Hacker News new | past | comments | ask | show | jobs | submit login

Windows natively has several data collecting operations on any machine with Windows installed.

Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.

Each update, a summery of all installed packages are collected and sent to Microsoft in order to "improve the experience".

WAT collects your hardware specification, including the serial number of your hard drive.

Each time you connect your operative system to the Internet, it calls home to a Microsoft server to check if the connect works. Its doubtful that they throw away the logs from this.

Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.

Microsoft word (and Outlook?) do also collect information, but it is supposed to be optional. I don't remember if its on by default, but I am rather sure it is.

Then we have semi-native application such as massager or skype. Both has messages being "scanned".

Some of the sources: https://office.microsoft.com/en-us/word-help/privacy-stateme..., http://redmondmag.com/articles/2010/07/01/what-does-microsof...




>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.

Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.

The ones you mentioned about Updates is also true for Chrome updates. [1]

>Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.

Any source on this?

>Microsoft word (and Outlook?) do also collect information.

With Office 365, this is more or less a reality.

>Then we have semi-native application such as massager or skype. Both has messages being "scanned".

Are you talking about URL scanning? So does FB, Gchat etc. Expect your messages to scanned or stored no matter what 3rd party service you use. Always use client-side encryption for secure communication.

The most important one you left out is SkyDrive. I remember installing it on my computer and then signing onto the web interface to find out I could even access files outside of my sync directory. Sure you can turn "off" the feature, but I promptly uninstalled it instead.

I don't trust Microsoft with privacy in the cloud but neither do I with any other 3rd party.

[1]https://www.google.com/intl/en-US/chrome/browser/privacy/


(Sorry for the length, but its hard not to create very long question->answer replies in situations like this)

> Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates. - Any source on this?

https://windowssecrets.com/top-story/microsoft-updates-windo... (its old yes, and was disputed as a "bug" by Microsoft. At the same time, no security expects has said that Microsoft did fix it. As such, I default to once burned, twice shy.).

>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft. - Huh? Are you talking about hashes being sent for malware check

SmartScreen Filter and Suggested Sites (http://windows.microsoft.com/en-ca/internet-explorer/ie10-wi...). Both can be turned off, and I don't know what is default. My default assumption is that both is on (or checked in wizard) by default.

>Then we have semi-native application such as massager or skype. Both has messages being "scanned". - Are you talking about URL scanning? So does FB, Gchat etc.

The OP talked about native MS apps as being risk free. Just because FB and Gchat also do bad thing, doesn't make someone else applications less risky to use.


> Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.

Hashing the URLs won't give you any privacy, because the set of used URLs is public and relatively small. Also, I'm not aware of Firefox doing that, are you sure about it?

At IE and Chrome, sending that data is optional. It's neither opt-in nor opt-out. The browser makes a question at the first use, and you must select one option. IE's question is a bit biased toward a "opt-in or you'll get phished", but there is no reason to think that wording is malicious - one can even claim it's true.

Besides all that, MS sends all known vunerabilities of it's products to the NSA long before either publishing or fixing them. That's enough to give the NSA administrative priviledges on Windows machines.


To be fair to SkyDrive, it does quite clearly ask you about that during installation. (At least, it did when I installed it recently.)


I might have clicked through it. I guess I am still paranoid since you can re-enable it on the web, its not a client controlled setting. Surely someone could take advantage, not just the NSA but even a hacker breaking into your Outlook.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: