Nvidia adds telemetry to Geforce experience its latest drivers (Update)

[MalcolmHusky]

11 minutes ago, goodtofufriday said:

I apologize. Please don't get me banned =(

[tlink]

55 minutes ago, M.Yurizaki said:

The problem is people want the tools to work for them without them actually wanting to do something.

 

But my view on the internet is that you literally have no control over what you send out. Try as you might to hide, but people can snoop you out simply by your patterns. And there are algorithms out there that can do just that with seemingly minimal information.

 

Privacy aside, there's also the problem of developers needing to improve their stuff, but nobody wants to give them data to help improve it. If your system crashes randomly and the developer asks you for crash logs and information on your system and you refuse, well, what is the developer supposed to do?

 

I mean it would be nice to know exactly what they gather, but eh.

but you literally do have control over what you send out, you can literally monitor the bytes flowing trough the cable. you can literally capture every packet you send. and i know that there are algorithms for everything, but if 5% has an algorithm and 95% doesn't than i rather go undetected by 95% isntead of saying fuck it because of the 5% that can track me. 

 

im perfectly fine with giving devs info, i also give my docter info but they actually have their confidentiality rules sorted out. nothing gets disclosed without the patients notice, and said notice is not a requirement for the service of said doctor. if they want to include my numbers to do some statistical calculations about how many people are dissatisfied or have bad working software to show to their investors than fine, but thats simply not the case. they are shooting themselves in the foot, its not the consumer that does that.

[Mira Yurizaki]

So let me waste a bit more of my time trying to make sense of this.

 

Here's part of the EULA in question people may have a hissy fit over:

Quote

Customer hereby acknowledges that the SOFTWARE accesses and collects both non-personally identifiable information and personally identifiable information about Customer and CUSTOMER SYSTEM as well as configures CUSTOMER SYSTEM in order to (a) properly optimize CUSTOMER SYSTEM for use with the SOFTWARE, (b) deliver content through the SOFTWARE, (c) improve NVIDIA products and services, and (d) deliver marketing communications.  Information collected by the SOFTWARE includes, but is not limited to, CUSTOMER SYSTEM'S (i) hardware configuration and ID, (ii) operating system and driver configuration, (iii) installed games and applications, (iv) games and applications settings, performance, and usage data, and (iv) usage metrics of the SOFTWARE.  To the extent that Customer uses the SOFTWARE, Customer hereby consents to all of the foregoing, and represents and warrants that Customer has the right to grant such consent.

So if we take this at face value, last time I checked, the driver configuration software doesn't properly optimize my system or deliver any content. So this must be talking about GFE, which at the moment is still an optional, opt-out (since it's installed by default) service.

 

The other things of note is that:

Quote

CUSTOMER SYSTEM'S (i) hardware configuration and ID,

Is publicly accessible. Public in terms of computer access. How do I know this? If it wasn't publicly accessible, it would require elevation to admin rights. Last time I checked, when Steam does a hardware survey, it doesn't ask for admin rights. I can also open up Device Manager as a normal user and see all of the hardware I have installed on the system. It's just that if I want to do anything with that hardware, I can't. So public access is read only.

 

Quote

operating system and driver configuration

Is also publicly accessible. The driver configuration is as well, because that's also granted read access via Device Manager as a normal user.

 

Quote

(iii) installed games and applications

Is publicly accessible too. Open up command prompt as a normal user, type in the following:

wmic
/output:[Somepath]\[Some name].txt product get name,version

And it'll spit out a list of programs you have installed and what versions they are.

 

Quote

(iv) games and applications settings, performance, and usage data

If any program is saving any of this, this it's likely in your users folder. Otherwise again, if GFE is running as a normal user (which I don't know if it is because I don't use it), then it can still track whatever data it has access to. Which might be a lot more than you think.

 

Quote

(iv) usage metrics of the SOFTWARE.

"SOFTWARE" is referring to GFE.

 

Also the "personally identifying" information is due to the fact that I believe you need an account with NVIDIA before you can use GFE. An account is considered "personally identifying".

 

Do note that Linux also has all of this information readily accessible publicly as well. There are a few commands that do require superuser access, but most of the information above can be gathered without it.

 

So if you're not using GFE (which you shouldn't be anyway because it's pointless software), then this is nothing to worry about.

[mark_cameron]

5 hours ago, Hawx said:

I've seen this post being passed around reddit and it's incredibly misleading. 

 

Nvidia's generic privacy policy covers any case that Nvidia handles personal information, including sweepstakes, forums, support, and even internal employment. For example, you might enter a sweepstakes and the winner's information will be passed to the company handling the product without asking you first.

 

It doesn't automatically imply that the drivers are collecting the information listed in the PP. 

 

There's no evidence that any data outside of crash/hardware/game information is being sent. 

 

You can see an example telemetry log from GFE here:

http://www.canardpc.com/download/cpchw/hw29.getsugar.log

Its a concern as the there is no mention of telemetry within the Nvidia UK T&Cs. Absolutely no mention.

 

Equally there is inconsistency now.

 

Furthermore - as far as I can tell Nvidia is not registered in the EU-US Privacy Shield scheme.

 

Their UK T&Cs haven't been updated since 2015.

 

I think its very concerning. Nvidia implementing potential privacy breaching software without proper and LEGAL notification.

[mark_cameron]

1 hour ago, M.Yurizaki said:

The problem is people want the tools to work for them without them actually wanting to do something.

 

But my view on the internet is that you literally have no control over what you send out. Try as you might to hide, but people can snoop you out simply by your patterns. And there are algorithms out there that can do just that with seemingly minimal information.

 

Privacy aside, there's also the problem of developers needing to improve their stuff, but nobody wants to give them data to help improve it. If your system crashes randomly and the developer asks you for crash logs and information on your system and you refuse, well, what is the developer supposed to do?

 

I mean it would be nice to know exactly what they gather, but eh.

There are some areas of the world - such as where I live - in Europe that LEGALLY demand that companies do not extract more information then they absolutely need to.

 

Why do Nvidia need to automatically extract personally identifying information for technical support?

 

When technical support can be covered by a 'ticket' or number.

 

It makes absolutely no sense.

 

 

There are laws governing this sort of thing. I don't see Nvidia rushing to comply with them.

[Mira Yurizaki]

10 minutes ago, mark_cameron said:

There are some areas of the world - such as where I live - in Europe that LEGALLY demand that companies do not extract more information then they absolutely need to.

Which is meaningless to me. Does the EU have a team of software developers and privacy advocates who take in the request of all companies and their justifications, scrutinizing each thing to make sure that said information is absolutely needed or do they just read the justification and go "okay, that sounds fair enough"?

 

Also since Windows 10 isn't illegal in the EU, that must mean the telemetry data Microsoft gathers can't be all that bad.

 

Quote

Why do Nvidia need to automatically extract personally identifying information for technical support?

 

When technical support can be covered by a 'ticket' or number.

How is NVIDIA supposed to contact you then?

[Mira Yurizaki]

Also did anyone notice AMD's privacy policy?

Quote

We collect several kinds of information from you, depending on the part of the Site being visited. For example, We collect personal information from you when you register for a forum or newsletter, download products such as drivers, register products with Us, create a user name and password, provide feedback, send email enquiries or participate in another part of the Site.

They can collect "personal information" when I download drivers? So if I took that at face value, they're already a step ahead of NVIDIA.

[AlwaysFSX]

Did the latest driver also break fans while it was at it?

1 minute ago, M.Yurizaki said:

Also did anyone notice AMD's privacy policy?

They can collect "personal information" when I download drivers? So if I took that at face value, they're already a step ahead of NVIDIA.

Nooooooo, AMD can do no wrong. Based AMD is based. /s

[mark_cameron]

12 minutes ago, M.Yurizaki said:

Which is meaningless to me. Does the EU have a team of software developers and privacy advocates who take in the request of all companies and their justifications, scrutinizing each thing to make sure that said information is absolutely needed or do they just read the justification and go "okay, that sounds fair enough"?

 

Also since Windows 10 isn't illegal in the EU, that must mean the telemetry data Microsoft gathers can't be all that bad.

 

How is NVIDIA supposed to contact you then?

No friend.

 

The EU has a team of lawyers and privacy advocates that will be on to technology companies that are acting contrary to law!

 

Microsoft has been forced to join the EU-US Privacy Shield scheme and/or setup localised EU cloud servers due to law and the European courts enforcing the law on multinationals like Microsoft and Google.

 

If you knew this maybe you wouldn't be being so blase about this spyware that has been put onto consumers computers - guised as hardware-driver software.

 

 

The law for instance would take a very dim view of Nvidia implementing telemetry without any form of encryption of that telemetry. Just as much as the excessive personal data being acquired.

[PlayStation 2]

What purpose will this serve?

If Team Fortress 2 and gay porn is in their interest, then both sides hit the jackpot.

[Mattyd7829]

4 minutes ago, M.Yurizaki said:

Also did anyone notice AMD's privacy policy?

They can collect "personal information" when I download drivers? So if I took that at face value, they're already a step ahead of NVIDIA.

does it state anywhere in AMD's EULA that it is sold to 3rd parties for advertising purposes?

[AlwaysFSX]

1 minute ago, Dan Castellaneta said:

What purpose will this serve?

If Team Fortress 2 and gay porn is in their interest, then both sides hit the jackpot.

Probably to find out if there was a purchase for an AMD GPU so they can send you a bag of dicks.

[PlayStation 2]

Just now, AlwaysFSX said:

Probably to find out if there was a purchase for an AMD GPU so they can send you a bag of dicks.

lol

now how to hide it

 

[jagdtigger]

5 minutes ago, M.Yurizaki said:

Also did anyone notice AMD's privacy policy?

They can collect "personal information" when I download drivers? So if I took that at face value, they're already a step ahead of NVIDIA.

Nice try but that is only the website...

[AlwaysFSX]

Just now, Dan Castellaneta said:

lol

now how to hide it

Obviously you have to use Tor. That way the FBI can knock down your door and give you a bag of dicks. Really there's no winning, you're getting a bag of dicks whether you like it or not.

[Mira Yurizaki]

14 minutes ago, mark_cameron said:

No friend.

 

The EU has a team of lawyers and privacy advocates that will be on to technology companies that are acting contrary to law!

 

Microsoft has been forced to join the EU-US Privacy Shield scheme and/or setup localised EU cloud servers due to law and the European courts enforcing the law on multinationals like Microsoft and Google.

 

If you knew this maybe you wouldn't be being so blase about this spyware that has been put onto consumers computers - guised as hardware-driver software.

 

 

The law for instance would take a very dim view of Nvidia implementing telemetry without any form of encryption of that telemetry. Just as much as the excessive personal data being acquired.

All that does is protect people in the EU using US products from having any of that data unlawfully exported back to the US and possibly vice versa.

 

And again, what is "personally identifying data"? Your hardware and software configuration is not personally identifying data because anyone could have that combination of hardware and software. I would argue usage statistics aren't personally identifying because anyone could have a similar usage statistic. If it's your email address, you have to sign in using an email address to use GFE, and again GFE is optional. You are not required to use GFE to use NVIDIA's hardware.

[Syntaxvgm]

8 hours ago, Chasem121 said:

I'm just gonna guess this is going to be forgotten about within a few days and Geforce sales will not even hitch a little.

It's Nvidia being Nvidia, nothing surprising to see here.

Just like everything that NVIDIA does.

 

I have a Gsync screen, so I was stuck with green when I bought my 1080. I really hope by the time I upgrade to a new screen for gaming there's something that you can use with both AMD and NVIDIA....yah know like nvidia could support the VESA standard....

[mark_cameron]

5 minutes ago, M.Yurizaki said:

All that does is protect people in the EU using US products from having any of that data unlawfully exported back to the US and possibly vice versa.

 

And again, what is "personally identifying data"? Your hardware and software configuration is not personally identifying data because anyone could have that combination of hardware and software. I would argue usage statistics aren't personally identifying because anyone could have a similar usage statistic. If it's your email address, you have to sign in using an email address to use GFE, and again GFE is optional. You are not required to use GFE to use NVIDIA's hardware.

No friend.

 

It gives EU citizens the opportunity to complain to the US Department of Commerce and the company concerned and have their data treated in accordance with EU law.

 

It also allows EU citizens to sue. In either US or EU court in cases of negligence or gross negligence of US companies like Nvidia not complying with EU law.

 

 

Nvidia has no legal option to try and say - they gave the option to consumers. Since EU consumers themselves cannot waive the legal obligations of Nvidia to comply with EU law either. So your points make no sense.

 

Also its doing more than technical or use statistics. It says that in the T&Cs posted in the Reddit thread. Nvidia is going to potentially use all the information obtained by various means that includes personally identifying data.

[Thony]

Meh, I dont have GE installed

[suicidalfranco]

next: new drivers can only be downloaded through geforce experience 

[Shahnewaz]

Just now, suicidalfranco said:

next: new drivers can only be downloaded through geforce experience 

Hasn't this already happened?

http://www.pcgamer.com/nvidias-game-ready-drivers-will-soon-be-locked-behind-geforce-experience/

[suicidalfranco]

1 minute ago, Shahnewaz said:

Hasn't this already happened?

http://www.pcgamer.com/nvidias-game-ready-drivers-will-soon-be-locked-behind-geforce-experience/

oh boi...

[Fetzie]

1 hour ago, M.Yurizaki said:

Also did anyone notice AMD's privacy policy?

They can collect "personal information" when I download drivers? So if I took that at face value, they're already a step ahead of NVIDIA.

 

> We collect personal information from you when you register for a forum or newsletter

 

If I sign up for a forum account or newsletter they need the submitted data to add me to the mailing list or make me a forum account. That's fine because I asked them to do so

 

> download products such as drivers

 

Logging system data such as your OS and public IP are standard practice with every website you visit

 

> register products with Us

 

Kind of requires your personal data...

 

> create a user name and password

 

see above

 

> provide feedback, send email enquiries or participate in another part of the Site

 

They need to be able to respond to enquiries and they respond to bug reports if they need additional information, which requires things like email addresses and names.

 

They also don't give themselves the right to distribute the information, AFAIK. I see nothing wrong with that degree of data collection.

[Mira Yurizaki]

47 minutes ago, mark_cameron said:

No friend.

 

It gives EU citizens the opportunity to complain to the US Department of Commerce and the company concerned and have their data treated in accordance with EU law.

 

It also allows EU citizens to sue. In either US or EU court in cases of negligence or gross negligence of US companies like Nvidia not complying with EU law.

 

 

Nvidia has no legal option to try and say - they gave the option to consumers. Since EU consumers themselves cannot waive the legal obligations of Nvidia to comply with EU law either. So your points make no sense.

 

Also its doing more than technical or use statistics. It says that in the T&Cs posted in the Reddit thread. Nvidia is going to potentially use all the information obtained by various means that includes personally identifying data.

I don't know why you're calling me "friend". Does this mean we know each other?

 

Anyway, the EULA terms apply to GFE even if it's not clear enough. The driver software itself doesn't do anything that those terms and conditions say because there's no personally identifying information that you supply to the driver installer to begin with. And I pointed out AMD's privacy policy includes something scary sounding and mysterious like if you download drivers from their website, they obtain personal information from you as well (whatever that means).

 

And the whole reason why I'm "blase" about privacy is because I strongly believe privacy starts from the individual themselves. There is no law saying I have to give any of these companies actual information about myself. For all NVIDIA knows, I can be a "Barack Obama" or "Donald Trump". There is nothing that says "I agree that all of this information is true and lawful and false information is punishable by law" when I sign up for any company's website. If you want to be private about yourself online, don't give anything out in the first place.

 

Again, what is "personally identifying" data?

 

2 minutes ago, Fetzie said:

They also don't give themselves the right to distribute the information, AFAIK.

A company gathering personal information regardless of intentions is still gathering personal information. What if AMD gets hacked and their database gets dumped?

[Dabombinable]

3 hours ago, Master Disaster said:

Not possible anymore, Win 8.1 & 10 won't install drivers that are not digitally signed by Microsoft.

They still allow it if you adjust the right settings (non registry). How do you think I used icemod Catalyst 13.2 drivers on my HP Pavilion DV6 3010AX to get it working under Windows 10 properly?