Dutch DPA's use of Microsoft's Data Viewer Tool reveals that no Windows 10 telemetry is anonymous

[apm]

17 hours ago, Syntaxvgm said:

to be fair I was literally hired to manage a team who manages this stuff. 

why are you crying then?

[dfsdfgfkjsefoiqzemnd]

4 hours ago, M.Yurizaki said:

If one never provided any personally identifying information such as a name or some sort of ID number that is tied to them (e.g., SSN, DL#), then how can you use this information to go "Yup, that's John Doe at 1234 Main St. Podunk, XX, USA"?

 

It's not just the number, it's also what other info is associated with that number.

Here's a nice bit on how easy it is to find people with only a user number and search history :

33:54 to 36:46 (although I recommend watching the entire thing)

 

Also, it doesn't necessarily have to be entered directly.  If you ever use your smartphone to check your hotmail account while connected to your home WiFi, Microsoft will know that said hotmail account is linked to that IP address and hence to the PC's hardware ID.

[PocketNerd]

Linux is looking better and better every day

[PlayStation 2]

How many thousands of words will be drafted for the next bill the EU decides to implement?

My bet is somewhere around 500,000.

[Mira Yurizaki]

1 hour ago, Captain Chaos said:

It's not just the number, it's also what other info is associated with that number.

Here's a nice bit on how easy it is to find people with only a user number and search history :

Which is a problem with using the internet in general. It doesn't matter what OS you use.

1 hour ago, Captain Chaos said:

Also, it doesn't necessarily have to be entered directly.  If you ever use your smartphone to check your hotmail account while connected to your home WiFi, Microsoft will know that said hotmail account is linked to that IP address and hence to the PC's hardware ID.

So if I check my email using my smartphone while connected to the local Starbucks Wi-Fi, will Microsoft flag everyone else's PCs as mine and start mucking with their targeted ads?

[jakinov]

I personally don't care. Even if the data is not anonymized properly, the fact that they have that data and can prove that I'm the owner of that data the info they collect doesn't bother me since it's just telemetry data. I also don't think there's proof that they are deliberately being nefarious or are just extremely negligent. I worked for a really big global IT company and you'd be surprised how negligent people can be when it comes to things like this. If it wasn't for external auditors and business needs to meet certain compliance standards everything would be pretty sloppily handled and many things probably still are or at least were for a while. 

[Equlix]

If I had more time I would love to make a list of all the windows 10 apologist and surveillance nay sayers on LTT. Watching them all eat crow at once would be pretty great. I'll just take all their deafing silence as a small petty personal victory. 

[SpaceGhostC2C]

6 hours ago, hey_yo_ said:

Well he's asking on why ads no longer appear in his PC. But yeah even with basic telemetry it still contained personalized telemetry data.

As far as I can see, those are settings about collecting/using information for advertisement personalization, but not about seeing ads or not (I may have missed something, though). In that case, ads would still show up regardless of settings, they would just be generic (like pushing, let's say, a superbowl ad to every US installation).

[Syntaxvgm]

3 hours ago, apm said:

why are you crying then?

because in general I wasn't searchable until now=(

I was kinda proud to have never made a facebook, twitter stc accounts 

[kirashi]

20 hours ago, Syntaxvgm said:

Company made me change it to my real name even. I'm searchable on facebook. I almost cried. 

Change your profile privacy to not be searchable. I haven't been searchable since 2010 on Facebook. If you know my Facebook URL, you can find me, but I searching for my name doesn't yield results.... I think. Unless that's changed.

 

21 hours ago, Syntaxvgm said:

I made my first facebook account today for my new job, because I was forced to. Still salty. Didn't use anything but my first name and DOB. New email. No phone number, Never been on that connection before. New computer. 

Immediately got friend suggestions for family, classamtes in college, and even people I hadn't seen in years. 

They bought advertising data for that. 

An advertising ID is just to tie all the data from source, and when you have multiple sources you can very easily figure out which two users from different data sets are the same. You need VERY little info to uniquely identify someone. First name and DOB are enough to uniquely identify a large portion of the US population, and my location in the same town was icing on the cake. 

Where did you create your Facebook account from? Your home internet connection? Also, do you have your Facebook account logged on in the app on your phone for work purposes by chance? If so, do you connect to public wifi hotspots?

 

I'm not defending FB or advertisers at all, however, they can track and associate users simply by monitoring who connects to which networks most often.

[LAwLz]

39 minutes ago, M.Yurizaki said:

Which is a problem with using the internet in general. It doesn't matter what OS you use.

True, but it is worse when your OS does it because it has access to everything, not just what you type into a search field on a specific site.

Also, this thread is not about the Internet in general. "They do it too" is not a reason to excuse one company from doing it. It's just a red herring and finger pointing.

 

40 minutes ago, M.Yurizaki said:

So if I check my email using my smartphone while connected to the local Starbucks Wi-Fi, will Microsoft flag everyone else's PCs as mine and start mucking with their targeted ads?

Are you pretending to not understand this, or do you genuinely don't understand how this works?

 

Obviously they don't just look at the WiFi name and go "everything associated with this network must be owned by the same person!". They look at a huge number of unique data points. Microsoft can most likely even look up that the particular WiFi network you are on belongs to Starbucks. Mapping WiFi networks to physical locations is something Google has been doing for ages.

With triangulation they can look up where on earth you are to within maybe ~20 meters by just looking at which WiFi networks you are nearby while in let's say a city. That's how the positioning on for example Android can be very fast and quite accurate even when the GPS signal is weak (often times it even does a broad scan for WiFi networks, use that to get a rough estimate, and then use GPS to narrow the accuracy down from let's say 20 meters to 2 meters).

 

 

39 minutes ago, jakinov said:

I personally don't care. Even if the data is not anonymized properly, the fact that they have that data and can prove that I'm the owner of that data the info they collect doesn't bother me since it's just telemetry data.

You should care. Do you even know what data Microsoft collects? "Telemetry data" is very vague and could include a wide variety of things.

[Syntaxvgm]

2 minutes ago, kirashi said:

Change your profile privacy to not be searchable. I haven't been searchable since 2010 on Facebook. If you know my Facebook URL, you can find me, but I searching for my name doesn't yield results.... I think. Unless that's changed.

 

Where did you create your Facebook account from? Your home internet connection? Also, do you have your Facebook account logged on in the app on your phone for work purposes by chance? If so, do you connect to public wifi hotspots?

 

I'm not defending FB or advertisers at all, however, they can track and associate users simply by monitoring who connects to which networks most often.

nope, work connection, first day, nothing on phone (wasn't logged into wifi yet anyway), and new work pc. It made sense though, First name and DOB can identify a lot of people. 

[kirashi]

1 minute ago, Syntaxvgm said:

nope, work connection, first day, nothing on phone (wasn't logged into wifi yet anyway), and new work pc. It made sense though, First name and DOB can identify a lot of people. 

hmmm very interesting then, but yes, it's definitely possible for them to correlate whatever data they already have with your name and DoB, so I'd guess that's probably what happened here.

 

53 minutes ago, M.Yurizaki said:

So if I check my email using my smartphone while connected to the local Starbucks Wi-Fi, will Microsoft flag everyone else's PCs as mine and start mucking with their targeted ads?

No, your particular "user cookie" / UUID will be flagged. Also, while clearing your cookies does remove them from your computer, as soon as you login with the same account, even on another PC, they'll just generate you a new cookie / UUID and associate it with your prior data anyway.

[Syntaxvgm]

Just now, kirashi said:

hmmm very interesting then, but yes, it's definitely possible for them to correlate whatever data they already have with your name and DoB, so I'd guess that's probably what happened here.

 

No, your particular "user cookie" / UUID will be flagged. Also, while clearing your cookies does remove them from your computer, as soon as you login with the same account, even on another PC, they'll just generate you a new cookie / UUID and associate it with your prior data anyway.

and city, forgot to mention that. so they had 3 points of data 

[Mira Yurizaki]

11 minutes ago, LAwLz said:

Are you pretending to not understand this, or do you genuinely don't understand how this works?

 

Obviously they don't just look at the WiFi name and go "everything associated with this network must be owned by the same person!". They look at a huge number of unique data points. Microsoft can most likely even look up that the particular WiFi network you are on belongs to Starbucks. Mapping WiFi networks to physical locations is something Google has been doing for ages.

With triangulation they can look up where on earth you are to within maybe ~20 meters by just looking at which WiFi networks you are nearby while in let's say a city. That's how the positioning on for example Android can be very fast and quite accurate even when the GPS signal is weak (often times it even does a broad scan for WiFi networks, use that to get a rough estimate, and then use GPS to narrow the accuracy down from let's say 20 meters to 2 meters).

I only used Starbucks as an example. IP addresses as personally identifying information is questionable anyway. If you have a WiFi network I could just crack into it, do something illegal like setup a fake Facebook account in your name and post child porn on it.

 

Obviously it was you because it came from your IP amirite?

[jakinov]

6 minutes ago, LAwLz said:

You should care. Do you even know what data Microsoft collects? "Telemetry data" is very vague and could include a wide variety of things.

It likely doesn't include actual content that I would likely want to keep private. I don't particularly care if Microsoft knows that I like to open Chrome 50x a day or that I may have Torrent downloading programs installed. 

 

Personally, I would care more if they were exporting the data when they scan my documents and they start taking files from my computer that they shouldn't be. I would for example care if there's proof they were taking things like Chrome history files but I don't care if they track that I use Chrome and my usage patterns.

 

Correct me if I'm wrong but there's no evidence that the things like key logging when disabled actually still get sent? The big concern was that if you shut off all those settings data that some telemetry is still sent and in this article that data isn't as anonymous as Microsoft claims.

[Mira Yurizaki]

7 minutes ago, jakinov said:

It likely doesn't include actual content that I would likely want to keep private. I don't particularly care if Microsoft knows that I like to open Chrome 50x a day or that I may have Torrent downloading programs installed. 

 

Personally, I would care more if they were exporting the data when they scan my documents and they start taking files from my computer that they shouldn't be. I would for example care if there's proof they were taking things like Chrome history files but I don't care if they track that I use Chrome and my usage patterns.

 

Correct me if I'm wrong but there's no evidence that the things like key logging when disabled actually still get sent? The big concern was that if you shut off all those settings data that some telemetry is still sent and in this article that data isn't as anonymous as Microsoft claims.

People don't like it that there's data collection going on regardless of the data being collected when they didn't explicitly agree to it.

[jakinov]

Just now, M.Yurizaki said:

People don't like it that there's data collection going on regardless of the data being collected when they didn't explicitly agree to it.

Right, but I never said that they have to like it. Just that I personally didn't care.

[Mira Yurizaki]

Just now, jakinov said:

Right, but I never said that they have to like it. Just that I personally didn't care.

And I suppose this also ties in with how this information is being used.

[LAwLz]

20 minutes ago, M.Yurizaki said:

I only used Starbucks as an example. IP addresses as personally identifying information is questionable anyway. If you have a WiFi network I could just crack into it, do something illegal like setup a fake Facebook account in your name and post child porn on it.

 

Obviously it was you because it came from your IP amirite?

OK you must be faking ignorance... Your IP is one out of thousands of things collected.

Sure, a single IP from one instance posting child porn would not prove that you were guilty. But if they have the IP, time, date, where you were before and after, when you opened your browser, what websites you visited, what other programs were open on the computer, the MAC address of your computer, several unique identifiers, IMEI and whatever other information Microsoft gathers then yes, they could prove that it was you. Obviously it would be you because thousands of unique information could be used to uniquely tie you to that specific activity, time and location.

 

 

20 minutes ago, jakinov said:

It likely doesn't include actual content that I would likely want to keep private. I don't particularly care if Microsoft knows that I like to open Chrome 50x a day or that I may have Torrent downloading programs installed. 

 

Personally, I would care more if they were exporting the data when they scan my documents and they start taking files from my computer that they shouldn't be. I would for example care if there's proof they were taking things like Chrome history files but I don't care if they track that I use Chrome and my usage patterns.

 

Correct me if I'm wrong but there's no evidence that the things like key logging when disabled actually still get sent? The big concern was that if you shut off all those settings data that some telemetry is still sent and in this article that data isn't as anonymous as Microsoft claims.

So you don't know what it actually includes, yet you are confident in that it is not information you would deem too private for them to collect?

I think you have the completely wrong mentality. You shouldn't be asking yourself what information you would be uncomfortable with giving up. What you should be asking is why should Microsoft or some other company be allowed to harvest private information about you without explicit consent?

 

"Some telemetry" is a very big understatement. Even with everything turned off they are still collecting a massive amount of private information.

How many different data points do you think we are talking about here? Just a rough estimate.

[Mira Yurizaki]

3 minutes ago, LAwLz said:

Sure, a single IP from one instance posting child porn would not prove that you were guilty. But if they have the IP, time, date, where you were before and after, when you opened your browser, what websites you visited, what other programs were open on the computer, the MAC address of your computer, several unique identifiers, IMEI and whatever other information Microsoft gathers then yes, they could prove that it was you. Obviously it would be you because thousands of unique information could be used to uniquely tie you to that specific activity, time and location.

But how can they still prove it's me if I never provide them with any personally identifying information?

 

(Also MAC addresses aren't unique. They're supposed to be, but you can change them easily. I used to assign them on products at my last company)

[Delicieuxz]

20 minutes ago, M.Yurizaki said:

But how can they still prove it's me if I never provide them with any personally identifying information?

 

(Also MAC addresses aren't unique. They're supposed to be, but you can change them easily. I used to assign them on products at my last company)

All the little pieces, when put together, become personally-identifying.

[Mira Yurizaki]

Just now, Delicieuxz said:

All the little pieces, when put together, become personally-identifying.

And this is a problem with using the internet in general. It doesn't matter if I go use Linux, if I use the internet in the same way, someone who really wants to find me will find me.

[LAwLz]

25 minutes ago, M.Yurizaki said:

But how can they still prove it's me if I never provide them with any personally identifying information?

 

(Also MAC addresses aren't unique. They're supposed to be, but you can change them easily. I used to assign them on products at my last company)

Because you are providing them with personally identifiable information. Did you not read the title of this thread? It is possible to uniquely identify a person given enough data points, even if none of them can be directly tied to you as a person.

 

Tell me your shoe size, the area you live in, all your different clothes, what phone model you got, the names of nearby WiFi networks, where you usually go during the day, which programs you use, and a few hundred more details about yourself and I will most likely be able to track you down. Each piece of info by itself can't be traced to you, but in combination they can.

 

25 minutes ago, M.Yurizaki said:

(Also MAC addresses aren't unique. They're supposed to be, but you can change them easily. I used to assign them on products at my last company)

Yes I know. I work as a networking consultant. No need to lecture me about these things.

But once again you get hung up on individual pieces. It is not a single piece of info that is used to identify you by itself. It's a combination of several data points.

 

 

2 minutes ago, M.Yurizaki said:

And this is a problem with using the internet in general. It doesn't matter if I go use Linux, if I use the internet in the same way, someone who really wants to find me will find me.

Now you're just going in circles.

Other companies doing despicable things is not an excuse to let one company get away with it. Especially not since what Microsoft is doing is far worse. There is a difference between the operating system harvesting data, and a particular website or program doing it.

There is also a difference about being honest with what you collect, and lying about it.

 

You are awfully OK with being lied to and spied on. It's frightening how much of a defeatist you are.

You might enjoy being kicked in the face, but not everyone does.

[Mira Yurizaki]

Just now, LAwLz said:

It is possible to uniquely identify a person given enough data points, even if none of them can be directly tied to you as a person.

And all of those data points come from multiple sources other than Microsoft. The idea that  "yeah, Linux is starting to look better" as a solution is laughable at best.