Dutch DPA's use of Microsoft's Data Viewer Tool reveals that no Windows 10 telemetry is anonymous

[LAwLz]

20 minutes ago, mr moose said:

Is that a court verdict or just an allegation so far, it will be interesting to see how it pans out regardless.  MS have responded to it and on a personal note the last three times I installed win10 I was asked to opt into/out of many of the DPA's complaints (with explanations). So Not sure how they can argue people didn't know. 

No court verdict yet.

There has been an investigation which shows that Microsoft are breaching privacy laws in some countries (confirmed in Netherlands, currently being investigated in Germany, France, Hungary, Slovenia, Spain and the UK).

France did an investigation before on their own and found that Microsoft were breaking privacy laws. They did not take it to court though because Microsoft changed things on their own accord after the investigation was done.

That's probably why it hasn't gone to court yet in other countries. They are waiting on Microsoft to see if they will fix these issues and comply with the law without being forced to. You rarely go straight to court in cases like these.

 

The opt into/out of things were actually one of the things Microsoft implemented to comply with french laws.

 

 

14 minutes ago, KuJoe said:

I never said that, you're assuming my statement meant something other than what it did. My statement was to imply that people thought this was news and that is SCARY. Anybody even remotely concerned about their privacy switched to Linux long ago, people still using any Microsoft, Apple, or Google software should be fully aware of their lack of privacy by now and if not shouldn't be allowed on the internet until they are better educated. In fact, my statement mirrored your post very closely, it's extremely bad to be so ignorant about technology in 2017. It's dangerous for everybody to not be informed and not take it seriously.

Oh I see. Sorry, I am so used to people using "everyone else does it" and "privacy is dead anyway" as arguments for why people shouldn't care about privacy that I wrongly assumed that was what you were saying too.

[Droidbot]

Damn, I love Windows but this shit is goddamn scary as a normal user. 

[NoRomanBatmansAllowed]

On 10/24/2017 at 11:19 PM, Taf the Ghost said:

I didn't migrate to Win 10, mostly for this reason. 

I'm pretty sure I remember seeing that W7 and 8/8.1 both got an update that allowed telemetry.

[jagdtigger]

3 hours ago, bob51zhang said:

I'm pretty sure I remember seeing that W7 and 8/8.1 both got an update that allowed telemetry.

Thats why i have updates disabled aincw they started giving out updates in black boxes(cumulative or whatever updates)....

[captain_to_fire]

5 hours ago, KuJoe said:

people still using any Microsoft, Apple, or Google software should be fully aware of their lack of privacy by now and if not shouldn't be allowed on the internet until they are better educated.

Just so you know, iOS and macOS allows disabling of telemetry and even if you enable telemetry, the device itself annonymizes telemetry data like email addresses, usernames and passwords are filtered out before it’s being sent to Apple’s servers. Google nowadays let’s you see what they are collecting about you and gives the user options to clear out history. None of those options are available in Windows 10. 

[KuJoe]

Just now, hey_yo_ said:

Just so you know, iOS and macOS allows disabling of telemetry and even if you enable telemetry, the device itself annonymizes telemetry data like email addresses, usernames and passwords are filtered out before it’s being sent to Apple’s servers. Google nowadays let’s you see what they are collecting about you and gives the user options to clear out history. None of those options are available in Windows 10. 

If you think that's all Apple is collecting then I'm not going to ruin anything for you.  As for Google, checking the "My Activity" option doesn't show a fraction of the data they record on me.

[dfsdfgfkjsefoiqzemnd]

19 minutes ago, KuJoe said:

As for Google, checking the "My Activity" option doesn't show a fraction of the data they record on me.

Indeed, and "clearing" the history may not actually delete the data. 

 

5 or so years ago a student in Austria forced Facebook to give him ALL the info they had on him.  Every single post, PM, poke, tag, notification that he had deleted from Facebook was still on their server, followed by the code "deleted=true". 

So when you're dealing with services or companies that harvest your data for financial gain,"clearing" or "deleting" something only means that you are hiding it from yourself.

 

EDIT : if you want to dig into it, his name is Max Schrems.  And if you want to put the amount of data collection into perspective, this is the result of 18 months of occasional Facebook use :

 

 

I know that this is Facebook, not Microsoft.  But if a site you visit can collect that much info, imagine what your OS can collect if people aren't vigilant and let companies just do as they please. 

[KuJoe]

Just now, Captain Chaos said:

Indeed, and "clearing" the history may not actually delete the data. 

 

5 or so years ago a student in Austria forced Facebook to give him ALL the info they had on him.  Every single post, PM, poke, tag, notification that he had deleted from Facebook was still on their server, followed by the code "deleted=true". 

So when you're dealing with services or companies that harvest your data for financial gain,"clearing" or "deleting" something only means that you are hiding it from yourself.

Exactly, this doesn't even count all of the information they are required to keep for legal reasons (i.e. if you ever sent an e-mail to or from a US company there's a nice little loophole that lets the government agencies get a copy of that e-mail without the need for a pesky warrant).

[captain_to_fire]

14 minutes ago, KuJoe said:

If you think that's all Apple is collecting then I'm not going to ruin anything for you.  As for Google, checking the "My Activity" option doesn't show a fraction of the data they record on me.

Even if what you say is true, would that make Microsoft lesser of three evils with their current invasive telemetry practices? No.

 

If there’s evidence that Apple is collecting personalized telemetry, why is it then EU countries aren’t raising privacy concerns at the moment. You do realize that saying everyone else does it is not a counter evidence but a sloppy one. 

 

Also, I would like to see evidence that Apple is collecting personalized telemetry data at the moment because as far as I’m concerned, my iPhone allows me to see what is being sent and none of the data they collect contains personally identifiable information that’s in plain text like my keystrokes or my usernames and my passwords. Zero, zip references. 

 

[KuJoe]

2 minutes ago, hey_yo_ said:

Even if what you say is true, would that make Microsoft lesser of three evils with their current invasive telemetry practices? No.

 

If there’s evidence that Apple is collecting personalized telemetry, why is it then EU countries aren’t raising privacy concerns at the moment. You do realize that saying everyone else does it is not a counter evidence but a sloppy one. 

 

Also, I would like to see evidence that Apple is collecting personalized telemetry data at the moment because as far as I’m concerned, my iPhone allows me to see what is being sent and none of the data they collect contains personally identifiable information that’s in plain text like my keystrokes or my usernames and my passwords. Zero, zip references. 

 

I think you either misread my post or misunderstood it because we're both in agreement. There is no "lesser evil" when it comes to privacy, all major companies are equally bad and shouldn't be blindly trusted (especially ones where they make a good portion of their money off marketing, advertising, and client interaction).

 

Do you send or receive e-mail through Apple's mail service? That mail is being tracked and stored, readily available to any government (with or without a search warrant depends on Apple's infrastructure). And there in lies the problem, people aren't even aware of exactly what is and isn't readily accessible to others. It's not just about telemetry, my posts are strictly about general privacy online and not a specific piece of data or data collection method. Who cares if they don't know all of my keystrokes? Does that change the fact that somebody else is able to read e-mails I sent to my friends and family who don't have the foresight or knowledge to run their own mail servers and instead rely on Google, Apple, or Microsoft for their e-mail needs?

[LAwLz]

1 hour ago, KuJoe said:

If you think that's all Apple is collecting then I'm not going to ruin anything for you.  As for Google, checking the "My Activity" option doesn't show a fraction of the data they record on me.

Do you have any evidence for this? I don't have a Mac nor an iPhone so I can't check it, but if you don't have any evidence then I donät think you should throw around wild claims like that.

 

40 minutes ago, KuJoe said:

I think you either misread my post or misunderstood it because we're both in agreement. There is no "lesser evil" when it comes to privacy, all major companies are equally bad and shouldn't be blindly trusted (especially ones where they make a good portion of their money off marketing, advertising, and client interaction).

I strongly disagree with that statement. There are clearly lesser evils here. THe less they collect and the more transparent they are about it the better. This is not a black and white issue.

[KuJoe]

2 minutes ago, LAwLz said:

Do you have any evidence for this? I don't have a Mac nor an iPhone so I can't check it, but if you don't have any evidence then I donät think you should throw around wild claims like that.

 

I strongly disagree with that statement. There are clearly lesser evils here. THe less they collect and the more transparent they are about it the better. This is not a black and white issue.

If you blindly trust what is being told to you by a company trying to make money off you then nothing I can post on this forum will convince you otherwise.

 

And yes, it's not a black and white issue. Which is exactly why education is key.

[Mr.Meerkat]

On 10/25/2017 at 12:02 AM, AresKrieger said:

Hence why I use my alias instead of real info for everything online, though I suppose I should have gone by "John Smith" as the alias itself is tracked.

And that is illegal in some countries  

At least its not a law that's enforced strictly...

[Delicieuxz]

6 hours ago, Captain Chaos said:

Indeed, and "clearing" the history may not actually delete the data. 

 

5 or so years ago a student in Austria forced Facebook to give him ALL the info they had on him.  Every single post, PM, poke, tag, notification that he had deleted from Facebook was still on their server, followed by the code "deleted=true". 

So when you're dealing with services or companies that harvest your data for financial gain,"clearing" or "deleting" something only means that you are hiding it from yourself.

 

EDIT : if you want to dig into it, his name is Max Schrems.  And if you want to put the amount of data collection into perspective, this is the result of 18 months of occasional Facebook use :

 

[picture]

 

I know that this is Facebook, not Microsoft.  But if a site you visit can collect that much info, imagine what your OS can collect if people aren't vigilant and let companies just do as they please. 

And Facebook had 1,200 pages on that person back in 2010. Imagine how much data Facebook would have on him today.

 

Here's another example, where a woman asked Tinder for the data they had collected about her, and she received 800 pages of personal information on her.

https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold

[jakinov]

18 hours ago, LAwLz said:

They do that. Among the telemetry data they collect they look at what is happening inside programs. For example they check what file you open with what program. I can probably find the class name for that telemetry data and some vague descriptions for you, but the list of data Microsoft collects is veeeeery long so it might take a while.

They claim they check it in order to gain insight in what causes programs to crash. And yes, it applies to third party programs too. I think it only happens at the default settings though, and the more limited telemetry settings won't look inside programs.

I don't have issues with them checking what files I open with what programs. I have issues with them taking the actual contents of the file and send it to themselves. I would be genuinely interested if you could show me where it says that it's collecting my data (not data that I use program x  but data that I store or generate inside of it like browsing history) from 3rd party applications. 
 

 

19 hours ago, LAwLz said:

But they don't tell you what data they are collecting or what they use it for in a clear manner. You need a high education in law in order to actually read the contracts (which constantly change by the way). They are designed to be deceiving and confusing.

If Coca cola decided to one day start putting roofies in their soda would you be OK with it? It would be listed in the ingredients (although not with that name, but rather with the chemicals that makes up roofies). Clearly you agreed to being drugged if you decided to drink their soda, right? Surely we don't need any laws to protect consumers from being harmed or taken advantage of... /sarcasm

Sure, and they should fix that. I'm not arguing that Microsoft isn't doing anything wrong in respect to the EU laws in questions or any other laws from other parts of the world. I initially, essentially, said that I don't personally care about the new information that has come to light about what else they are collecting.

I don't see how drugging people is comparable to collecting telemetry data by default. Also, it's not that I don't believe in any laws to protect consumers, I've mentioned a couple that I'm in favor for, which is strict laws on sensitive information and proper overall disclosure but I personally find the data harmless and so I personally don't see the need for a business to go out of the way to make sure that the user gets prompted to accept. 
 

 

19 hours ago, LAwLz said:

If you are not aware of something happening, then you can have given consent. It's as simple as that.

If you have sex with a girl without her knowledge (because she was passed out for example) then she has not given consent just because she is in your apartment or whatever. Sure you might have told her just before she passed out that you were going to fuck her, but if she didn't even understand what you were saying because you deliberately made it confusing by for example speaking in Mandarin then you are not innocent.

 

 

Firstly, I'd like to reiterate that I do believe in clear disclosure of what is collected and I'm not saying Microsoft properly did so. When it comes to consent, context matters, if it comes down to you using a product or service that chooses to monitor your behaviors (without breaking any other laws, again not saying Microsoft not currently breaking laws, I'm speaking in general) I don't see the need for explicit consent and I don't think it matters if they know it or not. Since you like to use analogies, a more relevant analogy that I can think of is recording people. Recording people is considered an invasion of privacy (and covered in most or maybe all countries under privacy law), if I disclose somehow that I have cameras installed in a store that I own (e.g. in my country you must have a sign that says you  have cameras). I don't see the need to have a gatekeeper that makes sure you understand that you are going to be recorded if you fail to take some personal responsibility and realize that if that kind of "invasion of privacy" is too much then you should pay more attention. Again, I do believe in restrictions depending on the case, so that store shouldn't be able to scan my drivers license, bank card, record my pin, and credit card and be able to keep that information in it's entirety without asking; which is similar to my OS stance, where they shouldn't be collecting sensitive PII without explicit consent. 

[Delicieuxz]

19 hours ago, jakinov said:

I don't have issues with them checking what files I open with what programs. I have issues with them taking the actual contents of the file and send it to themselves. I would be genuinely interested if you could show me where it says that it's collecting my data (not data that I use program x  but data that I store or generate inside of it like browsing history) from 3rd party applications.

It says in the screenshots in the OP that at the full telemetry level, Microsoft collects the contents of activities in apps, such which articles a person read (browsing history), and things a person writes into handwriting programs.

 

In Microsoft's Privacy Statement (which isn't even a company policy, meaning that it isn't a pledge to do anything, and that Microsoft wants people to know that they may or may not do according to what they write in that statement), they say that they collect the contents of people's activities including:

Quote

 

subject line and body of an email

text or other content of an instant message

audio and video recording of a video message

audio recording and transcript of a voice message you receive or a text message you dictate

 

 

Sometime around Windows 10's release, I read on a Microsoft page that they collect and analyse something like 10-second clips of audio when a person uses a microphone.

 

Also, the historical trend is that Microsoft is extremely tight-lipped about any PR-unfriendly information about how their data collection works, and what they do with the collected data. For example, it was explained somewhere either before or around the release of Windows 10 in a video clip that I watched, featuring a Microsoft person giving an interview or something, that all data collected by Microsoft is associated with a unique system identifier for each user (not the advertising ID).

 

However, later Microsoft would always say that the data they collect is anonymous - and people believed that. But, because I had seen that video clip statement, I was able to say many times on these forums, knowing that it was already confirmed by Microsoft somewhere that I'd seen, that none of the data collected by Microsoft is anonymous - which people sometimes didn't believe, and might have occasionally debated.

 

Now, we have confirmation for everybody of what I heard Microsoft themselves say before Win 10 released. And that confirmation shows that Microsoft has been lying directly to the faces of every Windows owner whenever they've claimed that the data they collect is anonymous. Microsoft took everybody, especially all the Microsoft apologists ("useful idiots," to Microsoft), for fools, to merely be exploited. Microsoft didn't care what they told people, and didn't care what people believed, so long as they could keep leeching and stealing people's data, so that they could sell it for profit. And that is the nature of a psychopathic corporation.

 

And that's only one instance from Microsoft's long and sorry history of being a pathologically lying, thuggish company.

 

The only things you can count on from Microsoft are they will exploit any avenue to make a penny, and all the while they'll say anything to benefit themselves, and will connive people on any subject that might involve information that would be negative PR for the company.

[jakinov]

12 minutes ago, Delicieuxz said:

It says in the screenshots in the OP that at the full telemetry level, Microsoft collects the contents of activities in apps, such which articles a person read (browsing history), and things a person writes into handwriting programs.

DPA is likely referring the native built in apps created by Microsoft, the articles I read aren't coming from Chrome or Firefox. It's likely coming from their built-in news reader. Browsing history and handwriting collection on default settings has already been known. 

17 minutes ago, Delicieuxz said:

In Microsoft's Privacy Statement, they say that they collect the contents of people's emails, and the 

This is a Microsoft Privacy Statement not a Windows Privacy Statement. I've read the snippets that circulated around during the initial launch of Windows that quoted excerpts and all the stuff that was quoted was very broad because the document is about how Microsoft as a company collects your data from it's wide variety of products and services and the type of data that could be collected and what they do with it. There is a page I believe somewhere that's supposed to be (it's not) an exhaustive list of what they collect by them; that should be your basis of what they say they collect from windows vs. what they actually collect. Not their broad privacy statement. 

[LAwLz]

58 minutes ago, jakinov said:

I don't have issues with them checking what files I open with what programs. I have issues with them taking the actual contents of the file and send it to themselves. I would be genuinely interested if you could show me where it says that it's collecting my data (not data that I use program x  but data that I store or generate inside of it like browsing history) from 3rd party applications. 

Here is some (please note that this list is not anywhere near the full list of things Microsoft collects) of the info gathered regarding program usage. Please note that these are not limited to first party programs unless otherwise specified.

Quote

• User navigation and interaction with app and Windows features. This could potentially include user input, such as name of a new alarm set, user menu choices, or user favorites.
• Time of and count of app/component launches, duration of use, session GUID, and process ID
• App time in various states – running foreground or background, sleeping, or receiving active user interaction
• User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller
• Apps used to edit images and videos
• SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line
• Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line
• Content searches within an app
• Reading activity -- bookmarking used, print used, layout changed
   

• App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.

• Whether the user clicked or hovered on UI controls or hotspots

• Caret location or position within documents and media files -- how much of a book has been read in a single session or how much of a song has been listened to.

That's just for regular usage.

Here are some additional info they collect for "device health and crash data":

Quote

• DLL library predicted to be the source of the error -- xyz.dll
• System settings such as registry keys
• User generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang
• Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data
• Memory in use by the application at the point of the crash.

 

 

And remember, that page is just a small portion of what they collect. They collect far more than that too. I think it was a few thousands different things they collect. And yes, as you can see they do look into the files you have opened in a lot of cases.

 

 

1 hour ago, jakinov said:

I personally find the data harmless and so I personally don't see the need for a business to go out of the way to make sure that the user gets prompted to accept. 

Well what you believe is kind of irrelevant because it is in fact harmful. Several studies has been made regarding this. People who know they are being spied on will unconsciously suppress beliefs they think are minority opinions, thus censoring themselves.

Here is an article about an MIT study regarding it.

Here is one from Oxford.

Here is one from the FDR Group.

Here is one from Wayne State University.

If you want you can look up the theory behind the Panopticon prison as well.

 

I can find more studies if you want but I think the point is very clear. Mass surveillance has a dramatic negative effect on democracy, by making people censor themselves and by breeding meekness and complacency. You might not realize it is happening, but it is, even to you.

You behave differently when people are watching you.

 

 

 

18 minutes ago, jakinov said:

DPA is likely referring the native built in apps created by Microsoft, the articles I read aren't coming from Chrome or Firefox. It's likely coming from their built-in news reader. Browsing history and handwriting collection on default settings has already been known. 

Nope, they are referencing third party apps too, not just Microsoft ones.

[jakinov]

1 hour ago, LAwLz said:

Here is some (please note that this list is not anywhere near the full list of things Microsoft collects) of the info gathered regarding program usage. Please note that these are not limited to first party programs unless otherwise specified.

Quote

• User navigation and interaction with app and Windows features. This could potentially include user input, such as name of a new alarm set, user menu choices, or user favorites.
• Time of and count of app/component launches, duration of use, session GUID, and process ID
• App time in various states – running foreground or background, sleeping, or receiving active user interaction
• User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller
• Apps used to edit images and videos
• SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line
• Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line
• Content searches within an app
• Reading activity -- bookmarking used, print used, layout changed
   

• App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.

• Whether the user clicked or hovered on UI controls or hotspots

• Caret location or position within documents and media files -- how much of a book has been read in a single session or how much of a song has been listened to.

That's just for regular usage.

Here are some additional info they collect for "device health and crash data":

It's not explicitly mentioned that this only applies to Microsoft's native apps so there's some level ambiguity when you are reading that section on it's own for some of the points but based on the context and how things are described in various other sections of that same page it's high likely that the article is just covering Windows and its native apps, at least when they talking about things inside the apps. I think it's fair to be suspicious and say that it could be secretly doing it anyways, or that this means they are. But based on this article, I personally am not interpreting it as them saying they are tracking what I do inside third-party party apps, collects the user data from 3rd-party apps, or my personal files. But that doesn't necessarily mean they aren't secretly doing any of that either. 

 

 

1 hour ago, LAwLz said:

Well what you believe is kind of irrelevant because it is in fact harmful. Several studies has been made regarding this. People who know they are being spied on will unconsciously suppress beliefs they think are minority opinions, thus censoring themselves.

Here is an article about an MIT study regarding it.

Here is one from Oxford.

Here is one from the FDR Group.

Here is one from Wayne State University.

If you want you can look up the theory behind the Panopticon prison as well.

 

I can find more studies if you want but I think the point is very clear. Mass surveillance has a dramatic negative effect on democracy, by making people censor themselves and by breeding meekness and complacency. You might not realize it is happening, but it is, even to you.

You behave differently when people are watching you.

 

 

 

Nope, they are referencing third party apps too, not just Microsoft ones.

But the type of data collection Microsoft is doing is not nearly as sensitive as the data the NSA tries to collect (that all of those studies you linked are referencing). Your using studies that talk about mass intrusive government spying and comparing it to telemetry data. Your comparing the government trying to record all your phone calls, store all your pictures/videos, record all your text chats, and browser history to functionality that tries to collect usage statistics, and information that can help them possibly troubleshoot problems or possibly sell (besides Edge browser search/browser history, I don't know how much of the data they are collecting is worth selling).

Also, all those studies are about how when the user knows they are spied on that they will behave differently and self-censor. Which I don't think really applies to our discussion. Why would a user self-censor himself using a product like Windows 10 if he doesn't know that he's being monitored? 

 

 

2 hours ago, LAwLz said:

Nope, they are referencing third party apps too, not just Microsoft ones.

Again, I don't think that's the case. If it were, you would think they'd make a bigger deal about it, instead of it being at the end, where it's like "oh they also collect this". The issues that DPA have mentioned is that; not everything is disclosed, the data isn't fully anonoymized, users aren't prompted better, and settings can change. They haven't made any complaints about overreaching or them sending non-telemetry data as telemetry data. 

[LAwLz]

14 hours ago, jakinov said:

It's not explicitly mentioned that this only applies to Microsoft's native apps so there's some level ambiguity when you are reading that section on it's own for some of the points but based on the context and how things are described in various other sections of that same page it's high likely that the article is just covering Windows and its native apps, at least when they talking about things inside the apps. I think it's fair to be suspicious and say that it could be secretly doing it anyways, or that this means they are. But based on this article, I personally am not interpreting it as them saying they are tracking what I do inside third-party party apps, collects the user data from 3rd-party apps, or my personal files. But that doesn't necessarily mean they aren't secretly doing any of that either. 

If they specify that some things only applies to first party programs but don't mention it on others then it apples to everything.

We collect X. We also collect Y, but only in our own programs.

There is no ambiguity there. X is collected everywhere but Y is only collected in their own programs. It is basic grammar.

I get that you desperately wants to believe that Microsoft are better than you think, but they aren't. You have been arguing from ignorance this entire thread. You clearly have a very strong bias in favor of Microsoft and you are just fooling yourself. The faster you accept the truth the better for everyone.

 

For fuck sake, it specifically says it collects data from within documents you have open and even gives some examples of files types. How anyone can be so willfully ignorant is beyond me.

 

14 hours ago, jakinov said:

But the type of data collection Microsoft is doing is not nearly as sensitive as the data the NSA tries to collect (that all of those studies you linked are referencing). Your using studies that talk about mass intrusive government spying and comparing it to telemetry data. Your comparing the government trying to record all your phone calls, store all your pictures/videos, record all your text chats, and browser history to functionality that tries to collect usage statistics, and information that can help them possibly troubleshoot problems or possibly sell (besides Edge browser search/browser history, I don't know how much of the data they are collecting is worth selling).

I can tell that you either didn't read the studies, or don't know what data Microsoft actually collects. All the ones I linked applies to Microsoft too. It feels like I am wasting my time trying to reason with someone who doesn't even understand what is going on. Like you said before, you don't actually know what Microsoft is doing, and you seem to refuse to learn about it too because it would go against your very narrow views.

Hell, where do you even think the NSA collects their information from? Have you been living under a rock for the last decade or so? if you want an example look no further than PRISM. On top of that, Microsoft has been helping the NSA collect data for quite a long time.

Skype and Outlook are two other confirmed instances where Microsoft has willfully given NSA access to user data.

 

14 hours ago, jakinov said:

Also, all those studies are about how when the user knows they are spied on that they will behave differently and self-censor. Which I don't think really applies to our discussion. Why would a user self-censor himself using a product like Windows 10 if he doesn't know that he's being monitored? 

Not everyone is clueless about what Microsoft does.

 

14 hours ago, jakinov said:

Again, I don't think that's the case. If it were, you would think they'd make a bigger deal about it, instead of it being at the end, where it's like "oh they also collect this". The issues that DPA have mentioned is that; not everything is disclosed, the data isn't fully anonoymized, users aren't prompted better, and settings can change. They haven't made any complaints about overreaching or them sending non-telemetry data as telemetry data. 

You don't think so, but that's because you are in denial and does mental gymnastics to try and invalidate all evidence thrown at you. "Oh yes they clearly say they do this, but I believe Microsoft don't understand basic English grammar so therefore I don't believe they do what they already say they do".

[jakinov]

3 hours ago, LAwLz said:

If they specify that some things only applies to first party programs but don't mention it on others then it apples to everything.

We collect X. We also collect Y, but only in our own programs.

There is no ambiguity there. X is collected everywhere but Y is only collected in their own programs. It is basic grammar.

I get that you desperately wants to believe that Microsoft are better than you think, but they aren't. You have been arguing from ignorance this entire thread. You clearly have a very strong bias in favor of Microsoft and you are just fooling yourself. The faster you accept the truth the better for everyone.

 

For fuck sake, it specifically says it collects data from within documents you have open and even gives some examples of files types. How anyone can be so willfully ignorant is beyond me.

But even if the points are app specific and you can tell that they are they don't explicitly mention it only applies to the app. There's mentions of them tracking successful logins, payment types, offer prices, purchase quantity. Does that mean it's tracking what I buy on Amazon.ca on Chrome? You are picking somewhat ambiguous points on their own that can be interpreted as broad and using that as evidence that they say they are going to be sending off payloads of my files or doing deep monitoring of inside 3rd party applications. 

It says it collects information about the files (which generally means metadata) when it crashes. The file types  also suggest that this applies to Microsoft applications though not native. 
 

 

3 hours ago, LAwLz said:

I can tell that you either didn't read the studies, or don't know what data Microsoft actually collects. All the ones I linked applies to Microsoft too. It feels like I am wasting my time trying to reason with someone who doesn't even understand what is going on. Like you said before, you don't actually know what Microsoft is doing, and you seem to refuse to learn about it too because it would go against your very narrow views.

Hell, where do you even think the NSA collects their information from? Have you been living under a rock for the last decade or so? if you want an example look no further than PRISM. On top of that, Microsoft has been helping the NSA collect data for quite a long time.

Skype and Outlook are two other confirmed instances where Microsoft has willfully given NSA access to user data.

Yeah I didn't read the studies, I at most read the abstract, title and your "summary" of it. What exactly am I missing from not reading the actual body? I got the jist of them, I'm not denying how they conducted their study but it still doesn't apply to our situation because you are comparing something with much higher magnitude and using a study with situation that just doesn't apply to the one in our discussion. 

 

You have given no proof that they are scanning my Chrome history or doing deep monitoring on any of my applications or sending the payload of my files. 

 

I do know know 100% what Microsoft is doing they could be secretly sending data through covert channels. But I know what they say they are doing and what the DPA says they are doing. 

 

The NSA and Microsoft is a whole different issue and not related to telemetry data. This telemetry data except maybe Edge browsing history is not very useful for the NSA. What's useful is when people use Skype which generates chat history and when they use outlook.com which generates emails stored in people's accounts which nobody has issues with them collecting. Unless you want to start talking about how Microsoft handles the data once they already collected it; or how companies like Facebook, Discord, Steam shouldn't be keep your chat history and companies like Yahoo and Gmail shouldn't be keeping emails stored on their servers. I don't see the relevance of NSA and PRISM in our discussion. 
 

4 hours ago, LAwLz said:

Not everyone is clueless about what Microsoft does.

Well then I'm sure they disabled it then. And aren't self-censoring so for those people a prompt won't fix anything. 
 

[LAwLz]

17 minutes ago, jakinov said:

But even if the points are app specific and you can tell that they are they don't explicitly mention it only applies to the app. There's mentions of them tracking successful logins, payment types, offer prices, purchase quantity. Does that mean it's tracking what I buy on Amazon.ca on Chrome? You are picking somewhat ambiguous points on their own that can be interpreted as broad and using that as evidence that they say they are going to be sending off payloads of my files or doing deep monitoring of inside 3rd party applications. 

Could you please stop closing your eyes at the truth? Something tells me you wouldn't even believe a handwritten note from Satya himself which just says "yes we do fuck our customers and collect a massive amount of private information about them".

 

 

18 minutes ago, jakinov said:

It says it collects information about the files (which generally means metadata) when it crashes. The file types  also suggest that this applies to Microsoft applications though not native. 

No, it doesn't... It says it collects information about the device and software such as error codes, crash dumps, user generated files and crash failure data.

Are you going to say it doesn't collect crash dumps but rather collects metadata about the crash dump too? It is possible that it doesn't collect user data, but the way the information provided by Microsoft is written it actually says it does. It is not meant to be read the way you read it because while it might make sense for that particular point on the list, if you apply the same logic to anything else on the list all of a sudden it makes no sense.

You can't choose to interpret the grammatical structure of the list one way for one particular point, but in another way for the rest.

 

 

28 minutes ago, jakinov said:

Yeah I didn't read the studies, I at most read the abstract, title and your "summary" of it. What exactly am I missing from not reading the actual body? I got the jist of them, I'm not denying how they conducted their study but it still doesn't apply to our situation because you are comparing something with much higher magnitude and using a study with situation that just doesn't apply to the one in our discussion. 

You missed the fact that physiological effects examined in the studies are not limited to the particular spying the NSA does. It applies to all mass surveillance, which is most certainly what Microsoft does.

You also missed the fact that the spying the NSA does is based on Microsoft's spying. The information NSA looks at is gathered or handed to them by Microsoft (among others).

 

 

36 minutes ago, jakinov said:

You have given no proof that they are scanning my Chrome history or doing deep monitoring on any of my applications or sending the payload of my files. 

You're right, I haven't. I doubt Microsoft does that by the way. Too big of a risk. What they have been caught doing however is injecting telemetry into programs compiled with Visual Studio. Of course you can and will come up with a ton of reasons why this is acceptable, or not a big deal but the fact of the matter is that Microsoft messed with third party code without having any documentation for it, despite having documentation for pretty much everything else done by VS.

I think it is foolish to just assume Microsoft doesn't look at files inside programs though (first or third party) because even their own explanation of telemetry says they do.

 

 

51 minutes ago, jakinov said:

This telemetry data except maybe Edge browsing history is not very useful for the NSA

I can't tell if you're serious or joking. You think browsing history is useful, but not information about essentially everything else related to someone's computer? The NSA has monitored people who has merely searched for Tor. I am fairly sure they would be interested in knowing exactly what computers has it installed, when it was installed, when it was updated, when a person runs it, how long they run it for, and so on.

Hell, just knowing which programs are installed and what versions someone runs is extremely useful information for attacks because they know exactly what vulnerabilities they can use. That's just a handful out of several thousands of different data points collected by Microsoft. I am sure there are far more than could be very useful to, and sought after by the NSA and other government agencies.

If you think your browser history is the only thing the NSA are interested in then you are very, very wrong.

 

 

49 minutes ago, jakinov said:

What's useful is when people use Skype which generates chat history and when they use outlook.com which generates emails stored in people's accounts which nobody has issues with them collecting.

I have issues with them collecting that. It is the main reason why I stopped using Skype and started using Wire instead.

 

 

57 minutes ago, jakinov said:

Unless you want to start talking about how Microsoft handles the data once they already collected it; or how companies like Facebook, Discord, Steam shouldn't be keep your chat history and companies like Yahoo and Gmail shouldn't be keeping emails stored on their servers. I don't see the relevance of NSA and PRISM in our discussion. 

I think how they handle the data is very relevant to this conversation. If they collected a bunch of data and then sent it in a packet with a TTL of 1 then I would care far less than I currently do. It would be very wasteful of computing resources but at least I wouldn't be very butthurt from all the ass fucking Microsoft does behind my back.

But the fact that they collect it, stores it on their servers, gives (or has given) NSA access to very private information and so on, that's the issue. If they didn't handle the data at all then it wouldn't be a privacy issue.

To me, the fact that they collect the data and how they handle it are different sides of the same coin. Chances to one of them directly affects how serious the other one is.

 

 

1 hour ago, jakinov said:

Well then I'm sure they disabled it then. And aren't self-censoring so for those people a prompt won't fix anything. 

You can't disable it unless you run some specific versions, and spend a considerable amount of time making chances in for example group policies, the registry, disabling services, and so on, all of which have a high risk of just being reset or changed whenever you install another update.

Besides, self-censoring is just one out of many issues with mass surveillance.

[TheKDub]

And this type of shit is exactly why I refuse to use Windows 10. (Except on my laptop, but I don't have much choice there due to drivers being incompatible with older versions of windows... Though I also don't use my laptop much and have done everything I can to block/disable telemetry.)

[dfsdfgfkjsefoiqzemnd]

4 hours ago, TheKDub said:

Except on my laptop, but I don't have much choice there due to drivers being incompatible with older versions of windows

Have you considered putting Linux on that laptop?  Now's a good time to do that, as it'll give you time to get used to it and make the full transition less abrupt when Microsoft ends support for Win7 and Win8.1 in 2020 and 2023.

 

 

 

Also, lack of drivers has rarely stopped me from switching a laptop over to a different version of Windows. 

Install whichever version of Windows you want and look inside the Control Panel -> Device Manager to see what drivers you are missing.  Right-click whichever part has an exclamation mark, select properties, go to the Details tab and select Hardware IDs from the drop-down menu.  Once you figure out which part of those lines indicates the manufacturer and part ID (see spoiler below), you can enter that into your favourite search engine and look for the drivers that way. 

This mouse didn't need a driver, it's just an example to show that Vendor and Part/Device ID may be indicated with different abbreviations

 

If I for instance wouldn't know that I have a Killer E2200 NIC and Windows wouldn't recognize it, I'd enter "PCI\VEN_1969|DEV_E091" in my search engine and look for forum posts of people who also searched for that one.  That gives you plenty of results where you can find the exact part name (in this case I found a thread on Tom's Hardware forum identifying the ID as a Killer E2200), after which you can look for a driver.  

I'd advise staying clear of the search results that offer drivers for that part ID right away, unless you recognize the URL as a site that you trust (like Softpedia for instance, or that of the part's manufacturer). 

 

In fact the only thing that ever stopped me was those damn proprietary function keys that require drivers from the laptop's own manufacturer.  But those usually work right away on Linux, so don't let that stop you from switching over to the dark side.

[TheKDub]

3 hours ago, Captain Chaos said:

Have you considered putting Linux on that laptop?  Now's a good time to do that, as it'll give you time to get used to it and make the full transition less abrupt when Microsoft ends support for Win7 and Win8.1 in 2020 and 2023.

 

Also, lack of drivers has rarely stopped me from switching a laptop over to a different version of Windows. 

Install whichever version of Windows you want and look inside the Control Panel -> Device Manager to see what drivers you are missing.  Right-click whichever part has an exclamation mark, select properties, go to the Details tab and select Hardware IDs from the drop-down menu.  Once you figure out which part of those lines indicates the manufacturer and part ID (see spoiler below), you can enter that into your favourite search engine and look for the drivers that way. 

 

  Reveal hidden contents

This mouse didn't need a driver, it's just an example to show that Vendor and Part/Device ID may be indicated with different abbreviations

 

If I for instance wouldn't know that I have a Killer E2200 NIC and Windows wouldn't recognize it, I'd enter "PCI\VEN_1969|DEV_E091" in my search engine and look for forum posts of people who also searched for that one.  That gives you plenty of results where you can find the exact part name (in this case I found a thread on Tom's Hardware forum identifying the ID as a Killer E2200), after which you can look for a driver.  

I'd advise staying clear of the search results that offer drivers for that part ID right away, unless you recognize the URL as a site that you trust (like Softpedia for instance, or that of the part's manufacturer). 

 

In fact the only thing that ever stopped me was those damn proprietary function keys that require drivers from the laptop's own manufacturer.  But those usually work right away on Linux, so don't let that stop you from switching over to the dark side.

I have considered it, but as far as I know, you can't really use visual studio on Linux to develop applications for Windows, and there are a bunch of smaller things revolving around application support, such as no Notepad++.
 

My laptop is still on Windows 10, it's the only OS that the drivers are available for. I tried setting up windows 8.1 on it, but there were a few things that I couldn't get to work either, like having the keyboard disable automatically when the screen is folded past 180 degrees (Lenovo Yoga Y710).

 

As for my desktop, I don't care if Microsoft drops Windows 8.1 support, I'll be using it on there until they cut the shit with Windows 10 and start treating their customers right.

As much as I'd like to switch to Linux, it's just not a viable solution for me specifically.