Is there any accurate analysis of exactly what Microsoft collects in Windows 10? I understand you cannot totally disable the telemetry (with the exception of an Enterprise version) but when put down to the "basic" level is there any capture of what is being sent? Everything I have seen is bullshit anti-Microsoft fairy tale stuff.
I understand text and voice data will be captured and sent if you use Cortana but that is pretty obvious, the same is true of Google, Bing, Siri, etc. [0]
What I want to know is when I put things at the lowest setting possible what do MS get and how often?
Edit: [0] I mean captured and sent for processing. I expect (perhaps wrongly) for it to be deleted from Microsoft's servers as soon as my request has been answered. Unlike Google which stores everything you say to Google Now for example.
> I understand text and voice data will be captured and sent if you use Cortana but that is pretty obvious.
Not really. I was surprised both by Google storing every voice recognition sample they've ever received, and I was also surprised that people weren't totally creeped out and outraged at discovering this. Most people admit to being a little creeped out, but get over it very quickly.
Most people don't know this, and I didn't expect it either. Having used voice recognition in the past (like, 8 years ago) they were just programs that worked very badly, but they were the state of the art back then. That they now upload everything ever is recent news to me.
It's not all "bullshit anti-{bigCorp} fairy tales" if it's something people genuinely didn't expect.
IMHO, Google storing voice recognition samples does freak me out, especially because voice recognition is automatically activated by "OK Google" and maybe other triggers and maybe depending on version or the hardware used it's not that good - for example when my wife plays songs on her LG phone, she gets Google's voice recognition activated erroneously all the time.
So basically random bugs can get your very private conversations recorded on servers that can be under the control of state agencies and disgruntled employees, possibly stored forever? That's a reason to freak out really.
>IMHO, Google storing voice recognition samples does freak me out, especially because voice recognition is automatically activated by "OK Google"
I've had google search activate a few times by my wife watching TV in the background and once when it was sitting in front of my speakers while listening to a podcast. We've tried going back and replaying the same bits but can never get it to activate in the same place twice. Still, it is strange to be sitting there and suddenly have the Google mic pop up.
I think battery life and 4G network bandwidth are constraints for now. If it would record and stream data while in standby, battery wouldn't last for more than a few hours and would visibly consume your allocated bandwidth.
What they do is to introduce a dedicated processor that listens for these keywords and that is supposed to wake the phone up on detection. The danger of course is having that processor activate the phone on keywords other than "OK Google". And it doesn't even have to be on purpose. As I said, my wife's phone detection is totally broken for some reason.
It doesn't need to stream all the time, just record. The traffic is encrypted end-to-end anyway, you can only do an analysis on the size relative to how much time it's been idle.
Who says it would use up your data usage? Of course this would require the network operator to allow it but it isn't anywhere near impossible to do without the user knowing.
You can also show per-app data usage over wifi on Android (it's a single click away on stock Android). If Google Now was transferring 2.8 GB of data each month, someone would have noticed. Also, the high battery usage argument.
If they were streaming spy data like that, I suspect that they wouldn't report the data usage. IMO, battery life is the strongest indicator that they aren't.
I think if this were happening, people would eventually be able to tell by watching the network traffic. You may not be able to decode the network traffic, but if you run it through an analyzer like wireshark, while you say "OK, Google" and you see the bandwith increase, then if you see a similar bandwidth pattern other times you might have a clue that its recording. Of course that assumes they aren't saving to the disk and sending it later.
that at least does not really worry me. Google is very paranoid over who can access customer data from the inside.
Government access is way more of an issue IMO. I would be way more creeped out by somebody going over my whole gmail history than my searches (audio or not) though.
Ah I should clarify I was talking about it being "captured and sent" as part of Cortana using "the cloud" to do the "heavy lifting" on the server. I wasn't talking about it being stored. I do not know if Cortana saves everything you say like Google does? If it does I cannot find any option to view and delete this data like I can in the Google Dashboard.
And yes I agree it is disturbing that so much is saved. I remember the first time I opened the audio recordings area in Google Dashboard and my jaw hit the floor at just how much it had captured. Thankfully you can delete it easily. Well delete it from view, I don't believe for a second it is truly gone.
As far as I understand it, there is no way to know what Microsoft sends, unless you work at Microsoft.
As such, the "bullshit anti-Microsoft fairy tale stuff" is just as valid as whatever you believe that they send. Especially also under the connotation, that Microsoft does actually reserve the right to send anything they want in their Privacy Statement.
And we shouldn't treat privacy as "innocent until proven guilty". If they cannot provide a lower boundary where you have a guarantee that they respect it, then we should assume the worst.
But why just target Microsoft? What about Google? Apple?
Big data is huge and there is no end in sight as far as growth goes! Telemetry is a big success. And we're talking about regular usage now. Hospitals use new state of the art EMR software with all kinds of telemetry built it as well.
Is this a calculated derailment technique?
Why MS? Because MS is the subject being discussed in this post, is why. Wanna talk Apple? Open up an Apple privacy related article's comments and you'll read the same concerns accompanied by more red herrings asking 'why just Apple?'. Repeat for Goggle, if you need further clarification.
Why not Verizon? Why not NSA? Why not the traffic strips counting cars? why not the ticket guy @ the cinema?
They have. Repeatedly. And for whatever reasons most are unaware of, they appear to be getting away with their actions more or less. Why? I don't know, ask a lawmaker. Or better yet, ask a lobbyist. Even better, ask the DHS PAC:
Google; no idea, but they're not in the desktop market or used as a business OS exclusively so that may be why.
Apple; there's a toggle switch to turn off telemetry and it works. But it's also not a primary business operating system and doesn't hold the market capital the same way either.
If the country was running on apple products for mail, appointment making, meetings, and all national work was done on apple OS, then it would be open to the same scrutiny. But even so, they've been good about keeping their nose out of your operating system.
Besides they not being the subject, Apple and Google do not reserve the right to upload anything accessible from your computer into their servers without some kind of authorization. Yes, some times it's opt-out, but it's still different.
> just as valid as whatever you believe that they send
Just because multiple things are possible in this case, that doesn't inherently mean all things are equally plausible. Otherwise we'd have to pretend that the lizard people conspiracy theory is as likely as anything else that has yet to be proven. Your premise drops the critical consideration of plausibility and declares all possibilities equal, no matter how fantastical.
That's the same logic error that leads people to believe one roulette wheel spin influences the next, and that if you have two possibilities then the odds must always be 50/50 regardless of context.
Why would Microsoft reserve the right to upload absolutely anything they want from your computer if they had no plans of uploading things you don't expect them to?
You can claim that Microsoft spying on their clients again¹ is a fantastical proposition all you want. It does not make it so.
1 - They were caught a few times doing that already, and even stealing IP.
Right, I didn't expect someone to put my comment through their formal logic interpreter which doesn't make any assumptions about context and meaning whatsoever.
What I meant was that any bullshit anti-Microsoft fairy tale stuff, which is not trivially disprovable as physically impossible or clearly illogical for Microsoft to do, is just as valid as whatever he/she believes.
That is, as long as his/her beliefs are also within this same range of thinkable things that Microsoft could do, as otherwise those other claims would actually be more valid.
> Is there any accurate analysis of exactly what Microsoft collects in Windows 10?
Microsoft could easily demystify this by writing detailed document detailing what is being sent but unfortunately there isn't one. Even if it was, part of the outrage is that some most egregious options are opt-out and easy to miss if you are not technically inclined and just went through unintended upgrade.
Most lists are open-ended, they will start with "such as" so you can't be sure there isn't anything more. Even then under basic level I fail to see why they'd need to take my IMEI number or device attributes of presumably every piece of hardware I connect to my computer.
Then there's another group of settings related to privacy, the most troublesome is "Send Microsoft info about how I write" which seems intentionally vague about what it does, but it's been suggested that it sends keystrokes to Microsoft and we know this feature is included in Windows due to this bit from privacy statement: "Microsoft collects and uses data about your speech, inking (handwriting), and typing on Windows devices to help improve and personalize our ability to correctly recognize your input."
I obviously have no more definitive insight than you, but it seems most people agree that this refers to inking. It's data about handwriting and character recognition. We can't say for certain that it doesn't include information about keystrokes and sentence structures/patterns, but it's the most obvious. Occam, Hanlon, and a bunch of other razor manufacturers and all that jazz.
I wonder if the safer approach at this point is to assume that Microsoft can collect anything, including keystrokes, audio/video input, screen captures, etc. until proven otherwise.
Further, and something I don't see discussed as much, is their apparent ability to force through whatever "improvements" they want to this tracking via their now-impossible-to-fully-disable Windows Updates system.
Is it entirely unreasonable to expect them to use that for targeted delivery of payloads on "terror suspects" or what not? I realize that might be a bit in the tin-foil hat territory, but until proven otherwise, I feel like we need to assume that capability now exists.
You and a large number of others would like to know what is in the telemetry. If I recall correctly, the problem is that it's all TLS wrapped with pinned certs (no source on that at the moment). You'd be doing the internet community a favour if you figured out a way to decode the "telemetry" packets to see what's actually in there.
I'm still kind of surprised this hasn't been reverse-engineered. It ought to be possible to find the process that's doing it and hijack its use of the crypto DLLs to record what data is passed in.
Do you still get telemetry data when it's run in a VM?
Yeah network capture isn't going to be any use as it is all encrypted. I was wondering if anyone had registry and file system captures on what was being collected, if that is even possible. It wouldn't surprise me to see Microsoft using private APIs to collect data and bypass monitoring tools. If they are it would look even worse though.
All of the FUD and other misinformation from random people on YouTube is annoying. I just want a straight answer.
The "private API, telemetry data doesn't go the normal route through the stack" is claimed in the most recent release of "Canard PC Hardware" (n°29) which is a half decent french computer magazine.
I administer a network of about 100 computers. One night I was monitoring the logs for the web proxy on the front of the network. It was around 2 AM and no one was there but me, so I was surprised to see dozens of connections streaming by with URLs like microsoft.com/userdata.aspx. I figured out it was the one box on the network that upgraded itself to Windows 10. Very disconcerting.
"IT" is me :) And yes it was an oversight, the rest of the network is comprised of thin clients running RDP, this was the one regular Windows box. Since replaced.
I'm planning on a getting a null modem and connecting a Windows 10 box to it, and also do some kind of TCPDUMP on the wire. I'm hoping this will be easy to do.
I've actually read the privacy policy that is linked from the Windows 8.1 operating system. It's pretty frighting what they collect. They're browser is basically spyware with the things it collects.
What I want to know is this:
If I use Chrome, or Firefox, are they still somehow collecting my browsing data?
I know that IE is actually built into the Windows operating system.
> I'm planning on a getting a null modem and connecting a Windows 10 box to it, and also do some kind of TCPDUMP on the wire. I'm hoping this will be easy to do.
Actually seeing everywhere a local machine is sending data to is easy. Figuring out what it is sending is significantly harder if the traffic is encrypted in transit, which Windows 10 telemetry is.
every mouse click, every letter typed, every program installed, timestamps of start/shutdown of every executable, serial number of every usb drive plugged in, etc etc etc
Windows 10 telemetry is encrypted. Anyone can state anything about what's sent. Non one knows for sure. Do have any evidence that is only sent what Microoft states it would? Trust but verify.
install W10 and watch your total host writes (for example crystaldiskinfo) per day just browsing the web for couple of days. It will average ~5-10GB/day, most of it is logs.
too late to edit, people thing im lying/joking/trolling. Ever wondered whats in C:\Windows\System32\LogFiles\WMI\RtBackup ? you cant look inside, system only. Performance Monitor > Data Collector Sets > Event Trace Sessions will give you an idea.
> you cannot totally disable the telemetry (with the exception of an Enterprise version)
Are we sure that the Enterprise version doesn't send anything ? Honestly I'd be ready to pay a premium for having an otherwise good OS respect my privacy.
The enterprise edition allows you to disable more telemetry than the other versions, but it still sends some data back.
There is currently no Microsoft-endorsed way to disable all telemetry, no matter how much money you pay, or which version of the software you buy.
I'm excited by France's decision. I hope the telemetry-free version of Windows 10 will be available outside of France, because I'd happily pay a bunch of money for it.
As it stands, I'm stuck on Windows 7 because I don't like the UI in Windows 8, and I'm not a fan of the telemetry in Windows 10. I've only run into a handful of apps that don't work because my OS isn't compatible with very new versions of DirectX/.NET, but these problems will only become more common with time.
Oh, come on! There is no huge performance boost. In fact, based on most properly done benchmarks, there isn't any performance boost at all!
The whole "myth" of a performance boost probably started simply because they added a new startup mode in W8, called "Fast Startup", which is basically just partial hibernation.
So even saying that it boots faster isn't correct; regular boot, sleep and hibernation are still just as fast as they were on W7.
Yes, I do. I have a hard enough time with the UI that I'm willing to accept a performance penalty.
I'm colorblind, and the flat design makes it very hard for me to figure out what's clickable. Things like borders, shadow, and shading provide valuable visual hints about which parts of the UI can be interacted with. I've heard that Windows 10 has walked back some of the more problematic design changes.
I would like laws that would force companies to disclose the bad side of what they are doing.
When they ask if you want to share what you type or say with them, in order to improve the experience and for you to get more relevant suggestions or more accurate spell checking or whatever, they only focus on the positives.
But that's not enough. I want them to say that your delicate and private conversations might leak and be used for nefarious purposes by disgruntled employees, state agencies, hackers or future owners of that data, because that's the truth.
Much like how cigarettes packs have graphical warnings on them. I'd like that very much, because as an ex-smoker I can tell you that those work. But of course, it would hurt their business to admit it, so they'll never do it willfully.
No no. If you trade something on margin or borrow money, in many countries like in the UK, all the marketing material has to clearly state the risks. All mortgage ads have a big banner "if you do not make your payments your house may be repossessed". A derivative contract with a mid-size company is now deemed missold if the marketing material doesn't highlights adverse or worst case scenario.
These are not font 6 footnotes in the terms and conditions.
Yes, and what great nanny-stateism. The only people whom that big warning helps are people who don't know what a mortgage actually is, yet are planning to take one out anyway. I'm sure such people exist in very small numbers but this is how you get "Warning: may be hot" on coffee cups. Where do you draw the line? Surely someone who walks into a bank and says "I'd like a mortgage" should be expected to know what repossession is?
And yet in the US look at any prescription drug ad, where there's this ugly extended component of the ad that details dozens of possible issues, which to your logic would be the job of the physician (and I agree), not the advertising.
People are giving special attention to the things that Microsoft is doing, but history shows that they will eventually accept it and live with it.
Facebook has been doing this for a long time, to extremely high degrees of invasiveness. Google as well, and pretty much every single web startup in existence. Collecting data is how you compete in modern business.
If you think this Microsoft stuff is a big deal you should have another look at the entire foundation of modern tech.
You are right, but I bag to differ. Giving out your personal emails or your private life to advertisers is one thing. But an operating system is the lowest dominator and the PC platform is where most data is stored and real work in being done. So Microsoft's 180 degree turn by the CEO from being a trustworthy company to a turning their customers to products is unheard of and very very concerning - especially given they still have a quasi PC monopoly (ca 90% market share). There is a long legacy history , some run up to 30 years old software on Windows and now are concerned with little option to move forward.
Is that much different from Android? Google is known for being incredibly pervasive, and also invasive.
I'd argue that my phone is almost a lower common denominator than my computer. My phone knows my geographic location at virtually all times, has logged into most of my web accounts, handles all of my social contacts (definitely more than Facebook. But even people who primarily use Facebook likely use it mostly from their phone and not their computer).
If we want to care about this stuff, things need to change in very dramatic ways.
"If we want to care about this stuff, things need to change in very dramatic ways."
Absolutely & unequivocally. Hard part is, the technological means is baked into every modern SoC & NIC, huge amounts of money are being made from the 'big Data' industry created & the psychopaths are driving the bus. We survived just fine back in the Stone Age(pre-smartphone) and we can hold out for change($=vote). Principals often require certain sacrifices.
I agree the OS is the lowest denominator. But given that mobile is predominantly the most common way people do a LOT of things these days, of which Android is also an OS, I think it's noteworthy that Google still manages to escape the level of criticism Microsoft often still gets.
My hope is that France can get Microsoft to just enable Telemetry 0 for all licenses, and that maybe they let us here in the US do it too.
Is this a calculated derailment technique? Why MS? Because MS is the subject of the article. Feel free to submit articles about others. As mentioned above, you simply cannot compare a smartphone operating system where one handles, emails (in the cloud anyway) some personal apps and a browser to a full desktop operating system where among many other things serious work is done as well as private and enterprise data is stored. Many people don't want to trade access to that data and act as a product - it's as simple as that. Sadly there isn't an Windows 10 edition free of the tracking stuff. Let's hope France gets Microsoft to stop that or offer a new edition without that stuff.
>As mentioned above, you simply cannot compare a smartphone operating system where one handles, emails (in the cloud anyway) some personal apps and a browser to a full desktop operating system where among many other things serious work is done as well as private and enterprise data is stored.
You definitely can, Feel free to disagree, but many would argue the comparison is fair, especially considering a smart phone has replaced a desktop or a laptop for many people. But to say in such absolute terms the comparison is not appropriate is naive.
If you were to read the comment two parents up, you'd see it's a response to a clear discussion comparing criticism of Google (and Facebook) and criticism of Microsoft. And suggesting that Microsoft is worse because they make an operating system is silly, because Google also makes an operating system. With similar concerns.
I'd also add to your statement that the "I'm giving away personal info to use this" implied contract applies easily to free apps and software on a low consequence device as you discuss, but people pay for Windows. Microsoft shouldn't be able to make money by selling the software AND selling the information of the people who use it.
Switzerland is usually pretty good at it, and Germany tends to also care, because of their Stasi-history, but the recent trend of "Terrorists killed a handful of people, let's throw away the fundamental rights of our population." hasn't left those two unscathed either...
Switzerland has horrendous data retention laws that just got even worse. Providers and services are forced to keep all user data for 2 years available for the state to access it
So what you gain in privacy vs private entities you lose with regards to the state having complete access to all of your online life.
3788 deaths in France in 2014 by road accidents alone. We're not going to dismiss fundamental rights for those, aren't we? I wish people would put things more into perspective.
I personally fear state powers much more than terrorism.
Realistically it's an average air crash. At the scale of a population like France it is almost meaningless. Drowning kills several orders of magnitude more. I don't see calls for changing the constitution to reduce the number of drownings.
Not to answer for the parent but IMHO it's not so much we shouldn't care. It's we should be very careful about what rights and freedoms we give up and how much power we give to a state to scrutinize our daily lives when the very thing we are trying to prevent has not had a major impact on our daily lives.
Yes, it had a major impact on some people and their families and their pain is not to be dismissed lightly but on the other hand we should not give up our way of life to prevent these things from happening, especially when evidence supports that the new laws that are written after these events seem to do very little to actually further protect us.
While a little sensational I think the graphic in this article concerning the TSA in the US does a pretty decent job of summing up exactly what we've gotten from "enhanced" security in the US.
Every homicide or rape is shocking, unacceptable, and one too many. Eliminating crime completely can be achieved at the expense of living in a totalitarian society. So there has to be a balance between the emotion aspect of every crime and keeping society free.
Medias usually have this balance in mind when they cover common crime. This balance goes totally out of the door when it is terrorism.
Typical Liberal broadsided thinking, We can't change the constitution just because terrorists are killing a marginal amount of people but we should change the constitution to ban guns because mass shootings are killing a marginal amount of people.
if you succumb to the fear of terrorism, then they've already won over you. its manipulation tool to change public into irrational/outright stupid decisions, with impossible promise of more safety in exchange for more control from state.
plus in french example, probably motivating some local young unhappy psychopats in muslim communities to help "with the cause" described above. goal? maybe civil war in france? more budget from saudi elites on jihad? don't know here.
if you look at all these acts through this logic, they don't look that bad, and they are truly a drop in the ocean of civilization of 7 billion. last year, in africa alone, 400,000 people died just from malaria, which is a lousy way to die just because you are poor. i don't see much emotions about these topics, yet numbers are shocking, every single time.
Te bus driver was not a zealot. He was a non-practicing, angry individual who found a convenient cause(or was it the 'news' and ISIS, ex post facto?) to justify his sickness/actions.
Edit: In addition, feel free to review another popular construct the FBI created soon after 9-11 to fan the flames of 'Fear Theater' by this 'extremist' group... a couple street thugs who had no potency beyond an FBI agent and promises of guns & bombs. How many trials did it take to convict some of them? Fear Theater works.
This is anectodal evidence, but I personally saw a CNIL inspection at a previous workplace (semi-big company in France, ~2000 employees at the time). 2 inspectors came in unannounced one morning and snatched a DBA to see what personal info was in all of our databases (Dev,Staging and Prod). They also did other inspections regarding our handling of personal data.
I switched to Ubuntu because of Windows 10. Using Linux as a primary operating system works great as a developer.
There is a saying which says if a product are free "you are the product". Microsoft made the upgrade to Windows 10 free a guess so that they can mine data about you and your habits. That data is valuable for marketing purposes.
Wireshark traffic dumps show a lot of data going to Microsoft telemetery.
I choose to say no to that data collection, instead wanting to keep a bit of privacy.
Have some security wiz MITM the Microsoft telemetry server with their own cert to inspect the data collection traffic?
I recommend disabling some of the Amazon integration in Unity if you're concerned about your privacy. This shouldn't be too difficult, even if you're new to Linux. I 'd also suggest getting Unity-tweak-tool and playing around with some of the settings in there.
EDIT: Just realized that since 16.04, Ubuntu no longer has online search results enabled by default in the Dash. Still though, play around with some of the settings!
Yeah, but Openbox isn't suitable for new users, at least not on its own. As part of something like LXDE or LXQt, it's definitely workable, but without a deeper understanding of Openbox, those are pretty much as good as any other Desktop Environment (except maybe that LXDE/LXQt are also among the lightest DEs around).
I would rather recommend either Ubuntu GNOME, if you want a rather unconvential, but highly integrated, highly user-friendly interface, or Linux Mint Cinnamon, if you want a cleaned up Windows-like interface, or Kubuntu, if you want a Windows-like interface which just smothers you in options, tweaks and customizability.
Yes I paid for downloading Ubuntu with a donation to Canonical. You can choose to donate as much as you want when you download. Its a small way to thank all the effort open source developers put into developing good open products. Plus other Linux users get to download the operating system for free, that should support the company behind Ubuntu.
Windows 10 isn't free and the free upgrade offer was only for Windows 7 users and up and it will be over on July 29. The official retail price for Windows 10 is $120 for Home and $200 for Pro. That isn't cheap either.
Indeed. (Windows 8 users too.) It's a free update (like... you know, many other free updates) to a paid license. And it remains a paid license. "You are the product" does not apply to Windows 10, and that's why it's so key that Microsoft change it's strategy with regards to telemetry: We're paying customers.
Why should MS change its strategy? They might as well double-down on their strategy and grab as much data about you as they can. What are you going to do about it? Most MS customers have shown they will not abandon Windows, no matter what, so it would be dumb for MS to worry about customers' feelings about being spied on.
I think if MS had a share of the mobile market greater than 2% (or whatever it is at now) they would be less inclined to enable such spying through their desktop OS.
However they are nowhere in mobile (and search), and desktop is the only source they have for user data. The thought of getting left behind in the data mining race by Google and Facebook must be a real concern, and they will do anything to keep up.
I suppose the LinkedIn takeover has changed this somewhat, but LinkedIn alone will not put them on terms with Google/Facebook.
> the four-character PIN system used to access Microsoft services is insecure, because there is no limit on the number of attempts a user can make.
I just tried logging in with my pin.
After a handful of tries I was given a string to enter before I could try again. I did that. After another try I got told to restart the device before I could try again.
So it doesn't look like 10 tries and locked out forever, but rather increasing penalties for incorrect attempts. Which is fine.
oh and my pin is 6 characters long.
If they don't have this right why should we believe them about any of their other claims?
I can agree on that point. The point of my comment wasn't necessarily the truthfulness of either quote, merely that they really need to follow through on what they are saying. Their hands and mouth seem to be in a state of disconnection.
The EU commission levied a $2bn (yes, billion) fine for Microsoft antitrust problems, i.e. the stupid removal of the choice popup for the browser in XP SP3 and not giving the API documentation to some editor. Those two things were very stupid misgivings by Microsoft: They were almost going out unscattered, and they played with the fire towards the end of the trial.
Since then, I like the EU commission. As long as they can bend the master plans of dominating US companies.
However, I don't see how the forced Windows upgrade didn't lead to a requirement to reimburse every user of their stripped Windows 8 license.
With LinkedIn [0], Microsoft has much more in its arsenal.
That said, who cares. I've hardly seen anyone use uBlock Origin, Ghostery or Privacy Badger. OTOH, people love tools [1] that read your email and notify about due bills and the like.
I have LittleSnitch on my Mac and observe the requests that my Windows VM makes. I believe you can use an equivalent tool on Windows, such as GlassWire, or also the very useful tool O&O ShutUp10 with which you can disable telemetry settings.
...and lose market share. Microsoft really needs to keep its product proeminent, especially today, especially in home products. So the EU commission actually has leverage to forbid certain behaviours.
Oh please, what are people going to do, switch to Macs? Or Linux? People have shown over and over that they're willing to accept any treatment Microsoft sees fit to give them, and that they will not abandon the Windows platform no matter what. MS can do whatever they want and customers will just take it.
The upper comment says "What happens if Microsoft only sells the Enterprise edition in Europe?", it will increase the price. In the absurd event when Microsoft doesn't sell the OEM anymore, people would have to pay $250 for a Windows license, which will make a lot of people switch. Yes, to Linux for the best, and to Mac for the new buyers.
Paying $250 for a Windows license is still less money than they're going to pay for a new Mac. Macs are very expensive.
And even so, lots of people have software that isn't compatible with Macs (or Linux for that matter).
I'm honestly curious what would happen if MS decided one day to jack up their Windows license costs to, say, $1000 per copy. Or what about $500? Would their revenue go up or down? Obviously, some people would switch to something else, a bunch more would just stick with what they have, but people do buy new computers now and then, and businesses are always refreshing. Combine this with "updates" to existing Windows versions to make them slower and slower and slower (like iOS does) to force people to get new versions of Windows, and it seems to me MS would probably make a lot more money by gouging customers as much as they can.
If MSFT charges 1000$ for Windows it wouldn't matter much (other than negative press) most windows licenses are sold through the non-retail programs such as:
Enterprise/Volume Licensing, SMB Licenses, Educational Licences (Students and Teachers), Developer Licensing (MSDN), Microsoft @ Home (buying considerably discounted licenses through your employers) and OEM licenses for retailers and system builders...
Since Windows 7 the vast majority of the windows licenses that are not VL are cooked into the machine (stored in the BIOS) and are effectively non-transferable (OEM lic's were never transferable, but now there is no sticker with a key anymore).
If microsoft decided to charge 1000% for the retail the majority of the licensing programs would be immune, OEM's/System Builders would love it (can rack up the prices since Windows is so expensive now), and pretty much none of the normal users would care/be affected by it directly.
Ok, maybe I'm not being clear, I'm not talking about MS just raising prices on certain licenses, but really across the board. What if they also jacked up their license costs for the ones "cooked into the machine", and also their Enterprise/Volume licensing?
Heck, I think they have even more room to screw their customers with the Enterprise licensing, not only for Windows but all their other enterprise products too. What are big businesses going to do, suddenly switch to Apple? Obviously, they couldn't do this overnight, but they could certainly jack up their enterprise license costs to 5x when they come up for renewal. They'd probably want to avoid doing this too much for some things where there's actually competition (like with SQL Server: businesses might switch to Oracle), but with Windows, MSDN, etc., they could. Where are customers going to go?
It's a company with millions of dollars on marketing. You can bet they've studied their price point and it is exactly at the right ratio between sale quantity and sale amount. If Linux became unsafe/untrusted (e.g. unapproved by S&P500 audit companies for example, or if black hats activities were discovered at the kernel level of Linux), however, they would become a monopoly on PCs, and they indeed could triple the price.
I'm sorry, I have to disagree with this. I don't see how the perception of Linux's security would have anything to do with Microsoft's pricing for Windows. As much as I wish the case were different, Linux is simply almost never considered as a viable alternative to Windows (on the desktop), except in a few rare cases which are so rare, they become big news items (e.g. city of Munich government). Both companies and individuals are too invested in Windows and its software ecosystem to even contemplate a change, except maybe to Macs. I do see more people switching to those, both individuals and companies actually (I almost interviewed at a small company that was all-Mac). So if MS quintupled their prices for Windows Home/Pro, I could definitely see that spurring a defection to Macs, though I still doubt it'd be that big because of the installed base of Windows software that doesn't have a Mac version. Also, Macs just don't seem to be set up for enterprise use the way Windows is, and while Linux can be, it takes more IT competence than I've ever seen at a large company (which these days seem to be outsourcing to external vendors anyway).
It's not possible to disable telemetry completely, even on enterprise. You can select between "Extended", "Normal" and "Basic" (I think those were the names anyway).
Enterprise users get a 4th option called "security" for telemetry I think (which in gpedit is option 0 I believe). I think it sends even less than basic and as the name implies it only sends security relevant telemetry (Defender, MRT, etc).
What counts as "excessive"? Apparently whatever someone at CNIL thinks is excessive. I can imagine that Microsoft learning what apps you download is inevitable given their reputation based malware detection scheme: no way for that to easily work except by IE checking in with Microsoft to find out if a program is known malicious or not. And figuring out if a program is actually interacted with or not seems like a pretty good signal to determine if a new, unknown program is a silent botnet or not.
"4-PIN limit is insecure, because there's no limit on the number of accesses" is exactly the kind of bureaucratic central-planning nonsense that France has so many problems with. You do not need absolute counted limits on a password/PIN system to make it secure. You just need to take other steps to make brute forcing infeasible, like throttling the rate of attempts. Why is CNIL attempting to micro-manage the code for the Windows authentication systems, something they are clearly not qualified to do? The details of Microsoft's security system is their concern alone: if users dislike the way Microsoft do it, then they have other alternatives they can easily switch to.
I suspect Microsoft may do what other big companies do and simply ignore CNIL completely. They can only hand out relatively small fines and it's easy for big companies to just pay them off to make them go away. Their rulings have a long history of being completely unreasonable so it's usually the easiest path.
> What counts as "excessive"? Apparently whatever someone at CNIL thinks is excessive
"Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés" is quite specific about collection & processing of personal data. A good example of what falls foul of this legislation: logging everything for unspecified purposes to cross-tabulate it with other unspecified records in case it might be useful in some way (which might not be in the user's direct interest) within an undetermined timeframe, without letting the user know about it precisely nor letting him opt out.
CNIL is annoying and their enforcement is spotty for lack of budget (so they have to focus on landmark cases) - but their actions are well grounded in legislation and actually protective of people.
> I suspect Microsoft may do what other big companies do and simply ignore CNIL completely
The use is always specified: usually something like "running existing services and supporting the development of future services".
Oh, that's not good enough? Well now you are back to what I said: it's simply central planning nonsense where a regulator makes up rules on the fly.
I have seen no evidence that CNIL or indeed other bodies like them protects people from anything. Please show me one, completely unambiguous case of someone who was clearly suffering whose suffering was rectified by CNIL forcing some change to a privacy policy somewhere. And I mean really has a problem, not some emotional airy-fairy feeling that they'd prefer things to be different, I mean concrete, quantifiable issues: like monetary loss.
There is no need for popcorn. I think the biggest fine CNIL can usually hand out is like 300,000 EUR or something. Just pay it Microsoft and get on with things.
That should be obvious: any data the user hasn't given their specific informed consent to be collected. How is this even in question?
No, hiding blanket statements in a privacy policy is not specific consent, and dissembling about spyware details in an vague or misleading option description is not an informed choice. This is how you bring bad regulation to an industry; if businesses cannot police their own ethics, event laws will be written to fix the problems.
> malware detection scheme
Not everyone uses that, and there are other ways to implement malware detection that are not privacy leaks.
> Microsoft learning what apps you download
Or run, or interact with...
> good signal
...which then claim is a good thing. Microsoft (or anybody else) can ask the user if they would like to track that specific data.
> they have other alternatives
The cost to change platforms - which may include replacing an existing investment in software - can be large. Forcing a Hobson's Choice on users indicates it's time to open up another antitrust investigation.
Your post lays out exactly the central planning madness that privacy advocates have created.
Governments: "Collecting data without informing people is bad"
Companies: "OK, we inform users what is collected in our privacy policy"
Them: "Nobody reads them. Make sure they opt in."
Companies: "OK, we have put up an interstitial that asks people to opt in after showing a summary of what is collected."
Them: "Still not good enough. Ask specifically for everything."
Companies: "..... we list specifics in the privacy policy. That's what it's for. And we ask people to agree to it when they sign up."
Them: "Too late. Pay us a big fine"
This is a stacked deck. Nobody providing user services on the internet can ever win this game, ethics has nothing to do with it. There are no standards and nothing is ever considered sufficient. Badly thought out, vague and rambling approaches to privacy laws are how you get cookie popups everywhere. Makes no sense!
That list might satisfy even the most extreme privacy advocates, at the cost of upsetting everyone else who now has an unusable product.
What the more extremist privacy advocates fail to realise is that if they applied their same principles to a physical shop they'd be demanding that all employees be blindfolded. And then if someone walks through the door drunk and passes out after vomiting on the floor, those employees would have no idea that people were silently walking in off the street before suddenly spinning on their heels and leaving again. Yet who wants vomit-encrusted shopping, in the name of privacy extremism that virtually nobody cares about anyway?
I understand text and voice data will be captured and sent if you use Cortana but that is pretty obvious, the same is true of Google, Bing, Siri, etc. [0]
What I want to know is when I put things at the lowest setting possible what do MS get and how often?
Edit: [0] I mean captured and sent for processing. I expect (perhaps wrongly) for it to be deleted from Microsoft's servers as soon as my request has been answered. Unlike Google which stores everything you say to Google Now for example.