You don't have to do anything to Windows or Microsoft Apps, you just slap Microsoft with multiple Billions of £$€ fines for a deliberate global mass breach of data protection, decimate their profits and share value for a year for the shareholders and you can guarantee they will be coding their little backsides off to remove offending code across all their apps, even if some of the apps have yet to show dodgy doings and the upside is also the other Mega Corps start panicking and start cleaning up their houses ! Time to stop treading softly for these serial offenders, as they don't learn, it's just business to them !!!
That's not the web you're browsing, Microsoft. That's our data
Are you a Windows user? How many spoons do you own? Have you counted them lately? The reason we ask is due to the old adage, "the louder he talked of his honor, the faster we counted our spoons." When it comes to the tech giants, they like to talk about their commitment to data security a whole lot, but by Jiminy they like …
COMMENTS
-
-
Monday 5th February 2024 12:23 GMT hoola
I think that is is even worse than that.
Microsoft (along with Google and other big tech outfits) are heavily investing and pushing "AI". This is all being developed with data that has been harvested over the last 10 years at the very least (maybe more). That data has mostly been collected without consent and stored for future use. We now have the compute resources available to turn that data into money.
The entire AI thing is totally depending on training the model on data that has been scraped from any source, with or without consent. The horse bolted long ago when they data first started being collected.
Almost all main-stream applications now have some kind of reporting and even if they do not, the OS (Windows & Apple - yes I don't trust then either) will be collecting stuff, even if it is just keystrokes.
AI is the bandwagon where all the money is going because it is a arms race between the big tech companies. That it adds almost no value to most people is irrelevant, it is about control.
Whoever holds the data, controls access to the data or the decision making software that uses it is in a position of power.
-
Monday 5th February 2024 22:37 GMT Version 1.0
I'm a Windows User, but Microsoft hates me because I'm still using Windows 7 everywhere - using Windows 7 and Office 2010 gets everything done quickly and easily and no bloody adverts and data theft doesn't even exist. The laptop boots up fully function in a few seconds with no half hour waits for crappy updates.
-
Monday 5th February 2024 09:56 GMT Pete 2
If
> If users on multiple support threads are correct ...
A good question. But one the article fails to answer. And until someone who knows, does so this is just a long piece of
suppositorysuppositionThe great thing about FOSS is that it is at least possible for independent operators to answer such questions.
-
Tuesday 6th February 2024 09:10 GMT dkloke
Re: If
Hoping you're not a windows user, since Microsoft Edge is easily seen in the Task Manager app. By calling up Task Manager immediately on startup (Ctrl-Shift-Esc) one can see msedge.exe (Microsoft Edge) starting as a console process from explorer.exe (the Windows file manager app).
Knowledge is developed from observations, so without looking, one will not see what there is.
-
-
Monday 5th February 2024 12:01 GMT Mage
Re: Keeps one on Edge.
I wonder why anyone installs Edge on Linux?
Microsoft Edge browser is now based on the open source Chromium browser and available on Linux. Learn how to download and install it on Ubuntu, Fedora, and other Linux distributions using .deb or .rpm files, or via command line. Find out the advantages and benefits of using Edge on Linux.
I use Chromium if Firefox doesn't work.
-
-
Tuesday 6th February 2024 19:32 GMT Yankee Doodle Doofus
Re: Keeps one on Edge.
I use Edge in Linux for work, which amuses me every time I launch it (Flatpak version only, so I can sandbox it to some extent). I manage a Windows-based network and Microsoft 365 tenant, and the integration of some 365 stuff into Edge can be helpful at times. For anything personal I'm a Firefox user, or in cases where a Chromium-based browser is needed, I'll use Ungoogled Chromium. This arrangement also helps me keep work and personal stuff separate.
-
Wednesday 7th February 2024 10:08 GMT Ethan Strongtower
Re: Keeps one on Edge.
Unfortunately, I use Edge on Ubuntu due to the intersection of text to speech and shared history, favorites, etc. across devices. As far as I know, the text to speech capability of Edge is unsurpassed on mobile. On desktop, there are text to speech options in other browsers, but I would lose the shared history, favorites, etc. with my iPhone. Moreover, even though Microsoft removed Edge’s integrated TTS on its Linux version some time ago, the API is still present and accessible via extensions that produce more realistic speech than in Chrome or Firefox.
If there is a better approach, I would be grateful to learn it because I would love to escape the thrall of Microsoft.
-
-
-
-
-
-
-
Tuesday 6th February 2024 01:22 GMT Sudosu
Re: does this only occur within the same account?
I use QubesOS for most of my web browsing now (though I still have a Windows box just for gaming only)
You can fire up one disposable VM , do your Amazon , fire up another to do your banking, fire up yet another to do general surfing.
None of them will share data with each other and when you close a VM's window, it is gone for good along with any cookies or downloads.
Its a bit of a different mind set but once you get used to how things work its very simple to operate.
-
-
-
-
Tuesday 6th February 2024 18:12 GMT Ramis101
Re: does this only occur within the same account?
I use Firefox and visited Barclaycard only the other day. It was fine. What is broken for you?
I'm currently using 102.9.0esr (64-bit), as updates are so frequent and bloody annoying i disabled them & only update FF when something breaks...
-
-
-
Monday 5th February 2024 10:13 GMT Andy The Hat
At what point does the license agreement for the suspected update (perpetrator of this behaviour) state that this is a valid thing to do - not only where in the agreement but at what point in time is it presented to the user? Would that be a "fair" or legitimate clause in law? After all, if I wrote a clause for a package that, half way through the "essential security update" said in paragraph 7.6 of a linked license agreement "I will take any data I want from any apps on your machine and save it to my remote server" I believe (and hope) it would be thrown out of court as "unfair terms and conditions" at the very least, a potential violation of the Computer Misuse Act, or GDPR at worst (as I wasn't clearly consenting to that behaviour).
Be an interesting one ... do I feel a visit to an Irish Court coming on?
-
-
Wednesday 7th February 2024 09:00 GMT Necrohamster
Re: Yeah, right
Look at any industry regulator in Ireland and you'll see the same blend of incompetence and disregard (some might say contempt) for the best interests of the public.
Criminals must be drooling at the thought of the EU Anti-Money Laundering Authority being located in Dublin.
-
-
-
-
Monday 5th February 2024 10:44 GMT theOtherJT
Re: Remind me again
Well, the OS is responsible for managing that data. It opens and closes file handles if nothing else.
Now, if what you mean is "Why is it parsing that data?" there might be legit reasons for that. Search indexes for one. The problem here is that we just don't trust Microsoft to take proper care of the data that it has visibility of. The OS is a bit like a sysadmin. You would not believe the power a sysadmin has in most places if you've never been one. Your OS can go poking through your data, it can arbitrarily move things. It can erase the logs that it ever did anything wrong.
It's a huge amount of power and requires a great deal of trust. Once that trust is broken, you have to fire your sysadmin.
...or get a new OS.
-
Monday 5th February 2024 12:59 GMT I could be a dog really
Re: Remind me again
Did you miss the memo about us users being the product now - ripe for monetising. Everything now is about stiffing the users in order to benefit the corporate bottom line.
The thing is, I think many people now (and more as they wake up to the reality some of us have been predicting for a loooong time) would be prepared to pay to opt out* of all this. But the corporates are abusing their market power by removing these options. On that, Adobe led the way by removing all perpetual licensing and hence forcing creatives onto the subscription treadmill. Microsoft has a de-facto monopoly on business desktops and supporting services - and has been using that power to shove everyone onto subscription. And of course, FaecesBorg has led the way in "free but we'll sell you into digital slavery" making Google look like amateurs.
But if these outfits did offer a paid for, slurp free, option - how on earth could we trust them when we keep hearing how they say one thing, offer switches to turn stuff off but actually still do it, and generally use every trick in the book (and some more that haven't been written about yet I imagine) to slurp our private data regardless of our wishes ?
* Not that having to opt out should be the default position.
-
-
Monday 5th February 2024 19:04 GMT I could be a dog really
Re: Remind me again
Everything needs to be paid for somehow.
Unless it's something that someone is happy to pay for out of a sense of public spirit*, then it needs paying for either directly or indirectly. At present, the indirect route (advertising and mining your personal information) is in fashion as too many people have fallen for the "everything is free" view of the internet.
* I have a small website, low traffic, that I started as a source fo information in a particular field when it was hard to find and guarded by the trade who wanted you to be reliant on buying services from them. It doesn't cost much, I have no advertising on it, so I pay that cost.
-
Tuesday 6th February 2024 14:15 GMT Greybearded old scrote
Re: Remind me again
You've not heard of any Free (both Libre and Gratis) operating systems then?
You can find a whole bunch reviewed on a site not a million miles away.
-
Sunday 11th February 2024 17:00 GMT I could be a dog really
Re: Remind me again
You've not heard of any Free (both Libre and Gratis) operating systems then?
Yes, and I use some of them, and applications. But what you are missing is that they did not create themselves out of nothing - it comst people time to create them, it costs (in real money) to have the infrastructure available to get copies of the bits from them to me, and so on. Way back, user groups used to have libraries - you posted in floppy disks (with return postage), they copied stuff onto them and posted them back. It cost the volunteers time and money (e.g. in having the computer available, wear and tear on it, electricity to run it) to do that.
As I said, there really isn't much, if anything, that is actually totally free - as in "no-one anywhere had to pay anything whatsoever". Where it is really free to the end user, it's either because someone pays for it out of a sense of public spirit, or it's being paid for in some other way (such as mining your data and selling you to advertisers).
-
-
Wednesday 7th February 2024 09:40 GMT Necrohamster
Re: Remind me again
"Everything needs to be paid for somehow."
You paid for your copy of Windows when you bought your computer (or your employer did as part of a volume licensing deal).
As far as I'm concerned, Microsoft isn't entitled to any extra compensation in terms of data/money/firstborn child/etc after the initial purchase (or outside of your employer's licensing deal).
-
-
-
-
Tuesday 6th February 2024 18:58 GMT Ken Hagan
Re: Remind me again
Where does the OS come into it? The article claims that one instance of Chromium (branded Edge) is trawling the open tabs (each of which is a separate process) in another instance of Chromium (branded Chrome).
I wouldn't be at all surprised if there was a Chromium mechanism for trawling "all open tabs" and not terribly surprised if it can't distinguish between Edge and Chrome. That would make this a legitimate trawl implemented carelessly.
-
Wednesday 7th February 2024 15:00 GMT Necrohamster
Re: Remind me again
"...I wouldn't be at all surprised if there was a Chromium mechanism for trawling "all open tabs" and not terribly surprised if it can't distinguish between Edge and Chrome. That would make this a legitimate trawl implemented carelessly."
I know that Hanlon's Razor says we should never attribute to malice that which is explained by stupidity, but when it comes to Microsoft and Google collecting user data we should assume they're working with self-serving motives unless the opposite is proven.
-
-
-
-
Tuesday 6th February 2024 08:39 GMT OhForF'
Re: "Hostile Environment"
As other commentards already have pointed out there is not you can do to secure data in the application if you can't trust the OS.
The only meaningful thing to stop the OS from snooping you can do as an application developer or system designer is not asking for any data you do not absolutely need for your use cases - unfortunately even that is not happening all that much.
-
-
Monday 5th February 2024 10:38 GMT Snake
Not just a Microsoft problem
If the industry is going to address this issue then (we) need to go beyond just yelling about Microsoft and actually call it out wherever it occurs.
For example: Edge on Android attempts to contact over 15 different websites and IP addresses upon activation and each use. Yet Brave, a browser that claims "privacy!", contacts Wikimedia, Yahoo, Amazon AND Facebook's Instagram on EVERY restart, leaking at *minimum* your IP address and therefore your rough geolocation to these people without your consent.
So stop yelling "wolf!" just at MS and really target the topic industry-wide as it should be.
-
-
Tuesday 6th February 2024 20:48 GMT 43300
Re: Not just a Microsoft problem
Probably because it's the best of the main Chromium-based browsers (often needed given that a lot of websites and SaaS services are clearly not tested in anything else).
Which certainly doesn't mean it's perfect of course. Can anyone recommend one which is better on privacy?
-
-
Monday 5th February 2024 11:29 GMT Anonymous Coward
This is not the first, or the worst they've been caught being grabby, even recently.
read all your email from third party services
https://www.heise.de/en/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9608798.html
(and a litany of others left out, but e.g. practically forcing Microsoft accounts on most users to link data, `telemetry', et al)
Is it detestable behaviour, of course; but this is a tech site, not the Guardian, and everyone here are all capable of using today's alternatives. I've played a regrettable part in that, though I also need a paycheque and at least for now that's through a -1.0% R&D MSP barely capable of thinking anything not a default.
But to those who can, and if you don't like it, and won't change anything for yourself, and keep enabling them (or google, s/facebook/ et al), then sorry but don't expect the Hungary of data protection commissions (Ireland) to set any protection standards for the consumer. Some things are your own responsibility, and opting out of that is a checking in of your adult card. Perhaps you think that's fine, but then, someone else gets to make the decisions for you.
And If you don't think that's fine, I'm not saying exactly you need to think different (they're only a drop in share price from being the same), but it is time to think.
-
Monday 5th February 2024 13:05 GMT I could be a dog really
Ah yes, SWMBO uses Windoze and it's recently "upgraded" her to Outlook - though to be fair, a slate tablet would be an upgrade from the old Mail. But one of her accounts didn't work and popped up a message - basically "allow us to slurp everything" - and if you don't agree, the account doesn't work. AFAIK, this is expressly illegal under EU and UK law. Not that I expect our ICO watchpuppy to do anything about it. And the EU regulators may well do something, but will take a decade to do anything which in the meantime means MS can carry on regardless.
-
-
Monday 5th February 2024 17:22 GMT DS999
Imagine if this was allowed with no consequences
What would stop them from next grabbing your tax data from Intuit or Quicken? Or the fact you are scheduled for a cancer procedure from your calendar? Your operating system is exposed to a lot of personal information.
And Windows isn't even the biggest source. If Microsoft can get away with it, what stops Google from doing it next? Imagine the troves of data contained within your phone's social media app, your banking apps, your health related apps. I'm sure they'd love to poke around in that, and Microsoft getting a pass on this would be a big step down the path of regulators looking the other way at Google doing even worse.
-
Monday 5th February 2024 18:41 GMT Rol
MS ready! Apple set! Google go! Queue Arnold! And action!
Remember the bit in Terminator 3 where they hunker down in a nuclear bunker that is splattered with really aged computers safe from the menacing AI that wants to kill them.
Well, get prepping kids, 'cos the only safe computer is the one not connected to the internet, so load up on all the games and stuff you need to see yourself through to retirement and beyond now, and then pull the Lan cable out for good.
Sure, have a kamikaze PC/ phone to keep accessing the internet, but keep that a million miles away from your treasure trove of distractions crucial to your sanity.
-
Tuesday 6th February 2024 01:36 GMT Innique
I don't think anyone cares, but the amount of insider information I had on an account say an AWS or Google account was aniticompetitive, I am talking way beyond Hard Hanks, Rainmakers, Star Reports. It's all about data and that data is for sale and MS can afford it even if they don't have it in house. You want to break in an account use your ownership in Linkedin and hire the guy that has the connections. Goes way deeper on the anti competitive level that the customer has no idea about. You think that is the reason why the CEOs of Tesla and Google aren't on Linkedin....asking for a friend.
-
Tuesday 6th February 2024 07:43 GMT AlexanderHanff
I don't use Windows but...
If Microsoft are indeed hijacking data from other Browser this would be a breach of Articles 5(1) and 5(3) of 2002/58/EC (also Regulation 6 of the UK's PECR and Section 3 of the UK's Investigatory Powers Act). So in the UK someone should file a criminal complaint for the breach of IPA and a complaint with ICO for the breach of PECR, in the EU someone would need to complain to the competent supervisory authority for 2002/58/EC which will either be the same Regulator responsible for GDPR or the Telecoms Regulator, depending which Member State the person is in.
Sadly, because I do not use Windows, I do not have standing to file the complaint myself.
-
Tuesday 6th February 2024 09:52 GMT Anonymous Coward
With so many corporations dumping their secrets onto Sharepoint, honestly, who would be surprised if MS is attempting to mine that content to play the stock market.
After all, anything flagged as Highly Confidential immediately highlights which files are of interest.
Integration has it's place but there are reasonable limits.
-
Tuesday 6th February 2024 20:58 GMT 43300
In the M365 licensing options, a new tick box has recently appeared: 'Commercial data protection for MIcriosoft Copilot'.
Whether ticking this means that they won't slurp data to train their models...
Interestingly, this one was unticked by default, unlike most of the crap they add in the licensing options periodically - they are normally is auto-enabled.
-
-
Tuesday 6th February 2024 10:39 GMT HenryCrun
Edge has been harvesting for some time
A while ago I watched Edge using Wireshark as on loading it queried my LAN and reported home upon every device connected. Considering that the default settings includes "let edge pre-load to make your life super wonderful" (or something like that) the spying is starting the minute you boot up.
-
Tuesday 6th February 2024 16:05 GMT Alan Mackenzie
Inadequate snail's pace regulation.
The problem here is that any regulatory activity to quash Microsoft et. al's antisocial behaviour happens at a snail's pace. On some complaint being made on, say, data protection or competition law, it takes 3 years to "investigate" it, followed by another 3 years of "enforcement" attempts, by which time the original complaint has long lost relevance.
What is needed is for the regulators to be able to issue orders for immediate cessation of the the alleged breach, and THEN for the 3 year investigation to begin. If the regulator loses the case, no compensation should be due to Microsoft, etc.
Then, I think, we'd see at lot less of what goes on today.