Microsoft hides option to use Windows 10 with a local account - GDPR violation?

[Kisai]

Just now, SpaceGhostC2C said:

you can access all sites without clicking anything, it's just that the message would remain there,

You need to turn your adblocker off and actually visit sites to see what they're like.

 

In most cases you can not even scroll the page.

[SpaceGhostC2C]

Just now, Kisai said:

You need to turn your adblocker off and actually visit sites to see what they're like.

 

In most cases you can not even scroll the page.

I don't know what you are talking about, but certainly not the GDPR cookie message.

There are sites that will exhibit that behavior if you have cookies outright disabled or blocked for that site, but they do that worldwide, with or without GDPR.

The GDPR message itself never displayed that behavior.

[Crowbar]

23 minutes ago, Kisai said:

They aren't forcing an account.

 

One of the first few days the GDPR nonsense was turned on, nearly every website in existence stated doing the "we store cookies" nag, and you know what they did? They made it so you couldn't access the site without clicking "I agree". GDPR defeated. Poof *confetti*

Did you read the title of the thread?

 

Microshaft is trying to force an account.

 

Websites, no but this isn't regarding websites.

 

 

If these cookie prompts on websites annoy you then install an adblocker and enable the corresponding filter.

[mr moose]

4 hours ago, Crowbar said:

I’ve admitted nothing but by all means continue to fantasize.

can't help yourself.

4 hours ago, Crowbar said:

 

You’re asking me to quantify every single piece of hardware in existence and compare it against the Linux kernel and windows closed source code which would be impossible.

No, I am asking you to qualify your claims,  if you claim there are so many problems with windows updates or changes breaking systems,  then you need to show us how many, you don't get to pretend it is a huge problem without being able to cite any evidence showing that.

 

4 hours ago, Crowbar said:

 

Please explain to me just how you “qualified everything you have said” with statements like “I saw it on a forum”? 

 

Your the one accusing me of posting fallacies, if you can't show me which one is a fallacy then there is nothing to explain.  making uo some crap and then trying to project that on me is pointless, most people can see through it.

[jagdtigger]

10 hours ago, Crowbar said:

Microsoft and Apple have on the other hand often tightened privacy controls

They did it alright, but theirs not ours. The do not release any info about updates just some BS generic description, and for a long time they didnt even disclosed what they collect. Hell they even denied the existence of data collection and constantly lied about it......................  MS has only one place where their products belong, the rubbish bin.

[justpoet]

It is pretty obvious that this is for the purpose of data mining.  Governments especially will love that all your MS login data will now be sent over the 'net if you do this…which may not be considered a huge issue today in places like Canada and the US…but China and Korea?  If we skip the govt side of this being easier to track though, MS basically just gains a ton of personal data to sell to everybody else…and they've already shown partnerships with most of the larger data conglomerators.  So, in that best case scenario, this is simply MS selling your privacy to make more cash.

[Windows7ge]

Over a week late to this party. Prevented or have outright blocked? I was already aware that they did the "make the local account button as small as possible" move in the installer but have they outright blocked it now? Or have they made it just that much harder to find?

 

What am I suppose to do when setting up clients with no Internet or don't intend to connect to the Internet?

[minibois]

8 minutes ago, Windows7ge said:

setting up clients with no Internet or don't intend to connect to the Internet?

That is actually the fix to this non-sense

When you're not connected to the internet during the setup of Windows (when choosing language and such), it will automatically create an offline account.

 

[Windows7ge]

3 minutes ago, minibois said:

That is actually the fix to this non-sense

When you're not connected to the internet during the setup of Windows (when choosing language and such), it will automatically create an offline account.

 

Heh, heh, heh, loopholes  

[LAwLz]

37 minutes ago, Windows7ge said:

Over a week late to this party. Prevented or have outright blocked? I was already aware that they did the "make the local account button as small as possible" move in the installer but have they outright blocked it now? Or have they made it just that much harder to find?

 

What am I suppose to do when setting up clients with no Internet or don't intend to connect to the Internet?

I haven't encountered it myself so I am not 100% sure, but I believe they outright block the creation of a local account UNLESS you do not have access to the Internet. If you don't have access, then it lets you create a regular account. But if you don't have access then it will ask you to login once you have access to the Internet. But when that happens it gives you the option to "set it up later", which kind of implies it will ask you again.

 

 

 

 

Not sure if this is new behavior or not, but today I installed something through the Microsoft Store and when I clicked "install" it asked me to login. When I clicked X on the login page the program downloaded and installed anyway. But the install did not seem to start until I clicked X on the login popup. I rarely use the store so this might be old behavior but it seems to be in the same spirit as this change. Trick people into signing in with their Microsoft account even when it's not necessary.

[Kisai]

56 minutes ago, LAwLz said:

I haven't encountered it myself so I am not 100% sure, but I believe they outright block the creation of a local account UNLESS you do not have access to the Internet. If you don't have access, then it lets you create a regular account. But if you don't have access then it will ask you to login once you have access to the Internet. But when that happens it gives you the option to "set it up later", which kind of implies it will ask you again.

 

 

OEM machines (eg Dell, HP, etc) will always ask you to create the microsoft account, but you can still create a local account. On non-OEM machines (eg machines upgraded from Win7/8, Retail copies of Windows) you often don't have video and network drivers in the base install, which means that unless you had originally installed the previous version of Windows in UEFI mode, there won't be any network when it hits "now checking for updates".

 

But you can still create a local account. The machine can not function without it. Take a look at "User Profiles", what do you see? You see MACHINENAME\USERNAME . Not your Microsoft account. Rather, the microsoft account is a second authentication mechanism glued on top of the existing account, and if you actually buy a new machine and login with your existing microsoft account, it will create the same account on the new machine. 

 

You know what this is like? It's like using Enterprise SSO. Except instead of your business controlling the SSO, it's Microsoft.

 

You can always turn it off if you set it up. Go to Settings, Accounts, and click "Sign in with a Local Account instead"

[nick name]

I just went through a couple of Windows installs the other day and you can use an offline or local account.  It's an option on/toward the bottom left.  The installer will ask (slightly differently) again if you want to make an online account and you can simply decline and continue on.  

[mr moose]

16 hours ago, SpaceGhostC2C said:

Which is a great thing.

You are wrong. Of course they highlighted the "agree all opt in" options much more, but a) you can access all sites without clicking anything, it's just that the message would remain there, something that doesn't really harm the usability of most sites, and b) there's always (is mandatory) the alternative button taking you to the opt in/out menu, where you can set cookies to the basic ones only, switching off all data-collection and advertisement cookies.

 

Of course, if one is dead set on clicking yes to everything to save 1ms then there is no amount of information and user control that can help, short of outright banning data collection with or without consent. But in a (utopian?) world where people can indeed be free and choose for themselves without becoming lemmings, willing and able to make informed choices, some form of democracy is feasible, etc, GDPR is a great, much needed framework for data handling.

I've encountered many sites that don't let you in unless you agree to their cookie BS.   Which to me is great because it forces me to think about how much I need that site and what am I willing to trade for it's content. 

 

 

 

EDIT: P.S it's also why I am in favor of a mandated message for any website that uses cookies to track,  something that reads "we are tracking and logging your activity across the internet to target ads and harvest web traffic data, by using this site you agree to us doing this"

[LAwLz]

13 hours ago, Kisai said:

OEM machines (eg Dell, HP, etc) will always ask you to create the microsoft account, but you can still create a local account. On non-OEM machines (eg machines upgraded from Win7/8, Retail copies of Windows) you often don't have video and network drivers in the base install, which means that unless you had originally installed the previous version of Windows in UEFI mode, there won't be any network when it hits "now checking for updates".

 

But you can still create a local account. The machine can not function without it. Take a look at "User Profiles", what do you see? You see MACHINENAME\USERNAME . Not your Microsoft account. Rather, the microsoft account is a second authentication mechanism glued on top of the existing account, and if you actually buy a new machine and login with your existing microsoft account, it will create the same account on the new machine. 

 

You know what this is like? It's like using Enterprise SSO. Except instead of your business controlling the SSO, it's Microsoft.

 

You can always turn it off if you set it up. Go to Settings, Accounts, and click "Sign in with a Local Account instead"

I think you're missing the point of this thread.

The point isn't "you won't be able to use Windows without an Internet connection!", it's "you can't create a local account without any ties to a Microsoft account anymore, unless you unplug your computer from the Internet during setup". Having to unplug your computer from the Internet in the middle of the initial setup is not exactly intuitive.

 

Microsoft is trying to make having a Microsoft and having it signed in on your computer mandatory.

 

If you think that it is acceptable because "you can turn it off afterwards" then you are part of the problem. Consumers shouldn't have to fight their operating system to do what they want it to do. Microsoft shouldn't be excused for removing choices and options for their own benefits because "some people might be able to figure out a way to reverse the change afterwards".

[mr moose]

35 minutes ago, LAwLz said:

If you think that it is acceptable because "you can turn it off afterwards" then you are part of the problem. Consumers shouldn't have to fight their operating system to do what they want it to do. Microsoft shouldn't be excused for removing choices and options for their own benefits because "some people might be able to figure out a way to reverse the change afterwards".

 

I would be in favor of an official definition and laws for operating systems.  laws that apply to every device not just PC's.  something like no user data, no limitation on software sources or stores, no prepaid preloaded apps that aren't generic easy to get apps that already free. 

[LAwLz]

58 minutes ago, mr moose said:

I would be in favor of an official definition and laws for operating systems.  laws that apply to every device not just PC's.  something like no user data, no limitation on software sources or stores, no prepaid preloaded apps that aren't generic easy to get apps that already free. 

All I want is for companies to try and make their products better for the consumer.

Microsoft hiding the (already hard to spot) option for creating a local account is clearly not a change they made because they thought it would improve Windows for consumers.

 

A law like the one you suggested would be nice, but I don't think it is practical.

[mr moose]

11 hours ago, LAwLz said:

A law like the one you suggested would be nice, but I don't think it is practical.

I don't see why not, apart from living in an almost completely digital age we have legal definition for many things that are complex in their application. 

 

We have quite lengthy laws that outline quite complex processes like liability and legal process.  Something that outlines what must not be done in an OS is not that complicated.   

[LAwLz]

1 minute ago, mr moose said:

I don't see why not, apart from living in an almost completely digital age we have legal definition for many things that are complex in their application. 

 

We have quite lengthy laws that outline quite complex processes like liability and legal process.  Something that outlines what must not be done in an OS is not that complicated.   

But where do you draw the lines, and what about things which depend on some type of data collection?

GDPR is already extremely complex and a law like you proposed would probably be 10 times as hard to define.

[mr moose]

5 minutes ago, LAwLz said:

But where do you draw the lines, and what about things which depend on some type of data collection?

GDPR is already extremely complex and a law like you proposed would probably be 10 times as hard to define.

 

I respectfully disagree.   I think it would be no more difficult than most other consumer protection laws.   The hardest part is enforcing law, not defining it.

[LAwLz]

44 minutes ago, mr moose said:

I respectfully disagree.   I think it would be no more difficult than most other consumer protection laws.   The hardest part is enforcing law, not defining it.

Can you give some examples of how it would be defined?

Enforcing the law would be the easy part. Just fine any company breaking it.

[Arika]

50 minutes ago, mr moose said:

 

I respectfully disagree.   I think it would be no more difficult than most other consumer protection laws.   The hardest part is enforcing law, not defining it.

i actually think defining it would be the biggest hurdle. Unless every single country can agree to the same thing, there will be different requirements for each country. And what one country wants to do might conflict with what another country wants to do, leaving the company in the middle and having to pay a fine to one of them.

[mr moose]

8 minutes ago, LAwLz said:

Can you give some examples of how it would be defined?

Enforcing the law would be the easy part. Just fine any company breaking it.

Operating systems in the past didn't need external accounts to operate,  they did not need automatic telemetry. and they did not lock you to a specific store or app source.  It's pretty simply ban that unless the license holder authorizes it.    That would take care of most issues.

 

Just now, Arika S said:

i actually think defining it would be the biggest hurdle. Unless every single country can agree to the same thing, there will be different requirements for each country. And what one country wants to do might conflict with what another country wants to do, leaving the company in the middle and having to pay a fine to one of them.

It's like that already with many consumer laws like GDPR, Consumer laws in Australia etc.  Companies tend to make their product so it applies to all of them.   Hence why we get the benefits of GDPR and the US gets the benefit of Australian consumer law with regard to steam refunds etc.

[LAwLz]

Just now, mr moose said:

Operating systems in the past didn't need external accounts to operate,  they did not need automatic telemetry. and they did not lock you to a specific store or app source.  It's pretty simply ban that unless the license holder authorizes it.    That would take care of most issues.

So the law would be "an operating system are not allowed to require an online account, automatic telemetry and shall not lock a user into a single place for installing additional software"?

Or something along those lines at least?

 

That just seems oddly specific and could cause problems for some software, plus it leaves a lot of loopholes and room for semantics.

 

Does Windows 10 break all of these rules?

You technically don't need an "external" account to use it because it gives you the option to create a local account if you unplug the computer from the Internet during the setup process.

Is iOS really locking you to a specific app store? You can jailbreak some models and that allows you to install apps from other sources. Is Windows 10S breaking that rule by only allowing apps from the Microsoft Store?

 

If we ban these things unless the license holder authorizes it, would the law also ban software from requiring it for use? What I mean with that is, would it be illegal for let's say Apple to go "if you want to use iOS then you have to only use our store for apps. If you don't like it, don't use it"? If that's the case, then it doesn't really give users any more protection or options than we got today.

[mr moose]

1 hour ago, LAwLz said:

So the law would be "an operating system are not allowed to require an online account, automatic telemetry and shall not lock a user into a single place for installing additional software"?

Or something along those lines at least?

I don't see why that can't be implemented.   So long as each requirement is qualified.

 

1 hour ago, LAwLz said:

That just seems oddly specific and could cause problems for some software, plus it leaves a lot of loopholes and room for semantics.

 

Does Windows 10 break all of these rules?

Currently it might. 

1 hour ago, LAwLz said:

You technically don't need an "external" account to use it because it gives you the option to create a local account if you unplug the computer from the Internet during the setup process.

So qualify it with requirements for the user to have both options equally presented on install.   It's really not that hard to do. 

1 hour ago, LAwLz said:

Is iOS really locking you to a specific app store? You can jailbreak some models and that allows you to install apps from other sources. Is Windows 10S breaking that rule by only allowing apps from the Microsoft Store?

Windows 10 S would be breaking that law if they didn't give the license holder (the admin of a fleet or individual of the device) an option to change it.  I've always maintained that 10s should not be an end consumer OS by default but should be an option.   Jail breaking an ios device is a path of very intentional processes that apple does not give you the instructions for.    Therefore jail breaking is not a loophole they could use to maintain a single non optional app store. 

 

1 hour ago, LAwLz said:

If we ban these things unless the license holder authorizes it, would the law also ban software from requiring it for use? What I mean with that is, would it be illegal for let's say Apple to go "if you want to use iOS then you have to only use our store for apps. If you don't like it, don't use it"?

That would be in direct violation of the law I just proposed.  The point is to prevent anyone from selling an OS that is locked.  

1 hour ago, LAwLz said:

If that's the case, then it doesn't really give users any more protection or options than we got today.

 

An OS is an unavoidable necessity of every device we must have to maintain daily functioning in today's society.  It is an essential service and should be treated as such.   If the EU can force MS to provide options beyond IE and release versions of windows without media player then they can do this.

 

 

[Kisai]

13 hours ago, mr moose said:

Operating systems in the past didn't need external accounts to operate,  they did not need automatic telemetry. and they did not lock you to a specific store or app source.  It's pretty simply ban that unless the license holder authorizes it.    That would take care of most issues.

 

1980's IBM would beg to disagree. The "open PC" was genuinely a fluke due to the way copyright law was written then, and it's the same reason why you can modify your computer/phone/car/game console and not have the company sue you for doing so. There was never an "open Mac" because the mac firmware was part of the operating system, making something compatible with the pre-OSX mac was simply never going to happen in a clean room.

 

Had Compaq never existed, and did it exactly how they did it, there would not be a "PC" platform today. Hell, the PC platform would look like the consoles today. You can only buy software that is blessed by the publisher.

 

Microsoft can't stuff that genie back in the bottle with Windows anyway, since it would break 30 years of software, because we've had 32-bit hardware since 1987. Microsoft won't get a chance to change this unless they decide to cut 32-bit support from Windows entirely.

 

Remember the Pentium III Processor serial number? The TPM / T2 modules in PC's today is just the evolution of that scheme.

 

https://www.microsoft.com/en-us/microsoft-365/blog/2018/11/20/sign-in-to-your-microsoft-account-without-a-password-using-windows-hello-or-a-security-key/

 

Quote

How do Windows Hello and FIDO2 devices implement this? Based on the capabilities of your Windows 10 device, you will either have a built-in secure enclave, known as a hardware trusted platform module (TPM) or a software TPM. The TPM stores the private key, which requires either your face, fingerprint, or PIN to unlock it. Similarly, a FIDO2 device, like a security key, is a small external device with its own built-in secure enclave that stores the private key and requires the biometric or PIN to unlock it. Both options offer two-factor authentication in one step, requiring both a registered device and a biometric or PIN to successfully sign in.

This is why they push this stuff. The only thing holding back passwordless logins is that desktops often lack all the features necessary (camera, fingerprint sensor, tpm, mobile phone, security key) , meanwhile laptops, mobile phones, and iMac's have them.

 

It's only a matter of time before websites start refusing access entirely if you don't login with a passwordless mechanism. Right now it's kind of a stupid mess, where mobile phone apps for banks "save time by using your face id/touch id" password in the secure enclave, but then they still go ahead and expire it. This is simply having the phone save the password and send it rather than having the device verify with the headend that it belongs to who it's supposed to.