MS Knows Best
If previous MS actions count for anything, we'll soon be seeing it turned back on in a future patch.
The typical "Oh, you really didn't mean to turn that off. We'll just flip it back on, for your convenience." MS attitude runs deep.
Microsoft emitted a fresh preview of command-line darling PowerShell 7 last night, highlighting some additional slurping – and how to shut it off. PowerShell 7 Preview 3, which is built on .NET Core 3.0 Preview 8, is the latest step on the way to final release at the end of 2019 and a potential replacement for the venerable …
What is the point of getting a log on people's use of a given command ? If you're going to log command usage, why limit logging to a subset ?
I can't even begin to fathom the reasons for Microsoft's telemetry. It is useless to prevent botched patches, so what is MS doing with it ?
Enterprising souls may could disrupt Microsoft's reciept of telemetry by repeatedly spamming useless commands?
I absolutely despair I do. I think of all the extra security gubbidge installed over the top of Windows to protect our client side IT. FireEye, Tanium Client, McAfee (not my choices I hasten to add!) - and that's just client side never mind enterprise spyware. Yet more features keep being added that need closing up.
What the hell is wrong with providing BASIC tools that have audible code from end to end, that "Just Work"? I'd pay a premium for that in fact.
rather than opt out ? For all sorts of reasons setting the opt-out variable will get lost and, potentially, private information slurped. Even if you switch it off does it stop, does it only blab stuff that MS claims ?
Mind you: if you are using a MS system you are getting slurped anyway, but powershell is available on Linux - maybe the NSA wants another way of snooping on Linux boxes and MS has obliged.
@AC Your argument is incomplete.
But you're an AC so perhaps just trolling.
'No company in its right mind would consider opt in. That would be insane. Even opt out is too much for some.'
That once wasn't the case. It's quite a recent thing. Don't assume that the old business model of selling something useful for a reasonable price is dead - plenty of people work with that, especially outside of COTS products.
'Lack of slurping, sorry, telemetry in Linux is severely hampering its widespread adoption'
That simply doesn't follow. It implies the only way to get 'widespread adoption' is via a company that's got an interest in distributing it, and sees slurping as a way to make more return. This is a very limited and limiting worldview and in many cases total bollocks. It reminds me of those absurd people who sell products by appealing to the self-importance of 'enterprise' and 'business'. Parochial is the kindest word I can think of for it.
"but powershell is available on Linux - maybe the NSA wants another way of snooping on Linux boxes and MS has obliged."
If you're dumb enough to use powershell on linux instead of bash or some other unix shell then you deserve what you get frankly. Can it even do job control given how lame the windows process (not thread) model is?
Just curious of those of you have tried this. Is the POWERSHELL_TELEMETRY_OPTOUT pulling from Windows Environmental Variables or some other PowerShell specific Environmental Variables?
If this is pulling from Windows Environmental Variables, then you could define this in your Default Domain Group Policy object using Group Policy Preferences (GPP).
See: Computer Configuration\Preferences\Windows Settings\Environment
....to comply with GDPR they need to make the slurping "Opt-In" and not "Opt-Out" as opt-out is essentially having a box automatically ticketed, like on websites marketing section when you fill in your address, which now, under GDPR, is a breach of GDPR.
I like Powershell, still need to learn it and stop being lazy but I like the fact in CMD I can still do the likes of
gpresults /h a.html & a.html
Which will run the gpresults command AND then open the html after.
Not found a similar command in Powershell yet that does what the & does. Maybe I haven't looked hard enough.
"....to comply with GDPR they need to make the slurping "Opt-In" and not "Opt-Out" as opt-out is essentially having a box automatically ticketed, like on websites marketing section when you fill in your address, which now, under GDPR, is a breach of GDPR."
Only if the data they're slurping is personally identifiable information, if it isn’t then GDPR doesn’t apply. Whether their belief that it’s not PIR is accurate is another matter of course. :)
"As for that unique identifier, he told us it was "to help us understand if our user base is growing and not just usage." The identifier itself, he said, is "a unique guid for the machine and user, so it can’t be traced back to either the machine nor the user.""
er... excuse me?
unless that quote is misreported or I've badly misunderstood it, that claim is nonsense.
If that's a static "unique identifier" (remains same between sessions) as opposed to a new random session id every time, then, given all the other identifiers slurped by MS telemetry, that would make the powershell ids trivially traceable to the given machine and, with a little more effort, the exact user
Surely it can't be that hard to bake in a prompt on first run. Even if they do set the default to opt-out (ugh), if you are asked, you a) are actually made aware of the fact it will slurp (I didn't know about this previously!); b) have an opportunity to say "no".
Of course it should be opt-in by default, but a prompt would be way better than nothing.
Biting the hand that feeds IT © 1998–2022