Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Microsoft Privacy Security Windows

Microsoft Responds To Allegations That Windows 10 Collects 'Excessive Personal Data' (betanews.com) 159

BetaNews's Mark Wilson writes: Yesterday France's National Data Protection Commission (CNIL) slapped a formal order on Microsoft to comply with data protection laws after it found Windows 10 was collecting "excessive data" about users. The company has been given three months to meet the demands or it will face fines. Microsoft has now responded, saying it is happy to work with the CNIL to work towards an acceptable solution. Interestingly, while not denying the allegations set against it, the company does nothing to defend the amount of data collected by Windows 10, and also fails to address the privacy concerns it raises. Microsoft does address concerns about the transfer of data between Europe and the US, saying that while the Safe Harbor agreement is no longer valid, the company still complied with it up until the adoption of Privacy Shield. It's interesting to see that Microsoft, in response to a series of complaints very clearly leveled at Windows 10, manages to mention the operating system only once. There is the promise of a statement about privacy next week, but for now we have Microsoft's response to the CNIL's order.
This discussion has been archived. No new comments can be posted.

Microsoft Responds To Allegations That Windows 10 Collects 'Excessive Personal Data'

Comments Filter:
  • I am a superior animal and all my data attests to this fact.

    Toads, on the other hand, have something to hide.

    • Water warm enough for you, dear frog? Lemme turn it up a notch so you don't feel no chilling effect.

  • by LichtSpektren ( 4201985 ) on Thursday July 21, 2016 @11:06AM (#52554783)
    Even Microsoft themselves aren't denying Windows 10 is a spy machine.

    All of you who said that the privacy concerns were just FUD or that it's simple to turn off the surveillance, time to eat your crow.
    • by TheReaperD ( 937405 ) on Thursday July 21, 2016 @11:13AM (#52554841)

      I'm not saying this tool will completely block all of the data collected but, it does block the vast majority of it and is simple to install and it's from a company I find reliable: Spybot Anti-Beacon [safer-networking.org].

      • by Anonymous Coward
        Is this one of those security tools that intercepts telemetry and redirects it directly to China or Russia instead of the NSA?
        • by Anonymous Coward on Thursday July 21, 2016 @11:30AM (#52554967)

          Is this one of those security tools that intercepts telemetry and redirects it directly to China or Russia instead of the NSA?

          Not unless the IP 0.0.0.0 is going to China or Russia.
          Now stop being a tool.

          • by Anonymous Coward
            Did you actually check the source code? Oh wait... It's closed source AND a Windows program so you have no frigging idea what's going on inside.
      • by sexconker ( 1179573 ) on Thursday July 21, 2016 @12:07PM (#52555259)

        Anything running in Windows 10 is useless for stopping Windows 10 from phoning home. Windows 10 bypasses the firewall and HOSTS file when shipping off your data.

        • by Anonymous Coward

          HOSTS file

          You sure about that? I want to hear from APK on the subject...

          • As if he is the final word on anything? He doesn't even understand the basics of how the hosts file works and why it is such a bad idea to overload it.

        • Yes because Windows 10 bypassing two internal windows processes which are well understood by Microsoft makes you instantly an expert on a 3rd party product combined with a broad generalisation that something can't be done from the host system?

          Man you give up easily.

          • by sexconker ( 1179573 ) on Thursday July 21, 2016 @02:27PM (#52556347)

            You don't have to be an expert to know that you can't control Windows from within Windows. We've already seen Windows 10 lie about its behavior.
            You need an external device not running Windows to ensure you're not leaking. That means tracking every outbound connection from a Windows 10 host at the switch/router, investigating every IP, and blocking anything affiliated with Windows 10 "telemetry" or "updates". Then you'll need to manually download every actual security update, possibly from another system, and install them individually. Because yes, you still need security updates.

            Windows 10 is a shitshow and a complete non-starter for anyone who cares at all about security or privacy.

            • You don't have to be an expert to know that you can't control Windows from within Windows.

              And yet that's precisely what many low level tools are capable of. You don't think Microsoft's web facing keylogger is running in the lowest levels of the kernel do you? If so here's a picture of a tinfoil hat for you: https://en.wikipedia.org/wiki/... [wikipedia.org]

              • There are no "low level tools". Nothing within the OS operates at a lower level than the OS. Windows 10 can and will intercept everything and lie about anything.

                If you haven't stocked up on tinfoil hats for the past 15 years, you've got your head in the sand and your ass in the air.

                • Yes. The entire Windows 10 system runs with identical privileges and there's no such thing as privilege rings, and Microsoft run all high level data gathering and network facing telemetry right at the lowest level to thwart all efforts to stop the data collection, everyone who never took a computer class knows that.

                  Maybe some tinfoil body armour would be better: http://thegatewaypundit.com/wp... [thegatewaypundit.com]

      • I'm not saying this tool will completely block all of the data collected but, it does block the vast majority of it and is simple to install and it's from a company I find reliable: Spybot Anti-Beacon. [debian.org]

        Your link was wrong. I fixed it.

        • I tried this but suddenly my windows programs don't work, the start menu looks different and when I said I was happy with the look and feel of what I had the elitism of the community gave me cancer.

      • I'm not saying this tool will completely block all of the data collected but, it does block the vast majority of it

        We should probably be clear on what you mean by "vast majority" of data.

        For example, suppose that the tool blocks 99% of Windows' phone-home calls, and reduces the number of bytes sent by 99%. But what does get through is all of my important passwords, PKI private keys, and bank account numbers.

        Perhaps all we can really say is that using Anti-Beacon is probably better than nothing?

      • Comment removed (Score:5, Informative)

        by account_deleted ( 4530225 ) on Thursday July 21, 2016 @05:06PM (#52557341)
        Comment removed based on user account deletion
    • by Anonymous Coward

      Well they're shills so they'll keep posting pro-micro$ comments. Those of us who will never upgrade to spydows 10 (and never buy a micro$ product because they now put their spyware in all their new products) don't really care what the shills have to say.

    • How could you deny what is blatantly obvious? Basically what they did was to say "Yeah. So?"

    • Even Microsoft themselves aren't denying Windows 10 is a spy machine.

      You're reading too much into this. They simply have not denied the allegations yet. They have not really responded.

    • Even Microsoft themselves aren't denying Windows 10 is a spy machine.

      The definition of personal data is broad and should be carefully reviewed in this case. Them knowing what you clicked and the failure attached to the series of action is hardly personal data that anybody truly cares to protect. Same goes for hardware specs. If anything, most users would be happy to hand over that data to help their favored platform become more stable.

      All of you who said that the privacy concerns were just FUD or that it's simple to turn off the surveillance, time to eat your crow.

      The situation is still the same. What is the collected data? last time MS responded, the data collected was no more than what you search engin

      • by chipschap ( 1444407 ) on Thursday July 21, 2016 @12:35PM (#52555477)

        last time MS responded, the data collected was no more than what you search engine collects. It was definitively less harmful than the data your GPS or cell phone carrier collects. Christ, your credit card, your bank and your air miles card have far more important data

        You've clearly demonstrated what's wrong: way too many organizations collect way too much data, and there's little we can do about most of it short of withdrawing from society.

        You also said no one has been particularly harmed by this. I can't argue this either way, but what is harmed is our right to have a private life. To some of us that still means something.

        • At this point, it's useless to argue that data collection harms the public. They don't care.

          We should be arguing that not all businesses or professionals can afford (or even qualify to buy) Windows Enterprise, and therefore business assets and confidential customer data are at risk. If the majority of people won't stick up for the rights of the minority, then you just have to appeal to the "right" minority to make a problem a proper legal issue.

          • At this point, it's useless to argue that data collection harms the public. They don't care.

            Explain how.

            I can come up with plenty of examples where data collection has actually resulted in lives being saved. Not to confused with this data collection but I'm just saying you statement is horribly wrong.

            We should be arguing that not all businesses or professionals can afford (or even qualify to buy) Windows Enterprise

            Convince 10 people that have full time jobs to ditch all their mobiles devices and we can start making of case of how MS is evil and must be stopped.

        • You've clearly demonstrated what's wrong: way too many organizations collect way too much data, and there's little we can do about most of it short of withdrawing from society.

          There are laws and MS like many other abide by them. MS however has an option for their support to collect more data but no different than LogMeIn, is intended to be turned on for specific cases and specific periods or time.

          You also said no one has been particularly harmed by this. I can't argue this either way, but what is harmed is our right to have a private life. To some of us that still means something

          It comes down to what most want and don't want. If people were that concerned with the data collected they would actually look into it. Fact is that most people don't care. I say this because I've had people approach me (being the IT reference at work) and ask what they collect after see

      • by WheezyJoe ( 1168567 ) <feggNO@SPAMexcite.com> on Thursday July 21, 2016 @12:44PM (#52555553)

        When you use a Google product, like Maps for instance, there's something of informed consent going on. You know you're being tracked, it's right there on your smartphone screen. But it gets weird where the OS itself may be doing the snooping, regardless of whether you're using an app or not. Microsoft has this past reputation of baking things deep into the OS (*cough* internet explorer *cough*) in order to gain an advantage over its competitors, and here there's a case to be made that they're leveraging their dominance on the desktop to get with modern times and start making money through targeted ads, STARTing with their lackluster app store (heh heh, see that I did there?)

        I have yet to hear a case where this collection of data was detrimental to an individual. And please, don't bring up the bandwidth usage because that's a drop in the bucket compared to what ads run on most websites.

        You're right. All we know definitively is that there's a lot of traffic sent by Windows back to Microsoft, but there's little reliable data concerning what it is. We have to take on faith that the data does not include information about the contents of your C drive. But think about it. You can choose not to store anything on Google Drive if you are paranoid about their search routines, but if Windows is gonna index everything from the C drive to the "secure" thumb drive in the USB port, where are you gonna save to?

        This is a big deal. Like it or not, people use Windows for work, medical records, attorney docs and shit, and not all of them can pay for a fancy Enterprise license which permits a trained Microsoft nerd some control over what's going on. A statement from Satya [wikipedia.org] to the effect of "we will not spy on your shit, nor will we give up what we do have even if the FBI comes knockin" would be most re-assuring (even if non-binding), but we don't even get that!

        • by Anonymous Coward

          You don't think it sends stuff from your c drive? Run wireshark between the win10 box and your router and then create a new file with notepad and save it. Watch the instant traffic from that box to ms telemetry servers.

      • The definition of personal data is broad and should be carefully reviewed in this case. Them knowing what you clicked and the failure attached to the series of action is hardly personal data that anybody truly cares to protect.

        I care deeply about it and will take any action necessary to deny any OS vendor this capability. None of their goddamn business period.

        Same goes for hardware specs. If anything, most users would be happy to hand over that data to help their favored platform become more stable.

        It is nice they are given a choice... oh wait those ever forgetful levers in the privacy settings don't actually stop anything now do they?

        The situation is still the same. What is the collected data? last time MS responded, the data collected was no more than what you search engine collects.

        None of Microsoft's business what I do or where I search.

        It was definitively less harmful than the data your GPS or cell phone carrier collects.

        Is Microsoft the same company whose Windows 10 mobile platform collects your GPS location without your consent or any ability to stop it whenever you want to use your GPS locally?

        Christ, your credit card, your bank and your air miles card have far more important data and they use it in whatever way they see fit (within the confine of the law).

        N

        • Your responses and links do not AT ALL present an argument towards the actual speculations. All I hear in you arguments is that you hate MS but your ok with everybody else screwing you. Actually, if anything the links you provided state that MS is compliant and reasonable (which I'd argue is only partially true).

          If you truly care about any of the things you said then I must assume you do not own a mobile device otherwise your a hypocrite.

      • by MrL0G1C ( 867445 )

        The situation is still the same. What is the collected data? last time MS responded, the data collected was no more than what you search engine collects. It was definitively less harmful than the data your GPS or cell phone carrier collects. Christ, your credit card, your bank and your air miles card have far more important data and they use it in whatever way they see fit (within the confine of the law).

        I have yet to hear a case where this collection of data was detrimental to an individual

        So, you woul

        • So, you wouldn't mind if we put webcams in every room of your house and streamed live 24/7 because hey, it wouldn't harm you, would it.

          The fact that you think MS's data collection practice compares with your statement tells me you're clueless about what MS actually does. Come back when you've actually read more than the headlines.

          • by MrL0G1C ( 867445 )

            The fact is you're avoiding the point, the point is that to some people privacy invasion is a harm like verbal harassment is a harm. Google are worse in reading peoples personal communications of course but there is better competition in email providers, if you're a PC gamer then there is nothing on a par with windows for the number of games available and at far better prices via seasonal sales etc.

            • The fact is you're avoiding the point, the point is that to some people privacy invasion is a harm like verbal harassment is a harm

              People are too butt hurt these days. You can't use the word retarded without a bunch of people getting their panties in a knot.

              if you're a PC gamer then there is nothing on a par with windows for the number of games available

              That is not true. Playstation and Nintendo make great products. The steambox is another alternative. The fact is that it can't bother users that much if they are willing to stick with MS. 350 Million installs is not all gamers.

      • Them knowing what you clicked and the failure attached to the series of action is hardly personal data that anybody truly cares to protect. Same goes for hardware specs.

        Says you. I, along with many others, very much want to protect it.

        If anything, most users would be happy to hand over that data to help their favored platform become more stable.

        Perhaps so. There's an easy way to make all users happy: provide a way to turn off all telemetry. Why won't Microsoft do that?

        I have yet to hear a case where this collection of data was detrimental to an individual.

        This is irrelevant. It's my data, and I should be able to choose who I share it with and who I won't. Whether or not that data is sensitive according to others shouldn't factor into it.

        • Says you. I, along with many others, very much want to protect it.

          Says the 350 million users that accept to use it this way knowingly. I know many don't know but many do and still use it the same way you still use your cell phone regardless of the fact that you're location is tracked 24/7.

          Perhaps so. There's an easy way to make all users happy: provide a way to turn off all telemetry. Why won't Microsoft do that?

          Totally agree but they figured the flak was worth the data yielded. Considering how much press they got over it they would have backed off otherwise.

          This is irrelevant. It's my data, and I should be able to choose who I share it with and who I won't. Whether or not that data is sensitive according to others shouldn't factor into it.

          You can't fix this with MS or any of the other companies that does this. You need to fix this at the core (through laws like the ones in ex

      • What is the collected data? last time MS responded, the data collected was no more than what you search engine collects.

        1. I don't recall Microsoft ever detailing exactly what data is being collected.

        2. It's encrypted, so we can't examine it for ourselves.

        3. Microsoft has been deceptive and even telling outright lies since the beginning [arstechnica.com] of the Windows 10 rollout.

        I have yet to hear a case where this collection of data was detrimental to an individual.

        See 2, above. No one can look and see what data Microsoft is collecting from their Windows 10 PC, so how is one to know whether or not they've been harmed? Your argument is the same one NSA uses to claim they can't be sued over warrantless wiretapping. "No one can pr

        • 1. I don't recall Microsoft ever detailing exactly what data is being collected.

          MS revealed it a while back. Here's a link summarizing it.
          http://www.windowsecurity.com/... [windowsecurity.com]

          2. It's encrypted, so we can't examine it for ourselves.

          It should be encrypted. Why would you have it any other way.

          3. Microsoft has been deceptive and even telling outright lies since the beginning [arstechnica.com] of the Windows 10 rollout.

          Unclear, not deceptive. They said it would be free and didn't know what direction the licensing would head. That's perfectly fine as fine as most are concerned.

          See 2, above. No one can look and see what data Microsoft is collecting from their Windows 10 PC, so how is one to know whether or not they've been harmed? Your argument is the same one NSA uses to claim they can't be sued over warrantless wiretapping. "No one can prove they specifically were wiretapped, so no one has any standing to sue." I say bullshit to that argument.

          That's your paranoia kicking in. Do you think you matter that much that you will be harmed by your data? If the government wants to take you out stop trying to find an out because you're already cooke

    • by Megol ( 3135005 )

      First: I'm not a shill, second: there's no need to eat crow given that the article doesn't say what you say it does, third: Microsoft doesn't deny that _some_ people think Windows is a spy-machine.

      • More than that, Microsoft freely admits that there is no way to turn off all telemetry. In other words, they freely admit it's a spy machine.

    • Don't attribute to maliciousness what can be attributed to incompetence. The telemetry was probably built up with no central design as a result no easy way to turn it all off. They won't spend time fixing it till it hurts them enough.

      Also the fear of telemetry being used to spy on users is overblown. More and more software products add telemetry to be able to improve how their software works. It allows them to spend time improving the features users actually use and fixing their pain points. As a result
      • Also the fear of telemetry being used to spy on users is overblown.

        This misses the point. The point is that there's no way to stop it if you find it objectionable. If someone is collecting data on my against my will, they are spying on me. Whether or not they use that data for malicious purposes is irrelevant.

        More and more software products add telemetry to be able to improve how their software works. It allows them to spend time improving the features users actually use and fixing their pain points. As a result they can build better products.

        Yes, and in every case that they do this without informing the use and providing a means to stop it, they are behaving badly. That this is happening with increasing frequency is precisely why I started firewalling off all applications by default, so they can't send an

  • by Coisiche ( 2000870 ) on Thursday July 21, 2016 @11:11AM (#52554811)

    There is the promise of a statement about privacy next week

    So after the final date for free Windows 10 then?

    Why do I have the feeling that statement will be "Gotcha! Suckers!"

  • by Shadow IT Ninja ( 3891909 ) on Thursday July 21, 2016 @11:13AM (#52554837)
    From TFA, it sounds like the headline here should be more like "Microsoft Acknowledges But Does Not Respond To Allegations That Windows 10 Collects Excessive Personal Data."
    • by MtHuurne ( 602934 ) on Thursday July 21, 2016 @11:55AM (#52555185) Homepage

      Exactly. The core issue is that Windows 10 is collecting personal information that is not required for the functioning of the OS or the services it provides to the user. There doesn't have to be a discussion over where Microsoft stores the information, since they shouldn't be collecting it in the first place.

    • You read it wrong. You have to read this part:

      As the European Commission observed, Microsoft's January 2016 Privacy Statement states that the company adheres to the principles of the Safe Harbor Framework. Microsoft has in fact continued to live up to all of its commitments under the Safe Harbor Framework, even as the European and U.S. representatives worked toward the new Privacy Shield

      This is not just a problem for MS but MS tends to make the headlines even when it's a non issue.

  • "It's not true, and we know who you are who said that. We're coming for you."
  • In typical fashion, Microsoft responds with something better than no response to gauge where the French government will go from here to see what they can get away with without ruffling too many folks. They will litigate to the point where they'll pay a small amount of money to appease the French and all will be back to normal. The unacceptable behavior by Microsoft continues and I'm sad to say I see no end in their methods. They continue to trounce on the privacy and freedom of its users.
  • Comment removed based on user account deletion
  • Your name
    Your Date of birth
    Your SSN
    You current address
    You last 7 years of taxes.

    All public info that the government has already. So no worries.

  • by c ( 8461 ) <beauregardcp@gmail.com> on Thursday July 21, 2016 @11:42AM (#52555073)

    I haven't RTFA, but I expect the response is something like "Excessive?!? Are you kidding me? It's not even close to what we need. We've barely gotten started!"

    • My SIN (the Canadian equivalent of a SSN) is NOT public. The government now advises never to carry the certificate (we no longer issue cards) on you. It's only for government use (employers can have it for reporting earnings, and banks for financial transactions. If you don't want t o give your SIN, all mone entering the account will be subject to a percentage being withheld.

      Your taxes are NOT public - otherwise why the big deal about candidates revealing (or not) their personal tax records?

      We have univer

      • by c ( 8461 )

        My SIN ... is NOT public. The government now advises never to carry the certificate ... on you.

        Ironically, the government used to be one the biggest abusers of the SIN. I stopped carrying my card 20 years ago when I worked for DND; it was used for so many things (just about every piece of paperwork and front-and-center on your id) so often that you couldn't help but memorize it.

        If you're that carefree with your personal data, you should be worried.

        ... but I suspect you were replying to someone else's comm

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Thursday July 21, 2016 @11:54AM (#52555173) Homepage

    and nothing that any of us should worry about, then why is there not a way in which the PC's user can view all of the data that is sent to Microsoft? This should include a plain English [plainenglish.co.uk] explanation of everything. After all: why should a PC's owner not see what it sends ?

    Disclaimer: I do not have any MS product

  • by Z80a ( 971949 ) on Thursday July 21, 2016 @12:05PM (#52555247)

    I know you're typing right now how you're suspicious that Windows 10 watches your every move, but you can rest assured no such thing occurs.
    Also you forgot the comma on the line 3.

    • I know you're typing right now how you're suspicious that Windows 10 watches your every move, but you can rest assured no such thing occurs.

      And you know this how, exactly?

  • by Anonymous Coward on Thursday July 21, 2016 @12:30PM (#52555431)

    With MS's failure to address this, I wonder if this confirms that Windows 10 is essentially illegal to use in Doctor offices across the US, as well as Public Libraries? Both institutions have federal laws on records preventing the sharing of information with third parties unless noted by the patient/patron specifically.

    As such, the use of Windows 10 for either may well be illegal.

    • The Enterprise edition is sufficient for those cases.

      Even if it were an issue, they could block the machines from communicating with Microsoft.

      Updates can be distributed via WSUS, so there is no need for business workstations to connect to Microsoft servers at all.

  • by UnknownSoldier ( 67820 ) on Thursday July 21, 2016 @12:39PM (#52555503)

    Hey MS

    If you want to _prove_ your innocence then show the source code so we can audit what, when, where, data is being collected.

    Because you have ZERO trust at this point.

    What's that? Have "faith" in you? BWUAHA. Fuck your arrogance and spying. PROVE IT.

    • Microsoft is dealing with a regulatory body that has issued them a warning. They don't need to "prove innocence". They need to demonstrate compliance with the law by the deadline.

      It doesn't matter if they convince CNIL that their current regime is adequate or if they change the telemetry behavior on French installations.

      Until CNIL imposes a penalty, they have every reason to be cooperative and accommodating.

      It must be nice to live in a country where laws protect the privacy of citizens from corporate intere

    • Re: (Score:2, Funny)

      by Anonymous Coward

      In the Year 2121: Windows 7 is still the OS everyone uses despite being out of service. Since everyone turned off updates in 2016 no one noticed...

  • Where do you draw the line?

    • I'm always willing to share this information. I've found it is hard to find legit conversation points to brag. "Hey, it sure is humid" "Yeah, I'm as big around as your wrist" "uh"
  • by tlambert ( 566799 ) on Thursday July 21, 2016 @02:03PM (#52556205)

    "Microsoft responds..."

    We have no idea what would lead Jeremy Archibald Plevin of 2217 Sand Fort Terrace, Blivet Michigan, whose social security number is 555-666-7777, and who only has $9,472 in his bank account and that $100 savings bond his grandfather gave him when he turned 13, and tends to watch an average of 17.3 cat videos per month, and whose favorite search term is 'midget porn' (seriously, Jeremy?1?) to make such unfounded accusations. However, we'd like to assure you, they are unfounded.

  • " Microsoft has now responded, saying it is happy to work with the CNIL to work towards an acceptable solution."

    I bet the acceptable solution will be sharing some of that "telemetry" data with the French government to look the other way. Similar to the deal Microsoft worked out with the NSA.

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...