By design
"And Windows 10 feels like it's trying to pull a fast one on a lot of us."
Here's a quick FYI: if you installed Windows 10, and in a rush to try out Microsoft's new operating system, you clicked through the default settings without looking, you may want to look again. If you value your privacy, or have a distrust of Microsoft, you probably want to make sure some or all of the settings are flipped to …
microsoft explain what's going on, and how they are nothing like google, here in this youtube video
So all the whining Microsoft has been doing about Google has been blown away in an almighty hypocritical u turn? Boy, what a surprise.
While I was upgrading my laptop in the early hours of sunday am I figured "why not google win10 privacy while I wait", spoke a fair amount of French, then spent a good half hour tweaking settings/registry values. What annoyed the hell out of me was the need to disable processes and edit the registry (home premium) to stop some of the reporting home.
Thinking of friends/fam I'm hoping some kind soul will write a nice little "freeeedurm" script to simplify the process, or perhaps an "app" to demonstrate in simple terms (traffic lights) to your average Joe public exactly how exposed they are/what is being collected, with a "protect me squire!" button...
How long before an "auto"-update undoes what you do to the registry to stop the "reporting home"? I was wondering why this was free... now we know. Frankly, I don't mind selling some of my data for advertising, etc. But when they have access to ALL of my data, my spidey sense tingles... then i read that awesome Reg article about government spying on us... and... well... i think I'll stay with 7 for a bit longer...
i think I'll stay with 7 for a bit longer
Me too. But I will also be paying close attention in future, not only to what updates come down the line, but also to what traffic the OS is initiating. If only just to say "Fuck off Microsoft, you've gone to far."
"How long before an "auto"-update undoes what you do to the registry to stop the "reporting home"?"
Ahh, the old bag of tricks: Registry polling OS-threads are back again, I see.
NT workstation was easily converted to NT server with single registry change.
MS fix for that? Create an operating system thread (running all the time) which polls that single registry key every 2 seconds and swaps it back if you try to change it. And hide the watchdog as an update.
Sound familiar, doesn't it?
So I'll say w10 runs a thread to undo all your changes all the time.
As they directly say:
"You may change this setting but after a while _we will change it back_".
"a while" is, of course, not defined anywhere, so it can be minutes or weeks.
Thing is while most of this isn't ideal, the objections to it are largely ones of principle, not that anything is likely to happen because MS knows this stuff. So your friends/family probably aren't really that bothered, unless they read some scaremongering "Windows is stealing your soul - you won't BELIEVE what happened next" 'article' on FB. You can help them out but they probably won't really understand why you need to unless you scare them with a biased viewpoint on the subject.
"..not that anything is likely to happen because MS knows this stuff."
And how you know it's only MS who knows _everything_ you do?
As we know, MS is a partner for NSA and CHGQ and being 'a partner' doesn't mean having a BBQ together.
Not only you are selling everything you do, you are also selling everything anyone around you is doing. And that information isn't yours to sell.
As MS puts it "...shares wifi-passwords with Skype, Facebook and outlook.com friends." as plain text, obviously.
Also MS spies on your emails, which means anyone you send/receive emails is also spied on. And registered as fellow of yours.
Fast forward to company email ... basically even one w10-user in email distribution list is leaking everything in emails to NSA, passwords, accounts, everything. That's a massive non-security.
It's obvious that _everything_ in MS cloud is already doing that, just judging by the spying enforced in w10.
I found out tonight Lidl requires your car registration at the till, here in the UK.
I was caught offguard at Lidl, (its always a bit of a rush packing) and asked for my car registration number at the till. Lidl are obviously selling this information to Europarks foremost, but others too no doubt. I didn't like the fact I'm asked to give what is private information in a situation that is very public, either.
Are Lidl actually collecting it to enforce 90 minute limit parking fines though? I don't think so. It doesn't seem as though its needed if Europarks run the carparks, hence it seems like colllecting private 'linked' information under false pretenses.
The Europarks ANPR Cameras are supposed to do that, as the car park is run by them. Why are Lidl acting as so called enforcer, other for financial means, and a cut of the fine revenue. Very easy to get full driver details via the DVLA.
I thought it was bloody cheek, not sure what consent I gave on entering the store, (the store been separate from the parking) but it certainly wasn't explicit. ANPR is bad enough, but that tracks the vehicle, this in effect, is explicitly tracking the customer.
Waitrose thankfully don't do this. Tonight was my last shop at Lidl. It was convenient and cheap, on the way home. Waitrose is slightly further out my way.
"Are Lidl actually collecting it to enforce 90 minute limit parking fines though? "
Not really any different than any other store who gives you free parking for a limited time - but only if you buy something in the store. The ANPR knows you parked there and for how long - the manual check confirms you used the store and when. Presumably you don't have to buy anything - just queue at the checkout. ALDI use the same system on their car park - except it is only for validated customers' use. Anyone not validated gets an automatic fine.
Our Waitrose allows a short free parking period in the community car park if you get your token validated at the checkout. In theory you can't ask for a validation without actually buying something. I don't think there is an ANPR as well - but it wouldn't be that difficult as the car park is covered by at least one town CCTV camera.
"I was caught offguard at Lidl, (its always a bit of a rush packing) and asked for my car registration number at the till."
I think in my case I'd have demanded to know why. If it was just for APNR that might have been OK. But retail companies really should use their clout to get rid of parking vultures (no relation to our beloved el Reg of course).
> But retail companies really should use their clout to get rid of parking vultures (no relation to our beloved el Reg of course).
Wow brought back back parking nightmares from my time living across the pond and painful Lidl shopping. One edge to being back home as a Yank not living on the coasts is having giant ass free parking spots almost everywhere due to no shortage of land. Fly over country has its perks.
A drug store here in Canada (Rexall) likes to ask people for their postal code at checkout. Most of the time I just say Nope. Sometimes I give them the north pole postal code H0H 0H0.
Have you tried just saying NO when they ask?
I have a psuedo address i use all the time, when their postcode checker fails to register it i tell them its a new estate, they manually add a duff address and i am left alone.
Currys once pulled this shit when i bought a TV, they wanted my name, address, postcode, etc etc. They got an address, postcode, name etc, just not mine!!!
@cornz1 - if you buy a TV, the store is required to log your address for the licence; not their fault and so I guess not the same thing.
"Can't stand ANPR car parks, want to charge for parking then put up a bloody barrier and ticket machine."
My registration plate includes easily-confused-by-OCR characters including K, M, W, X, and 8 - it's rare I get out of a prebooked airport park without having to have a discussion.
"@cornz1 - if you buy a TV, the store is required to log your address for the licence; not their fault and so I guess not the same thing."
But I am under no obligation to answer them truthfully. Is so the same thing. Unwarranted snooping!
"
@cornz1 - if you buy a TV, the store is required to log your address for the licence; not their fault and so I guess not the same thing.
"
Stores in the UK usually go way over what the law demands. Supermarkets frequently won't sell booze to adults who are *accompanied* by a minor, for example. I recently bought a pair of passive 3D glasses from Argos and was asked for my name & postcode for TV licencing. I pointed out that the glasses cannot receive TV broadcasts and so do not fall under the regulation, but the employee stated that it was store policy to get the information for all purchases that were "TV related". I told her that I was a traveller and had no fixed abode, which stumped her.
In fairness to Curry's I believe it is legislated that a seller must get your address when you buy a TV so that the TV licencing mob can hound you.
They are obligated to get an address from you. You are under no obligation to give them your correct address and they are under no obligation to verify it.
Actually, Currys were just fulfilling their legal obligations. When buying TV receiving equipment, by law they have to gather and pass on identity information to the TV Licensing authority.
If you pay by card, they will normally just pass enough information from that so that identity can be obtained from the bank. Alternatively, if you use a store loyalty card, that will suffice too.
I once bought a TV aerial amplifier from Tesco, wanting to pay cash, and having just lost my keyring clubcard. They refused to sell it to me without me providing my name and address. They did not even relent when I pointed out that it was not technically capable of receiving a TV signal, and that where it was going was not my house (I was getting it for my parents).
I know for a fact that they use Tesco clubcard information, because our card has a typo in the name on the card that we've never corrected. And after buying a TV, we got a nasty-o-gram from the license enforcers claiming that they could not identify a valid TV license under the name and address that the clubcard was registered to. I did nothing, waiting to see whether someone would actually spot that garthercole and gathercole actually only differed by one letter, and at some point they must have, because there was never any follow-up. It's a bit of a shame. I would have loved to have seen that go to court to watch it be thrown out.
What really annoyed me was when another shop asked me for the same information for exactly that purpose when I bought a simple DVD player! That really took the piss.
I believe I've heard that deliberately giving false information when buying TV receiving equipment in the UK can be deemed as fraud.
Edit: Hmm. Others beat me to this while I was typing it up. Must remember to be less verbose.
@Greg D
"AFAIK a number plate is not private information."
No, it isn't. However my payment card is private information, while details the shopping I've bought is semi-private; and they're trying to link all three at the checkout. Note that it's trivial for anyone to look up the car make + model from the registration (i.e. is it a Bentley or a banger?) so they suddenly have much better knowledge of their shopping demographic. Maybe they have the ability to link payment card to the billing address from another source - another aspect of the demographic is how wealthy your 'hood is. We don't know what information the other side of the equation has access to...
That all assumes they're only interesting in knowing their shopping demographic better and not the usual targeted ads crap.
Paying cash is one thing but not many people carry enough cash with them to cover the weekly shop and if you only find out when you've packed your shopping and are about to pay it's a bit late to say I'll pop to an ATM. That said I'd probably empty my bags, buy the minimum shopping with cash to avoid a parking ticket, leave them to put it all back on the shelves and sod off to a shop that doesn't feel the need to track my every move!
According to privacy officials here in Finland, _it is private information_ as it's directly connected to name & address, therefore collecting and publishing those is illegal.
That view is of course not shared in UK where spying on car owners is the norm, illegal or not, no-one cares.
Freedesktop is not even a standards body, it's specification is adopted to varying degrees between Gnome and KDE, and is only recently at version 1.1.
As a 'borg' it shows all the assimilation ability of a tribe of ewoks. You wouldn't want Gnome and KDE(etc.) to run off implementing the same idea in even more different ways...
As it is, KDE4 had it's user icons in ~/.local/share/icons & Gnome and others in ~/.icons.
People will be launching tirades against EWMH next...
The funny thing about systemd, I actually like unit files and few other things it brought strictly related to initialisation management. It is really big shame that it's put its fingers into so many pies, e.g. when dbus goes wrong (sometimes it does!) I am unable to gracefully shutdown the system because silly bugger is unable to communicate with init process without dbus.
On the other hand, it does provide some entertainment, watching all these bone headed-attempts to move dbus to kernel, in a least efficient way possible. I wonder what systemd and gnome authors will try to copy from Windows next, badly (Cortana a.k.a. "universal privacy invasion", perhaps?) Sorry for off topic, I heading out anyway
"You're probably thinking of Richard Stallman. Linus wrote a kernel."
The kernel is the operating system. The GNU project's aim was to build an open Unix - kernel and development toolkit (the C compiler, gcc etc.). GNU did have it's own kernel (Hurd), but the Linux kernel was released earlier and adopted instead, hence GNU/Linux - the Linux kernel, written using GNU tools.
So yes, Richard Stallman was involved with writing his own OS, but Linus beat him to release, admittedly using the GNU tools - so less overall work as Linus didn't have to worry about writing the compiler, linker etc.
Funny how Android and Windows 10 are both "free" to the consumer huh? Apple I guess at least just overcharges you for the hardware and then drops support for their loss leader software for your device after a few years to strongly encourage you to pay your reoccuring dues to the hipster club(cult?). Yay fanboi downvotes all around.
I'm no fan of the Mac UI, and I find iOS unusable. But you have to at least give Apple credit for creating a separate OS for its mobile toys. Mac OS X remains respectful of a UI tradition that goes back 30 years, and charges users up-front, instead of trying to surreptitiously 'monetize' them.
Turn off Cortana and instead search locally, otherwise everything is sent to Bing.
Go through the "Privacy" settings thoroughly.
Lock down Edge, setting your own home page, start page, and set the New tabs to blank.
Lock down IE where appropriate if you know how.
Turn off the tracking service: dmwappushsvc
Turn off the diagnostics service: diagtrack
Adjust the hosts file. In this The Register comments section you might see an extra blank line between each entry, so you might have to adjust the following eliminating the extra blank lines between each entry; but that said, add the following to your hosts file:
#Windows 10 Privacy Blocker#
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0..0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 bingads.microsoft.com
0.0.0.0 www.bingads.microsoft.com
#End Windows 10 Privacy Blocker#
# [Block Microsoft Apps]
127.0.0.1 apps.microsoft.com
127.0.0.1 www.apps.microsoft.com
This is probably just a start. You might feel the thing is almost an extension of Microsoft servers, rather than its own operating system. But with some adjustments, you can reclaim your own computer.
If anyone has more ideas, please post 'em.
"You might feel the thing is almost an extension of Microsoft servers, rather than its own operating system. But with some adjustments, you can reclaim your own computer."
Thanks for the post; that's some very useful stuff there..
What I need to know, and will require, I suspect, more time from more tech-competent people than myself, is the degree to which it is possible to disable the constant surveillance, and, simultaneously, what remains in force no matter what the user does. If it *all* can be disabled, then I don't much care what Microsoft has put in there; it's the undefeatable mechanisms that concern me. I doubt that the final word has been said on this matter.
Thanks, yes, just create a local account. I install with the computer unplugged too!
You might note that "apps" can be uninstalled either manually or by PowerShell.
Just as a note: you can even use PowerShell to uninstall them all in one fell swoop (except the underpinning platform, Edge, and Settings); but be cautious, that's everything metro on your account.
AFAICT, Microsoft has removed a couple things non-metro from Windows 10 - calculator and sound recorder (a tiny program that's been on Windows for decades) - so if you remove the calculator app, and the sound app, there is no calc.exe or sound recorder on the system to replace them with; you can replace sound recorder with something like Audacity, and there are numerous ways calculators online.
A very useful list, thanks.
One thing I noticed, though :
Turn off Cortana and instead search locally, otherwise everything is sent to Bing.
Done that but I found that even on a local search the thing connected to Bing, sent it a packet of data and got a whole load of packets back. Looked suspiciously like it was sending the search request in anyway.
So blocking in the Hosts file seems the only way - can't trust the UI to actually do what you want.
#Windows 10 Privacy Blocker#
Thanks for that. On my games desktop I turned off all intrusive options then began to wonder, would that matter anyway. If they wanted to snoop, no way I'd know about it. Just a quick question, shouldn't all those 0s be 127.0.0.1? or does it not matter?
Turning off Cortana? Easier said than done.
I had to turn off just about every Search related service to get Cortana to disappear. (not that I wasn't going to do that anyway, I've used Agent Ransack since they implemented search back in Vista anyway)
BTW, thanks for the host file URLs.
Excellent list. Thanks!
However:
But with some adjustments, you can reclaim your own computer.
I'd say this statement is premature, unproven and astoundingly optimistic. At this point, we have no idea what may lurk in the closed source of Windows 10, nor how persistent Microsoft's (forced) auto-updates will be in (re)opening privacy holes.
What we do know is that by accepting Windows 10, in exchange for a few miserable new features, you are giving Microsoft carte blanche - you're happily volunteering to accept Redmond's electronic anal probe. The only real solution is to avoid installing this nightmare, and uninstall it immediately if you've already made a horrible mistake. JUST SAY NO to Windows 10. If you're not willing to tell Microsoft right now that its behavior is unacceptable, you are part of the problem, and you guarantee that things will continue to get worse.
> ""Your typed and handwritten words are collected to provide you a personalized user dictionary"
Good idea. Collect all your habitual misspellings* into a personal dictionary so as to avoid bothering you about them. Something teh internet has always needed."
* Mindreader used to do that in the early 90's. Progress, huh....
So while Apple has taken steps to eliminate the ability of an app to access any sort of unique ID connected to the user, Microsoft is going full steam ahead with this? And adding this to Windows 10 on PCs - when they are already getting paid good money for the OS?
At least Google has a valid reason for pushing this stuff on people, because they make nothing from Android aside from the advertising revenue. Microsoft wants it on both ends, payment up front and continuing to sell your eyeballs down the road, and bringing it to PCs to boot!
Glad I use Linux and iOS!
to all those who were (and are still) laughing to Richard Stallman's lectures on software freedom.
A new and very long era of Windows abuse will begin. Oh, by the way, it's too late to go back, folks! Don't count on Linux to save your bacon because in case you did not know, there is no free and open software on closed and locked hardware. Your only choice will be on which wagon you want to be shackled: Apple, Google or Microsoft. Enjoy!
Don't think so.
The big problem that Microsoft has now is that its every misstep will be crucified in the media. Microsoft is not the powerhouse it used to be. Billions in the bank no longer guarantee user compliance.
Windows 95 was a turd, Windows XP was better, and XP SP3 was just about acceptable. In those days, the Internet reared its ugly head and when Vista rolled around, despite all the programmed hype that was Microsoft SOP, it was decried, pilloried and ridiculed and did not take off.
That is something that Microsoft had never before experienced ; rejection. Every single OS edition, every attempt, every tool had, previously, been kept or retired at the whim of Redmond HQ. For the first time in history, a Microsoft OS had been crucified BY THE USERS and Microsoft had been forced to accept its defeat.
I am convinced that historians will peg that as the point at which Microsoft has begun its march into irrelevance.
Meanwhile, Window 1 0 is attempting to save Redmond's bacon by adopting the Internet to an extent that is unheard-of in Redmond-land. Microsoft's marketing department is probably feeling a permanent high with all the potential (read, skewering user's wallets potential), but the Internet is here now, and Microsoft does not control it. Users will decide whether or not Win 1 0 is worth it, and Microsoft can bleat all it wants about Win 1 0 "features", if users don't accept them, 1 0 will fail.
And that will be a much more devastating failure in Microsoft's OS history, because its entire future is hinging on this moment.
I don't know which way this will go, but I'm not sure even Microsoft's legendary PR department will be able to save its bacon this time.
>I am convinced that historians will peg that as the point at which Microsoft has begun its march into irrelevance.
No that will either be the day the antitrust ruling came down or when Billy G stepped down day to day as CEO which both predate Vista by quite some time.
The lack of a proper GUI, Start Button, and Start menu aside... And whatever Third-Party remedy One might have used... Or paid for to fix these... pales to the fact that Windows 10 will sell your Soul, Bank Accout, Wi-Fi Passwords, and your Dog Piecemeal to the largest bidder, or, Alphabet Soup Origination. Given MicroSofts stary history on security... Just how long will it be until our Russian, and Chinese "friends" get their hands on this stuff? Perhaps that Nigerian Prince just might be able to get his Billions back!
As pointed out above.... Microsoft aren't completely daft... If everyone starts to alter their host File. Chances are good that they'll eventually overwrite this again.
I might have mentioned this in a different Thread, but, its slowly looking like the only OS in the World that could save Windows 8.x... May well turn out to be Windows 10. Bullshit Interface aside. Nobody has ever actually accused it of being nearly as insidious with Ones data as this current OS... Yes you may have had to download Solitaire as an optional extra, with all its ads... But, 1) it was NOT part of the OS - AT SALE 2) You weren't required to download it. Which hardly justifies either behavior IMHO.
But, between the shit UI, or the OS that spys on me... I'd go for Windows 8.x... I meant Linux Mint.
I have a niggling suspicion that EU law might come to the aid of those of us in the EU. Something in the back of my mind is telling me that we can explicitly opt out of data retention by informing Microsoft via any official method. I.e. If MS advertise an official Facebook page, then any posts to it are legally considered officially delivered in the same way they would be via post. 10 million posts would probably DOS the page, if only it was possible for an opt out template to go viral. Then there is the fact that for £10 you can ask MS UK to supply you with a hard copy of everything they hold on you under data protection laws. The awkward git in me thinks that this can be used to make things difficult until MS provide a single opt out function that is unambiguous to non-corporate users.
If Microsoft APIs and document formats had been published, it was only because of EU ruling. Mass media focused only on IE - but the real change was to force Microsoft to publish APIs and formats needed for interoperability.
Samba and other projects would be still far behind if those APIs and formats would be still unpublished, and it wasn't the DOJ to obtain it.
https://i.imgur.com/9DoVoix.jpg
A few gems: "Real-time protection: This helps find and stop malware from installing or running on your PC. You can turn this off temporarily, but if it's off for a while we'll turn it back on automatically." (emphasis mine)
and
"The BitLocker recovery key for your device is automatically backed up online in your Microsoft OneDrive account."
and
"Microsoft doesn't need to ask for access to your Skype and Outlook.com contacts because these other services are both owned by Microsoft and tied to your Microsoft account."
This post has been deleted by its author
"Where is it stated that the BitLocker recovery key is stored online ?"
See http://windows.microsoft.com/en-gb/windows-8/bitlocker-recovery-keys-faq
For non domain joined PCs using a Microsoft account, the BitLocker recovery key is stored online in OneDrive, which for most users is likely a good thing as encryption is now enabled by default.
"if somehow those keys were hacked and extracted - seems to be a high security risk."
Well they would also need physical access to your device to use them. And as a non Domain joined user then probably you wouldn't have required a PIN or enabled 2 factor authentication - so if they have your Microsoft account, they could login to your device anyway...
However if you have something that you really want to protect from the NSA, law enforcement, foreign governments, etc, then the keys can easily be viewed and deleted here:
https://onedrive.live.com/recoverykey
"Does everyone get an online account automatically with Windows 10 ?."
Nope - you can choose to use a local account or a domain account only if you want to.
Worried your keys might get hacked? HA! Those keys are there so they can be handed over to whatever agency might ask for them, the end, no hacking required. (I'm guessing that if you "delete" said key from OneDrive, it will still exist as a backup on the server. Unless someone somewhere has read just how Microsoft "deletes" things from OneDrive and corrects me.)
... how many people complaining about these privacy settings have store cards, credit/debit cards, bank accounts, or use Ebay, Paypal, Amazon, Google services, etc. Our information is all out there and none of it is really private unless you go to great lengths. And to me those lengths simply aren't worth my time or effort. I don't care if Microsoft knows where I am, what I'm searching for, etc. If the state wants to know all about me - it damn well will do and I can't do anything about it. Seriously, though, what is the big issue? What harm can be done to me with any of this data gathered about me? That's a serious question folks - somebody actually give me an example of any kind of harm.
All that credit card info stuff is true, but as someone on the Insider forum commented (roughly) is that any reason why I should cc Microsoft on everything I do?
If you're looking for convincing examples of harm, I can't help you. All I can say is what I feel having used the thing for quite a few months :
It's a great OS if you subscribe to the vision that is being put forward, but when I consider all that Microsoft are putting under the hood, I get a cold feeling in the pit of my stomach. I won't use it for real, and I won't suffer it's presence on any devices attached to my network.
I mean, no 'properly elected' government has ever used data it gathered with consent for nefarious ends, have they now?
Try asking that to my mother-in-laws family in Austria...
Oh sorry, you can't as most of them were gassed and barbecued by the elected government...
Be careful what you wish for my friend, as you WILL wake up one day and find things have changed.
Have a nice day!
Jay.
@timmy
Sorry to see you get so many downvotes, I guess its easier to be an armchair critic and reading the truth is a tad painful. I dont like the massive invasion of privacy, but there is little I can do, or really want to do tbh im too lazy, and i suspect a good 90% of commentards are in the same boat as you rightly pointed out.
on another note, how anonymous is this post really, you all love your privacy, but if a reg hack wanted to know who posted what ... well..... I'm sure it isn't hard for them to see.
on another note, how anonymous is this post really, you all love your privacy, but if a reg hack wanted to know who posted what ... well..... I'm sure it isn't hard for them to see
I assume you're referring to your own post and of course el Reg can link it to your real reg username. However, they can only link to the real you if you gave that info up when you registered.
They would have no hope of identifying the real me from the information they have. They'd have to break a few laws/do a few deals to get the info needed to identify me.
But that isn't the point is it? The fuss is about giving one corporation wide access to your info where you live, ie on the machine that you're posting from/working from/writing personal diaries on etc.
On the subject of Reg hacks - yes they can get to you via your e-mail address. Happened to me once.
"I dont like the massive invasion of privacy, but there is little I can do..."
It's called "learned helplessness". Look it up. It's also false.
"...or really want to do tbh im too lazy,"
Oh, now that's an entirely different issue, innit. "The Grasshopper and the Ant" comes to mind. After all it's clearly profoundly dumb to "work hard" if "food is plentiful"; unfortunately, by the time it's not, it's too late.
I dont like the massive invasion of privacy, but there is little I can do, or really want to do tbh im too lazy
There is a lot you can do, and all it requires is that you be just a bit lazier than you already are. JUST DON'T INSTALL WINDOWS 10. Pretty simple, huh? Be just lazy enough to not jump when Microsoft tells you to, and a year from now, the world will be a better place.
"on another note, how anonymous is this post really, you all love your privacy, but if a reg hack wanted to know who posted what ... well..... I'm sure it isn't hard for them to see."
As anonymous as the information you gave when signing up. Not everyone provides their real e-mail address, name etc. When signing up to online forums.
@ Timmy B
A good introduction is to read up on the right to privacy - particularly what Judge Brandeis had to say. Unfortunately it is too long to repeat here (and too intricate), but you can start here:
https://www.brandeis.edu/now/2013/july/privacy.html
http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html
https://en.wikipedia.org/wiki/Louis_Brandeis#Olmstead_v._United_States_.281928.29_.E2.80.93_Right_of_privacy
If that does not scare you, you are welcome to give away your privacy.
@Kobus
I understand the issues surrounding privacy and value mine - heck it's why I spend so much time away from any electronics living in the woods under piles of sticks (seriously I do). But I also understand that all the trappings of modern life are linked and information is a sought after currency in this brave new world. I happily give away a little of my privacy to use things online. I allow MS, Google, Amazon etc. access to a lot of my information. But personal things I cherish I don't freely share online - I don't need to and don't want to. In all this I have the control as I let lose what I allow online.
I give information away but what I do is with my consent - but then I'm not daft enough to just click [Next], [Next], [Next] on any software installer.
There are, after all, far worse things to worry about in the world today and if people don't see that then perhaps they aught to get their news form places other than the Reg.
@ Timmy B
...I give information away but what I do is with my consent...
Ahh, but then you DO care. The point is that you have looked at the issues, assessed the implications and decided that it is not worth (in most cases) your while worrying about it. That is OK.
I, on the other hand, refuse to have a Facebook account, or a Twitter account, or a Watsapp account or a Skype account. And I keep location awareness off on my phone, as well as WiFi - both only gets turned on when I need to or have control over what is sent out (as far as it is in my means).
That is also why I post here under my own name (I also have another account, or post anonymously when I do not want to be easily linked to whatever I have to say, for various reasons). But I am under no illusion that The Reg can connect the dots and know who I am, and I am OK with that.
The problem with giving away your privacy, though, is that the vast majority of people who do not care are completely unaware of the possible ramifications (and seemingly also do not really want to think or worry about it). Those of us who do value our privacy therefore stand to lose it, as the majority who do not care will also not do anything about protecting privacy rights, thereby giving your and my privacy away. That is why those of us who have assessed the problem should fight to keep it and make others aware of what is really happening.
@Kobus
Yes - I do care - but not enough to worry.
I also view it more like an economic transaction - I pay in privacy for the use of a service. Generally I think I am getting a good deal. After all I recon you could find out pretty much anything about me with little effort.
Saying that I don't have a twitter account (not that I use) as I tried it once and just don't see the point.
And in total violation of the rules of internet discussion I am going to say you seem like a sensible chap and I've enjoyed our little exchange - have a virtual beer.
Timmy,
I am with you on the 'bargain' made with Google, I am also quite happy with the varying 'tracking options' that I have swiched off, tbh Google make this reasonably easy to do.
'tis interesting that most folk aren't bothered at all, but perhaps that is my age showing???
Have one on me.
Regards,
jay
I pay in privacy for the use of a service. Generally I think I am getting a good deal.
You may not have noticed, but (contrary to Microsoft's contention), Windows is not "a service." It's a desktop operating system. We accepted tracking on the Web. We accepted endless privacy shenanigans on Facebook. We accept that the use of debit cards and loyalty cards lets corporations and the government track our every move, our every thought. And on top of all that, we've seen governments and corporations starting to use that mass of data in truly despicable, totalitarian ways.
When, might I ask, were you planning to get worried?
Windows is on over a billion devices around the world. If it's allowed to be just as riddled with privacy holes as Facebook, then we have no refuge left. Our work, our most private thoughts and activities are no longer private. Essentially, there's no privacy left other than locking yourself in an unlit broom closet and hoping that there's no IR camera in there with you.
Windows 10 offers almost nothing of any value. A few miserable and badly-implemented new features. Is it excessive to suggest that maybe we could be just worried enough to resist giving up a huge chunk of our remaining privacy, in exchange for so little?
@fung0
N0 Windows is not a service and I don't have to use all the bits I'm talking about. Pretty much everything linked to onedrive / outlook / etc.
My most private thoughts and activities are very private - they simply don't go online at all. I will start to worry when they can read my mind.
I prefer by far to pay with money. Once they are no longer my money, they not carry any info about me. Money are fully anonymous. While paying with your data allows those who have them to build more and more knowledge about you, correlate them with more data even not coming fro you, and transfer it to others also. Those data stay, even when you had forgot about them... think about it. You're giving away much more than money.
Store cards.
If I want to hide from Tesco I do not use card and I use cash.
Amazon
Default to not using for presents as they spurt information everywhere.
Ebay
Junk account or private browsing for when I want to look at things I do not want to appear in my history. (It does work)
Some parts live in HOSTS along with ad brokers
@MJI
Lets look at the worst cases and see if all that effort is worth it:
Store cards - Tesco tries to sell you other stuff and annoys you with adverts.
Amazon - Amazon tries to sell you stuff and annoys you with adverts - possibly one of those adverts shows a present you were buying as a surprise. More annoyance.
Ebay - It goes wrong and things you don't want in your history appear in your history. Worst case is similar to amazon. Unless you're buying illegal stuff then you go to prison and too right.
Google - Google knows where you are and pesters you with ads, etc....
So the worst here is, depending on what you do, either mild annoyance or prison.
As I'll never go to prison for buying tat on EBay then I take the risks and don't worry.
Can anybody else show me any worse results. I'm still waiting for a realistic example of a bad outcome that doesn't rely on paranoia of accepting all the defaults in Windows 10
@Timmy B. (wanting worst case results)
Ok, I bite.
Let's say I work at Microsoft and I'm a psycho and I want to date a specific girl I saw at the store. I can find all her interests, her likes, her movements.
Let's say some foreign government wants to compromise you because you work at a powerplant. We'll all they need to do is get a job with some company that has access to your data. Now they can find out through your online habits that you've been giving it to an office co-worker. They won't tell your wife if you just install this USB stick for them.
Or, I can review all your data, figure out that you have a gambling problem, then bombard you with temptations, then send you lots of "cash for cars", "pay-day loans" and whatever to drain you as far as I can.
I see you have bought an Epinephrine injector, I can send you send all kinds of "Worst bee problem in decades" articles and then my links to those pens. Basically ramping up your fears to sell you something.
I can raise your health care price because you like windsurfing sites.
I can see you looking up cancer and target you with homeopathic "cures".
It gives people power over you, period. If there is a way for it to be used against you, someone will figure it out and it will be. We will need to be re-trained to understand how our lack of privacy puts anyone with access to our information in a position to manipulate us in ways we can not even begin to think of.
@MacGyver
All of those things are being done and have been done right across history without technology. These companies and corporations only have power over me if I allow them to. We're more influenced and controlled by the press and governments. If you're weak enough to have affairs, or a gambling problem or buy into homeopathy then I'd say you gave the power away long before installing Windows 10...
Oh - and lobby your government so you don't have a healthcare system that can charge you like that. (I'm in the UK).
Timmy,
You get it, I get it, in a few years my little lad will too.
As to everyone else...
Most people haven't a f'ing clue how their data will be stolen and mis-used (because they didn't realise what they were 'volunteering').
Is this a world that on the whole gains from astounding data gathering/pilfering...?
Your thoughts would be much appreciated.
Regards,
jay
This post has been deleted by its author
"Can anybody else show me any worse results. I'm still waiting for a realistic example of a bad outcome that doesn't rely on paranoia of accepting all the defaults in Windows 10"
Any of those places have their DBs compromised and your financial details, along with the rest of your personal identifying info are either:
Sold to the highest bidder, who does what they wish with your ID (after emptying your bank account),
Or posted online for free to make a point (as certain hacker groups are wont to do). If you're especially lucky, some unscrupulous media outlet will make a big deal out of the whole fiasco and kindly link to the info dump, increasing its visibility.
In the short term, you may think "well all I had to do was cancel a card and change a few passwords, no harm done there."
Of course, the Internet is forever, and even if you find your info among the thousands released and change what you can, that which you can't change is archived online and privately, to be dragged up whenever anyone wants to get at you for some petty reason or another, like pissing someone off on an Internet forum.
Oh, and then there's the possibility of someone editing that info for shits and giggles. You may be one of the righteous, nothing to hide so nothing to fear, but that's not necessarily what the modified info says. Like the cases of photoshopped "revenge porn" that have caused some to lose their jobs.
This post has been deleted by its author
There's some differences, for example banks may be higly regulated, while IT companies are not.
Sometimes I *want* my transactions to be registered because this mean I have means to prove it happened - say I buy a car, if I pay with a credit card or bank transfer the seller can't deny the payment. Pay cash and if trouble arises you may not be able to show you actually paid.
Just, the bank can't see all of my transactions (if I pay cash, for example...), and is not authorized (at least here) to share them with anybody it likes. Other tracking methods - say fidelity cards - are clearly opt-in, you can refuse them, or decide when to use them. Still, a bank or the like can see only a part of my activities (sure, it can try to match them to others later...)
But transfer this power to a PC (but should we call it "Personal" still? Or are they fully "Shared" devices nowadays?), make all settings opt-out and difficult to reach, and whoever controls it is able to track most of what you do.
Do you believe these data can't be used against you? Do you believe they gather all those data just "to improve the service" or to target ads?
Why do you believe they want health data? To deny you an insurance or the like as soon as you ask for one. Why car insurance wants a "black box" to track you? So they can tell you were 5 km/h above the 50 km/h speed limit, and/or too close to the car in front of you, so they can pay less, or not pay at all. Or just look at how prices can be modified depending on how your are willingly to buy a given good.... once you have the data, and the processing power, there's a lot you can do to exploit your "human products" to maximize your revenues.
And don't believe they won't, they're already doing, and are improving quickly at it. Why MS is giving away Win10 for free and gave up all the money from upgrades? Of course, it believes it will have a fair ROI anyway - and where it should come from?
And what about if someone breaks their security and gets access to your data? Do you believe it won't use against you in some criminal way? Ask those whose credit card data were compromised. Or their images and then made public. Or their personal data, and then used to impersonate them in fraudolent transactions.
"Why MS is giving away Win10 for free and gave up all the money from upgrades? "
As soon as I saw the "free upgrades" in the media, the idea of "fee upgrades" (for Micro$oft) popped into my head (or, rather, slithered). Aside from the fact they've just taken the computing world back 60 years to IBM's view of rental software (ahh, the days of TimeSharing and slooooow modems), they've managed to finally implement "one device, one copy, forever".
Chuck the mobo in the skip because it's failed, replace it - sorry (dumb) customer, you'll need to purchase a new copy of windoze 1 0. Probably the same for other devices (I'm starting to believe all this licensing crap from XP onwards was a dry run for this).
Getting a board which doesn't support UEFI would probably go a ways to putting a spanner in their schemes (btw, who REALLY needs a huge sysdisc in these days of SSDs....). I fear the days when M$ (or whoever, NSA, GCHQ, STASI, etc.) can refuse your UEFI PC booting, or perhaps even brick it. Then again, M$ updates sometimes brick things too.
Using alternatives to Skype and Bing (OK, yeech)(either way) would also stop the implied consent of tie-in. Sad to say, this could be the final nail in the coffin for Windows Phones if people catch on the M$'s illict linking practices.
Micro$oft: get your money-grubbing paws off my PC.
From, the EU Deans office.
Microsoft, it has come to our attention that you have released Windows 10, but we have noticed a few privacy violations. Young master Mozilla, isn't very happy you setting your browser as default either.
You agreed to stop misbehaving or we would take the appropriate action
We will see you in the EU Deans office later this afternoon for a good spanking and fines.
I expect google to take some of my data in order to provide my "free" services. Google is an advertising company.
I pay for microsoft software and therefore i dont expect to have to pick through it, as if it is adware, for privacy settings.
If Microsoft expect me to subscribe to the Windows Service in the future as it speculated and quite plausible and i am also fighting with my data being harvested too... this make Microsoft more evil than google (except that I would be paying for evil instead of just consuming it...)
I think it's time to accept the viewpoint that with all the obfuscation of your Privacy settings you probably have missed at least one, and/or MS have reset them while you weren't looking. Someone will need to figure out if you can firewall off any data that tries to escape to Microsoft while still letting OS updates in. (In fact firewalling the update server could be a good control mechanism to ensure that updates happen on your schedule, not Redmond's. However all this seems like a hell of a faff and will probably only see use by people forced into using/supporting W10.
Where I think this will hit Microsoft bigtime is Compliance: what if the data I handle on a day-to-day basis is not only confidential, but I have a legal or professional duty to keep it private? Are people really going to use W10 if misclicking a privacy flag (or a forced update resets it) could put your job or your freedom at risk?
Yeah, an Enterprise version will (probably) start out safe. But when (not if) a blunderer or bad actor in your IT or Microsoft or any one of a million programs with poor installers trips a registry setting somewhere, do you know for a fact that the Enterprise version is so structurally different to Spyware version that phoning home cannot possibly come active? And even if you did know for a fact last week Enterprise Edition doesn't have the phone home code, do you know for a fact that the latest wave of updates didn't accidentally or otherwise sneak some phone home code in as part of a wider update?
Yes, unreadable fine print hidden at the end of the (unlawful) agreement which is stowed in a locked filing cabinet in a disused toilet with a sign on the door saying "Beware of the leopard" is totally an agreement. How magical.
This things should come with explicit and informed agreement.
But hey, at least it isn't like WP8 where they upload all your primary contacts and calendar entries without telling you and without an option to opt out.
Everyone does know that this shit is in Windows 8 too right? I can't be the only one who checks every option during a software install to see what interesting options are lurking in the dialogs. I spotted this nasty shit back when Windows 8 first came out, read it carefully and disabled the nastier bits. I deliberately looked for it during the Windows 10 betas and there it was again, this time all switched on.
Much like Oracle, they turn on various options by default, they get you to run an audit on your kit and then tell you it's your fault for not taking 3 months to read the 1200 page manuals properly when they fired up some hidden process that'll now cost you $25k/cpu!
All software companies are bastards looking to fleece you for money or info.
FWIW, this guy says even Windows 7 is infected with this behaviour if you've allowed "critical updates" since April
http://yro.slashdot.org/comments.pl?sid=7777263&cid=50231001
FWIW, this guy says even Windows 7 is infected with this behaviour if you've allowed "critical updates" since April
Interesting, but incomplete. I did find an article elsewhere that cited this:
http://www.infoworld.com/article/2911609/operating-systems/kb-2952664-compatibility-update-for-win7-triggers-unexpected-daily-telemetry-run-may-be-snooping.html
This cites KB2952664 and possibly a couple of other updates (including an alternative KB posted for Windows 8). I just tried removing the KB from the machine I had set up with Windows 10 (and since reverted to Windows 7) and I ended up with some problems in the task scheduler. I wasn't too surprised.
The idea of a lot of hacking and slashing cited by the poster in Slashdot, however, doesn't yet give any details.
Only a matter of time before the Dutch, Danish, French, German etc data protection authorities will open a case. I fail to see how explicit consent is obtained by obfuscating it in a different menu. There is personal data here.
M$ just don't give two hoots about "European" concerns.
is it really worth money?
All this social media and now operating systems that record and log everything we do is to sell data to advertisers who use it to create adverts we block or ignore. Does anyone every actually buy something, anything because of user data that was mined?
Was there ever a service or product created because of this information?
If MS want to be the next Google and give away its software for free in return for spying will ensure it never be regarded as an Enterprise OS, or is that the plan you have a free spyware OS or a paid for Enterprise version that doesn't?
Either way I'm convinced all this data is just a house of cards, when someone looks and sees that despite the petabytes of information collected no-one ever buys anything, the realisation that it's not worth anything and we have another dot com burst bubble.
You must not ever get called upon to fix the relative's computers.
They usually have no Ad-blocking software, no cookie clearing, are using IE 7, have every swinging toolbar known to man installed. They also put their singular AOL email in everything that has ever asked for it.
I bet that's a lot of people. I'm betting that those users are like prize winning cattle to these marketer types. I also bet that they click on their milk-fed ads as often as they're shown to them.
Watch a mouth-breather use a computer for a bit and see what I mean. If you get bored, ask them to do a very specific search for something, like: "number of dollars spend on non-violent first-time offenders in prison". Now sit back as they click on the first search result Google gives them, then number two, then three, and so on.
The fact you know what an Ad-block program even is puts you in a different category, one that makes it hard for you to even imagine how they use a computer.
I checked the defaults. I decided...
- If I'm going to see adverts, I'd rather they were targeted adverts. I have occasionally bought things that pleased me because of targeted adverts. Allow all that.
- If I'm going to say "Hey Cortana, where's the nearest pub?" I'd like her to know where I am. Too often on Android I've received traffic information for Reading whilst in Norwich, or whatever. So location stuff can stay on too.
- Like hell it is automatically giving out wifi passwords for my router. Turn that shit off.
So, I'm happy enough, but I think it's very dodgy that this stuff is buried and defaulted and not really transparent at all.
Also, I wonder whether I missed anything.
I don't understand what people have against personalised ads.
As a middle aged fella (oh the horror!) I don't want to see ads for dresses, vacuum cleaners, nail polish, spar treatment weekend breaks or Fiat 500's.
I *want* personalised ads, because I want to see ads for fast cars, beer, golf holidays and TVs so big I need to build an extension... so some power tool ads would be useful too!
What's not to like about personalised ads?
It's not a good idea to turn off cloud-based protection for Windows Defender, as that limits its effectiveness. By turning off the cloud-based function, it won't be able to check to see if there is a signature match that has not yet made it into the system's list. You'll be more vulnerable to newly deployed malware.
If you want to turn off the cloud based option, then you'd be better off going with a different antivirus vendor and removing Defender altogether.
By collecting all sorts of personal data like this without making it clear to the user up front appears to break EU regulations on informed consent. It only becomes obvious what is happening if the user makes an effort and starts digging into the settings, the Microsoft privacy page is clear but it is hardly top of the average user's reading list.
Principles of the EU regulations are informed consent and that data may only be used for the stated purpose for which it was provided by the individual.
I see neither of these principles in operation here.
Of course the Microsoft lawyers will disagree, but I'm pretty sure the judges and regulators in the EU will have a different view.
Ah so it's not the personalisation that people are bothered about, it's the ads themselves. Then install something like Adblock Plus.
Whilst I agree that few people want to see ads, if I do have to see them, I'd rather they were personalised than random.
After all, every ad you see in print or on the TV, is tailored to the audience the advertisers think are watching, which is a form of personalisation.
Whats interesting is that some people are not bothered by Microsoft collecting their information, suggesting that Apple, Google, Facebook, and even Twitter has been doing it for years so why complain now that Microsoft is starting too?
The problem is that such power over data can be requested, or demanded by an EULA by any person or company despite them NOT being a government agency, or even a police office/organization.
What that means is, even someone such as myself, as complete nobody, can go online and purchase, for example, a facebook clone website (for maybe $800), which we'll call "Scrapbook", copy and paste some of Microsofts' EULA terms into my brand new "Scrapbook" site's EULA, and just like Microsoft, and the other companies mentioned, I now have the legal right to absolutely everyone's information too (if they are a member of my website).
All I need now is somewhere to store it all. Maybe i'll buy a server too. I think I can get a starter server for about $1500.
The point is, if this type of non-privacy politics is going to be the new-age norm, then its really anyone's guess who is really going to be creating databases of everyone's information (for company profit).