Microsoft Admits Windows 10 Automatic Spying Cannot Be Stopped

[x509]

If that ever happened do you really think Microsoft, a 500 billion USD corporation wouldn't be the main target?

Sure Microsoft would be a target. But so would the large hospital chains. They are also multi-billon dollar operations.

It would be a mess, with everybody pointing fingers at everybody else, and somehow, you KNOW that Obamacare would be dragged into this sort of issue. (Not taking sides here, just commenting.)

 

[heatlesssun]

Sure Microsoft would be a target. But so would the large hospital chains. They are also multi-billon dollar operations.

It would be a mess, with everybody pointing fingers at everybody else, and somehow, you KNOW that Obamacare would be dragged into this sort of issue. (Not taking sides here, just commenting.)

Why would hospital chains be involved in how Microsoft developed its operating system?

 

[svet-am]

Why would hospital chains be involved in how Microsoft developed its operating system?

because it is still their responsibility to keep the data protected. sometimes these hospitals use independent contractors for things like hospital billing, etc. these are usually stay-at-home workers running "Home" or "Pro" versions of Windows rather than under the Enterprise control of the hospital admins.

 

[heatlesssun]

because it is still their responsibility to keep the data protected. sometimes these hospitals use independent contractors for things like hospital billing, etc. these are usually stay-at-home workers running "Home" or "Pro" versions of Windows rather than under the Enterprise control of the hospital admins.

So by protected you mean that someone saw a bunch of stuff said about Windows 10 "spyware" with no evidence thus anything else is protected?

 

[Blade-Runner]

to play devils' advocate, are you sure you really did?

I have no real way of testing or knowing, but Spybot has been developing tools to combat malware for well over a decade. I have some degree of trust that they know what they're doing.

 

[x509]

because it is still their responsibility to keep the data protected. sometimes these hospitals use independent contractors for things like hospital billing, etc. these are usually stay-at-home workers running "Home" or "Pro" versions of Windows rather than under the Enterprise control of the hospital admins.

And sometimes they contract the work out to an offshore company, and then all bets are off.

 

[Franko]

Just to add some clarity:

1. There is no such thing as "HIPAA Certified" hardware, software, or services. Compliance with HIPAA is determined on a case by case basis. However, it is possible to know certain things don't meet HIPAA standards.

2. It doesn't matter what happens to the PHI once Microsoft gets it. It doesn't matter who looks at it and how it is segregated. If there isn't a business associate agreement between Microsoft and the entity that is holding the PHI, its a HIPAA violation the moment the PHI leaves the control of the PHI holding entity.

3. The duty of HIPAA compliance really isn't on Microsoft, its on the covered entities and business associates that are holding the PHI. So if things go badly and it turns out that Windows 10 does violate HIPAA its going to the entities that are holding the PHI that are going to be facing large fines, reputation damage, and the costs involved for getting back into compliance (imagine having to scrap an enterprise wide deployment of windows 10 and go back to what you were using before) and maybe even a few years of having to pay for a third party to audit you and tell HHS that you have been complying with HIPAA.

The risks are high and there's a lot of FUD going on out there. Clear answers and auditing tools would be very welcome.

 

[SuperSubZero]

The risks are high and there's a lot of FUD going on out there. Clear answers and auditing tools would be very welcome.

It may be unanswerable. MS is probably grabbing a section of running memory etc. when an application crashes. Great. Except there's a zillion applications. MS can't know for every application in existence, what precise piece of info will get grabbed in a crash situation. If it's anything like BSOD info it's not really human readable.

For stuff like grabbing usage info, it may be tricky to understand what they are collecting, but given the sheer amount of data, I'm wondering if they aren't just deleting anything uninteresting. Do they need to retain a record for months that I clicked Start seven times today? I doubt it. Again, the info they genuinely "collect" may be a virtually unanswerable thing, because they technically don't KNOW yet.

 

[svet-am]

So by protected you mean that someone saw a bunch of stuff said about Windows 10 "spyware" with no evidence thus anything else is protected?

No, I mean that Microsoft has openly said that part of the content they are transmitting is the contents of main memory.

The rest of your reply is absolute gibberish. Are you high?

 

[svet-am]

I have no real way of testing or knowing, but Spybot has been developing tools to combat malware for well over a decade. I have some degree of trust that they know what they're doing.

My point that is that people are targeting certain vectors to disable the telemetry. How are we sure there aren't other unknown unpublicized vectors that need to be dealt with? That is what makes me nervous about that whole situation.

 

[Executioner]

Here is an interesting article from Znet: http://www.zdnet.com/article/how-to-stop-windows-10-spying-on-you/#ftag=YHFb1d24ec

It would be nice if MS came out clean on this issue on what exactly they collect for each option that is enabled. They also should explain why they added telemetry on 7 and 8/8.1.

 

[odditory]

MS either needs to come clean or give people an Off switch. This will continue to fester for them otherwise.

I suspect they don't want to commit in writing to what they're collecting because it would lock them into a position (and probably piss customers off even more - let's face it if it was just which apps you have installed and crash dumps, they could have already stated so). No. They want a blank check on your PC, to be able to collect and track new data they haven't even thought of yet.

Sorry, Microsoft. Trust has to be earned. And with all the other shady stunts you've pulled with 10 and trying to force people on it, I don't trust you. And apparently, neither do many others.

 

[heatlesssun]

MS either needs to come clean or give people an Off switch. This will continue to fester for them otherwise.

I suspect they don't want to commit in writing to what they're collecting because it would lock them into a position (and probably piss customers off even more - let's face it if it was just which apps you have installed and crash dumps, they would have already stated so). No. They want a blank check on your PC, to be able to collect and track new data they haven't even thought of yet.

Sorry, Microsoft. Trust has to be earned. And with all the other shady stunts you've pulled with 10 and trying to force people on it, I don't trust you. And apparently, neither do many others.

This isn't as opaque as some are saying. Microsoft has lists a good amount detail as to what's being collected in all of the privacy settings. Not saying it's an exhaustive list but if you actually use some of this stuff it becomes clear that there's a lot of information sharing going on.

For instance in the TH2 release, you can say "Hey Cortana, text so and so" and if the name is a contact in Gmail, Outlook, Facebook, etc. and there's a mobile number for that contact, it'll text that person. It works through Cortana on the phone, which I think is only support by Windows phones currently but should work with Android and iOS as well when Cortana comes to those platforms.

Phones are the new PCs. Some make the distinction that the PC was all about privacy and control. And while that may be true, much of a personal data is one phones now and much of what these devices do now is all about leveraging personal data. And I don't see too many people demanding to see a list of every data point that's collected by iOS and Android and every service and app in those ecosystems.

Right or wrong, this is an issue that few care about because it's hard to see how Facebook would have a billion users and that there billions of phones out there, now even being used in very sensitive situations like payments. Maybe Microsoft should provide a complete off switch for those that are going to make way more of this than it is. I really don't care because this ship sailed a long time ago.

You'll have some going on and on about this, then if the switch does come going on about how invasive all of that was in a Facebook post on a phone with geotracking on. And they'll never care about any of that.

 

[x509]

My point that is that people are targeting certain vectors to disable the telemetry. How are we sure there aren't other unknown unpublicized vectors that need to be dealt with? That is what makes me nervous about that whole situation.

Or that MS has an active program to defeat the programs, scripts, etc. that block transmission of the telemetry. Just like hackers are always working to defeat the defenses against malware.

Just saying ...

 

[flu!d]

Phones are the new PCs. Some make the distinction that the PC was all about privacy and control. And while that may be true, much of a personal data is one phones now and much of what these devices do now is all about leveraging personal data. And I don't see too many people demanding to see a list of every data point that's collected by iOS and Android and every service and app in those ecosystems.

I think you're clutching at straws when you try to claim that phone's are the new PC's. Based on storage capacity and typing capability alone, I see a great deal more people storing sensitive data on their PC than their phone.

PC stands for Personal Computer and OS stands for Operating System. That's the way it's always been and that's the way it should stay, no personal tracking/marketing based data collection needed. Keep the touch OS where it belongs and let the desktop users run a desktop operating system free from EULA certified spyware.

We never had a choice when it came to mobile devices and privacy, but the desktop PC has a long standing history where the OS simply ran the computer - Microsoft's latest tactics are unacceptable. If you want to use my information as a marketing tool, you can pay me for it.

 

[heatlesssun]

I think you're clutching at straws when you try to claim that phone's are the new PC's. Based on storage capacity and typing capability alone, I see a great deal more people storing sensitive data on their PC than their phone.

Phone calls, text messages, contacts, voice mail, email, photos and other files are accessed via phones. Throw in cloud storage or an SD card and you're looking at plenty of storage for all sorts of personal data.

PC stands for Personal Computer and OS stands for Operating System. That's the way it's always been and that's the way it should stay, no personal tracking/marketing based data collection needed. Keep the touch OS where it belongs and let the desktop users run a desktop operating system free from EULA certified spyware.

We never had a choice when it came to mobile devices and privacy, but the desktop PC has a long standing history where the OS simply ran the computer - Microsoft's latest tactics are unacceptable. If you want to use my information as a marketing tool, you can pay me for it.

When it comes to technology forever and always is never how it works. The desktop PC was born in an era of no connectivity. However the defining feature of smartphones is connectivity. The leverage of personal data using that connectivity has forever changed personal computing.

 

[Monkey God]

So by protected you mean that someone saw a bunch of stuff said about Windows 10 "spyware" with no evidence thus anything else is protected?

You'd make a great politician. Ignore everything said a few days ago like it was never said at all and then get right back on your platform.

Again - no one is saying everything is protected, but you'd have to be a shill to think all the data MS collects (including the stuff you CANT turn off) makes HIPPA compliance far harder to accomplish.

 

[heatlesssun]

Again - no one is saying everything is protected, but you'd have to be a shill to think all the data MS collects (including the stuff you CANT turn off) makes HIPPA compliance far harder to accomplish.

But there's only one data collection process that can't be fully disabled, the Basic telemetry which Microsoft says that doesn't collect personal data or personally identifying information. If that is correct, then it would be difficult to see what the issue with HIPPA compliance would be.

 

[DPI]

But there's only one data collection process that can't be fully disabled, the Basic telemetry which Microsoft says that doesn't collect personal data or personally identifying information. If that is correct, then it would be difficult to see what the issue with HIPPA compliance would be.

What's even more difficult to see is why Microsoft refuses to give people the choice to turn it off. I haven't heard a single good argument from the MS defense league for why there shouldn't be that choice.

Surely the majority of those "110 million PC's on Windows 10" users that never change defaults is enough "telemetry" for Microsoft to "Fix bugs and improve Windows". Hypothetically, what if half of those users turned off data collection - that's still 55 million - surely that's enough data make Windows better. Why does it have to be everyone? Why would MS rather take more bad PR shrapnel and incur further brand damage and loss in consumer confidence if the Basic data is so benign? That's why so many people are calling bullshit. Clearly there is a financial motivation to that data and their insistence that it must be collected from everyone.

 

[heatlesssun]

What's even more difficult to see is why Microsoft refuses to give people the choice to turn it off. I haven't heard a single good argument from the MS defense league for why there shouldn't be that choice.

I've never said that Microsoft shouldn't provide the option to turn off all of the telemetry. But the reason why they want to collect as much as they can is obvious at least for Windows 10 and that's the speed of delivery now. In only 100 days since the 10240 RTM build the 10586 build will be generally released this week. And they've updated their first party store apps all together since then a couple dozen times I think. It's simply a much faster cadence compared to prior versions of Windows and clearly the telemetry helps out.

Why does it have to be everyone?

So enjoy the benefits of users who do have the telemetry on hand but then curse it on the other because it can't be turned off? If it comes to pass that Microsoft has to offer the off switch to everyone then that's what they have to do. But it's probably not going to be just that simple. It might mean that Microsoft would have rethink the update process and cadence which I think really are the underlying issues here.

 

[rezerekted]

Last night I disabled 'Diagnostics Tracking Service' in Win8.1 and then go play BF4 for a while. After exiting BF4 I see my firewall was asking to grant access to 'diagtrackrunner.exe'. So it seems if I disable the service Miscrosoft tries to sneak in another method via an exe file. Thing is I used gpedit to disable error reporting so what is this even running for?

 

[DPI]

^ SMH. I still marvel that this is the same company that brought us "Scroogled". They're basically abusing consumer trust and Windows update to install a Trojan. Any other entity that attacked Windows like this to siphon data and we'd be calling it a Trojan. How there's still anyone left defending this bullshit is baffling.

Apparently it installs in 3 places. So if you kill one you still have to find the other two.

Filename: diagtrackrunner.exe Version: 10.0:10041.0 Size: 69.18 kB (70840 B) Internal name: diagtrackrunner.exe Original filename: diagtrackrunner.exe Description: Microsoft Windows Diagnostics Tracking Runner Copyright: © Microsoft Corporation.

 

[M76]

So enjoy the benefits of users who do have the telemetry on hand but then curse it on the other because it can't be turned off? If it comes to pass that Microsoft has to offer the off switch to everyone then that's what they have to do. But it's probably not going to be just that simple. It might mean that Microsoft would have rethink the update process and cadence which I think really are the underlying issues here.

Even if we believe everything ms says, this just means they're trying to turn all their end users into beta testers. It's not our job, some might volunteer, but don't force it on people. You just can't do that and expect to get away with it. If this is the price of "free", then it is too steep for me.

 

[Kwisatz Haderach]

If you ever watch Barnecules, he was a tester at MS that was laid off last year. In some of his vids, he even says MS plan is to use users as testers. They laid off most off there testing staff.

 

[heatlesssun]

It's not exactly a secret that Microsoft is using more end users than ever for testing purposes, that's kind of the point of the Insider Program.

 

[svet-am]

It's not exactly a secret that Microsoft is using more end users than ever for testing purposes, that's kind of the point of the Insider Program.

I have no problem with this on the Insiders program. I *do* have a problem with it when it comes to mainstream users.

 

[Terpfen]

Sooo... How does Apple respect their customer's privacy, relatively speaking? Might not be a bad time to build a hackintosh!

Apple is doing its best to lock its stuff down. Encryption on by default, no keys stored on their server, encrypting everything that passes through its servers in a way that renders it unreadable to Apple, etc etc.

Hackintosh discussion is banned on [H] btw.

 

[bigdogchris]

I"m not sure if this has been posted but Safer Network (guys behind Spybot) have released a program called Spybot Anti-Beacon which is a little app that allows you to tweak Windows 10 privacy.

Why it stands out to me is that it shows you exactly what setting it is applying so you don't have to just guess what is being changed.

https://www.safer-networking.org/spybot-anti-beacon/

 

[Executioner]

I"m not sure if this has been posted but Safer Network (guys behind Spybot) have released a program called Spybot Anti-Beacon which is a little app that allows you to tweak Windows 10 privacy.

Why it stands out to me is that it shows you exactly what setting it is applying so you don't have to just guess what is being changed.

https://www.safer-networking.org/spybot-anti-beacon/

Thanks for that link.

 

[x509]

Last night I disabled 'Diagnostics Tracking Service' in Win8.1 and then go play BF4 for a while. After exiting BF4 I see my firewall was asking to grant access to 'diagtrackrunner.exe'. So it seems if I disable the service Miscrosoft tries to sneak in another method via an exe file. Thing is I used gpedit to disable error reporting so what is this even running for?

Which firewall?

 

[x509]

If you want to use my information as a marketing tool, you can pay me for it.

The way MS probably sees it, they ARE "paying" you with a free Win 10 upgrade.

 

[SuperSubZero]

The way MS probably sees it, they ARE "paying" you with a free Win 10 upgrade.

Nah. I think the shift from the three-year, "we'll fix it with a service pack in a few months" release cycle to this pseudo-rolling-release thing has just forced MS to take a more proactive stance on fixing bugs and understanding user needs. Windows covers a userbase without the luxuries of (a) a controlled hardware ecosystem (Apple) or (b) a small but very enthusiastic userbase that is more willing to forgive glitches (Linux). Windows is huge, and ships on all kinds of hardware, yet everyone expects it to work 100% perfectly.

Remember when BSODs were funny? Cute pictures of CRT screens with BSODs on them with some funny text about how M$$$$ ruined another day of productive work. LOL M$ U SO DUM. Well, BSODs aren't funny anymore. Windows 10 has to work perfect on everything it's installed on, and it has to do that right now, not in some service pack a few months out. That level of QC is impossible to even get close to without having fingers on the pulse of the OS in the wild. As well, the new release cycle means the OS is going to evolve faster than it ever did, and that just makes it more important to know when some subset of machines has an issue.

Heck even with the Windows Insider program and however many zillions of people signed up and got Windows 10 builds for months, there's STILL issues with upgrades and various scenarios.

 

[Darakian]

Nah. I think the shift from the three-year, "we'll fix it with a service pack in a few months" release cycle to this pseudo-rolling-release thing has just forced MS to take a more proactive stance on fixing bugs and understanding user needs. Windows covers a userbase without the luxuries of (a) a controlled hardware ecosystem (Apple) or (b) a small but very enthusiastic userbase that is more willing to forgive glitches (Linux). Windows is huge, and ships on all kinds of hardware, yet everyone expects it to work 100% perfectly.

If you buy hardware that doesn't fight free software then linux works without bugs; further linux works better than windows on the same open hardware.

 

[B00nie]

If you ever watch Barnecules, he was a tester at MS that was laid off last year. In some of his vids, he even says MS plan is to use users as testers. They laid off most off there testing staff.

Ironically that's what people have been saying already for years - that MS uses consumers to beta test. Only now they lived up to the expectation.

 

[flu!d]

The way MS probably sees it, they ARE "paying" you with a free Win 10 upgrade.

I bought a retail copy through my wholesaler, I didn't get anything for free.

 

[therat]

It will be interesting to see if the EU does anything about MS selling windows 10 in Europe after all they forced MS to produce a version of windows that didn't include media player.

 

[heatlesssun]

It will be interesting to see if the EU does anything about MS selling windows 10 in Europe after all they forced MS to produce a version of windows that didn't include media player.

Windows 10 seems to be doing best of all in Western Europe currently which is interesting.

 

[x509]

I bought a retail copy through my wholesaler, I didn't get anything for free.

True enough, but you are the exception. No pricing strategy, which is what the free upgrade is, can possibly cover every situation. However, as a retail Win 10 customer, you do have more portability with your Win 10 than all of us poor slobs who got the free upgrade.

 

[rezerekted]

Which firewall?

It's called Windows 8 Firewall Control. Why?

http://www.sphinx-soft.com/

 

[svet-am]

True enough, but you are the exception. No pricing strategy, which is what the free upgrade is, can possibly cover every situation. However, as a retail Win 10 customer, you do have more portability with your Win 10 than all of us poor slobs who got the free upgrade.

I would even argue that he has more right since he paid money to be able to turn off telemetry 100%.

I would be 100% ok with things if Microsoft said "if you got the free upgrade, telemetry is on -- no choices. If you paid for it, here's a way to disable it completely."

In my estimation, that solves the situation cleanly for everyone.