Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server. *Insert 'Wow... that much?' joke here* Microsoft earlier this month exposed a 6.5TB Elastic server to the world that included search terms, location coordinates, device ID data, and a partial list of which URLs were visited. According to a report from cyber-security outfit WizCase, the server was password-protected until around 10 September, when "the …
I wonder what fraction of the searches are for things like "freec", "word", "handbra" etc... the only time I've ever Bing searched is inadvertently, when I type the first few letters of a program name into the Win10 start/search box, and the braindead OS searches the web for it instead of, you know, the local hard drive.
And the necessary hacks/voodoo to disable web search get trickier and trickier with each new build of Windows.
"...braindead OS searches the web for it instead of, you know, the local hard drive."
Remember the huge uproar when Ubuntu tried to encorporate Amazon adverts into the Unity Dash?
https://www.theregister.com/2012/09/24/ubuntu_amazon_suggestions/
I love this bug report filed about this issue:
https://bugs.launchpad.net/ubuntu/+bug/1070111
Bug Description:
"The new spyware feature of Unity Dash in 12.10 is a welcome improvement, but needs to be extended to all Ubuntu packages.
Ever since I switched my home computers to GNU/Linux, closed my Facebook account and stopped using Google Search, I have been suffering. Finally now with Dash, some of my private information is once again being disclosed along with my IP address to Facebook, Twitter, Amazon, BBC and Canonical, but this is limited.
Dangerous gaps still remain in my files in the mass surveillance databases of several governments. Plus I find myself at the supermarket wondering what to buy, not having seen enough targeted advertising."
This was quickly removed soon after Linux users expressed their outrage.
But sadly, with Windows 10, victims expect this kind of bullshit.
If you only count desktop searches in the US, the market share for Bing is around 13%. If you only count mobile searches, it is just above 1%... There's your answer. A lot of people just use the default search engine without changing it; and on Desktop, which more often than not means Windows, that default is Bing.
There's a reason Google is paying billions to Apple to be the default search engine on iPhones.
Yes....Google search also routinely objects to my use of a VPN.
The anti-robot testing seems very erratic too. Sometimes the challenge may be matching 3 images and the next time it could take 20 image matches before a successful "Verify".
Due to this, I also use DuckDuckGo occasionally. In general I'm not a big fan of their search results or the connection to Bing.
Startpage uses Google for the underlying search, but strips out the data that would enable personalized results. So Google results, but as if every query is a first-time user connecting with a freshly-installed browser from a shared IP.
In addition to the privacy boost, it is helpful for avoiding personalized filter bubbles and echo chambers.
Personally, I don't want Google / Bing / etc pandering to my perceived biases in order to "boost engagement" aka ad impressions. If I decide that the tech bros should dictate what I'm allowed to see, I can always go directly to Google or Bing instead of filtering queries through SP or DDG.
Not using it... ? But I guess that's cheating in this context.
Unrelated, I will say the API to scrap higher res images from Bing is much friendlier than that "other" one that wants to get to own know you. DuckDuckGo's is great too, but somehow Bing's returns higher res ones more consistently. NOTE: This only includes 4k'ish image sizes or greater as anything smaller in the neighborhood of 1080p is easy everywhere, but also as stated further above, Bing is TOR/VPN blind so you can really abuse the hell out of it when scraping (I've probably scraped 6.5TB in high res images from it :-/).
That is just about as damning a sentence as one can write in this kind of case. In what world does a major multinational behemoth create a database of user-identifiable data and not encrypt it ?
There should be a law on that.
That, and the fact that the authentication was removed (why ??) means that I am quite happy to have never used Bing and won't be using it any time soon.
At least not until my aneurysm. After that, no guarantees.
Not sure what you are asking.
Maybe it was encrypted, at rest, but if the GUI is visible data will be decrypted before sending to users.
You can't encrypty all data in a db so that only clients can read it because then the db cannot search or index it.
Well, unencrypted doesn't mean it wasn't compressed. 6.5TB of compressed, mainly human inputted text is... well a lot. Also considering the text is realistically only using a variance of what, ~64 characters?...? The way I look at it, if you start searching something and you have to start worrying about not just RAM but actual real time, you've got a lot of data (I will not be piping that).
You could both be onto something there. Maybe that's Dido Harding's new, "world beating" strategy for NHS track-and-trace.. multiple Bing searches?
"Does Aaron A. Aaronson have COVID?"
"Does Aaron A. Abraham have COVID?"
"Does Aaron A. Acheson have COVID?"
(repeat for the next 5000+ pages of the telephone directory... by next June, funding and further gongs/peerages permitting, she hopes to have moved on to the B's...)
At great personal cost, the bribery of several Eastern European border guards, a death-defying sprint across the North Korean DMZ, and ultimately when all else had failed, two hours in a squelchy field shifting marker pegs a few but occultly incredibly significant metres, I can present an extract from the leaked data, showing people's searches:
"How to uninstall siri"
"how to uninstall siri"
"stop edge taking over as my default browser"
"help I can't uninstall Siri"
"comment à désinstaller Siri"
"how do I get Windows 7 back"
"www.google.com"
In the meantime, I am still focusing on CompatTelRunner and what is now called Desktop Analytics, which is shipped in both Windows 10 and Windows 7/8/8.1 updates. I believe that Desktop Analytics (formerly Upgrade Readiness and Upgrade Analytics) works by associating the collected data with a "commercial ID" that is entered into the registry. The most likely reason why CompatTelRunner is causing high CPU and HDD/SSD usage (which even MS employees not working in the Windows division complain about) is Appraiser doing for example application and device inventory, which has "enterprise" and "indicator generation" modes that to this day MS refuses to document.
"A high level of trust is required, and this kind of incident is damaging to that trust. "
Or, just wishful thinking?
The deal is, if you put it on the internet, it's in the public domain. Don't pretend otherwise. You may think you have privacy now, but all that you think of as secret, at this current fork in the multiverse, is public domain as soon as quantum computing matures. So, measure that how you like, but what you have is not secure.
If you want to unplug, unplug, but don't pretend you're owed, or can have, some kind of privacy. You can't. That horse is off and way down the field.
Posted Anon, because, it's all public domain, and El Reg has a bullet proof security policy and I feel that my trust is safe with their IT systems :D
If you live urban, no.
If you like on the outskirts of a town, perhaps.
If you live rural, definitely.
500m around me is... fields. Maize, the odd wild boar, the trees that the sociopathic neighbour farmer hasn't yet cut down, and some kittens.
But however you look at it, a GPS coordinate with a half kilometre accuracy will identify one property. And from that, an address. Which can lead to a name. Me.
I'll think you'll find 500m is an approximate way of saying "approximately". No one has, to the best of my knowledge, worked out what the 95% confidence interval is from a reported location and the actual location. As your GPS position is not included with a search, your actual location is unknown, so drawing a 500m circle around it is somewhat problematic.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
