Hacker News new | past | comments | ask | show | jobs | submit | m8urn's comments login

> "Pitch" is not a contract.

But false advertising is definitely a thing one can sue over. And bait and switch might be subject to FTC fines.


>But false advertising is definitely a thing one can sue over

I'm sorry but no, a 2006 blog post or something (which itself had caveats fwiw) doesn't rise to the level of overriding clear ToS for an ongoing service. There was no bait-and-switch here in the slightest, people got what they (didn't) pay for, and could not reasonably rely on it being "forever" anyway. Perpetual contracts are a matter of actual long standing California law and long standing court coverage.

Google should in the next 6-18 months (July for the service, but apparently first year is free on signing up for paid?) figure out a better offramp. Congress should make purchase transfers within a service the law too, much more important surgical measure than some of the silliness they're going on about with platforms. But Google isn't going to face any "false advertising" or "bait and switch" fines for this and shouldn't.


It definitely should. It is externalizing an astronomical cost. I am not a lawyer, so I can't comment on the law. As a citizen in a democracy, I can comment on what the law ought to be, though.


Binisoft Windows Firewall Control is quite good.


Even with Enterprise edition it is very difficult to disable all telemetry. The lowest official setting for telemetry is "security" which still sends data to Microsoft (see https://docs.microsoft.com/en-us/windows/configuration/confi...).

There are, however, a number of hacks that can trim that down even further. But being hacks they aren't guaranteed to always work--things frequently change.

Since writing the article mentioned a couple comments up I have tried completely ripping out all telemetry components from the install CD, which seems to be the most effective option. Tools such as Blackbird (http://www.getblackbird.net/) also are quite effective. Nonetheless, monitoring traffic still shows connections to Microsoft-controlled servers. There are so many ways Microsoft (and therefore possible governments) can gather--or at least infer--information about your system.

To completely protect yourself would require manually monitoring, selecting, and installing updates, manually updating certificate revocation lists, constantly watching for new settings (including firewall and hosts entries) that must be addressed, etc.

So no, it is not possible to completely disable all forms of Windows 10 telemetry without also committing to an unreasonable amount of work.


Yeah, that's pretty bad blaming one employee when a single security hole on a single server resulted in the loss of personal information for 146 million people.


Here is the list of installed applications: http://imgur.com/a/mdrTv

Also note that the only third-party software running at the time was wireshark, DNSQuerySniffer, and Glasswire.


Interesting, have you tried configuring Process Monitor to log all network traffic?


Wouldn't it be better to log that traffic from outside of the client? There's nothing that prevents Windows/Process Monitor from hiding this traffic from an application.


Plus I have been doing this for 20+ years and have found many times settings that were incorrectly documented--it's even confusing to them.


I actually didn't spread them widely, I tweeted them. If you follow me you would know I tweet things like that all the time. I observed these connections and showed the settings I have set that should have prevented them.

I haven't published results anywhere and many people, including in the comments here, have corroborated what I saw.

The results are the results. I am re-verifying before I publish anything on this and to provide a script so that others can reproduce the results. That certainly does not make it wildly implausible.


It would be nice if you could provide the script you're using in your tests (instead of using the GUI) and the ISO checksum, so people can review it.

I don't know if this will be of any help but https://news.ycombinator.com/item?id=13727712


Tweeting your results is publishing them.

But the major result shown was your incompetence in setting GPOs.

You should be retracting your 'findings' until you learn how to use Windows properly, not doubling down on your claims. What an embarrassment.


Actually I made this error twice, which is far from "countless times". The one Allow Telemetry setting would not have made a difference because I had also configured it manually and the Teredo setting doesn't actually disable Teredo anyway. This does not make the entire experiment a failure.

But to show how easy of a mistake this is to make, here is what Microsoft's documentation from https://docs.microsoft.com/en-us/windows/configuration/manag... says:

Enable the Group Policy: Computer Configuration > Administrative Templates > Network > TCPIP Settings > IPv6 Transition Technologies > Set Teredo State and set it to Disabled State.

Reading that, it seems as though you should disable the policy but in fact you should first Enable the policy, then go into the policy settings and Disable the setting there. And even with that mistake, I had it manually disabled in both HKCU and HKLM so if disabled means it uses the local host settings then it should use that.

Nevertheless, there are some serious concerns here:

1. Why is it even connecting to facebook, msn ad services, google analytics, etc when nothing is running?

2 Why is it doing this by default on an Enterprise operating system?

4. Why is this the default setting that requires dozens of group policy settings (and knowledge of group policy) to disable?

5. And why is there no option to opt out completely?


Harassing and brigading isn't getting the word out, it's hysteria about a conspiracy theory.


And what if they were wherewolves, wouldn't you want to know that too? The problem here is the confirmation bias and logic errors going on with all the theories that there really is no believable proof unless you actually suspend your belief in rational think7.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: