be a botNOT. :-)]
[ link to this | view in chronology ]
Re: Even better
Move these addresses to your router and block them there. Windows ignores the hosts files (confirmed by many, including myself).
At the router, Microsoft has no control.
If your router doesn't give you the ability to administer IP addresses, buy a new router.
In addition: you can buy third party software which regulates internet traffic, blocking what you need to (regardless of what is trying to get through). The con to this type of software is you have to spend a good deal of time "Allowing" as most sites are turned off by default.
[ link to this | view in chronology ]
That's a bunch of bullshit. An earlier version of Myerson's blog post included the fact that enterprise users can turn off all data collection because enterprises have different needs than consumers. It's interesting that they removed that.
Myerson is right about the differing needs. If I lost my work laptop and my personal laptop, it's my personal machine that I would be freaking out about. It's consumers that should be able to keep their secrets private. I don't care if Microsoft sees my TPS reports but I do care if Microsoft sees my personal medical or financial information.
I think the real issue is that my TPS report is useless when it comes to targeting ads at me whereas my blood work lab report is just what the pharmaceutical companies need to figure out what ads to show me.
I'm fortunate enough to have an "unlimited" data connection, but people that are stuck on a metered connection have even more reasons to demand less chat between Windows and Microsoft.
I'd like to see open source router firmware makers start offering to block Microsoft servers. Windows sure is starting to feel like malware.
[ link to this | view in chronology ]
Re:
Your medical and financial information are someone else's "work" information.
[ link to this | view in chronology ]
Re:
"Starting"?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Informed consent...
Microsoft has long been one of those companies you have to watch out for.
[ link to this | view in chronology ]
IN THE LAST 10+ years...
ALL games and programs are RELEASED as ALPHA/BETA WARE..
NOT FINISHED PRODUCTS...
NOT NEAR FINISH PRODUCTS
NEVER FINISHED PRODUCTS..
Next up Windows v99.. AND STILL NOT FINISHED..
[ link to this | view in chronology ]
Re: IN THE LAST 10+ years...
Since your examples start with games one suspects that games are your major focus. Let's keep it to the subject.
You might need to tune your tinfoil hat.
[ link to this | view in chronology ]
Someone doesn't know how to write and OS.
This is seriously wrong.
I have written device drivers, worked on I/O systems, Real Time OSs, maintained them, administered Unix/Xenix, admined and modified Linux since
[ link to this | view in chronology ]
Re: Someone doesn't know how to write and OS.
[ link to this | view in chronology ]
Re: Someone doesn't know how to write and OS.
As you know, there's a line between operating system and applications. Where the line is changes over time, but with Windows 10, Microsoft is moving that line for business reasons, not technical reasons. So the part of the operating system that won't work are the parts that get personalized. Those also tend to be the parts that those of us asking for better privacy controls don't want to work.
[ link to this | view in chronology ]
Not can't, refuses to
Then they need to design their OS better, so it can work without all that collection. It isn't impossible, they just don't want to respect privacy concerns.
I found out the hard way (relative's computer) that rejecting the ToS did force the OS to revert back to what it was before Microsoft forced the illegal "upgrade".
[ link to this | view in chronology ]
The fact that so many people are upset with the lack of privacy controls is really a sign that Microsoft isn't executing very well on their Windows 10 vision.
They need to add features so compelling, that customers want to give Microsoft their personal data. If by giving Microsoft access to my files, calendar, contacts and location some amazingly useful features were made possible, I'd be excited. The way it is now though, I have to give up a lot and get very little in return. It's a bad deal.
My personal data is something that I should choose to share with Microsoft, not something they just take from me.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
All I can do is shake my head..
Certainly am glad I don't use MS products anymore...
[ link to this | view in chronology ]
I see this issue often, with the wifi side. I don't have wifi on, it's all hard wired. When I am not on the net, I turn the net drivers off. When I go to turn them back on ever so often, the wifi has changed on it's own but to enable.
Seeing this, I decided to go check some of those other settings I turned off. Sure enough, some of them had re-enabled on their own.
You can't depend on your privacy settings staying where you put them.
[ link to this | view in chronology ]
Wow Ads
[ link to this | view in chronology ]
o Opt Out: Enable this option to opt out.
o Customize: Select what data Microsoft collects.
How much you want to bet this dashboard is just a visual feature to let users "believe" that they can select what security level for data collected by Microsoft.
[ link to this | view in chronology ]
So... when will Fallout 4 be ported to Linux? :)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I'm trying very hard to find this story important
This reminds me of the situation where people build their homes on the bank of a river and then seem astonished when it overflows and almost drowns them. Sure, I'll help them because it's the human thing to do, but don't look for me to feel terribly sympathetic.
[ link to this | view in chronology ]
And I'm trying very hard to find a shred of sense in your post
Harsh in the extreme and grossly unfair. How about ignorant? How about uninformed? How about "it came with the machine", which applies to what, 99.99% of all desktop/laptop sales?
And your analogy is crap. Who the hell is building their own houses, let alone on a river bank? Builders build houses and flog them to people. And yes, they sometimes build them on flood plains, because they're allowed to do so by god damn awful planning regulations and kickbacks, but that's another story.
[ link to this | view in chronology ]
Re: I'm trying very hard to find this story important
Speaking of houses and windows those that live in glass houses...
shouldn't use the bathroom.
[ link to this | view in chronology ]
Re: Re: I'm trying very hard to find this story important
My Debian laptop is approaching 10 years old and basically I have found (with a few exceptions) that if my hardware could handle the game in Windows then it would also run under Wine on the Linux OS.
Being that my computer is so old, I don't often attempt to play the newer, high-end graphics games that are out there nowadays, so I am curious as to which games you couldn't get to work on Linux.
[ link to this | view in chronology ]
Re: Re: Re: I'm trying very hard to find this story important
Some games run fine under WINE; Trails in the Sky is a recent example that works great.
Some don't; I never could get Civ4 to do anything but crash on load.
An increasing number of games are getting native Linux versions, too, making WINE unnecessary. This is especially true for indie games. Major studio games sometimes get native Linux releases too, but there's usually a lag, and it's never a sure thing.
But there's another problem: DirectX just works better than OpenGL. This doesn't matter on lower-end games, but if you're playing a game that really maxes out your hardware's capabilities, DirectX is a better choice than OpenGL. Which means Windows is a better choice than Linux.
Vulkan seems to be closing the gap a bit, but it's still not on par with DirectX, and it's still early days and Vulkan's not widely supported.
Believe me, I'm hoping this changes; I've been waiting for an opportunity to ditch Windows completely for around 15 years now. But for now, I'm still running Windows on my HTPC, and keeping a dual-boot on my main computer, so I can play games.
[ link to this | view in chronology ]
Re: I'm trying very hard to find this story important
Nah, it's because Windows 7 changed my fucking speaker settings back to "stereo" every time I powered down my audio receiver.
[ link to this | view in chronology ]
not using Windows whatsoever probably remains your best option
i believe we have a winner.
[ link to this | view in chronology ]
Just like Win 98 could not work without Internet Explorer. Yeah, right.
[ link to this | view in chronology ]
Re:
Yeah, this one's even harder to swallow...
So, Mr. Microsoft, you're claiming that if you try and use Windows 10 on a network without an internet connection, or (shock, horror!) airgapped, it'll just randomly fail.... is that right? Wow, way to build an OS!
[ link to this | view in chronology ]
Re: Re: Mr. Microsoft
[ link to this | view in chronology ]
And they're just as effective as a placebo.
[ link to this | view in chronology ]
Too little, too late
[ link to this | view in chronology ]
The only certain way to address this problem:
Then install Tails.
[ link to this | view in chronology ]
Re: The only certain way to address this problem:
[ link to this | view in chronology ]
[ link to this | view in chronology ]