telemetry Next Windows 10 build will show what is being sent as telemetry data

[leadeater]

14 minutes ago, jagdtigger said:

Personal info should never leave the users PC without their expressed consent, period. What MS is doing is pure data theft and spying.

The issue with this statement is what people consider personal information. You (the collective you) also consented, otherwise uninstall Windows, this is a prerequisite to install Windows and it's impossible to have Windows installed without agreeing to it. You can challenge whether or not you were properly informed but you still accepted, likely blindly like everything else people click accept to without reading.

[jagdtigger]

3 minutes ago, leadeater said:

The issue with this statement is what people consider personal information. You (the collective you) also consented, otherwise uninstall Windows, this is a prerequisite to install Windows and it's impossible to have Windows installed without agreeing to it. You can challenge whether or not you were properly informed but you still accepted, likely blindly like everything else people click accept to without reading.

Ignoring registry tweaks that should disable any and all info gathering is pretty much substantiates what i said.... Not to mention how it ignores the hosts file.

[leadeater]

5 minutes ago, jagdtigger said:

Ignoring registry tweaks that should disable any and all info gathering is pretty much substantiates what i said.... Not to mention how it ignores the hosts file.

No, see trying to turn it off is not the same as having clicked accepted during install. As I said it's impossible to install Windows without accepting.

[jagdtigger]

1 minute ago, leadeater said:

No, see trying to turn it off is not the same as having clicked accepted during install. As I said it's impossible to install Windows without accepting.

Hiding it in the EULA wont make it any less illegal in my viewpoint... What they call basic is still collects too much, and because no-one managed to crack open this nut we still do not know what MS is still hiding from us. Until that happens i handle that junk as spyware.

[leadeater]

Just now, jagdtigger said:

Hiding it in the EULA wont make it any less illegal in my viewpoint... What they call basic is still collects too much, and because no-one managed to crack open this nut we still do not know what MS is still hiding from us. Until that happens i handle that junk as spyware.

And where else are they supposed to put it? lol. That's the problem with point of views, they can be wrong. That's why we have legal systems to sort this out and not public opinion. You will even be able to inspect the data being collected, what this topic is about. Not believing the tool is your choice though and you can still have your opinion that some of the data being collected is unnecessary however your only choices are agreeing to it or not using Windows.

 

You can after not agreeing to it and not using Windows try and get Microsoft to not collect the data you object to, how you can actually do this is not something I can say anything about as I believe you have no chance and I don't know how anyway other than saying talk to a lawyer.

[porina]

33 minutes ago, leadeater said:

your only choices are agreeing to it or not using Windows.

3rd option: block it at network level. They can still try to collect what they want, but it can't be exploited if they never receive it. The potential difficulty is knowing what to block, and it may change over time.

 

I use this trick to stop Windows Updates until I am ready, not when Win10 thinks it wants to. WU is relatively easy to block as MS provide a list of servers that provide that. I think it was for the opposite reason, where it is to help network admins to put the right holes in a firewall to ensure WU works. I'm not familiar if there are any other similar lists for functions like this. There may be potential side effects like other things not working.

[jagdtigger]

43 minutes ago, leadeater said:

And where else are they supposed to put it? lol. That's the problem with point of views, they can be wrong. That's why we have legal systems to sort this out and not public opinion. You will even be able to inspect the data being collected, what this topic is about. Not believing the tool is your choice though and you can still have your opinion that some of the data being collected is unnecessary however your only choices are agreeing to it or not using Windows.

 

You can after not agreeing to it and not using Windows try and get Microsoft to not collect the data you object to, how you can actually do this is not something I can say anything about as I believe you have no chance and I don't know how anyway other than saying talk to a lawyer.

Nowhere? IDK why governments didnt ban this already...(Before someone jumps in with android, i run a ROM based on AOSP without gapps.) BTW trusting anything from MS is not a god idea ATM, not after they perpetually lie about many things/not telling anyone about it. Ill wait until some trustworthy third party takes apart spy10.

 

4 minutes ago, porina said:

block it at network level.

Until they start to implement things that can traverse that firewall... I wouldnt be surprised if they done it.

Edited January 25, 2018 by jagdtigger

[porina]

2 minutes ago, jagdtigger said:

Until they start to implement things that can traverse that firewall... I wouldnt be surprised if they done it.

I've heard rumours but not personally verified they may ignore some (on PC) networking configurations or settings while accessing MS servers, so a local software only block on a system already may not be fully effective. Blocking it at a network level is different though. Fundamentally it has to have a connection and you can't just ignore a well configured hardware firewall. At a first level, it should be sufficient to determine what servers it contacts and block those, but knowing if you have a complete list will be the difficulty.

[jagdtigger]

1 minute ago, porina said:

I've heard rumours but not personally verified they may ignore some (on PC) networking configurations or settings while accessing MS servers, so a local software only block on a system already may not be fully effective. Blocking it at a network level is different though. Fundamentally it has to have a connection and you can't just ignore a well configured hardware firewall. At a first level, it should be sufficient to determine what servers it contacts and block those, but knowing if you have a complete list will be the difficulty.

Spybot anti-beacon has a list but IDK how old it is. But that would be a whack-a-mole game since they can change those addresses with the updates. And to top it off they can also include tools that can trick even HW based firewalls too.

[leadeater]

7 minutes ago, porina said:

3rd option: block it at network level. They can still try to collect what they want, but it can't be exploited if they never receive it. The potential difficulty is knowing what to block, and it may change over time.

 

I use this trick to stop Windows Updates until I am ready, not when Win10 thinks it wants to. WU is relatively easy to block as MS provide a list of servers that provide that. I think it was for the opposite reason, where it is to help network admins to put the right holes in a firewall to ensure WU works. I'm not familiar if there are any other similar lists for functions like this. There may be potential side effects like other things not working.

True, but my point was you have to agree when installing Windows. Trying to block thereafter is fine but you still agreed. Blocking it at the network level fully and properly is probably fairly hard, getting every address would take a while. I'd run up like 10-20 VMs and leave them running for 24+ hours and log the internet traffic from them, even that won't get them all though.

[leadeater]

5 minutes ago, jagdtigger said:

Spybot anti-beacon has a list but IDK how old it is. But that would be a whack-a-mole game since they can change those addresses with the updates. And to top it off they can also include tools that can trick even HW based firewalls too.

It's not so much they can trick them it's that the destination addresses change and Microsoft uses the addresses for other things than just telemetry. If I didn't want it blocked I'd use an application load balancer behind common public IP addresses and then direct traffic where it needs to go from that, you'd have to block everything or leave it open.

[porina]

1 minute ago, jagdtigger said:

Spybot anti-beacon has a list but IDK how old it is. But that would be a whack-a-mole game since they can change those addresses with the updates. And to top it off they can also include tools that can trick even HW based firewalls too.

It remains a risk for sure.

 

For fun I tried to look up if there is a list from MS on those servers, and so far found this:

https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization

 

It lists 5 endpoints and describes what they do. There may or may not be more, and we have to be careful here as there may be other things contacting back to MS for reasons other than telemetry. 

[jagdtigger]

27 minutes ago, leadeater said:

It's not so much they can trick them it's that the destination addresses change and Microsoft uses the addresses for other things than just telemetry. If I didn't want it blocked I'd use an application load balancer behind common public IP addresses and then direct traffic where it needs to go from that, you'd have to block everything or leave it open.

Good thing i do not use any of their online products, the blocked WU is just an added bonus.

[LAwLz]

8 hours ago, Kherm said:

I'm amazed that people are complaining that this is somehow not enough or not honest.

8 hours ago, Sierra Fox said:

seriously what the actual fuck is wrong with this forum. you ask for something, you get it and claim it's bull shit/lies. What do these companies have to do to appease you?

8 hours ago, mr moose said:

Human survival instincts make it much easier to be scared and suspect than look at the bigger picture.  

Here is the thing... Microsoft are known for lying. They have literally been found guilty in court several times for it and other shady practices (not necessarily related to privacy reasons). On top of that they have also been close to being brought to court by several government organizations for various reasons related to data collection only to change things to avoid it.

And they have been extremely shady from the start with what they collect, how they collect it and for what purposes. I mean, they have even done things like sneak in ads/data collection in updates labeled security updates. They have sunk as low as you can go in their quest to collect data on users.

 

This is basically a known thief and diagnosed pathological liar showing you the content of his pockets and going "see? I am innocent. I don't have anything there", but only after being suspected of several crimes for the last couple of years.

 

You would have to be incredibly naive to believe that Microsoft will now disclose 100% of what is being collected and it is not being tampered with in any way. It might be the truth, but Microsoft has given me no reason to trust that it is, and neither should any of you.

 

 

Want to know what Microsoft should have done to appease me?

1) NEVER put anything that is not strictly security related in an update labeled security update. This alone is honestly enough reason for me to not trust anything they say for a long time. There is absolutely no excuse for it and it should quite frankly be illegal. From what I remember, it was an update for Internet Explorer which contained either the "upgrade to Windows 10" ad, or the data collection stuff they have ported over to Windows 7 (might have been both of those too).

 

2) Made sure they only collected the minimum amount needed from the start. According to Microsoft themselves, they have cut down on the amount of data entry points by about 50%. So for the first year or so they collected about twice as much as they actually needed, and that's by their own admission. They might still be collecting a lot of unnecessary things.

 

3) Have an off button. Users should be in charge of whether or not they want to share their data with Microsoft. I do not care what they use the data for, users should be in charge of their own computers.

"But it's for the greater good". Then have it on by default (I'd prefer if it was an option at first startup) but at least have a button to turn it off somewhere. The argument that grandma Astrid is going to look into the advanced settings to try and disable something she doesn't even know exists doesn't hold water, so the ignorant masses would still be sending the telemetry data Microsoft so desperately wants. You don't have to cater to the lowest common denominator in your OS. That's why we have advanced settings.

 

4) Stop with all the sneaky things. Things like ignoring host entries. Things like telemetry data ignoring proxy and VPN settings. Stop with the on/off settings which doesn't actually turn things on or off. Don't inject telemetry code when someone compiles a program with Visual Studio.

 

5) Have been more clear with what they were doing from the start. They should not have been investigated for breaking several privacy laws in different countries before they became more clear with it. It should have been there day 1.

 

6) Allowed me to see what was being collected since day 1. It is nice that they have fixed point 5 and 6, but they were incredibly slow with it. It's been about 2,5 years since I started suggesting this and they have only now announced that they will implement it in the future.

 

I don't think these are unreasonable reactions or things to expect.

If they had done these things I might have believed them with this announcement. As it stands right now they will have a long way to build up my trust again. Until then, I will not believe this is all they collect until it has been verified by third party sources. Even if it is verified, I will suspect that they might change things in future updates.

 

Edit: But credit where credit is due. They are 2,5+ years late with this but better late than never. 

[leadeater]

53 minutes ago, LAwLz said:

1) NEVER put anything that is not strictly security related in an update labeled security update. This alone is honestly enough reason for me to not trust anything they say for a long time. There is absolutely no excuse for it and it should quite frankly be illegal. From what I remember, it was an update for Internet Explorer which contained either the "upgrade to Windows 10" ad, or the data collection stuff they have ported over to Windows 7 (might have been both of those too).

Both, there was an IE update with the Windows 10 ad and a Windows security update that added the telemetry to all Windows versions. You would also always get offered the Windows 10 upgrade in Windows Updates and it was the default action so easy to trigger it rather than clicking the small link below it that would show you the actual updates.

 

There was even a warning displayed to people that had Chrome installed that it would effect your battery life and recommended to switch to Edge.

 

Thing is, as annoying as these things are it's Microsoft's products so unless we want to start entering the realm of controlling what people can do with their own products we have to let them do what they want with their product, what is legal of course. Usually user feedback and not purchasing the product is enough to influence future choices and changes but that's not really a thing with Windows, it's like the saying to 'big to fail' but worded 'to big to care'.

[LAwLz]

11 minutes ago, leadeater said:

There was even a warning displayed to people that had Chrome installed that it would effect your battery life and recommended to switch to Edge.

Wasn't that in Windows 10 though? I was strictly talking about what they did with Windows 7, where they were pushing out an (maybe more?) update labeled a security update, but it contained other things.

That's what I think should be illegal, because it deceives people and only benefits Microsoft.

It's like hearing your doctor say those pills he gave you a few weeks ago weren't to cure your cold like he said, they were vitamin pills he had been paid to give to people, and the only reason he disclosed that to you were because you figured it out on your own.

 

 

15 minutes ago, leadeater said:

Thing is, as annoying as these things are it's Microsoft's products so unless we want to start entering the realm of controlling what people can do with their own products we have to let them do what they want with their product, what is legal of course. Usually user feedback and not purchasing the product is enough to influence future choices and changes but that's not really a thing with Windows, it's like the saying to 'big to fail' but worded 'to big to care'.

Are you talking about the security updates or spying/ads as a whole right now?

 

If it's the misleading "security" updates then I most certainly believe that should fall into the realm of "controlling what companies can do with their own products". Right now it probably doesn't, but I think it should because it is bad for consumers.

 

 

If it's about spying and ads as a whole then of course that shouldn't be illegal.  I don't think we should focus on "is it legal or not" though, because the real question should be "is it right or not".

 

I really dislike this trend where people justify poor behavior with "it's legal". Yes it is legal (in Microsoft's case, it might be illegal) but that shouldn't be what people focus on. People should focus on if it's the right thing to do.

Beating children is legal in some countries, but I would never justify that horrible behavior with "it's legal so they can do it if they want".

I am not saying that Microsoft are child beaters, but what I am saying is staying within the law does not mean you are doing what is right and can therefore not be criticized or improve in some way.

 

I as a consumer only cares about one thing, that the product I use is good. If there is something I dislike about a product then I will voice my complaints. The spying and ads in Windows 10 are two examples of things I dislike (I have more complains than those two). I won't start liking them just because someone tells me "it's legal so Microsoft can do it". I don't care if it's legal, I don't like it so I will complain about it in the hopes that they fix it. I complain because I want them to fix things so that the product becomes better.

[leadeater]

35 minutes ago, LAwLz said:

Are you talking about the security updates or spying/ads as a whole right now?

Mostly in general but if Microsoft wants to add the telemetry to previous versions of Windows that's their choice for their product. The ads is a bit tougher as there are already regulations around advertising but like a lot of those they  weren't written in mind of the internet or in software placement.

 

35 minutes ago, LAwLz said:

If it's the misleading "security" updates then I most certainly believe that should fall into the realm of "controlling what companies can do with their own products". Right now it probably doesn't, but I think it should because it is bad for consumers.

That could possibly come under existing laws already or with minor alterations to them, generally speaking no company is allowed to purposefully mislead it's customers. Microsoft can easily argue that the telemetry and the upgrade prompts were both security related, without any sort of clear guidelines on this it's easy to just keep this going around in legal circles until the complainant gives up or you appease them enough to give up.

 

35 minutes ago, LAwLz said:

I really dislike this trend where people justify poor behavior with "it's legal". Yes it is legal (in Microsoft's case, it might be illegal) but that shouldn't be what people focus on. People should focus on if it's the right thing to do.

Beating children is legal in some countries, but I would never justify that horrible behavior with "it's legal so they can do it if they want".

I am not saying that Microsoft are child beaters, but what I am saying is staying within the law does not mean you are doing what is right and can therefore not be criticized or improve in some way.

 

I as a consumer only cares about one thing, that the product I use is good. If there is something I dislike about a product then I will voice my complaints. The spying and ads in Windows 10 are two examples of things I dislike (I have more complains than those two). I won't start liking them just because someone tells me "it's legal so Microsoft can do it". I don't care if it's legal, I don't like it so I will complain about it in the hopes that they fix it. I complain because I want them to fix things so that the product becomes better.

It's not a case of you should like because it's legal it's about the consequences of setting precedents or creating rules with good intent that turn out to be harmful not helpful. This does strike me as rather odd to have to point out to people who in other topics object government control and laws but then are all for it when it applies to company they do not like.

 

Also I much prefer when people talk about the topic they stick to actually correct terms and not over exaggerate i.e. Data theft or use silly names like spy10. It's hard enough discussing an ambiguous topic without adding in ambiguous terms and wording that you know isn't correct and are using them for effect, no I don't mean you.

 

35 minutes ago, LAwLz said:

Wasn't that in Windows 10 though? I was strictly talking about what they did with Windows 7, where they were pushing out an (maybe more?) update labeled a security update, but it contained other things

Yea that was Windows 10, might have also been 8/8.1 Edge is Windows 10 only, it was an action center message which that OS also has. Those other updates were pushed to more than just Windows 7.

[Kyol]

Might get Win10 now, finally.

Oh wait, updates still breaking machines left, right and centre. *Sigh*

[TidaLWaveZ]

9 hours ago, hey_yo_ said:

It's called customer care bruh.

And that's exactly what it is.

 

They are gathering data in attempts to make the user experience better, bruh.

[captain_to_fire]

1 hour ago, leadeater said:

There was even a warning displayed to people that had Chrome installed that it would effect your battery life and recommended to switch to Edge.

Like this?

 

Oh Microsoft. Stop trying to make Edge happen. It's not going to happen.*

*I don't think anyone in the forum can guess which movie this line came from 

 

1 hour ago, leadeater said:

I miss Windows 8.1 

 

It was such a huge improvement over Windows 8 and I think memory management is better than Windows 10 because it doesn't have the Windows 10 accompanying bloatware like Cortana and others. I think it was Luke or Linus who said that they never had a system crash or any major problem when their editing PCs are running on 8.1.

[captain_to_fire]

Just now, TidaLWaveZ said:

And that's exactly what it is.

 

They are gathering data in attempts to make the user experience better, bruh.

Sure telemetry is used by everyone to make their products work better but do they really have to do that with personally identifiable information attached?

[leadeater]

4 minutes ago, hey_yo_ said:

It was such a huge improvement over Windows 8 and I think memory management is better than Windows 10 because it doesn't have the Windows 10 accompanying bloatware like Cortana and others. I think it was Luke or Linus who said that they never had a system crash or any major problem when their editing PCs are running on 8.1.

I only moved to Windows 10/Server 2016 for DX12 support, there is nothing else for my gaming desktop that I need in Windows 10. Also the same reason I moved to Windows 8.1, DX needs to die.

[TidaLWaveZ]

Just now, hey_yo_ said:

Sure telemetry is used by everyone to make their products work better but do they really have to do that with personally identifiable information attached?

What specifically are you talking about when you say personally identifiable information?

 

User ID is about as detailed as it gets afaik.

[captain_to_fire]

Just now, leadeater said:

I only moved to Windows 10/Server 2016 for DX12 support, there is nothing else for my gaming desktop that I need in Windows 10. Also the same reason I moved to Windows 8.1, DX needs to die.

Is Server 2012 R2 more stable than Server 2016? As far as I remember in a WAN show episode Luke told Linus that he's still using 8.1 and he hasn't found anything that requires him to use 10 then Linus responded that either their editing PCs or their server (I'm not sure which one) never had major problems when it was running on 8.1 (or Server 2012).

[asus killer]

i'm not opposed they collect information, and because i don't do sensitive work on my PC's i couldn't care less even what type of information (imagining is normal OS stuff of course), but.... it should be anonymous, ALWAYS. 

 

But i guess this days information is more valuable than most products anyway. The other day i went to the dentist, the next day my facebook was full of ads for dentists. It is small and in all fairness irrelevant to me that they used my location to know where i was and use it to bomb me with ads the next day, but still its a privacy violation.

All i wanted was to forget the torture chamber at my dentist and i had all this graphic ads the next day 

PS: i hate facebook and only use it for a specific purpose.