Dutch DPA's use of Microsoft's Data Viewer Tool reveals that no Windows 10 telemetry is anonymous

[dfsdfgfkjsefoiqzemnd]

2 minutes ago, M.Yurizaki said:

The idea that  "yeah, Linux is starting to look better" as a solution is laughable at best.

It's not THE solution, but it is PART of the solution.  The rest of the "services" that collect your data can be avoided by not using them and blocking their cookies, social widgets etc.

[HalGameGuru]

That's still entirely circumstantial. No matter what data someone puts into some random computer the activities on that computer cannot be absolutely linked to you personally. And after the equifax breach it's going to be FIELD DAY for duplicate and spoof accounts. a name and a DOB was enough to tentatively link some account with some person, but now you are going to have millions of SSNs, financial histories, dates, and addresses floating around. Unless you can get a live webcam image of the PC in use and prove its not a mask you are going to have a hard time linking any machine to any person in any legal sense.

[jakinov]

32 minutes ago, LAwLz said:

 

So you don't know what it actually includes, yet you are confident in that it is not information you would deem too private for them to collect?

I think you have the completely wrong mentality. You shouldn't be asking yourself what information you would be uncomfortable with giving up. What you should be asking is why should Microsoft or some other company be allowed to harvest private information about you without explicit consent?

 

"Some telemetry" is a very big understatement. Even with everything turned off they are still collecting a massive amount of private information.

How many different data points do you think we are talking about here? Just a rough estimate.

I know what they aren't collecting which the actual payload of any of my files. 

 

As a consumer that's the question I should be asking if I decide out of my own free will to use a product. In regards to your question, well why shouldn't companies be able to collect private data about you without explicit consent? It's their product or service and they should be able to operate however they'd like as long as it doesn't violate any laws. I'm not against privacy laws either. Laws should enforce how companies store and handle sensitive PII, ensure that companies are upfront with what they collect (so explicit consent shouldn't be needed in most cases). I believe that users shouldn't need to give explicitly consent unless we start talking about sensitive PII which laws should definitely cover. For example, Microsoft shouldn't be allowed to give people my address and phone number unless I agree to it but I think most other things are fair game.

I don't have any idea how many data-points or its that are collected. But the number really doesn't matter as much as the class of content. 

[Mira Yurizaki]

7 minutes ago, Captain Chaos said:

It's not THE solution, but it is PART of the solution.  The rest of the "services" that collect your data can be avoided by not using them and blocking their cookies, social widgets etc.

And how can you be absolutely certain nobody is collecting anything about you? DuckDuckGo claims to not log what you do, but it's not open source and it hasn't had an independent security audit (as far as I know).

 

And even then how can you be certain your hardware isn't also doing anything nefarious? Even though this was fixed, Intel had a hardware security bug in their processors:

The more you go down this privacy hole, the worse it's going to get until you decide to just get rid of computers.

[dfsdfgfkjsefoiqzemnd]

5 minutes ago, M.Yurizaki said:

The more you go down this privacy hole, the worse it's going to get.

Absolutely, but that doesn't mean you should just accept it and give everyone easy access like a lot of people are doing now. 

The harder you make it, the less likely it becomes that untrustworthy people (or untrustworthy 3-letter agencies) are willing to spend the extra time and resources needed to connect the dots.

[Mira Yurizaki]

3 minutes ago, Captain Chaos said:

Absolutely, but that doesn't mean you should just accept it and give everyone easy access like a lot of people are doing now. 

The harder you make it, the less likely it becomes that untrustworthy people (or untrustworthy 3-letter agencies) are willing to spend the extra time and resources needed to connect the dots.

I'd rather make myself look uninteresting than hard to get. Hard to get implies I have something valuable that I don't want anyone to know about.

 

If I lived in a crappy part of town, I wouldn't be putting up a fancy security system. I'd just make sure my house doesn't look interesting enough to rob.

[LAwLz]

26 minutes ago, M.Yurizaki said:

And all of those data points come from multiple sources other than Microsoft. The idea that  "yeah, Linux is starting to look better" as a solution is laughable at best.

You got to be kidding me...

Hey tell me, do you lock your door when you leave home? How come you do that? The idea that "locking your door" is a solution is laughable at best because a thief could just smash your window!

See how flawed your logic is? I doubt you do because you are extremely close minded and has already decided that you are OK with Microsoft harvesting your data.

 

Here is the thing, you can never get rid of all spying that goes around these days. But this philosophy you are trying to push that if you can't get rid of 100% of spying, then you should accept all of it and don't do anything about it is inane to put it mildly.

 

And no, those data points do come from Microsoft. Microsoft collects them as part of their telemetry. That is what this entire thread is about. Did you not even read the title before you jumped in here to make a bunch of posts defending Microsoft?

Some other companies might do similar things, but so far they have not been caught straight up lying about it, nor does bad behavior from one company excuse bad behavior from another one. This thread is about Microsoft being caught with their hands in the cookie jar. It is not about what other websites or programs do. Wanna discuss what data some GNU/Linux distro collects? Then go ahead and make a thread about that. This thread is about Microsoft though and just going "everyone does it" (which is not true) is nothing but a poor attempt at derailing the discussion.

 

The only reason why things has gotten so bad is because of people like you who not only seem completely OK with being stepped on, but also encourages others to enjoy it too.

 

 

 

11 minutes ago, jakinov said:

I know what they aren't collecting which the actual payload of any of my files. 

But they do look at what files you have. In fact, they will even inspect what you do inside programs if you leave the default settings on.

 

20 minutes ago, jakinov said:

In regards to your question, well why shouldn't companies be able to collect private data about you without explicit consent?

You got to be fucking kidding me... How this can be a legitimate question someone actually asked is extremely scary to me. Would you be OK with me reading your post? If you discovered that I had a keylogger on your machine, would you be totally cool with that? Why shouldn't I be able to collect private data about you without your consent?

 

23 minutes ago, jakinov said:

It's their product or service and they should be able to operate however they'd like as long as it doesn't violate any laws.

Did you even read the thread? MICROSOFT ARE VIOLATING LAWS.

 

24 minutes ago, jakinov said:

Laws should enforce how companies store and handle sensitive PII, ensure that companies are upfront with what they collect (so explicit consent shouldn't be needed in most cases).

I don't think you understand what explicit consent means. If they are upfront about it then they will have explicit consent, because by law they must have some type of consent and if that makes it clear in an upfront manner what they are collecting, then that is explicit consent.

"We collect X Y and Z, are you OK with this?"

That's what they would need in order to be upfront about it, and if you click yes to that then you have explicit consent.

It's when they hide it in terms which requires a university degree in law, and several hours of analysis, in addition to straight up lyingg, that's where it no longer is consensual.

 

27 minutes ago, jakinov said:

I believe that users shouldn't need to give explicitly consent unless we start talking about sensitive PII which laws should definitely cover.

What defines "sensitive PII" and what defines just your regular personally identifiable information?

I think any personally identifiable information should be classified as sensitive. I would be surprised if it already is.

[LAwLz]

9 hours ago, M.Yurizaki said:

I'd rather make myself look uninteresting than hard to get. Hard to get implies I have something valuable that I don't want anyone to know about.

 

If I lived in a crappy part of town, I wouldn't be putting up a fancy security system. I'd just make sure my house doesn't look interesting enough to rob.

Congratulations, you're deliberately living a boring and uninteresting life. You win I guess?

But sadly, you are interesting even if you try to be timid and docile. Mass surveillance and data harvesting do not make exceptions just because you seem boring.

[Radium_Angel]

Working in IT security, I knew this was going to be the end result, the 1st time Win10 was talked about and their EULA was released.

There are people who don't care, and that's fine, it will come back one day to haunt you. 

 

We are going Win10 for some of our systems at work, and it's my job to make them shut up. I've sort of discovered if you neuter Win10 enough with regards to firewalls and telemetry tweaking and whatnot, it it's not *quite* stable afterwards. It behaving in funny ways from time to time. Yeah, this is gonna be a problem....

 

..and worse yet, it's just the first step, if MS can get away with it (and they will, they've got the money) then who pulls this shit next? Apple? Canonical? More will be coming.

[jagdtigger]

1 hour ago, Radium_Angel said:

I've sort of discovered if you neuter Win10 enough with regards to firewalls and telemetry tweaking and whatnot, it it's not *quite* stable afterwards. It behaving in funny ways from time to time. Yeah, this is gonna be a problem....

Have fun neutering it after every update....

[Radium_Angel]

7 hours ago, jagdtigger said:

Have fun neutering it after every update....

My bad, I missed inputting the part about working with LTSB, which, so far, doesn't change anything back after updates. And the LTSB is not on the bleeding edge of MS's shenanigans. Believe me, I'm against the upgrade, but it's not my call, I'm just the one who has to make it work,,,

[TheCherryKing]

If there ever is an EU version with less or no telemetry everybody in the world will try to get a hold of it instead the version with full telemetry. 

[jagdtigger]

3 minutes ago, Radium_Angel said:

My bad, I missed inputting the part about working with LTSB, which, so far, doesn't change anything back after updates. And the LTSB is not on the bleeding edge of MS's shenanigans. Believe me, I'm against the upgrade, but it's not my call, I'm just the one who has to make it work,,,

Well sooner or later you have to deal with the same BS again, or even worse if MS starts to integrate all the junk even deeper into the ""system"". I started to move away from MS, the only thing that keeps windows on my machines is games. BTW if anyone wants to move away from MS office expect a metric buttload of complaints about why you send things in ODF, im still a black sheep because of that at work...

[mr moose]

 

21 hours ago, HalGameGuru said:

That's still entirely circumstantial. No matter what data someone puts into some random computer the activities on that computer cannot be absolutely linked to you personally. And after the equifax breach it's going to be FIELD DAY for duplicate and spoof accounts. a name and a DOB was enough to tentatively link some account with some person, but now you are going to have millions of SSNs, financial histories, dates, and addresses floating around. Unless you can get a live webcam image of the PC in use and prove its not a mask you are going to have a hard time linking any machine to any person in any legal sense.

I actually agree with you. Being able to piece all the information together to conclude an identity/profile (correctly or not) is different to  extracting personal information and ID directly. What stands out to me is that even with this supposedly deeper digging, they still haven't found any data that is being collected that MS haven't already said they are. 

 

 

[JoeCoke]

And who didn't already know this? I mean come on, this is Micro$oft we're talking about. I never trusted anyone who said this wasn't the case, so it's not a surprise. Go ahead, call me a tin foil hat wearer.

[Radium_Angel]

2 hours ago, jagdtigger said:

Well sooner or later you have to deal with the same BS again, or even worse if MS starts to integrate all the junk even deeper into the ""system"". I started to move away from MS, the only thing that keeps windows on my machines is games. BTW if anyone wants to move away from MS office expect a metric buttload of complaints about why you send things in ODF, im still a black sheep because of that at work...

Without getting too detailed about what I do for a living, I'm a big open source Linux evangelist, but I"m also a realist and almost all of our custom software runs only under Windows...

[TetraSky]

So, at a Basic level, with a local account, they get

 

DeviceID

LocalId both user and device

OSDeviceName 

Hard and software installed

Installed apps(I'm assuming these are "modern apps" ?)

Usage and amount of memory, processor and BIOS

Region and Language (No mention of GPS data, so that's just the setting in windows?)

Connected devices (Printers, whatever else)

Default Browser (ie Not EDGE) and other default softwares.

Name of device

MAC address of the network equipment. (This is the big one that can ID/track you I guess?)

other info about touch, pen, handshake between apps and edge.

 

 

Other than the MAC address one, the rest wouldn't allow you to be traceable by anyone, no?

Sure they will get a bunch of info, but they wouldn't be able to associate that info to you personally. They don't get GPS data after all (No mention of it in the report anyway).

Someone could, possibly track you down with the MAC address, given they have access to your ISP's database, which is unlikely for advertisers and random Joe Nobody(Unless your ISP are scumbags and sell off that info as well).

So they ones who actually could track you down with the information they give, is probably only the government.

 

Or am I missing something here? I mean, even if someone knows my name, that I wear a red shirt, got black hair, brown eyes, that my favorite song is the opening theme of Pokemon and that I live in Montreal, you wouldn't be able to personally ID me in a crowd regardless unless you know my address to get me.

[LAwLz]

7 minutes ago, TetraSky said:

So, at a Basic level, with a local account, they get

 

DeviceID

LocalId both user and device

OSDeviceName 

Hard and software installed

Installed apps(I'm assuming these are "modern apps" ?)

Usage and amount of memory, processor and BIOS

Region and Language (No mention of GPS data, so that's just the setting in windows?)

Connected devices (Printers, whatever else)

Default Browser (ie Not EDGE) and other default softwares.

Name of device

MAC address of the network equipment. (This is the big one that can ID/track you I guess?)

other info about touch, pen, handshake between apps and edge.

 

 

Other than the MAC address one, the rest wouldn't allow you to be traceable by anyone, no?

Sure they will get a bunch of info, but they wouldn't be able to associate that info to you personally. They don't get GPS data after all (No mention of it in the report anyway).

Someone could, possibly track you down with the MAC address, given they have access to your ISP's database, which is unlikely for advertisers and random Joe Nobody(Unless your ISP are scumbags and sell off that info as well).

So they ones who actually could track you down with the information they give, is probably only the government.

 

Or am I missing something here? I mean, even if someone knows my name, that I wear a red shirt, got black hair, blue eyes, that my favorite song is the opening theme of Pokemon and that I live in Montreal, you wouldn't be able to personally ID me in a crowd regardless.

No, they get far more than that. Those were just some examples.

And yes, you could ID you personally from a crowd with those data points and more. It's just a matter of looking it up.

 

 

Another thing to think about is that they don't have to associate your SSN or whatever you deem true "identification of you as a person" with every piece of data. All they have to do is build a detailed profile of your behavior and track that, then if they ever need to know which individual person you are they can go the extra mile and look that up. All of a sudden all the data they have associated with "profile number 53425153" is directly associated with you, the person.

Think of it as creating a digital copy of you which they use for behavior prediction, marketing, and whatever other business Microsoft does these days. Even if it wasn't traceable back to you (which it is) that in and of itself should be scary to you. Especially with all the AI things such as police trying to predict future criminals. You could be treated as a criminal because your computer usage matches that of other confirmed criminals.

 

This is not some science fiction either by the way. Police are already using AI to determine if suspects should be kept in custody or released on bail.

[mr moose]

20 minutes ago, TetraSky said:

So, at a Basic level, with a local account, they get

 

DeviceID

LocalId both user and device

OSDeviceName 

Hard and software installed

Installed apps(I'm assuming these are "modern apps" ?)

Usage and amount of memory, processor and BIOS

Region and Language (No mention of GPS data, so that's just the setting in windows?)

Connected devices (Printers, whatever else)

Default Browser (ie Not EDGE) and other default softwares.

Name of device

MAC address of the network equipment. (This is the big one that can ID/track you I guess?)

other info about touch, pen, handshake between apps and edge.

 

 

Other than the MAC address one, the rest wouldn't allow you to be traceable by anyone, no?

Sure they will get a bunch of info, but they wouldn't be able to associate that info to you personally. They don't get GPS data after all (No mention of it in the report anyway).

Someone could, possibly track you down with the MAC address, given they have access to your ISP's database, which is unlikely for advertisers and random Joe Nobody(Unless your ISP are scumbags and sell off that info as well).

So they ones who actually could track you down with the information they give, is probably only the government.

 

Or am I missing something here? I mean, even if someone knows my name, that I wear a red shirt, got black hair, brown eyes, that my favorite song is the opening theme of Pokemon and that I live in Montreal, you wouldn't be able to personally ID me in a crowd regardless unless you know my address to get me.

 

I am pretty sure they can use your global IP in combination with your other data to work out your online identity.  They could (if they wanted to) cross reference sall that data with your MS store account and get your ID that way,  But so can Apple, Google,  Paypal, amazon, Ebay, etc, etc, etc.   At this point we move into a debate about whether corporations like MS are doing that and selling said data against privacy laws in almost every country or whether they are only using said data as they claim.

[KuJoe]

Anybody who thinks they are anonymous online needs to not be allowed online, they are a danger to themselves and others.

[jakinov]

20 hours ago, LAwLz said:

But they do look at what files you have. In fact, they will even inspect what you do inside programs if you leave the default settings on.

Which programs? Their programs? What do you mean by inspect inside programs? To me there's a big difference between them looking at how many tabs I like to keep open, how often I use certain features than them sending my search history. Which I believe gets sent if you use Cortana but then that doesn't classify it as telemetry because it's a feature that sacrifices privacy for functionality. Edge also sends browsing history by default but that was also already known. I will start to care if Microsoft starts collecting my data if they start looking into programs they don't own and starts collecting things like my information from resume.docx and starts dipping it's fingers into Chrome files. But I don't care that it knows that I have Chrome installed and Word installed and how often I use both.

 

20 hours ago, LAwLz said:

You got to be fucking kidding me... How this can be a legitimate question someone actually asked is extremely scary to me. Would you be OK with me reading your post? If you discovered that I had a keylogger on your machine, would you be totally cool with that? Why shouldn't I be able to collect private data about you without your consent?

 

That's not what I meant. What I meant was why should a company not be allowed to do it, if it's something you choose to use. If I choose to use Windows and they tell me that they are going to harvest all my data, what's the problem? 

 

21 hours ago, LAwLz said:

Did you even read the thread? MICROSOFT ARE VIOLATING LAWS.

I never said they weren't. I was just talking and expressing my views in regards to where I think privacy laws should be and what companies can and cannot do.

 

21 hours ago, LAwLz said:

I don't think you understand what explicit consent means. If they are upfront about it then they will have explicit consent, because by law they must have some type of consent and if that makes it clear in an upfront manner what they are collecting, then that is explicit consent.

"We collect X Y and Z, are you OK with this?"

That's what they would need in order to be upfront about it, and if you click yes to that then you have explicit consent.

It's when they hide it in terms which requires a university degree in law, and several hours of analysis, in addition to straight up lyingg, that's where it no longer is consensual.

By upfront I mean, they aren't saying we don't collect shit but really they are. I wasn't talking about specific laws that are currently in place, I was speaking broadly expressing my views on what privacy laws I think should exist (and shouldn't) in general. 

I consider the prompt an example of explicit consent. I consider if they don't prompt you and some data harvesting is on and they don't lie about what is being collected that that's implicit consent. Even if you are not aware that they are collecting information  at least depending on the class of data.

 

My belief is that, if some software is collecting telemetry data and it says somewhere that they are collecting this information, that software shouldn't have to explicitly ask for that permission before it starts collecting. I believe that as long as it says somewhere that X,Y and Z will be collected, The fact the user uses the product is implicit consent for them to collect the data. Where I think laws explicit consent is required, is when information is more sensitive such as the payload of files or with PII; I think that information you should have to give explicit consent. 

 

21 hours ago, LAwLz said:

What defines "sensitive PII" and what defines just your regular personally identifiable information?

I think any personally identifiable information should be classified as sensitive. I would be surprised if it already is.

I think it's all pretty subjective but generally PII that you could somehow get anyways is not considered sensitive (e.g. name and address) but of course it depends on the situation and person, some non-sensitive PII for an average person like their address is much more sensitive for public figures. But even for some regular joes, that's too sensitive for them and that's why people opt out of phonebooks. In my country, the privacy laws  in regards to PII if I recall correctly doesn't make distinction between non-sensitive and sensitive info but the distinction does exist in other countries like America. I just google'd PII just now, and the distinction between sensitive PII is often made when defining it and discussing it.

Apart from Edge and Cortana sending information about the webpages that I may visit by default. All the new information presented at all the levels described doesn't strike me as all that sensitive personally. The issue I see is that yes they are violating laws in certain places in the world which is bad and they claim the data is anonymous but is isn't which is also bad. But in terms of the information that is being collected in and of itself, even if it's not properly anonymized, it doesn't bother me personally that Microsoft is collecting and has it.

[LAwLz]

1 minute ago, mr moose said:

 

I am pretty sure they can use your global IP in combination with your other data to work out your online identity.  They could (if they wanted to) cross reference sall that data with your MS store account and get your ID that way,  But so can Apple, Google,  Paypal, amazon, Ebay, etc, etc, etc.   At this point we move into a debate about whether corporations like MS are doing that and selling said data against privacy laws in almost every country or whether they are only using said data as they claim.

Well, so far only Microsoft have been caught breaking privacy laws (at least in recent times).

It is possible that Apple, Google and others are scumbags too, but we have it confirmed that Microsoft are.

 

There is also other factors such as it being impossible to opt-out from Windows, but other companies such as Apple proudly presents the users with a single one click disable all solution right at the setup screen. Another factor is that Microsoft are doing it at an OS level, which is far more intrusive than a website doing it. A website does not have access to anywhere near as much data.

 

 

Just now, KuJoe said:

Anybody who thinks they are anonymous online needs to not be allowed online, they are a danger to themselves and others.

Just because you can't be 100% safe doesn't mean you should just give up and not care at all. The reason why things have gotten to the point they are now is because of people like you who got a defeatist mentality. People who care and fight for privacy are not dangerous. You are. You are dangerous because you actively encourage people to be passive and not fight to make things better.

 

Stop making things worse, while encouraging people to enjoy being kicked in the face.

[mr moose]

3 minutes ago, LAwLz said:

Well, so far only Microsoft have been caught breaking privacy laws (at least in recent times).

It is possible that Apple, Google and others are scumbags too, but we have it confirmed that Microsoft are.

 

There is also other factors such as it being impossible to opt-out from Windows, but other companies such as Apple proudly presents the users with a single one click disable all solution right at the setup screen. Another factor is that Microsoft are doing it at an OS level, which is far more intrusive than a website doing it. A website does not have access to anywhere near as much data.

 

 

Is that a court verdict or just an allegation so far, it will be interesting to see how it pans out regardless.  MS have responded to it and on a personal note the last three times I installed win10 I was asked to opt into/out of many of the DPA's complaints (with explanations). So Not sure how they can argue people didn't know. 

 

 

[KuJoe]

9 minutes ago, LAwLz said:

Just because you can't be 100% safe doesn't mean you should just give up and not care at all. The reason why things have gotten to the point they are now is because of people like you who got a defeatist mentality. People who care and fight for privacy are not dangerous. You are. You are dangerous because you actively encourage people to be passive and not fight to make things better.

 

Stop making things worse, while encouraging people to enjoy being kicked in the face.

I never said that, you're assuming my statement meant something other than what it did. My statement was to imply that people thought this was news and that is SCARY. Anybody even remotely concerned about their privacy switched to Linux long ago, people still using any Microsoft, Apple, or Google software should be fully aware of their lack of privacy by now and if not shouldn't be allowed on the internet until they are better educated. In fact, my statement mirrored your post very closely, it's extremely bad to be so ignorant about technology in 2017. It's dangerous for everybody to not be informed and not take it seriously.

[LAwLz]

Just now, jakinov said:

Which programs? Their programs? What do you mean by inspect inside programs? To me there's a big difference between them looking at how many tabs I like to keep open, how often I use certain features than them sending my search history. Which I believe gets sent if you use Cortana but then that doesn't classify it as telemetry because it's a feature that sacrifices privacy for functionality. Edge also sends browsing history by default but that was also already known. I will start to care if Microsoft starts collecting my data if they start looking into programs they don't own and starts collecting things like my information from resume.docx and starts dipping it's fingers into Chrome files. But I don't care that it knows that I have Chrome installed and Word installed and how often I use both.

They do that. Among the telemetry data they collect they look at what is happening inside programs. For example they check what file you open with what program. I can probably find the class name for that telemetry data and some vague descriptions for you, but the list of data Microsoft collects is veeeeery long so it might take a while.

They claim they check it in order to gain insight in what causes programs to crash. And yes, it applies to third party programs too. I think it only happens at the default settings though, and the more limited telemetry settings won't look inside programs.

 

4 minutes ago, jakinov said:

That's not what I meant. What I meant was why should a company not be allowed to do it, if it's something you choose to use. If I choose to use Windows and they tell me that they are going to harvest all my data, what's the problem? 

But they don't tell you what data they are collecting or what they use it for in a clear manner. You need a high education in law in order to actually read the contracts (which constantly change by the way). They are designed to be deceiving and confusing.

If Coca cola decided to one day start putting roofies in their soda would you be OK with it? It would be listed in the ingredients (although not with that name, but rather with the chemicals that makes up roofies). Clearly you agreed to being drugged if you decided to drink their soda, right? Surely we don't need any laws to protect consumers from being harmed or taken advantage of... /sarcasm

 

10 minutes ago, jakinov said:

I consider the prompt an example of explicit consent. I consider if they don't prompt you and some data harvesting is on and they don't lie about what is being collected that that's implicit consent. Even if you are not aware that they are collecting information  at least depending on the class of data.

If you are not aware of something happening, then you can have given consent. It's as simple as that.

If you have sex with a girl without her knowledge (because she was passed out for example) then she has not given consent just because she is in your apartment or whatever. Sure you might have told her just before she passed out that you were going to fuck her, but if she didn't even understand what you were saying because you deliberately made it confusing by for example speaking in Mandarin then you are not innocent.

 

11 minutes ago, jakinov said:

I believe that as long as it says somewhere that X,Y and Z will be collected

Microsoft does not do this. They get very vague and broad descriptions of things they may be collecting in the EULA, and a little while ago they released a list of things they may be collecting with some features in Windows enabled (still not a detailed list though, just a very long list with general descriptions).