They're slightly less evil than they were, but they're still a company. To quote Brian Cantrill, they're still a lawnmower and will chop your arm off if you put it in the wrong place, without any hard feelings.
I agree with you that they can't afford to be super evil, because they're not the only big fish anymore. They're actually not even the biggest one.
I think it's a bit too early to decide if Java or .Net Core is better placed for the future, though.
Your post makes me think you read that statement backwards. (The lawnmower comment is from an oracle talk, etc) It's proposing to move to .net from Java.
With recent licensing changes to Java and microsoft's recent good behavior I have considered it myself.
I've edited my comment to clarify that I'm not backing any migration option (Java -> .Net, .Net -> Java). In my opinion both ecosystems are very solid :)
MS adheres to GDPR regulations and has applied those protections to all users. You can opt out of telemetry, you can view what they've collected on you and delete it.
The article you linked points to an online Microsoft Account Privacy dashboard.
I have Windows 10 installed with a local login. I don't have or want an online Microsoft account. It doesn't seem to be possible to disable telemetry in this case, or at least I haven't found out an (officially supported) way to do it.
Bottom line, if MS is going to show you telemetry data that's been gathered, they've got to know its you that they've gathered it from, so authentication has to occur. Without going into details, it's hard enough to do this with an online account, and quite impossible for local logon scenarios, and getting it wrong opens up possibilities for malicious actors. So, that's why the privacy dashboard requires a Microsoft account.
Best information I can provide on limiting telemetry for the local logon scenario is here:
I realize that setting it to 'basic' isn't going to satisfy the conspiratorial minded among us, but I will say that I, personally, have no qualms setting my machine to 'basic'.
More details, and instructions to disable via regedit following the instructions here:
Hang on, are you seriously saying people need to create a MS online account just in order to tell their own computer to NOT send data to MS?
That's ridiculous. There should be an obvious friggin question during install "Enable telemetry and data collection?" and if the answer is no... that's it. No telemetry or data collection gets done. Ever. End of story and question doesn't get asked again. Ever.
Any other approach is literally just weasel words trying to deceive people. "Just manually change this RegKey setting" is a good example.
> Bottom line, if MS is going to show you telemetry data that's been gathered, they've got to know its you that they've gathered it from, so authentication has to occur.
I understand that. I just want to stop sending data from now on.
> I realize that setting it to 'basic' isn't going to satisfy the conspiratorial minded among us
I want no private or personal data to be sent. Calling me "conspiratorial-minded' is simply wrong. There isn't a conspiracy that Microsoft is collecting data about Windows 10 machines; it's an admitted fact, it was never secret. And I would prefer not to send such data, but Microsoft doesn't want to give me that option.
There is no official information on what data is gathered under the Basic setting. The page you linked to has just one sentence, and it's very vague:
> information about your device, its settings and capabilities, and whether it is performing properly
"Information about your device" could cover a lot indeed. What information does this collect that's covered under GDPR? How has it changed, and will change, over time? Who has access to it? I don't know. That doesn't make me a conspiracy theorist.
I don't buy the Microsoft claim from the same page that "This is the minimum level of diagnostic data needed to help keep your device reliable, secure, and operating normally.". It can't be impossible for Windows 10 to be reliable or secure without sending data home. It's evidently not impossible for the Enterprise edition. I accept that this data helps Microsoft do these things, but it should still be my choice as to whether to send it or not, and my right to know what's included in it. And now the law says so too, at least in the EU.
The Dutch DPA already determined Microsoft to be in violation of the GDPR a year ago (https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-micr...). I don't know about more recent developments there. But this isn't just a few private individuals' opinion.
> More details, and instructions to disable via regedit
Those are not official Microsoft instructions or documented settings. Windows updates have been known to revert them, and (separately) to require changes to the instructions. Messing with the Registry and disabling system services might have other effects beyond the desired. This is not a satisfactory solution, exactly because I do care about "keep[ing] your device reliable, secure, and operating normally".
Ok, I'll admit mistakes on my original post. The regedit method clearly isn't seen as a suitable fix for the broad population, and 'basic' telemetry isn't the same as 'no' telemetry.
Some other points:
> I want no private or personal data to be sent
I would say that none is sent on basic, but the definition of 'private or personal' is overloaded enough that we might disagree.
> Calling me "conspiratorial-minded' is simply wrong
Sorry, I didn't call you that, just a hypothetical broader population. Probably bad wording on my part either way.
> There is no official information on what data is gathered under the Basic setting.
The best way to see what's gathered would be to sign up for an MSA, enable basic telemetry, and then go to the privacy account page and view it yourself.
> The Dutch DPA already determined Microsoft to be in violation of the GDPR a year ago
Not sure what to make of this since most US companies targeted compliance for May 2018, nor does that article mention the GDPR.
> Those are not official Microsoft instructions or documented settings.
Thanks. I'm glad you're able to see my point of view.
> I would say that none is sent on basic, but the definition of 'private or personal' is overloaded enough that we might disagree.
It's less about definitions, and more that I just can't be sure what exactly is sent.
> Lots more info here:
Thanks, that was informative. It seems they gather as complete a profile as they can of all my hardware and of the software they deem relevant (drivers, Microsoft apps) and its configuration. This is clearly enough for a globally unique fingerprint, many times over. (I don't know that they're building one, but they clearly can.)
The part that most worries me here is that at every point this doc says the list is inclusive, not exclusive. "The data gathered at this level includes". "Examples include". "Device attributes such as". There's no wording that I can see that would exclude anything at all that Microsoft might choose to collect now or later.
This holds for the Basic level, unlike the Enterprise-only Security level that explicitly says "No user content, such as user files or communications, is gathered" and "we take steps to avoid gathering any information that directly identifies a company or use". It's pretty clear that this doesn't hold for the Basic level. (Even if the purpose of gathering the data isn't to identify anyone.)
> nor does that article mention the GDPR.
You're right, it predates the GDPR and refers to a Dutch law. I was wrong to reference it and I'm sorry for muddying the discussion.
> Many of our products require some personal data to provide you with a service. If you choose not to provide data necessary to provide you with a product or feature, you cannot use that product or feature
And then in the section on Windows:
> Rather than residing as a static software program on your device, key components of Windows are cloud-based [...] In order to provide this computing experience, we collect data about you [...]
It seems Windows is included in the statement that collecting personal information is mandatory and without it you "cannot use that product or feature". Although it's not explicit and so that may not be the intent for Windows - but it's not clearly disclaimed either.
Of course, any claim that collecting "Basic" data is truly required for Windows to work well is highly suspect because the Enterprise edition doesn't do it.
But OK, there's a "Learn More" link at the end of the Windows section that shows much more text. Unfortunately, while it includes many details, it also contains lots of inclusive statements. E.g., Activation is said to send "data about the software and your device" with no further explanation.
Bottom line: I would like to trust Microsoft (in this particular regard, at least). I think it's more likely than not that nothing terrible is going on. I think so because collecting data about me is not really part of Microsoft's business model, does not benefit them in any obvious way, and might harm them if it became known. But it would help a lot if Microsoft made a clear public statement (and put it in their contracts and EULAs), instead of all this "for example" wording.
Am I the only one that doesn't get apps auto installed? I wonder if it's because my locale is Hong Kong - English which seems to have basically cut me off from the world when it comes to media, and other recognized options...
Does this include data collected from activity on Windows 10 endpoints? Previously, this could only be disabled on Windows 10 Enterprise. Can all on-device data collection and telemetry be disabled on Windows 10 Pro or Home, including "Customer Improvement" data collection, crash logs, keystrokes, screen grabs?
It requires informed consent for any personal data being processed. It's entirely plausible to have a useful telemetry system without any personal data. (I have no knowledge of what MS does store.)
The GDPR only requires consent if it's personal data that is not necessary for doing business.
You don't need consent to store the shipping address of a customer and you don't need to consent to run basic analytics on your database to see what products are popular and how many customers you have. You also don't need consent to process the IP address in the TCP connection from the customer browser so you can show a website (though you do need consent if you log the entire IP for analytics purposes).
Telemetry is not like storing your shipping address, though. It's more like the delivery guy delivering to your shipping address, waiting for you to turn your back and then rummaging through the stuff in your house – unless you happen to shout the magic phrase "Simon says no telemetry!" as soon as you open the door.
Not really. It's more like the delivery guy noting how long on average you take to get to the door and the average size of packages with the intention of being able to optimize the delivery route and pick the correct delivery vehicle.
Since we're just talking telemetry, wouldn't it be more like the delivery guy turning up and taking note of all the contents in your house - including make and model numbers where available - their exact position in each room, which container(s) they're in, the size and position of the nearest windows, and also the make & model number of the alarm system you have.
All "to provide you the best delivery service possible".
> While this is a step in the right direction, MS still seem to be "all in" on telemetry.
In the latest release of VSCode getting to see the exact telemetry data sent got even easier and they even pointed it out in the release notes. (It is also easy to turn it off (see below). I haven't done it since the data I see are OK with me and I want to help the devs improve VSCode for me.)
> Until the telemetry and data sent by MS software can realistically be turned off completely, they shouldn't get any kind of positive treatment.
Another instance of this "all or nothing" attitude that we have here on HN (I guess it is legacy from Slashdot and Usenet).
Steps in the right direction should be praised. This holds true for pets, kids and grown ups and I think companies too.
You might not get a chance to reward the results you want if you cannot reward the steps to get there.
Edited to add the first quote and comment.
Edit 2: Turns out it is easy to turn off telemetry.
But I'd like Microsoft's reputation to be proportional to how objectionable it's behavior is.
For example, I don't want Microsoft's reputation to go from a C- to an A- because of this patent issue, when they continue to require telemetry in Windows.
> For example, I don't want Microsoft's reputation to go from a C- to an A- because of this patent issue, when they continue to require telemetry in Windows.
We can agree on that.
GP however wrote (emphasis mine):
> they shouldn't get any kind of positive treatment.
Right! I read that comment and was like “uhhhh what?” But not all engineering teams have the flexibility of moving to platforms that are not as battle-tested as Java/.NET.
Python is older than Java and now has optional type-checking. Golang is ten years old and runs at Google. Rust is on its way and a safe language by design. And there are other floss options.
Their open source work in past few years is commendable and I'll give them kudos for it, even if it frequently gives off an air of feelgood lip service. .NET is cool, but otherwise it doesn't really feel like they're contributing anything particularly valuable or tangible. Not to discourage them from it, but I don't think the extent of praise being sung at them for their open source is a little more than warranted.
But in no way am I going to refrain from calling Microsoft a big bad evil company even today, after all these years. My comfort zone issues with Windows aside, their relentless vice grip on corporate and organizational IT with Office suite and especially 365, exchange email, Azure and especially Azure AD, traditional on-prem active directory and such is showing no signs of loosening.
Sure, they aren't Oracle but that's about the lowest bar you can clear in IT corporate ethics [insert cantrillian rant here]. I'd even be fine with letting go of the memories of 90s Microsoft's iron fist (easy for me, I'm too young to remember first hand) but MS of today is still too evil to deserve all the credit they're getting for being oh-so-wonderful nowadays. They absolutely can afford to be evil, just ask your sysadmin.
".NET is cool, but otherwise it doesn't really feel like they're contributing anything particularly valuable or tangible"
Not to be snark, but .Net is one of the most used development eco-systems [1]. Making the tech open-source and actively helping it run on other OS-es than Windows seems pretty valuable to me :). At least to me its very valuable.
