Security Analyst Concludes Windows 10 Enterprise "Tracks Too Much"

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Those of you who are curious about how data collection works in the Enterprise version of Windows 10 may find this one interesting. While the writer’s initial results were far worse due to misconfigured group policy settings, he ultimately determined, after proper testing, that the for-business version of W10 is still pretty invasive. Yeah, you could have guessed that, but he does lay out some key points that highlight certain nuances.

...even the recommended method for eliminating data collection isn’t completely effective and causes a number of problems. Therefore, if you have a volume license to buy Windows Enterprise (no, you can’t buy just one), apply the Windows Restricted Traffic Limited Functionality Baseline before bringing it online, don’t install anything, and don’t use your computer, the data sent to Microsoft is quite minimal. If you don’t have the Enterprise edition, the best you get is basic telemetry (see what they collect), that is if you know to change it from the default enhanced levels (see what more they collect!). For many users the telemetry and other tracking is set at the maximum default levels.
 
in b4 "He's just one guy on the internet that hates Microsoft". He's anything but.

...first let me explain that I have been using Windows exclusively on my desktop for more than twenty-five years. In the early 90’s I did Windows tech support for a major computer company. In the late 90’s I worked for a software company as Director of Microsoft-Based Development. I wrote a column for SecurityFocus.com on Windows security. I have written for Windows IT Pro Magazine, Redmond Magazine, Windows Web Solutions, Windows Secrets and others. I also wrote a book on ASP.NET security. Microsoft awarded me with the Most Valuable Professional (MVP) award seven times. Windows is kinda my thing.

But that thing changed with Windows 10. A shift in Microsoft’s philosophy has lead to a massive collection of data from Windows computers. For me, it’s not only a privacy issue but a security issue. — it’s hard to control what is happening on your computer when you aren’t in control.

The point of this article isn’t to bash Microsoft or ditch Windows. We face the same thing with Apple, Google, and so many others. What we need to do is fix this, even if that means getting lawmakers involved. It can only get worse from here.
Click to expand...

Conclusions:
  • You are opted-in to just about everything by default and have to set hundreds of settings to opt out, even on an Enterprise Windows system. Sometimes multiple settings for the same feature. Most Microsoft documentation discourages opting out and warns of a less optimal experience. It’s almost like they don’t want you to opt-out.
  • But you can’t completely opt-out. Windows still tracks too much.
  • Home and Professional users are much worse off due to limitations of some settings and lack of an IT staff. I’m not going to bother with captures from those systems, this has already been shared by many others. Spoiler: it’s bad.
Click to expand...
 
Last edited:
Ha!

Beat me by 3 minutes, Mega!

DPI said:
in b4 "He's just one guy on the internet that hates Microsoft". He's anything but.



Conclusions:
Click to expand...

Oh, trust me, the blind fanbois will still accuse him of hating MS and how all that spying is good for us.
 
I find the selective outrage over this with Microsoft amusing given that companies like Google and Facebook collect far more details about far more sensitive information. And people willingly cough it up, and defend doing so too.

Not that I think Microsoft is in the clear here; they should make it easier to control what gets collected and reported.

A good deal of the angst and fodder for stories like this are self-inflicted. That Microsoft can't see how tone deaf they appear - still - simply amazes me. So what if Google and Facebook get a pass - it may not be fair, but it's the way things are. Being "right" about how trustworthy around issues like this you may or may not be is not the issue - if people don't trust what you are doing that's not a good thing and you should move to not provide excuses for people to claim ulterior motives (i.e. give me a few switches to turn it off if I want to opt out!).

All the telemetry data in the world won't be useful if people stop using your products. And maybe some of that 90's arrogance still lives and they just assume people will willingly consume a shit sandwich. It may work for the short term but that hasn't been a good long term strategy - ever.
 
Yeah Microsoft loves to collect data for, how else you gonna SKYNET your next OS and browser if you don't have all that aggo data. Gotta feed those machines data for them to make guesses for what people want.
 
DocNo said:
I find the selective outrage over this with Microsoft amusing given that companies like Google and Facebook collect far more details about far more sensitive information. And people willingly cough it up, and defend doing so too.
Click to expand...

If a COMPANY doesn't like facebook getting any information about their business. They don't create facebook pages. If they don't want facebook in their networks they block facebook from their network.

If a COMPANY doesn't what google to have any search information... They are also free to block google sites, and direct their machines to Bing or Yahoo or duck or whatever the heck else they want.

If a COMPANY doesn't want Microosft to have any of their information... It would seem the answer is to freaking bad, at least as long as they choose to run Microsofts operating system on their hardware.

Anyone not wanting to hand such info to the companies you mention can choose to either not use their product or choose to use a product from the competition. In this case the product is the operating system, so 90% of the masses are going to say they have no other choice in OS. You are very right I'm not sure what MS long term plan really is. For years Win development has been driven by their enterprise customers... now it seems all that mad search cash has made them think a different way it seems.

I imagine Consumers + advertising dollars are turning out to be far more profitable then the enterprise clients where. So now they seem to be trying to sneak some of that data collection / revenue gathering tech into the enterprise version of windows as well. I seems to me a pretty bold faced over confident posture they can't afford as you suggest.
 
Last edited:
Crap, we forgot to add the warning that if company A does it it's ok for microcrap to also do it.
 
DocNo said:
I find the selective outrage over this with Microsoft amusing given that companies like Google and Facebook collect far more details about far more sensitive information. And people willingly cough it up, and defend doing so too.
Click to expand...
You know, I see this claim in every frigging thread, but can you name anyone who attacks MS while simultaneously DEFENDING Google or Facebook pillaging private data also? I would guess anyone who complains about this just sees this as a terrible precedent in general. I do. I think MS should deserve it double for bringing it needlessly to a paid desktop OS, but I'm not welcoming a Big Brother style surveillance for profit by any company. Maybe, just maybe, every company doing this can fuck off and MS getting heat is completely deserved.
 
I wonder if they data collect things like which keys I press with my keyboard and what order I press them in...

The worst part of data collection, is once you have the data you can use it and twist it to say or support just about anything you want. And since you are the one collecting it, its not out of the realm of possibility that this data can be "fudged" to your own liking. I feel like someday soon I will have to give up the majority of technology, not because I have anything to hide, but because I don't want to be accused of hiding something by anyone because "the numbers just don't add up". All the data collection going around and all the world governments' ever increasing surveillance policies don't abode for a very bright future.
 
I wonder how much of windows 10 data collection has been quietly added to windows 8.1,
for all of us that holding out upgra... no downgrad... no, I got it!
for all of us holding out from turning ourselves into cash cows for Microsoft.
 
ChadD said:
If a COMPANY doesn't like facebook getting any information about their business. They don't create facebook pages. If they don't want facebook in their networks they block facebook from their network.

If a COMPANY doesn't what google to have any search information... They are also free to block google sites, and direct their machines to Bing or Yahoo or duck or whatever the heck else they want.

If a COMPANY doesn't want Microosft to have any of their information... It would seem the answer is to freaking bad, at least as long as they choose to run Microsofts operating system on their hardware.
Click to expand...

The only logical response is to treat the 3rd one like the previous 2. It's sad that more companies are not doing it.
 
  • Like
Reactions: ChadD
like this
DocNo said:
I find the selective outrage over this with Microsoft amusing given that companies like Google and Facebook collect far more details about far more sensitive information. And people willingly cough it up, and defend doing so too.
Click to expand...

As ChadD stated, the difference here is that spying and tracking is being done at OS level in relation to Windows 10, even Android does not spy and track at OS level that we know of, such activities are in the realm of Gapps. When such underhanded tactics are performed at OS level, it means that as a consumer your options are effectively nil in many cases - Either give MS what they want or seek alternate solutions, while alternate solutions aren't as bad as many assume, there are individuals that need Windows in order to remain productive in their daily lives due to decades of Microsoft conditioning and it's simply not right that these consumers should be stripped of options just because they have valuable data worth $$ to Microsoft.

Considering companies like Facebook or Google, if you don't like what they're doing don't use what they're peddling. In the case of Windows that's just not a realistic option for many and the choice to share their own private data should be their decision and solely their decision. If you ignore the situation regarding online privacy with your head in the sand, eventually the tide's gonna come in.
 
ChadD said:
If a COMPANY doesn't like facebook getting any information about their business. They don't create facebook pages. If they don't want facebook in their networks they block facebook from their network.

If a COMPANY doesn't what google to have any search information... They are also free to block google sites, and direct their machines to Bing or Yahoo or duck or whatever the heck else they want.

If a COMPANY doesn't want Microosft to have any of their information... It would seem the answer is to freaking bad, at least as long as they choose to run Microsofts operating system on their hardware.
....
Click to expand...

This sounds simple and easy except:
Google Analytic scrips run on most websites even if you never visit any Google site or use Google software. Same for Facebook, Twitter etc. Also, Google buys your CC histories from the CC companies. Same for banks and such. And those ISPs aren't collecting your browsing histories for just "improving your experience." They sell them to Google et al.

Plus, not having a social media presence is a real detriment for most companies. For many folks, Facebook IS their search engine and Twitter is their email stand in.

Sadly, it seems that the Chinese government is one of the few to have the balls to stand up to Microsoft and others over telemetry and monitoring. Of course, their history of putting bullets into the heads of folks that flaunt government policies might have helped. To be sure, it probably won't be long before most Chinese Win 10 builds have a government approved search engine, for an "enhanced citizen experience."
 
I have telemetry and other spying services disabled. Screw them. There's no settings for that but that does not mean it can't be disabled.
 
What needs to happen is Microsoft gets sued for unjust enrichment, because that's exactly what this is. Microsoft is piggy-backing on everybody's owned hardware, software-licenses, energy costs, time, and personal activity, to generate profit. It's theft, and it's entirely no different than someone installing Bitcoin-mining virus on people's PCs, that send the proceeds to themselves. Or, it's no different than you hooking up a digital coin mining machine to your neighbours electricity. It's illegal, with every aspect involved being already established as such in law.

For some reason, people are taking time letting it seep in, what's going on, as if it's something new and different because it's happening via software and from a known company... And that somehow makes some people feel and assume by default that whatever's happening, even though they don't understand it, it must be OK, somehow. Well, it's not. It's illegal, it's theft, and it's called Unjust Enrichment.

There has to be a class-action lawsuit to stop this behaviour by Microsoft, and by other companies that are starting to do similar, such as Nvidia, with their GeForce Experience driver telemetry.

It's time for people to wake up and realizing they're being complacent to a corporation that is turning their lives into fodder, lowering people to be beneath its sole discretion, harvesting their personally-owned resources and activity, and that is undoing the concept of sovereignty of the individual, with its users becoming its slaves.

If a politician steals a few million dollars, which is only a few cents from each taxpayer, they are a criminal and go to jail. If a stockbroker skims 0.2% of their trades for themselves, they're a criminal and go to jail. What Microsoft is doing is no different than either of those examples.
 
Last edited:
Delicieuxz said:
What needs to happen is Microsoft gets sued for unjust enrichment, because that's exactly what this is. Microsoft is piggy-backing on everybody's owned hardware, software-licenses, energy costs, time, and personal activity, to generate profit. It's theft, and it's entirely no different than someone installing Bitcoin-mining virus on people's PCs, that send the proceeds to themselves. Or, it's no different than you hooking up a digital coin mining machine to your neighbours electricity. It's illegal, with every aspect involved being already established as such in law. For some reason, people are taking time letting it seep in, what's going on, as if it's something new and different because it's happening via software from a known company... and that somehow makes some people feel and assume by default that whatever's happening, even though they don't understand it, it must be OK, somehow. Well, it's not. It's illegal, it's theft, and it's called Unjust Enrichment.

There has to be a class-action lawsuit to stop this behaviour by Microsoft, and by other companies that are starting to do similar, such as Nvidia, with their GeForce Experience driver telemetry.

It's time for people to wake up.
Click to expand...
I would add, pushing spyware unto innocent victims, their super aggressive GWX crap was an absolute abuse of power.
 
Delicieuxz said:
What needs to happen is Microsoft gets sued for unjust enrichment, because that's exactly what this is. Microsoft is piggy-backing on everybody's owned hardware, software-licenses, energy costs, time, and personal activity, to generate profit. It's theft, and it's entirely no different than someone installing Bitcoin-mining virus on people's PCs, that send the proceeds to themselves. Or, it's no different than you hooking up a digital coin mining machine to your neighbours electricity. It's illegal, with every aspect involved being already established as such in law.

For some reason, people are taking time letting it seep in, what's going on, as if it's something new and different because it's happening via software and from a known company... And that somehow makes some people feel and assume by default that whatever's happening, even though they don't understand it, it must be OK, somehow. Well, it's not. It's illegal, it's theft, and it's called Unjust Enrichment.

There has to be a class-action lawsuit to stop this behaviour by Microsoft, and by other companies that are starting to do similar, such as Nvidia, with their GeForce Experience driver telemetry.

It's time for people to wake up and realizing they're being complacent to a corporation that is turning their lives into fodder, lowering people to be beneath its sole discretion, harvesting their personally-owned resources and activity, and that is undoing the concept of sovereignty of the individual, with its users becoming its slaves.

If a politician steals a few million dollars, which is only a few cents from each taxpayer, they are a criminal and go to jail. If a stockbroker skims 0.2% of their trades for themselves, they're a criminal and go to jail. What Microsoft is doing is no different than either of those examples.
Click to expand...
Only if you also expand this to any ISP that tracks usage, Google, and any website that includes Google Analytics in site, toss Apple and Samsung in there for good measure.
Microsoft is only doing it because everybody else already is and making serious money off it, if you want it gone write and call your local government representatives and complain this up the food chain. Until some meaningful laws are passed if a device is used in conjunction with the internet than its usage is tracked and the data is sold to anybody who is willing to pay.
 
If the next windows iteration stays the same or gets worse for data mining then thats the last version of windows I will personally use on my own hardware.

Mind you, fuck did we expect from a free OS
 
Lakados said:
Only if you also expand this to any ISP that tracks usage, Google, and any website that includes Google Analytics in site, toss Apple and Samsung in there for good measure.
Microsoft is only doing it because everybody else already is and making serious money off it, if you want it gone write and call your local government representatives and complain this up the food chain. Until some meaningful laws are passed if a device is used in conjunction with the internet than its usage is tracked and the data is sold to anybody who is willing to pay.
Click to expand...

Use Duck, Duck, Go and don't use FB = No spying and no data gathering. Use a PC and chances are you're stuffed if you rely on Windows, with little in the way of options if you actually depend specifically on Windows for daily usage. This lack of choice is not good enough and is nothing like what Google and FB are doing as Google and FB aren't doing it at OS level.

OS level = Unacceptable.

At the same time,

Being spineless = Unacceptable. It's no good just saying "well FB and Google are doing it so we should all just bend over in unison!"

In Australia the government collect metadata via the ISP, they pushed it past the masses using terrorism as the lubricant. It's unacceptable, but at least it's not used for advertising purposes.
 
Last edited:
EVIL-SCOTSMAN said:
If the next windows iteration stays the same or gets worse for data mining then thats the last version of windows I will personally use on my own hardware.

Mind you, fuck did we expect from a free OS
Click to expand...

Windows 10 is the last version of windows. MS has said so many times. Its not really free either. They sold you a copy for your old licences. OEMS are still paying for new ones.
 
DocNo said:
I find the selective outrage over this with Microsoft amusing given that companies like Google and Facebook collect far more details about far more sensitive information.
Click to expand...
Sounds like the same deflection we get from presidential folks.
BulletDust said:
In Australia the government collect metadata via the ISP, they pushed it past the masses using terrorism as the lubricant. It's unacceptable, but at least it's not used for advertising purposes.
Click to expand...
Oh hell, I think it was Franklin who wrote something about anyone who trades liberty for security deserves neither. The NSA and such already collect everything. After all, Microsoft has bought and paid for their politicians, they can do whatever they want. We're now seeing that they don't even disagree with that, nor deny that they're collecting our data. They are immune. We will be assimilated. Resistance is futile, after all. Where's my god damn foil hat??
 
Dead Parrot said:
Plus, not having a social media presence is a real detriment for most companies. For many folks, Facebook IS their search engine and Twitter is their email stand in.
Click to expand...

Many folks are complete idiots unfortunately. They don't have a faintest clue what the 'social media' actually is.
 
I have a 15000+ line hosts file in addition to manually uninstalling as much as possible through powershell, and using Win10ShutUp, and using Spybot, firewalls up the cables, etc... and I know wireshark still tells me a shitload of traffic is being regularly sent to a multitude of places - unimpeded. Most of them MS IP's.

And before anyone replies with "but Google, but Facebook, but other social media". Sad luck there mates. I barely use Google, sans basic emails for forums and such. No facebook, no other social media etc.
The huge amount of profiteering behind users backs is insane (paying users no less!)

The point is that as users we should have the legal right to know exactly what is being done with any data generated and sent. If we disagree with any part of it, we should have the legal right to tell it (O/S, service provider, etc) to stop.
That businesses are free to do whatever they want with your data and profit from it - mostly without your input or knowledge - is disgusting.
 
Calavaro said:
I have a 15000+ line hosts file in addition to manually uninstalling as much as possible through powershell, and using Win10ShutUp, and using Spybot, firewalls up the cables, etc... and I know wireshark still tells me a shitload of traffic is being regularly sent to a multitude of places - unimpeded. Most of them MS IP's.

And before anyone replies with "but Google, but Facebook, but other social media". Sad luck there mates. I barely use Google, sans basic emails for forums and such. No facebook, no other social media etc.
The huge amount of profiteering behind users backs is insane (paying users no less!)

The point is that as users we should have the legal right to know exactly what is being done with any data generated and sent. If we disagree with any part of it, we should have the legal right to tell it (O/S, service provider, etc) to stop.
That businesses are free to do whatever they want with your data and profit from it - mostly without your input or knowledge - is disgusting.
Click to expand...

Very well said.
 
Lakados said:
Only if you also expand this to any ISP that tracks usage, Google, and any website that includes Google Analytics in site, toss Apple and Samsung in there for good measure.
Microsoft is only doing it because everybody else already is and making serious money off it, if you want it gone write and call your local government representatives and complain this up the food chain. Until some meaningful laws are passed if a device is used in conjunction with the internet than its usage is tracked and the data is sold to anybody who is willing to pay.
Click to expand...

IPS and online service data tracking are not relateable. When you visit a webpage, you're choosing to access somebody else's owned domain, and make a connection with them that requires the sharing of data. When you're in your OS, using offline functionality, you're in YOUR OWN space, using your own software licenses and hardware to produce your experiences, and you possess full rights over that space. Windows is a product, not a service - even though MS is trying to rebrand Windows as a service in people's minds for the sake of taking traditional rights people have to bought licenses away from them over time, Windows perpetual licenses are fully products, which contains services within them, but which a person doesn't have to use.

What you're saying about Google is analogous to a bank recording customer activity while they're within the bank, versus a bank recording customer non-online activity while they're in their own homes. There are laws against recording on private property. People's Windows environments are their own personal property, and it is illegal by every legal precedent for Microsoft to conduct analysis, collection, and self-profiting activity within that environment. When a person uses an online service, the servers of that service are the property of whoever owns them, and if a person chooses to engage them, then they're making the willful choice to, for the period of the engagement, share only the related information necessary for the purpose of their interaction.


"Everybody else is doing it" is not an excuse, but it's also also False. Everybody else is not doing it. Google is not doing it. Facebook is not doing it. Microsoft and viruses are the only groups invading people's private and personal spaces to steal their data for unjust enrichment. And it is fully illegal.

And those brushing it off are no different than an African-American slave justifying their enslavement by a white slave-owner by saying "everybody is doing it", as if that would somehow justify it. Such people are irresponsible with their own life, and are the enemy of every person who does not want to be a slave and who wants their personal life to be theirs.
 
Windows, Spying, and a Twitter Rant
Screenshots showing high levels of contact with Microsoft servers after employing all efforts to stop data-transmission
Additional screenshots of further Microsoft server activity, discovered later


I would like to give some personal commentary to the subject that those links are about.


If a politician steals millions of taxpayer dollars, which is only a few cents from each person, they go to jail. So what about when Microsoft is continuously piggy-backing on everybody's PC systems to enrich themselves? Microsoft is using people's own hardware, software licenses, electricity, computing power, data, time, and private activity for non-sanctioned business use, and the profit of Microsoft's executives.

Microsoft's data-mining is no different than a virus that is distributed to people's PCs to min mines digital coins using their CPU and CPU power, with the earnings being deposited in the e-wallet of the virus' creator. You could also look at it like someone setting up a mining farm, but connecting all their systems to their neighbour's electricity supply - except that in the case of Microsoft's data-mining, they are not using their own hardware, software licenses, and everything else, but those of the people whose systems are sending data to Microsoft... and so the coin-mining virus is a more suitable analogy.



Every aspect of Microsoft collecting data from people's PC systems and personally-owned Windows licenses is already established in law as being illegal. But some people are taking a bit of time to work through the understanding that leads to that recognition, because software-license owners are traditionally just not on the lookout for stuff like this and usually just focus on using their software, and not technical legal aspects or ethical implications behind its operation. Also, Microsoft being a well-known company whose products people have used for years throws a lot of people for a loop, I think, because they are used to just assuming that whatever they're doing must check out, somehow. Well, this doesn't. It's illegal from head to toe.

It's theft, but it's also Unjust Enrichment - which is the situation where one party is making profit for itself at the unjust expense of others. A current UE case involves ZeniMax targeting Samsung for Unjust Enrichment over VR technology that ZeniMax claims belongs to them but is profiting Samsung.

If you unilaterally utilize somebody property, or copyrights to make yourself money, who is legally entitled to the proceeds? Legal entitlement goes to whom the required property and rights that the profit is dependent upon belong to.



A person who argues that by using Windows 10 a person agrees to send Microsoft their data would be wrong, because sending Microsoft data is not essential to making use of the software functionality that was paid for when buying a Windows license, and so conditioning usage of the paid-for functionality on unrelated and Microsoft-profiting access to personal and private data would not pass the Reasonable Person test.

Also, such an argument would be in ignorance that the data sent to Microsoft doesn't come from only the owned software license, but also a person's personally-owned hardware, electricity, computational time, uniquely-generated data, and personal / private activity - things for which there can be no entitlement for Microsoft to use any more than a car salesperson can claim that if you buy a vehicle from them, that they then have a right to access and use your garage and everything in it, including the power source hooked up to it.

Additionally, the idea that Microsoft could exert any authority over an instance of the Windows OS after they've sold the license that represents the OS instance to somebody is a violation of the first-sale doctrine, which makes clear that such authorities and privileges pass to the owner of the property, in this case, the owner of the software license and the instance of the OS it represents, once it is sold. And the SCOTUS has just made a unanimous, 8 - 0 in favour, re-affirmation that decision-making rights leave from the seller to the buyer at the first-sale of an item.



I fully believe that seven-times Microsoft Most Valuable Professional award recipient Mark Burnett is right when he says "What we need to do is fix this, even if that means getting lawmakers involved. It can only get worse from here". Though, I believe it is important for big reasons beyond simple control and security of the OS.

Microsoft is stealing digital property, computational power, and electrical resources from everybody, and is making non-licensed usage of people's hardware property, the housing of that hardware, and are exploiting people's personal behaviours while those people are staying within their personal and private spaces (non-online activities). And in the process of violating Windows license-owners' rights over their property, resources, time, and behaviour, Microsoft is unjustly enriching its company and executives.

If action is not taken against those who commit these violations, then all established societal and legal notions of what property is, who possesses decision-making rights over it, how much a person can use their position to unfairly exploit others against their natural desire... then all existing understanding of those things becomes argued against, and a precedent is established where a person's property is anyone's to use by unilateral decision, and a seller of goods can enslave and overrule aspects of people's own private lives and property as part of their conditions for their sale. Effectively, a sale becomes not a transaction of goods for money, but a mechanism for enslavement and subjugation, with the seller behaving as if they possess a commercial license over a plethora of the buyer's possessions and entitlements.

A person whose personal and private PC system environment (non-online spaces) is sending data to Microsoft through telemetry, data-collection, and analytics of their behaviour is an employee of Microsoft who does not get paid, or receive any company benefits.
 
Last edited:
Loose Nut said:
I wonder how much of windows 10 data collection has been quietly added to windows 8.1,
for all of us that holding out upgra... no downgrad... no, I got it!
for all of us holding out from turning ourselves into cash cows for Microsoft.
Click to expand...

Telemetry was added to windows 7 and 8.1 via windows update last fall. You can search the web for was to stop it.
 
Delicieuxz said:
I would like to give some personal commentary to the subject that those links are about.

...
Click to expand...

Fantastic post.

You should copy and save this off and send it to online websites, magazines, everywhere. It's pretty damn awesome and I couldn't agree more.
 
You must log in or register to reply here.
Back
Top