Now, at first I was thinking this was a relatively sane feature like Apple's Software Update Server (which caches and re-serves updates for your local network)[1]. It's a very useful tool, considering the fact that when iOS 7 came out, it took out my entire high school's network because everyone was downloading it.
This isn't transparently helping serve updates to computers on a local network to save bandwidth. It transparently serves updates to the entire world, to eat your bandwidth and conserve only Microsoft's.
Is there a word in English that captures how massively disappointed I am with this being on every Win10 computer and by default?
Is there a word in English that captures how massively disappointed I am with this being on every Win10 computer and by default?
"Illegal" would seem to be a good start in many jurisdictions.
For example, as described in the article, I can't see how this behaviour doesn't fall foul of computer misuse and fraud laws in the UK. The best defence might be that somewhere buried in the terms and conditions it's allowed, but I wouldn't like to be the Microsoft lawyer arguing that position before a judge.
Blizzard have done this for WoW updates forever. MS may run into some liability for inducing data overages depending on how up front they are about it and how badly it bites people.
Are Blizzard up-front with their users about what is happening? The covert nature (or otherwise) of the uploads is a significant concern here. The average geek playing with Linux doesn't complain about BitTorrent also uploading the distro image they're downloading, but the average geek playing with Linux knows the deal and decided voluntarily to participate.
MS may run into some liability for inducing data overages depending on how up front they are about it and how badly it bites people.
I would expect that if the report is accurate and if this behaviour was activated without the user's knowledge or consent then Microsoft would be on the hook for any and all damage caused as a result. That could mean a small extra charge from an ISP for bandwidth over a cap. However, if the behaviour means someone's Internet connection didn't have enough capacity left to do something important that it otherwise would have, whether because the uploads themselves limited the spare bandwidth at the same time or perhaps because it triggered some sort of degraded service from the ISP after going over a cap, that could also mean compensation for any consequences of that degraded capacity.
When I last played WoW there was a rather visible checkbox in the updater that said something like "Disable peer-to-peer transfers", and fairly importantly the updater never actually seeded the torrent; you only uploaded while you were actively downloading the patch, which stopped it from using a bunch of bandwidth at unexpected times.
That's likely because MP3 files are smaller than Windows Service packs, and because Spotify is a thing you install yourself. Windows comes with the computer, with this turned on. Also, Spotify is no longer P2P anyway, because it only served as a temporary cost-saving measure. And now it's gone. [1]
With Spotify, the aim was low latency. If you click on a song, it should start playing immediately. There's no such requirement for software updates.
Back when the only data center was in Stockholm, the only way to meet latency requirements was P2P. Now that we're a grown-up company we've disabled that and use CDN's instead.
> With Spotify, the aim was low latency. If you click on a song, it should start playing immediately.
That was not their aim at all. Their aim was lowering bandwidth costs by shifting the content delivery costs over to the end users. This was made clear by the fact that when you played a song, it started downloading the song from AWS S3 immediately to minimize latency, then once the P2P sessions fired up, shifted over to that stream instead of their costly S3 one.
I had always assumed that the P2P was to help mitigate the cost of data so that the Spotify team could better use their limited (at the time) funds to secure more music contracts. Were operational costs not as drastic as I might be assuming?
I have come to the conclusion that commercial operating system vendors can no longer be trusted.
They are destroying computing autonomy of users by tying online accounts into their products. They include built in search tools that leak information to the vendor and, in some cases, "trusted" third parties. And they try to steer users to their own cloud solutions, which store user data unencrypted.
Apple, Google, and Microsoft all do this. Even Canonical has. But worse to me are those who make weak excuses for all of it; saying that people can use settings to turn it off, even though they know damn well that everyday users will stick to the defaults.
Personally, I am disgusted with the entire situation.
Fortunately, there are still operating systems [1] that respect your freedom - both free as in Free Software, and as in freedom to choose the stack, packages and software you want.
I think a big part of the problem here is the perception of a big company trying to externalize costs onto their users.
The funny thing is, if you ignore the fact that it's a big company named Microsoft who's using your bandwidth and that it's enabled by default, this is actually a pretty awesome feature that could help a lot of people in a lot of situations.
I think another big problem is that is without specific activation. If it asked me first, and I made the decision to help out, then it would be fine. When I torrent a linux iso, I'm making a specific action to use my bandwith. This is doing it without asking.
I'm still not clear on how it's an awesome feature. Saving bandwidth only on my own network would be fine. But the story says it happens outside of your network as well.
It's not quite that; phones can't even be classic Skype clients because holding a TCP connection open on mobile either doesn't work or drains battery. So they switched to using push messaging for incoming calls/messages, but AFAIK Apple/Google won't let random machines send push messages.
Do you mean it's not a bad idea to use the idle upload bandwidth to distribute the updates, i.e. turn each PC into a bittorrent seed?
In theory it's pretty great, in practice, with metered connections you're using up the users internet quota and causing a lot of frustration.
I am used to unmetered internet connections, and after moving to the UK I've spent a lot of time investigating why I'm getting an insane amount of packet loss. I'm talking 30% on weekend evenings.
Long story short, a flatmate was uploading data all day without noticing, the ISP's traffic management kicked in, limited our bandwidth, buffers aren't infinite so packets get dropped [1].
As someone said in a similar thread, this may be the reason for ISPs to drop traffic metering and upload quotas, but I somehow doubt this'll happen.
--
1: I've fixed it by limiting the upload quota and bandwidth on my OpenWRT router for that user. I guess I'll have to enable this rule for all other Windows 10 users in my house now.
A huge number of people in the UK are on BT's cheapest package, you get a 38mb FTTC connection and a 20gb cap. These are the sort of people who won't even know that a feature like this could even exist, talk about be switched off! I think it's almost criminal that 20gb capped Internet can be advertised as being suitable for a family home in 2015.
In a world where data caps are acceptable by ISPs, p2p is definitely not a viable solution yet and to have this be automated rather than opt-in is irresponsible at best. I'm not sure exactly how it works on their side, but to use up a person's data without their explicit permission is pretty bad in my opinion. For example, in my area and a bunch of others Comcast has a 300GB cap, I'm assuming there are other ISPs in other areas who also do data caps. People have to be mindful of their data in the current world we live in, to use it up without permission is a fairly dick-ish move. I feel the ISPs are more at fault than Microsoft, but Microsoft should be aware of the current ISP climate. My opinion.
If you setup the internet connection as metered (available since windows 8) it will not send updates to machines over the internet.
Not sure if MSFT does this for Comcast but my Windows 10 machine detected the internet connection of 4G dongles (even when it was over normal Ethernet) and prompted me to confirm if it's a metered connection or not.
On a metered connection Windows 10 (as 8.1 before it) is extremely bandwidth conservative it doesn't pull non-critical updates, and other online features such as updating cards, cortana, store function etc. went into austerity mode as well.
What you call "nutty" I call "a dial-up Internet connection" or "a congested network due to streaming content or large downloads." If Win10 only did this while the entire network is guaranteed to be idle, and if it can guarantee it is on a landline DSL or better connection whose usage isn't tracked, then it would be okay.
But it's highly unlikely that Microsoft can make those guarantees. If this were a robust system, people (especially Microsoft!) would be championing it! But it's clearly not.
If Win10 only did this while the entire network is guaranteed to be idle, and if it can guarantee it is on a landline DSL or better connection whose usage isn't tracked, then it would be okay.
In any jurisdiction where you can in practice be held responsible for any data uploaded from your own Internet connection, it's still not OK to upload anything automatically without permission.
This "feature" is turned on automatically. You need to proactively turn it off. Who gave Microsoft the right to decide how I use my bandwidth? And in those cases where I decided to share it I explicitly did so. I wonder how many unsuspecting people know that this is happening.
Regarding all of the issues surrounding Windows 10, could somebody create a little app that lets us turn off the objectionable features? I realize it can all be done in the settings, but an app could include some explanatory info, and also serve as a way of documenting all of the issues in one place.
At the point where you find yourself writing an application whose sole task is to disable intrusive settings in your OS, perhaps you should consider switching to a different OS.
The obstacles are almost comical. Okay, they're completely comical. Only one computer in the house is compatible with Windows 10 anyway, and my 12 year old son is ecstatic about it -- I think just because it's new and he's curious. Also, I was optimistic about it until I read all of the recent stuff. He would never forgive me for switching that computer to Linux. My plan is to do the Windows upgrade, let him play with it until he gets bored, then install Linux.
My only misgiving is that I love the touch screen, so I have to look into what kind of touch screen functionality I can get under Linux.
Or an alternative option that requires less work: A list of the objectionable features and how to turn them off in one place?
An app would be quite a lot of work, but a reputable, single bulletin with the info would help greatly. That way I (and others) could rest assured that we didn't miss one or two settings whilst blindly searching.
What's the motivation behind this? It can't really be bandwidth cost savings for distributing updates, right? At least, I can't imagine that the savings outweigh the predictably bad press and the additionally required customer support.
- If the p2p feature was opt-in, no-one would have enabled it; but the technology needs most users to have it enabled to operate optimally. And I don't see how it could be done without enabling it by default.
- Since (mostly) everyone has it enabled by default, no peer will have a disproportionate amount of upload traffic.
- It makes sense to download a Service Pack (read: any big update) once and have it sent to all PCs on the LAN automatically.
- It's not enabled on metered connections and won't compete for bandwidth with other apps. It can be switched to operate only within LAN. It can be disabled forever.
I thought exaggeration was something reserved to CNN and other news outlet. But here we are.
I think this is a real concern, and users should know what the PC is doing, but half of HN post are about how we can share data among ourselves instead of relying on central distributors.
Your next post should be about how WebRTC steals your bandwidth.
See the difference is that you explicitly use WebRTC. Distributed systems are great you decide to use them. Someone else turning it on for you is a little dishonest.
I suppose, but you're still making the choice to visit the website. I guess you could design a site that secretly used webRTC to waste someone's bandwidth, but:
A) I don't think that has ever/will ever happen.
B) Even if it did, it would still be wrong.
I don't particularly mind - I'm on a powerful fibre link anyway.
It does seem rather evil to make this opt-out rather than opt-in. Much in the same way that I'm cool with people using my stuff - just have the decency to ask first.
Oh boy whats the deal? P2P functionality was introduced in various means into Windows since Windows XP with BITS.
This means that machines gets update faster especially in scenarios where bandwidth is limited or the connection is spotty.
You can opt-out, it doesn't touches your personal data, doesn't work on metered connections, the updates can be pushed out for as long as they are in cache (<30 days).
Updating 3-4 machines on the LAN is much quicker with Windows 10, SOHO machines that aren't routed into the internet or are heavily firewalled can be updated easily, and heck the vulnerability window for machines which weren't connected to the internet is much smaller now since they can grab critical updates without even being exposed to the internet which previously required backporting or having enterprise update software (WSUS and the likes).
The conspiracy theories around it are also quite silly considering that MSFT has complete control over the OS just as any other major OS vendor unless you tinker with it yourself.
Outside of the outrage over "borrowing" the bandwidth on my WAN connection (which I agree is wrong to have on by default), how much of a help is this feature for distributing updates over the LAN?
For example, I installed and fully updated Win 10 on my Surface. Soon I'll be traveling to the bandwidth-deprived middle of nowhere to visit my family and will likely be updating their systems to 10 while I'm there. If I connect my Surface to their network, will the install and update process on their machine automatically look for my Surface and pull updates from there, rather than spend hours trying to download over a sub 3Mbps connection?
Having "PCs on my local network and PCs on the Internet" on by default is not cool, but allowing "PCs on my local network" could be a huge help for situations like this.
to some extent, not all updates work like this, and the updates live in your cache only for a limited time (mostly dependent on the storage capacity).
Pretty much as long as the update can be uninstalled (usually 30 days or so) the update package will be in your cache.
If the update package is compatible with the SKU of other machines in your network (language, version, bitness etc.) then they might pull it from your machine instead of the internet.
The local network only version (which is the default for Enterprise versions of Windows 10) does seem like pretty unambiguously a good thing. Even if it doesn't completely eliminate duplicated update downloads it should significantly reduce them.
So they made their updates p2p? Why weren't they already? Feels like a no-brainer if you ask me. They need to be careful not to use my bandwidth in a way that I would notice (so basically when idle) and I also feel it would be appropriate to at least ask as there are some people who have data caps to worry about. A connection may be through wifi but still to a capped mobile broadband, such as when connecting to a smartphone. In such cases you often have a limit you unlikely want to use for updates to others.
While the approach chosen by Microsoft is not necessarily the "cleanest" I still dont fully agree with the article.
She complains about the EU not already hoisting pitchforks for this rather minor issue but at the same time completely ignores that Microsoft already got pitchforked enough by the EU for things Google got easily away with.
But her disclaimer that she was consulting Google might explain that complaint ;).
Whether she is or is not biased towards Google does not change the fact though that Microsoft already got its fair share of pitchforking long before Google and for issues Google (and Apple) got (and are still getting) easily away with (vendor lock-in, browsers, default settings and so on).
This site was incredibly slow for me to connect to. Just in case the server goes down here's the text of the article. I will remove this if requested.
Mirror for the ctrl+f folks
----------------------------------
Windows 10's New Feature Steals Your Internet Bandwidth
A couple of days ago I discussed a number of privacy and other concerns with Microsoft's new Windows 10, made available as a free upgrade for many existing MS users:
The situation has only been getting worse since then. For example, it's been noted that the Win10 setup sequence is rigged to try fool users into switching to an MS browser, irrespective of their browser settings before they started the upgrade:
Pretty bad. But we have even lower to go, as we've seen that by default, Windows 10 actually steals bandwidth from your ISP connection so that Microsoft can use your computer, and your connection, to send MS updates to their other customers.
Huh? Say what?
Yep. It's a devious little feature called Windows Update Delivery Optimization. It's enabled by default. For Enterprise and Education users, it operates over the local LAN. For ordinary Home type users, Microsoft can send their data update goodies to potentially any PC on the global Internet -- from your PC, over your Internet connection. On your dime.
We could get into the pros and cons of local updates being staged between local machines on a LAN as opposed to the outside Internet.
But as soon as MS decided that it's A-OK for them to use my Internet connection to cut down on their bandwidth costs serving their other customers -- without asking me for my specific permission first -- the situation blows into the red zone immediately.
Microsoft makes the predictable excuses about this high-tech thievery.
There's a way you can turn it off. Yeah, buried down deep in the settings, assuming you even know about it in the first place. MS claims they only use your connection when it's "idle" by their definitions. Thanks a bunch.
Oh yes, and (how generous of them!) Microsoft notes that they won't steal bandwidth this way from "metered" connections.
But here's the catch -- you have to manually indicate that a connection shouldn't be used for MS' update delivery scheme. Otherwise, Microsoft has no way to know if (for example) you're paying by the gigabyte or have a low bandwidth cap.
Above all, the sheer arrogance of Microsoft to enable this bandwidth theft by default is stunning.
I don't care if they want to move 1K or 1gig to their other happy users, I want to damn well be asked permission first!
Obviously, this general category of peer-to-peer data transfer is used on the Net in other contexts, such as torrents for example -- but that's something you do voluntarily, of your own volition. Comcast uses the bandwidth of many Comcast users to turn modems in people's homes into public Wi-Fi access points. This has been highly controversial, but at least Comcast is typically doing it over modems they supplied, and has claimed that they over-provision the connection speeds to take this into account -- and don't apply that public usage against home users' bandwidth caps.
But Microsoft didn't even bother with such rationalizations. They simply said in essence: "Hey, you've got bandwidth, so we're gonna use it however we please unless you tell us differently. Suckers!"
If you're running Windows 10, you may want to terminate this travesty.
The settings you need are buried down in:
START->Settings->Update & Security->Windows Update->Advanced options, under: Choose how updates are delivered.
It's worth noting at this point that if Google had tried a stupid stunt like this, there would likely already be EU commissioners running through the streets of Brussels hoisting pitchforks and flaming torches, all yelling for Google's blood.
For a while there, it was starting to look like there indeed was a new kind of Microsoft coming into view, one that had evolved beyond the hubris that had so long been Microsoft's single most defining characteristic.
As we can see, any such hopes are now ... Gone with the Win10.
--Lauren--
I have consulted to Google, but I am not currently doing so.
All opinions expressed here are mine alone.
* https://news.ycombinator.com/item?id=9982917
* https://news.ycombinator.com/item?id=9973629
* https://news.ycombinator.com/item?id=9983512
* https://news.ycombinator.com/item?id=9978006