EU data privacy investigation finds Microsoft guilty of "large scale and covert" harvesting and "unlawful" storage of MS Office user data

[jagdtigger]

4 hours ago, RejZoR said:

ditching Android too

Pro-tip: Dont ditch android, just get an AOSP ROM with F-Droid and enjoy your privacy while keeping your freedom. (Many do not know this, android in itself doesnt do data collection. What does it is the proprietary GAPPS.)

[RejZoR]

52 minutes ago, jagdtigger said:

Pro-tip: Dont ditch android, just get an AOSP ROM with F-Droid and enjoy your privacy while keeping your freedom. (Many do not know this, android in itself doesnt do data collection. What does it is the proprietary GAPPS.)

I know well how things work with Android, problem is, I can't. My banking app spergs into oblivion with anything but stock ROM's that has locked bootloader. It's uber annoying. I was already on LineageOS and had to go back to MIUI because of it. Allegedly I could trick it with Magisk, but I'm just not in the mood for this fuckery. I'm just gonna force myself into iOS, I've already checked that all the apps that I need are on iOS too, the rest I'll learn. And I'll just stick with it for longer. It has the grunt and at least I'll get always the last OS builds. Another thing totally pissing me off with Android. Versions lagging behind and support for updates gone after 2 years or even less which is just absurd and idiotic.

[Guest]

6 hours ago, Ken Layug said:

Problem here is:
Office exists in Macs as well

iWork > Office  

[Tech_Dreamer]

EU officials shoulda read the terms & conditions agreement before clicking "accept" lol .  doesn't it explicitly says that they will collect telemetry data to improve their software within their license agreement?

[porina]

4 minutes ago, Tech_Dreamer said:

EU officials shoulda read the terms & conditions agreement before clicking "accept" lol .  doesn't it explicitly says that they will collect telemetry data to improve their software within their license agreement?

You can't use an agreement to do to something illegal. If it is illegal or not will be for the courts to decide. This is in part why most agreements will include a clause to the effect that if any part is found non-enforceable, it doesn't affect the rest of the terms.

[Tech_Dreamer]

16 minutes ago, porina said:

You can't use an agreement to do to something illegal. If it is illegal or not will be for the courts to decide. This is in part why most agreements will include a clause to the effect that if any part is found non-enforceable, it doesn't affect the rest of the terms.

that'll be up for the courts to decide in reality , i assume it'll be argued that they are the service providers for the most part & the consumer willingly agreed & willfully bind themselves to the terms & conditions put forward by the company in order to use the software then & in the future or deny using the software unless they bound, so they do have an upper hand & leverage in terms of argument , unless they switched the agreement sneakily from the day they signed up & modified it to be more intrusive & aggressive towards privacy

 

most probably they'll be fined , nothing beyond.

[LAwLz]

26 minutes ago, Tech_Dreamer said:

EU officials shoulda read the terms & conditions agreement before clicking "accept" lol .  doesn't it explicitly says that they will collect telemetry data to improve their software within their license agreement?

1) "It's in the ToS" is not something we consumers should say to defend mega corporations taking advantage of us. 

2) ToS does not allow companies to do illegal things. 

3) One of the things Microsoft did wrong according to the investigation was that they do not have it documented that they are collecting this. That is to say, even if you read all the ToS and privacy policies, you would not know that they were collecting things such as the content of emails sent with Outlook. 

[Tech_Dreamer]

Just now, LAwLz said:

1) "It's in the ToS" is not something we consumers should say to defend mega corporations taking advantage of us. 

2) ToS does not allow companies to do illegal things. 

3) One of the things Microsoft did wrong according to the investigation was that they do not have it documented that they are collecting this. That is to say, even if you read all the ToS and privacy policies, you would not know that they were collecting things such as the content of emails sent with Outlook. 

1.  yes we could , but it is what it is by definition. only courts can do anything about this.

2.  illegal in this case would be by definition per country wise .

3.  you're right, they slide in those terms like "may" ,  "potential" , "probably" to just misguide you .

[DrMacintosh]

7 hours ago, Ken Layug said:

Problem here is:
Office exists in Macs as well

Good thing all new Macs come with Pages, Keynote, and Numbers all preinstalled. They support .docx and for the non-pros does everything a word processor should. It’s starting to get very basic colab functionality too, it’s just within the Apple ecosystem. 

 

No need to pay a ridiculous subscription fee and get spied on just to make a word doc. 

[Fetzie]

3 hours ago, Tech_Dreamer said:

1.  yes we could , but it is what it is by definition. only courts can do anything about this.

2.  illegal in this case would be by definition per country wise .

3.  you're right, they slide in those terms like "may" ,  "potential" , "probably" to just misguide you .

If something breaks the law established to implement the GDPR in one country, it will most probably do so in all other EU member states, as each domestic law implementation of the GDPR has to satisfactorily cover the stipulations of the directive.

[Tenelia]

Can the bois and gals on Ubuntu Linux stuff tell me how the situation is like for office work?

[jagdtigger]

11 hours ago, RejZoR said:

banking app

Never needed that one, plus it is a stupid IMO to use such a mission crytical thong on a phone that can be easili stolen/lost.

[RejZoR]

6 minutes ago, jagdtigger said:

Never needed that one, plus it is a stupid IMO to use such a mission crytical thong on a phone that can be easili stolen/lost.

It's a two factor authenticator. It's designed to run on a phone specifically.

[Murasaki]

On 2/5/2019 at 9:11 AM, ARikozuM said:

Can the world stop trying to data mine everything? 

they all want the zucc

[schwellmo92]

This “news” is 3 months old.

[YoloSwag]

The thing I'm surprised about the most is how other people are actually surprised about this.

 

Wasn't this a thing that started at the wake of the internet?

 

Also, handing over sensitive info to any software company is the complete opposite of privacy but everyone was cool with it until they saw it could be used for malicious intent... or at least until they thought they should receive some sort of compensation for their own data.

[Mattias Edeslatt]

3 hours ago, Tenelia said:

Can the bois and gals on Ubuntu Linux stuff tell me how the situation is like for office work?

 

Download LibreOffice for Windows and see for yourself. 

[mr moose]

13 hours ago, Tech_Dreamer said:

EU officials shoulda read the terms & conditions agreement before clicking "accept" lol .  doesn't it explicitly says that they will collect telemetry data to improve their software within their license agreement?

MS does explicitly list the data they collect, the problem is it is buried in a privacy policy 24 pages deep somewhere in the bowels of the MS web domain.  Simply pointing to it on install does not satisfy GDPR.  In fact many EULA and license agreements do not satisfy consumer law outside of the US (which I know little about).

[RejZoR]

14 hours ago, Tech_Dreamer said:

EU officials shoulda read the terms & conditions agreement before clicking "accept" lol .  doesn't it explicitly says that they will collect telemetry data to improve their software within their license agreement?

EULA doesn't overrule GDPR afaik.

[Delicieuxz]

1 hour ago, schwellmo92 said:

This “news” is 3 months old.

That's still recent for such a big story that affects so many people and which hasn't yet been reported here or that I've seen at other tech news places. And the aftermath of this report is currently ongoing as the investigators work with Microsoft to address the issues.

 

1 hour ago, mr moose said:

MS does explicitly list the data they collect, the problem is it is buried in a privacy policy 24 pages deep somewhere in the bowels of the MS web domain.  Simply pointing to it on install does not satisfy GDPR.  In fact many EULA and license agreements do not satisfy consumer law outside of the US (which I know little about).

Microsoft's documentation of the data they harvest, which includes mention of over 3,500 individual data fields, is only for the core Windows 10 OS and doesn't include documentation of data that's harvested through additional Microsoft products and services.

 

This new Dutch report mentions that Microsoft doesn't declare or document any of the data that's harvested through MS Office software:

Quote

Currently, Microsoft provides no documentation, settings or data viewer tool for the Office telemetry data. Prior to this DPIA, Microsoft assumed the telemetry data were not personal data. As a result of this DPIA, Microsoft recognises that many diagnostic data about the use of the Office software and connected services, including the telemetry data, contain personal data.

 

Microsoft's documentation for Windows 10 is also not complete and hasn't been updated since Windows 10 1803. Even before that, I think since any document was first published by Microsoft, the documentation was incomplete and the Microsoft Diagnostic Data Viewer tool would show data containers being harvested that are not mentioned in Microsoft's documentation.

[myselfolli]

On 2/5/2019 at 11:09 AM, yolosnail said:

That's because the EU are just a load of... *political rant censored*

 

Seriously though, would you want to run a technology company in the EU with all of the 'rules' they have in place or are trying to get passed, I certainly wouldn't!

Those laws and rules are in place to protect you - the consumer. And the laws are not all that hard to follow

[leadeater]

28 minutes ago, myselfolli said:

Those laws and rules are in place to protect you - the consumer. And the laws are not all that hard to follow

Well there is one time where it is, when you were doing something that was legal then the law changes and now that is illegal. Any other time it is rather simple to say look at the law and don't breach it.

[Valentyn]

3 hours ago, RejZoR said:

EULA doesn't overrule GDPR afaik.

Correct; it is in fact illegal itself to have a contract or agreement that tries to get someone to sign away their consumer laws, and protections. No agreement can supersede the law in the EU.

[Sauron]

23 hours ago, RejZoR said:

And I held Microsoft as company with good privacy policies. I guess I was wrong. I've ditched Google and will be slamming the final nail in their coffin after ditching Android too (hell froze over and I'm going with Apple pretty soon). Now Microsoft fucking shit up, it's almost as if they want us, the customers to go to competition. If they continue with this idiocy I might end up buying stupidly overpriced Mac as well in the end. Because Apple hasn't fucked up yet. If it turns out they've been doing this as well, then what?

So you lose trust in two megacorporations consecutively, then side with another megacorporation? There are "degoogled" open source android ROMs out there.

[Sauron]

7 hours ago, Tenelia said:

Can the bois and gals on Ubuntu Linux stuff tell me how the situation is like for office work?

https://www.libreoffice.org/

 

You can try it on windows too - it's not as mature as MS Office but for average use it's fine. Personally I gave up all office since I discovered LaTeX, plantuml and markdown - I'm never looking back.