if I were
If I were a hacker I'd be working out how to take advantage of this little 'feature'.
Don't want Microsoft tracking you online and collecting data on your computing habits? Then you probably shouldn't install the Windows 10 Technical Preview, Redmond says. The interwebs were abuzz on Monday over concerns about the Terms of Use and Privacy Policy of Microsoft's newly released, not-even-beta-yet OS, with some …
This post has been deleted by its author
"Oh it's ok - it's in the EULA - that means they're allowed to do it, right?"
Let's see how quick the Google astroturfers on here are to claim that Microsoft are copying Google when it comes to EULA practices...
Actually, methinks this AC has a point as the EULA is liable to run into problems with privacy laws in a number of countries, my own included. Goodness knows that there have been enough security hack cases in places like the UK and Germany (the first ones that spring to mind) and legal shinanigans with various companies including Microsoft that would have made them cautious about this sort of thing. The EULA might have some legal standing but it is not above the law.
This post has been deleted by its author
There's nothing you can do, Dogged. Even when disconnected from the internet physically, Windows 10 uses the nearest unsecured wifi hotspot to get another connection. And, if your PC has no wifi adapter, it builds a "software only" version using secret kernel directives. You cannot and will not escape their jurisdiction! ;-)
>>"NO WAY am I willing to 'try out' a known keylogger."
I am. They've just provided me a way to Google-bomb Windows. I'm going to open Word and type Tony Blair and delete it in favour of "lying scum" a few thousand times. Heck, I think I can probably script that simulating keyboard events.
I'm picturing Cherie Blair typing a letter about her husband and the autocorrect just unexpectedly replaces his name. It makes me feel happy just picturing it.
If you don't want to assist in a test programme, then don't download a test version produced expressly for the purposes of testing.
This is not just a free version of Windows 10. It is not designed to be used in a live environment. If you are entering sensitive personal info into it then you are a moron who shouldn't be playing any part of a test cycle.
You miss the big problem.
It's closed-source proprietary software. In previous releases, you were not aware of built-in keylogging ability; when Windows 10 is finally released you will only have their word for it that something *which they are capable of doing* has been disabled.
I'm not prepared to go a single step down that line.
"What if I'm testing forward compatibility for our bespoke software products made for other people under which I am NDA'd and subject to the requrements of ISO27001?"
Then you can either not bother with the Technical Preview, or you can use it in a VM that has no network access, or you can hope that your NDA violation is anonymised by MS.
But whatever you choose, Microsoft were pretty clear in their announcements that the point of making the Tech Preview available to everyone for free is so that they can collect stats on your usage. The Windows 8 previews were all the same and Microsoft repeatedly defended the Win8 UI on the grounds that their "telemetry" contradicted the nay-sayers. There's no such thing as a free lunch and plenty of hints about how MS intend to benefit from your use of the preview. If you don't then read the EULA with some care, that's your problem.
Microsoft repeatedly defended the Win8 UI on the grounds that their "telemetry" contradicted the nay-sayers.
Their telemetry was severely broken then. Because pretty much all beta testers were complaining about Metro and were doing the registry hack thing to disable the hideous Start Screen until one of the releases outright removed that ability and rammed Metro up all the beta testers asses. That might have given MS the "wanted" telemetry, as nobody could do otherwise.
If you are entering sensitive personal info into it then you are a moron who shouldn't be playing any part of a test cycle.
So you are saying that you can't actually test whether this system is usable in any sort of real world situation?
You can only test whether it can connect to other test environments.
Perhaps someone might like to test whether it can connect to their FB account. Since FB won't allow you to have fake or test FB accounts then you are saying that it is not possible to test this part of W10.
"So you are saying that you can't actually test whether this system is usable in any sort of real world situation?"
Well, duh, YES! We are at least a year away from release, according to Microsoft's own timetable, the kernel reports itself as version 6.4 (so eff all major internal changes, then) and you haven't paid Microsoft any real money for the privilege.
"I smell pure evil here."
I don't. Here's the thing: Microsoft has never made it a secret when and/or how they're doing data collection. First, and foremost, its in the EULA and other official documentation which Microsoft has. Especially considering the fact that this is a beta / pre-release version (as such not yours) I think they got every right to do this. In fact; I can understand that collecting "usage data" would help them out.
But if you look at areas where data collection has become the standard, I'm now talking about mobile (smart)phones, then once again its Microsoft who turns out to be the gentleman.
When I got my Windows Phone and started using it I was first confronted with several questions which informed me that Microsoft would like me to enable data collection. This happened when using the virtual keyboard ("to improve the automated responses"), the search feature ("to better optimize the search results"), the OCR (text retrieval from pictures) feature, the photo scanning feature and the voice dictation feature.
In every case this was opt-in. I had to give them permission otherwise the data collection would be disabled.
I once discussed this with a friend who has a "different brand" of mobile phone. And guess what? It was all opt-out. Everything had been enabled by default and if you wanted it off you simply had to go over all the settings yourself.
Microsoft evil? For sure; they most certainly have their ways. But not in this case in my opinion.
This post has been deleted by its author
"Where as I can understand this in beta testing with full disclosure"
Microsoft calls it a "Technical Preview", but it's a beta by any other name, and they've been quite up front about collecting user data from it, provided anyone bothered to read the EULA they clicked 'Accept' on.
The office ribbon interface seems to have been based on very accurate user feedback and usage data, you can really tell. It's just that after gathering all this data, microsoft's elite team of crack programmers decided to use their amazing brains to make the interface as annoying as possible, with a "hide-the-useful-function" methodology that still haunts me today,
Does anyone actually use those stupid style things that take up half the bloody ribbon? Does anyone actually know how to make numbered paragraphs work?
Oh and exactly what usage data led to the decision to have the standard paragraph style with an extra several points of blank space "after" each paragraph, thus making it hard for the average user to work out how to actually type an address which doesn't look double spaced? I mean seriously.,.
If you aren't using styles, then why are you using a word processor? You could just an electronic typewriter with memory and be done. Styles make things so much neater and easier and more consistent. No one can use Word's paragraph numbering because it is broken - other programs get it right, but Word has always managed to bugger things up.
That said, the ribbon sucks. There is no order, the entries are all different sizes mixed all higgeldy piggeldy so that trying to find a specific item is like running your eyes across a bumpy road.
Oh yes, I get how to use the styles and numbered paragraphs in the ribbon. I had been using them for great effect in all my manuals since Word 6 for Windows 3.1.... So.... When they went and hid everything in plain sight in the bloody ribbon, it took me a real conscious effort to keep using the damned software trying to find all the options that used to be all clearly available in the format > styles menu... including googling for "how to deactivate the ribbon office 2007" and "activate real menu office 2007"....
The main reason for the implementation of the ribbon is to make an interface that once the majority of people get used to, have a lot of trouble changing platforms. It is mostly about locking people in.
The ribbon does not rely on a hierarchy of categories that you can navigate and interpret logically, instead it relies on a combination of spatial+muscle memory, ideal for people accustomed to treat computers like an old VCR, a TV or a toaster.
Follows the paradigm that if you want to make an interface easy, just add a dedicated button for each function. (Works only for <= 15 buttons)
So:
1) Is MS patent encumbered, if you implement it on your OS you can be sued.
2) Fixes the problem of the floating toolbars (a problem created by MS in the first place)
3) People have difficulties changing product if they get used to it.
So it is win win win... Windows!
I'm actually more worried about the industry reliance and assumption that you will use a computer running windows to set infrastructure up, and that a MS ecosystem is mandatory in every office to do absolutely anything.
Having never heard of a programme as explicitly set out as the present one I suspect that the user feed back on the ribbon was based on a more select, (in other words biased) sample of those who were in the know. A small sample of queries raised by users about the things they needed was in all likelihood rolled into a wish list. That was then rolled into a 'we must do it a new way list'. That was then proved in focus groups (Steven Jay Sinofsky's nearest and dearest?) and inflicted on the rest of the world.
When beta testing win8 I don't think I ever found the 'official way' to shut down. I might have tried several different approaches including trying *.bat files on the desktop and Alt F4, but the one the worked best was the big silver button (your mileage may vary) on the front of the machine. Unlike hunting and pecking with the mouse the silver button worked every time.
They have been honest, said they will collect data and hopefully avoid the dumb stupid errors of the past and advised you NOT to do mission critical work on the test machine as you may be copied, lose files, etc. Seriously those are very clear almost harsh disclaimers and advice. Anyone who cannot read, does not care or plain ignores the risks does not earn much sympathy from me.
I would still like to try the new product as Win8 was a total disaster for me with all the devices that it did not support. However, it would be on a non-live rig but otherwise still connected to my network - when I was happy to run it that way and once I have a suitable stand-alone PC.
Remember all the user data that Redmond said went into crafting the Office Ribbon UI? Where do you suppose it came from?
I thought they'd plucked it out of their arses. Seriously.
Word and Excel were excellent programs till the ribbon, an exemplary implementation of Pink Floyd's "I've got thirteen channels of shit on the T.V. to choose from"
For neo-luddites wanting the authentic 2003 functionality, there is a lovely new toolbar you can install, called Ubitmenu - which looks like another ribbon tab but its all you need. It's free for domestic use and about a fiver otherwise, and as usual be careful on the install as you won't want any other crap they might try and install with it.
I can understand the need to see how often the Ctrl, Alt, Alt GR and the Windows Key are pressed and even the ensemble of letter keys but I do not see the need to store or collect the individual letter keys.
This is simply wrong. This cannot be justified, we already know which words and letters are the most common, these are already established facts.
Letters include, Passwords, user names, bank codes etc... simply unjustifiable. And when people know this they will change their habits which will skew MS results...
Alsi if MS are doing it,m then the haxors will follow, they will simply hook and chain these "accepted" procedures.... fail.
...........or other security sensitive tasks on a pre-beta like this technical preview then they are frakking brain dead. As far as this particular case is concerned you have to choose (of your own free will) to download and install the TP, choose (of your own free will) to sign up for the insider program and finally not bother to read the EULA in order for this to come as a horrible shock. To sum up: Anyone who accepts an invitation from any example of BigCorp to become one of their "partners" without reading the small print very carefully indeed should not be allowed out of the house without a note from their mum.
@Arctic
As much as I agree with you, I digress that banking was a little bit extreme. But I can easilly imagine them logging into Github accounts, email accounts and possibly testing VPN connections which would be valid scenarios for testing.
...... "Github accounts, email accounts and possibly testing VPN connections which would be valid scenarios for testing."
Those are indeed valid points, however I am still concerned that people (who are either professional techies or enthusiastic amateurs) download this kind thing without reading the small print. If "geeks" do that kind of thing what hope do we have of ever persuading the "great unwashed" that one of the most important parts of good security is using some basic common sense. Installing this without reading the EULA is not much more impressive than those idiots who salivate and click the moment they see a "free porn" link.
And everyone knows it. They're even made to be intentionally hard to read to discourage users reading them, mainly because they're pretty much without fail full of illegal or unenforceable terms.
Which is largely OK, since in civilized parts of the world they're not contracts but simply a corporate wishlist and something to scare the users with.
The we will track your every move was high up in the EULA i managed to spot it strait away and stopped reading there and made a quick exit.
I don't mind them knowing what i do on it, which programs i use, how i navigate around the user interface etc I think this is reasonable its a good way of getting real useful data as its more accurate than just user feedback on a form. it is a technical preview for improving the software before release after all. BUT key logging of all my usernames and password is where i drew the line. and quit looking.
would have been more tempted to download it and run it on a VM but with Technet being dead (RIP) installing all the rest of the programs needed to test it as a "usual day" usage case is rather hindered without this additional software.
Never underestimate the self-inflicted damage that people are capable of! I got called in, once upon a time, on a consulting position for a company in which all of their printers had stopped working. Nothing wrong with and no change on the printers. Same with the network. Same with the client machines. The print server... inexplicably had been upgraded to a beta version of Windows Server that had no drivers for those printers. The owners refused to back-level because "newer is always better."
Sadly, this is not the only instance I have encountered use of beta software in production. On the plus side, it meant money in my pocket. I still felt like a physician must having to explain, "No, no. If you keep stabbing yourself, it will keep hurting."
"but I do not see the need to store or collect the individual letter keys."
Didn't it say it was for autocomplete?
As for passwords, this might depend upon what level of the UI is involved in the data collection, and how much access the OS has to parts of the UI - specifically if the input is being directed to an icon that is masking what is being typed, as much password icons do.
Well, Windows makes it very easy to add a keyboard hook (SetWindowsHookEx). Any program can do it.
I suppose you can also see how useful it would be to be able to run an app that injects code into the memory space of another running app. And how useful it is to be able to patch the kernel so that low-level OS routines like writing to a file, can be hooked and redirected to your own code! Really, really useful! And extremely insecure for OS design! Let's face it - Windows is an extraordinarily badly designed (mainstream) OS. Like our (mainstream) democratic society - inordinately badly designed. Certain plants are illegal, but unmanned bomber drones aren't. You know what I mean...
How come no one is giving ReactOS any love at all?
While I would love to completely ditch Window$, I do have games purchased from both EA and Activision-Blizzard, and while EA does give Linux some love sometimes (as long as someone else is willing to foot the bill for the R&D and porting), ActiBlizz remains stubborn and keeps saying no to Linux :(
I've been playing WoW on Linux (Fedora core 6 what what I started with) for years.
I currently play Diablo 3 on Linux.
It's not hard to play Blizzard games on Linux, yes you need Wine, but it's pretty trivial to do it, especially with things like Play on Linux. They even do a Mac port of all their games so you get OpenGL mode as well as DirectX.
Complaining about not being able to leave Windows because of Blizzard games is silly.
I've assumed you mean Blizzard games as opposed to Activision games because you explicitly said Activision-Blizzard, as opposed to just Activision.
Amsusingly I can't play Diablo 3 on my Windows 10 test machine because the Nvidia Optimus drivers are borked on Windows 10. Other than that it's a nice little system. I was well aware of the tracking, it's a test release after all, it's expected.
>How come no one is giving ReactOS any love at all?
Well it isn't exactly progressing very fast...
I suspect a major reason why a major hasn't got behind it is that if ReactOS actually succeeded in delivering a product ready for prime time is whether MS would alllow it to continue or would commence a legal war of attrition, particularly if it showed any signs of becoming more widely used.
However, if the US government wanted, they could back ReactOS in the same way as years back they backed both Intel and AMD to ensure that they weren't dependent upon a single supplier for critical systems components. Such a move would be a game changer.
"How come no one is giving ReactOS any love at all?"
Err, because it's pitched as a clone of Windows and you can get the real thing without the threat of MS cutting you off at the knees for *£0 when you buy a new computer. * = the MS Tax.
Even if you ignore the competing with the superficially free real deal, their blurb about how much UNIX sucks suggests that they are doomed to repeating the same mistakes that Microsoft made 20 years ago, which is also a big turn off if you're looking for something similar but better.
In essence their addressable market consists of Windows fanbois who don't like Microsoft...
"In essence their addressable market consists of Windows fanbois who don't like Microsoft..."
Hmm, down vote. Is that because they don't like the truth or is it because they disagree ? They haven't posted a rebuttal, which suggests that they don't like the truth.
Personally, I'm quite happy to see ReactOS thrive and do well. More OSes, more choice is a good thing. Maybe the effort will yield something new and useful - I just think it's a very very very long shot with ReactOS.... :)
(or migrate to Linux).
I did that a few years ago.
But, nevertheless, as a favor to a friend, I downloaded the preview on my linux box.
No sooner than when the download was completed, a pop up appeared warning me that malware had been downloaded to my machine, and I was prompted to delete it.
My linux box, trying to protect my sensitive data from that malware called "Windows".
</sarcasm>
</snark>
I have a feeling that they will probably turn round and say "Well, it is a free technical preview and we want to check everything". I have a feeling that most people would have downloaded it because they saw it as a Free version of Windows.
Still, as Khaptain said, maybe log details of the ALT, ALTGR keys and similar. This is asking for trouble. We need to let everyone know about it.
There is a list of IP addresses that the OS uses to 'phone home and tell MS what arseoles they are' so we can block them.
I wouldn't put it past MS to bypass the hosts file though so would have to block them elsewhere on the network.
I have the Server preview ISO. I'll use it to create a VM but it will run with no network connectivity simply because our security people have not cleared it yet. Nor will they until it is released. I'll even have to go into the DMZ to download any fixes. We really have no idea what else MS is hoovering up and passing to the 'Mothership'. IMHO we should all effect come form of 'Communication Breakdown' between us and the 'Black Dog' (MS) otherwise this OS can go to 'Kashmir' for all I care.
Oh microsoft.... What a crazy mixed up mess you are in.
You login (on a VM) and you get a side-bar asking
-----------------------
Network
Do you want to find PC's, devices, content on this network and automatically connect defives like printers and TV's?
We recommend that you do this on your home and work networks
-----------------------
wtf? this is a Server OS. Why would I want to go out and try to connect the TV's etc at work?
Doing a port scan etc on work systems is a real fast way to an exit from the company. (possible hacking, unauth access to data etc)
It is just as well that this VM is totally isolated from the work network.
I can only home that MS get their act together before this is released...
Many years ago when I discovered how to use the hosts file, I too blocked many sites with it, including Microsoft's.
Some years later, I noticed the references to MS's sites were hashed/commented out. After a little investigation, I found that MS were editing that file without permission. No matter how many times I tried to block them with the hosts file, every attempt by the Windows computer to access a MS site included a modification to my hosts file.
To fix that, one had to set the file to 'read only.' Not sure if that still works. Anyway, that was back in the days of dial-up. Hardware firewalls work best nowadays :)
"To fix that, one had to set the file to 'read only.' Not sure if that still works. Anyway, that was back in the days of dial-up."
Even in those gnarly old days OpenBSD firewall FTW... Mainly because it was the smallest download, but in practice it turned out to rock solid and mostly excellent in day to day usage too... :)
If they are really targeting business this time around, shouldn't they be doing this kind of "how people actually use it" investigation using actual, hmmm, business people? I'm not sure your average sales rep spends much time flipping between github and eclipse, occasionally shifting that funny looking mouse thing out of the way so they can top up their caffeine levels before getting back to keyboard ninjary.
Then again, maybe they're still feeling the burn after watching Mr iPad too intently last time around...
Why is anyone surprised by this? It's an alpha/beta what do you expect? I'm not a massive fan of MS but if it's beta and the EULA ( which we always read don't we! ) states "We will spy on you while you play with this pre-release so we know if it's working or not.", where's the problem?
If I get a beta of any software I expect somewhere to have to "pay" somehow for getting early access, this is simply the payment for playing with a pre-release, you have to tell them if it's any good, either directly or indirectly by them spying on you.
What's all this crap about "Hacker's Dream"? FFS! They don't need this piss-poor key-logger from MS, they have enough of their own and probably more sophisticated key-logging tools, all they need is a pillock willing and ready to run email attachments or click on links from porn sites that promise to "Clean Your Infected Machine"!
Yeah. What Amorous Cowherder said.
This is development software. Shit, if I was making a pre-release OS available widely I'd want to put stuff like this in too. Let's face it, most users aren't capable of logging a bug report much more accurate than 'Boo Hoo, it's not working'. They certainly aren't up to telling the poor developer what they were doing before it stopped working so that the problem can be replicated. Quite apart from Microsoft's stated reasons of improving autocorrect and so forth, this could be a real boon in reproducing errors.
As long as they remove it from the final shipping version then I'm okay with this. But, as stated, beta users might want to refrain from internet banking or browsing for pictures of naked ladies with this release.
""Isn't that how we've been treating Windows for years?"
Until we recently realised that Open Source is probably even worse...."
Naw... At it's worst Open Source is as bad as payware, because the payware makes liberal use of Open Source code anyway... The TCP/IP standard was initially defined by a 'libre' style code base for starters...
Payware has done good stuff too. :)
This post has been deleted by its author
Yeh ... well, as I'd said another time, those who stand under the elephant's ass shouldn't expect anything but repeats of the same old shit cascading down on their head. But who would have expected that while the elephant was taking a dump, it would have its trunk in yer pocket, jerkin' on yer private ... ummm, yer private keystrokes!
Considering the kind of bug reports Microsoft would likely get, such as "I clicked on an icon and then I typed and it went blank until I pressed the button and then it went white and back to normal", Microsoft is going to need the extra telemetry to understand what actually happened.
As long as its not in the final version.
It doesn't really matter if it's in the EULA or if the supposed keylogger collects everything or just bits of information; this is not the way you get people excited about your new operating system version. It's a PR disaster. The reputation of the company and the Windows brand itself (both which wasn't very stellar to begin with) took such a hit in the last few years that this really is the last thing they should be doing.
I've not done programming for a very long time, but I know that when I did, and I was trying to fix bugs, I was putting all sorts of error trapping and logging all over the place just so I could see exactly what is going on in there.
All Microsoft is doing here is inviting people to join in that testing.
The word 'beta' has been misused over time and people assume it means "Pretty much a finished and perfect product, we just don't want to take any flack if anything goes wrong".
Anyone downloading Windows 10 (and I'm not one of them) needs to know that it will be faulty, Microsoft knows it will be faulty and so they need to have things in place to monitor the faults.
By all means rip them a second bum-hole if Windows 10 does this post release, but expecting Microsoft to be able to fix bugs from simple emails saying "It doesn't work" means Windows 10 won't be ready until Clinton has finished her second term in office.
Please imagine this on a smaller scale for a moment: you give out a pre-release version of an accounting software you wrote for a client to get some test data in more real-life scenarios. On the next meeting you casually mention to them that their login problems are probably related to the fact that they tend to press TAB too many times and thus jump over the "Login" button to the "Cancel" button. "How do you know that?" they ask. "Well, this test version logs all key presses," you reply, "We mentioned it in the release notes, too. You know, in section 53."
Will your client appreciate your (totally valid and useful) testing feature? Illogical or not, most won't. It goes over a certain line. If you want real-life test data, then you are expecting your users to do the same things with your software that they do in production environments, at least to an extent. That does not mesh well with key loggers of any kind, because at the very least it creeps people out. And that's not good for the image of your company or your software, as simple as that.
Re: Accounting software
If a client was using a "pre-release" for real production work then I'd be worried. But given the example, I expect the same client would be very grateful if you pointed out that the reason why they are having to always recalculate the VAT on orders is because they keep omitting to tick the "EU sale" box. But then it would probably be correct to regard all ERP systems as 'pre-releases' given the number of fixes the vendors keep sending out ...
However, I think the point you were trying to make was that with enterprise systems the data is being collected either within the organisation or by trusted third-parties, whereas with MS the data is simply being collected and dropped on to a faceless development team somewhere in the world. The interesting thing that arises from this is whether MS will turn this monitoring capability into an Enterprise feature and so create a market for the tools they will have had to develop to analysis this data.
Why is it that Microsoft gets stick for releasing a beta of Windows containing debug and diagnostic code that is necessarily privacy unfriendly (and which they have gone out of their way not to hide - they've clearly documented the fact)?
Would you rather the Microsoft didn't do a public beta, and risk having serious problems with the final version of Windows 10? Public betas don't get rid of all bugs but, done properly, they can help. And it seems to me that Microsoft really does want this to be the best Windows ever.
If you have a problem with beta software, if you don't want to pay the pre-release price, then don't install it - install Windows 7 instead*.
The really weird thing is that I'd be prepared to bet that at least 90% of commentards here have a Facebook account and use it everyday - without once considering the very real security and privacy implications. But (ug) Facebook okay. Me like Facebook. It free. It haz pikchurz ov Fluffeh Kittehz, Me like Google. It free. (grawh) Me hate Microsoft. Me hate Apple. Them makez me pay moneh. Them bad. My brane hurtz.
*or <insert release version of an OS of your choice>.
I've not installed Windows 10 for obvious reasons, but from what I read on Lifehacker, the relevant bits weren't buried in the EULA but were seen in a separate set of Privacy Statements.
I also know that if I had installed Windows 10 at work and my boss found out that there was a privacy statement available and that I hadn't read it and that because of this I was potentially leaking confidential information, I'd at risk of being choped.
(this is what I read --> http://www.lifehacker.co.uk/2014/10/07/windows-10s-keylogger-fiasco-blown-proportion )
Well, the person ahead of everybody else would be the one who read all of the EULA from start to finish to find the buried paragraph and deciding not to hit install.
Did anyone do that? By 'anyone' I mean anyone on this planet.
I started reading EULAs in full from about 1999 onwards. Sure, it delays installs by quite a bit, and joining a service takes more time, but EULA and ToS tell you a lot about the attitude of the company towards you. It also gives you a hint of what you can and cannot do with a service or product from a risk management perspective.
The best giveaway is the combination of length and language. If it's very long and entirely in legalise, beware of the dictum of contracts: the first bit giveth, the second bit taketh away (and then some) - be very wary..
I read the EULA start to finish. I encourage everyone to do so. It is, in point of fact, the best written, easiest to understand, most "plain English" EULA I've ever read. It is an example of how to do an EULA right.
It doesn't have all the detail about exactly what methods they will use to spy on you, but it's pretty explicit that they will, and they'll be cavalier about it.
My issues were "what was causing the data leak" and "why can't I turn the taps off".* Because knowing how it all works is my job. And by knowing how it works in the preview we know what to look for in the release version.
As it turns out, the stuff I couldn't find and kill in the OS itself was Windows Store apps phoning home, even when not open. And they sent a lot of data. Uninstall them, and I only saw the traffic I'd expect to see from a surveillance an instrumented OS.
Most importantly, I reported all my findings to Microsoft via their "Microsoft Feedback" tool. Which, just by the by, you need to convert your Windows into a cloud-attached Microsoft Login setup to do. And that means that you can't say no to Skydrive. And...
Anyways, short version: I have problems with choices made in how Microsoft has designed the privacy and security elements of the OS that have nothing at all to do with Microsoft instrumenting a technical preview. Most of my issues are with stuff I fully expect to be in the shipping OS.
What I want is an operating system that is "privacy first, security first". What Microsoft wants is an operating system that is "cloud first, mobile first". We are probably never going to see eye to eye on this; our interests are diametrically opposed.
But, it is my actual job to download, install and play with the technical preview, the beta, and every other version that happens along. I'm a technology journalist. It's what I get paid to do.
If folks are shocked and shaken that I do so, then actually talk about the issues I uncover...well, then I don't understand why they read technology magazines - or the forums on those technology magazines - at all. It seems to me that they are actually going out of their way to expose themselves to the sort of information, opinions and facts that they explicitly want to avoid. (Or want to avoid until the final version is out.)
If anyone wants to pillory me for doing my job of investigating new technology, go right ahead. Honestly, after a few years, you really do get used to it.
*There is also an issue of what the defaults are, and the fact that turning things off doesn't actually turn them off in the preview, as well as that controls don't seem to exist in the UI for half the data collection points. But, to be honest, I'm willing to overlook those in a technical preview, though I do comment on their existence and I have reported this all to Microsoft.
"I recall Trevor being ridden hard in the forums for complaining about exactly this problem.
It appears he was simply ahead of everyone else. "
Apparently he normally uses Linux on his laptop so you can understand why he is desperate to escape for even alpha Windows software for an easier life!
Eh? I use Windows 7 on my laptop. I use CentOS on my servers. I do have a laptop with Mint, but that's my security unit.
Honestly, the instant that Wayland is fully baked, I'm leaving Windows behind. FreeRDP server was incorporated into Weston and it provides a fully modern RDP experience for remote work. That's all that was ever really missing from Linux in order for it to be my primary environment. I prefer working via VDI for a large number of reasons.
As an endpoint OS, I prefer a heavily modified Windows 7 environment to pretty much everything else I've used. Though Windows 10 has some very serious potential to be every bit as usable.
The problem is Microsoft itself. I just don't trust them. They've screwed me over and over and I am absolutely, 100% convinced they'll do it again. They are emphatically not honorable, which means that no matter how good their technology is it simply does not matter.
Microsoft could have the best technology in the world - in some niches they do, in others they emphatically don't - but that's just not enough. I can't do business with, trust my business to and ultimately trust my privacy to a company I can't trust.
That's before we even get into the rank madness that is Microsoft's VDI and SPLA licensing, the #1 reason behind my philosophical (and monetary) support of various open source projects.
Linux doesn't have to be the best at all things to be usable. Microsoft sure as hell isn't the best at a great many things and it's used in all sorts of bizarre places. What Linux has to be is trustworthy. I am not talking here about "bug free". No software from any vendor will ever be that.
I am talking here about the ability to run the software without fear of jackbooted sociopaths and their hellspawn laywers showing up to annihilate your business because you did something that seems perfectly rational to ordinary people but violates some obscure clause of a licensing agreement.
Spending half a year's revenue on licensing only to find out that the specific implementation you wanted isn't covered in that particular scenario can end a business. Usually because the alternative licensing either simply isn't possible or costs 20x the company's yearly revenue.
Trust is the knowledge that if I don't like something - from a UI element to an API change - there is the option to simply not participate. Linux can be - and is - forked when someone does something asinine. Windows users just have to close their eyes and think of England.
For all your snarky sniping and your dedicated vitriolic fanboy bullshit, Mr Anonymous Shill, you never do address these issues. And at the end of the day, I'm just tired of fighting the battle. Against Microsoft, against you, against the legion of paid "evangelists" that make truly obscene money to "control the message".
I'm tired. Tired of Microsoft. Tired of their licensing bullshit. Tired of having to worry about being in compliance with some stipulation about how I can use software that I paid for.
Make your jokes, spread your lies and be damned. I'm absolutely going to put my time and my money into Linux for the simple reason that it has become the path of least resistance. It takes less effort. It takes less learning. It takes less fighting and it just costs less, in time and in money.
Technology isn't enough. I buy computers because I actually want to use them. Not because I want to spend my time managing them, or dealing with the legal logistics of licensing them. For a computer you can actually use, it sure looks to me like one of the only choices left is some variety of Linux.
Cheers.
Technology isn't enough. I buy computers because I actually want to use them. Not because I want to spend my time managing them, or dealing with the legal logistics of licensing them. For a computer you can actually use, it sure looks to me like one of the only choices left is some variety of Linux.
Strangely, you've pretty much summed up why I switched to an OSX desktop - mainly because it gives me a good desktop that is fairly easy to secure, but still leaves me a usable *nix command line too and allows me to use Open Source tools such as LibreOffice and Firefox (I don't like Apple's "mail" program). I need design software such as Visio, and after MS butchered its functionality I found it was a lot more efficient to use Omnigraffle on OSX and still get some work done. For anything as server platform I simply use Linux, never had a need for anything else.
If I only needed browsing and office software I'd probably be using a Linux desktop too.
Wun hung lo the Chinese government computer procurer will freek out
"" what is this a NSA key logger built in to this Software
Quick tell the Party leader this and that he is to BAN Windows and Microsuck from the Glorious Middle Kingdom.
No more windows computers no Sexbox and no windows phones
We will Stop the Dirty Yanks spying on us by Banning all their software and hardware""
There goes a 7+ Billion potential market in china followed by 5 Billion in India followed by Russia and then the rest of the unfree world EU to Follow
Time To Sell those Microsuck Shares before their market share price collapse's
THIS IS A COMPANY PREPARING TO SWAN DIVE INTO HELL
SUICIDE BY SOFTWARE
This post has been deleted by its author
There will be no apologists because there is no issue unless this exists in production code.
Google data-mine betas as well. Nobody cries about that. Not even apologists. They don't even cry all that much when Google data-mines production code because it's understood these days that selling you (ie, the digital slave trade) is what Google do.
If this is in production code you may see apologists. What you won't see are any Win10 installs in my house or workplace.
I mean, The core of this is not just for your average desktop, but for tablets of all shapes and sizes, for Windows Phones, and for their server class O/S's.
Doesn't every android / Apple / Windows phone already support some level of predictive typing and auto-correct features to make your user experience with small screens and sausage fingers a little less painful.
This is already common in many platforms that are used by millions, to see it on the desktop is a surprise, but should not be unexpected for a test release.
There will be different components that will be provided around the core O/S and some will be used on tablets, whereas others will be available on server platforms.
(Remember all the user data that Redmond said went into crafting the Office Ribbon UI? Where do you suppose it came from?)
That would explain why the ribbon is unpopular with so many people. Its design and layout are tuned to the usage habbits of the sort of people that download and use previews of upcoming operating systems and software.
Microsoft said at the get-go that they would be doing added-on enhanced tracking and info gathering with the preview. It was released SPECIFICALLY to gather information. I used it a bit, gave some feedback, then went back to my regular OS.
For once MS are doing the right thing: they are releasing a preview to learn what bits people like and use, and to work out how to make something less awful than Windows 8.
They clearly say they will track how you use it. You have to agree to that to install it. So to be upset that they are doing what they said they will do seems a little silly.
So far, I think it seems like a step forward from Windows 8.1 and not much worse than Windows 7.
However, there isn't much I can use the Win 10 machine for because most of what I do on a computer depends on software I've not installed, or involved confidential information I don't want to share,
"For all your snarky sniping and your dedicated vitriolic fanboy bullshit, Mr Anonymous Shill, you never do address these issues. And at the end of the day, I'm just tired of fighting the battle. Against Microsoft, against you, against the legion of paid "evangelists" that make truly obscene money to "control the message"."
That's the point really. It's wasted energy, which is better directed towards using gear that works for less headache and expenditure. The shills had already lost this debate in 1992, the current crop are too dumb to know it or too scared to admit it.
A trial beta version of an OS collection information and usage..... well I am shocked! In the terms conditions as well? Ok you get my point and obviously if a feature like that ever made into a finished product then its a completely different matter. I do however find it amazing that one min people have an opinion that privacy and anonymity are "enemies of the internet" and the next min everyone is outraged at the invasion of privacy (not that it matters which company it is). Sometimes I think you might as well put all your personal life on a website, give the owners copyright control, let them suggest how to run your social live, track you with a key logger that has a build in browser, upload all your data to an advertising company, strap a camera to your face and call it progress.... just saying ..........maybe I should buy a 100% proprietary computer with a fruit sticker on it for a massively inflated price that would show people I am cool :)
A trial beta version of an OS collection information and usage..... well I am shocked! In the terms conditions as well? Ok you get my point and obviously if a feature like that ever made into a finished product then its a completely different matter. I do however find it amazing that one min people have an opinion that privacy and anonymity are "enemies of the internet" and the next min everyone is outraged at the invasion of privacy (not that it matters which company it is). Sometimes I think you might as well put all your personal life on a website, give the owners copyright control, let them suggest how to run your social live, track you with a key logger that has a build in browser, upload all your data to an advertising company, strap a camera to your face and call it progress.... just saying ..........maybe I should buy a 100% proprietary computer with a fruit sticker on it for a massively inflated price that would show people I am cool :)
Technical preview users are not the same as end users doing their day job, they are technically previewing and testing the system not actually using it as a day to day work tool. By monitoring and tuning for these poke around users of course you'll see higher usage (read testing) of new features, giving you a false/skewed impression of their acceptance. Where as what most users really want is the peddles and steering wheel to be in the same place as they always have been.
First, as someone whose MCSE number is in the low 1,000's I've been through a lot of MS betas over the past 19 years. Like a lot of other people I downloaded the Win 10 beta out of curiousity, even though I'm mostly immersed in Linux and other open source nowadays (all the servers I work with are RHEL, and my admin workstation at work is Fedora 20). I did read the EULA and (separately linked) related policy documents. The software got installed into a KVM image that's isolated from the rest of my network (I opened thing up to register but then closed in off again).
If I were really interested in continuing to beta test this I'd leave the pipe open and let MS monitor things however they'd like. After all, that's the whole point of beta testing -- gathering data on what happens when people actually use the software. But it's unlikely that I'll be making the effort, so I'll probably just play with it a little longer and then let it expire at the end of the beta period.
Going forward people should probably keep a close eye out to see if that kind of monitoring (especially the keylogging) continue. If it does, of course that would be an unacceptable invasion of privacy and a serious attack vector that no one could afford to allow on their network. If it doesn't, then maybe those who still need to run Windows will be OK (although, being closed source, there'll be no way to know in advance if it were ever turned on again).
Here's the thing. Unlike back in 1995 when I started out, there are many acceptable alternatives to Windows in the data center, and for some of us at least, on the desktop. The enterprise class Linux distributions and the BSDs have a proven track record over the last decade. They're all high quality, fully tested and have significant support resources behind them. For the desktop Apple is an obvious choice, but despite some extremely annoying shortcomings, the major Linux distros can also work well as admin and developer workstations. When SteamOS ships next year we may even see things improve for general purpose consumer desktop applications.
I'm sure Microsoft knows all this, or at least someone over there in Redmond does. At some point that knowledge is going to percolate up to the top levels of the company and then they'll have some choices to make. The important thing for the rest of us is that even if they make the wrong choices it won't mean the end of life as we know it -- only as they (Microsoft's execs) do.
I think it's safe to conclude that if this keylogging "feature" stays beyond the development stage and into the Final Release version that this will be, for many, the final release. What corporation would willingly and knowingly accept the obvious liability that such an aggressive and inviting attack vector this "feature" represents?
Enough retailers are being targeted for their secure financial data as it is. No point in giving hackers and malware authors such a ripe target as this "feature" represents. Can you imagine a corporate R&D department doing any new product development on a machine running Windows 10? What about banks and financial services? Governments? You get the idea.
Not going to happen. MS might as well close it's doors if this is their intention for a final release.