Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft Operating Systems Privacy Stats Windows

Microsoft Telemetry Collection, Explained (theregister.co.uk) 213

New submitter Poohsticks writes: There's a nice breakdown of the updated information from Microsoft about what they are doing with the telemetry data that Windows 10 is collecting (original Technet article here) by Chris Williams at The Register. Interesting finds that better explain what's happening with that data (and how to control it).
This discussion has been archived. No new comments can be posted.

Microsoft Telemetry Collection, Explained

Comments Filter:
  • by lesincompetent ( 2836253 ) on Thursday February 25, 2016 @06:11AM (#51581123)
    Very little is explained. And there's no OFF setting.
    Fuck Microsoft, hard.
    • by buck-yar ( 164658 ) on Thursday February 25, 2016 @06:49AM (#51581211)

      Found this on reddit:

      I've seen theres a lot of speculation on whether the observed network connections from Windows 10 with privacy options on are actually spying or not, and figured some actual evidence would be in order.

      Anyone can recreate this for themselves:

                      Fresh install of Windows 10.
                      Set all privacy options to off, disable cortana, disable web search
                      Ensure all updates are done. Close all programs.
                      Install Fiddler, and enable HTTPS sniffing. (If you use wireshark, you wont be able to view the HTTPS)
                      Press stream in fiddler.
                      Click the windows search bar, type any letter, watch the HTTPS session to bing.com appear.

      Im still trying to figure out exactly what it is that it is transmitting, but its for sure sending a user-agent string that identifies itself as Cortana.

      Some observed behaviors:

                      Clicking on a link from an application (in this case, a download link from within Fiddler) submits the URL you are visiting to urs.microsoft.com.
                      Opening applications-- even with SmartScreen disabled-- opens sessions to apprep.smartscreen.microsoft.com and, among other things, submits the hash of the application. EDIT: Apparently you must also disable smartscreen in edge. Even so, it will initiate a connection to w.apprep.smartscreen.microsoft.com
                      Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. It will transmit a cookie, though so far I have not seen anything in there that looks like keystroke monitoring, as the only thing that appears to change between attempts is an HV section of the cookie. It appears to be downloading javascript, and submitting identifying data (screen resolution, install date, SID). The URL it uses is https://www.bing.com/manifest/ [bing.com]... [bing.com]
                      Opening the settings app and going into account options sometimes opens a session to public-family.api.account.microsoft.com:443. I suppose this would be expected.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      You can turn off Windows Update by setting the following registry entries:
      Add a REG_DWORD value called DoNotConnectToWindowsUpdateInternetLocations to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.
      -and-
      Add a REG_DWORD value called DisableWindowsUpdateAccess to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.

      Fuck microsoft very hard - to disable the We'reInstalling10WhetherYouAskedForItOrNot "recommended update", my gra

      • You can turn off Windows Update by setting the following registry entries:
        Add a REG_DWORD value called DoNotConnectToWindowsUpdateInternetLocations to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.
        -and-
        Add a REG_DWORD value called DisableWindowsUpdateAccess to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.

        Even something as straightforward as changing a registry setting, is beyond the skillset (or willingness, or caring enough) of the majority of average PC users. That is: if PC is actually under users' direct control - in a corporate setting, it often won't be. Imho any OS should by default send out / retrieve as little as practical from network sources. Beyond that, network access should be user-triggered, enabled on an individual services / application level.

        But what struck me while going through the Te

        • The length of the TechNet article is probably due to how this probably isn't some coordinate evil conspiracy from Microsoft leadership. Even though there's a push for One Microsoft, there's still plenty of places where each team and sub team is responsible for developing and testing their one thing, and so they create their one setting for it. As a result there are lots of settings. Plus lots of the work was probably under way before Windows 10, or the One Microsoft push.

          You may want one big switch to do al

          • So? I don't care whether Microsoft is cleverly serving its masters from Yuggoth, or if this was a result of thoughts telepathically inserted into the minds of each lowly project manager by lizardmen. I care what information Microsoft is taking, and what I have to do to stop it, and how much work that is, and how much work I have to do after every update that Microsoft forces on my computer when I'm not looking.

    • The subject of the post is not always the topic of the article. It's often a tangential or unrelated matter. I usually change the subject line of a thread when posting, not because I expect anyone to read it, but so I'll have a better idea what is being responded to if I get any reply notifications in my email.

      Just because you don't use something does not make it stupid.

  • by Anonymous Coward on Thursday February 25, 2016 @06:19AM (#51581143)

    Most people here have been commenting with something like "Stop Using Windows", but I think this is the wrong message.

    Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".

    My software company has just ruled out all future Windows development. Yes, that means we'll lose some clients, and yes, that means we will have some customer training issues to resolve. But compared to the clusterfuck that is Windows10, it was actually a pretty easy decision for us to make. If Microsoft wants to be a part of the future of software development then they will need to continue to push .NET onto cross platform, and clean up that Mono license so that we can all use it with confidence. Otherwise, Microsoft software development is dead. Sure, not now, not in five years, but this is it: the beginning of the end.

    So stop writing software for Windows and watch the world change...for the better.

    • by AmiMoJo ( 196126 )

      What kind of software does your company write? Mine does applications for the water industry for managing networks, and there is no way we could switch to Linux because our customers would never accept it. They run a variety of apps on their computers, almost all of it Windows only.

      WINE isn't an option either, because it is unsupported. If an app doesn't work in WINE the vendor probably won't be interested in fixing it.

      • ...then your choices appear to be:

        1) Mac
        2) "Cloud" apps, online, in a browser

        In many cases, option (2) works well for a lot of people. I know all the reasons not to go that way, but most companies are more interested in having a solid contract and a working solution than they are worrying about things that may never happen (and supposedly if they do, then the contract is there to help).

        • by AmiMoJo ( 196126 )

          Actually, we are moving a lot of our software into the cloud. People like the mobile access to their data.

          The problem is that you still need a lot of Windows software to do things like interface with hardware.

          • by Alumoi ( 1321661 )

            And I bet the software used to access the cloud only runs on Windows. But hey, the cloud!

        • by HiThere ( 15173 )

          The cloud isn't a bad choice if you host your own cloud, and control access to the degree indicated by your security needs. A cloud running on a local device can be insulated from external access.

          To help you think of this, a cloud is what a mainframe used to be, with distributed access over a network, like a timeshare system used to have. Computers have gotten smaller and faster, and storage has gotten cheaper and bigger, so hosting your own cloud (i.e., tmeshare service) has gotten reasonable. You can a

      • Mine does applications for the water industry for managing networks, and there is no way we could switch to Linux because our customers would never accept it.

        Yep, you are pretty well trapped. But ya gotta write for the customer.

      • "Mine does applications for the water industry for managing networks"

        umm... H20-water, H20-Sewer? Am I close?

    • by DogDude ( 805747 )
      My software company has just ruled out all future Windows development.

      I call bullshit, AC.
      • My software company has just ruled out all future Windows development.

        I call bullshit,

        I call his "my company" is him and three friends in the evening.

    • Most people here have been commenting with something like "Stop Using Windows", but I think this is the wrong message.

      Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".

      My software company has just ruled out all future Windows development. Yes, that means we'll lose some clients, and yes, that means we will have some customer training issues to resolve. But compared to the clusterfuck that is Windows10, it was actually a pretty easy decision for us to make. If Microsoft wants to be a part of the future of software development then they will need to continue to push .NET onto cross platform, and clean up that Mono license so that we can all use it with confidence. Otherwise, Microsoft software development is dead. Sure, not now, not in five years, but this is it: the beginning of the end.

      So stop writing software for Windows and watch the world change...for the better.

      An overwhelming majority of the software for Windows is legacy software that was written for Windows 7 or earlier. Software for which you buy the CDs or download from their website. That same stuff can also be installed on Windows 10, and it'll do just fine.

      If, in contrast, you look at the Windows App Store, it's a completely different story. Any time you see any entity in the market that also advertizes the existence of an app, you'll notice that it's either iOS only, or iOS and Android only. Even W

      • by HiThere ( 15173 )

        Actually is only "Linux and the BSDs are still way behind Windows when it comes to applications in some areas". But they are far behind when it comes to advertising in all areas. And, to be fair, even when the Linux or BSD version is better, it will be significantly different, and they those who have learned the MSWind version find them less desirable. (It also works in the other direction.)

        So there is considerable entrenched opposition to switching away from MS even where there isn't a good reason. And

    • and clean up that Mono license

      What's wrong with the Mono license?

    • Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".
      My software company has just ruled out all future Windows development. Yes, that means we'll lose some clients...

      Most of us here don't have the luxury of pissing off 90% of our potential market and 100% of our existing Windows customers.

    • Most people here have been commenting with something like "Stop Using Windows", but I think this is the wrong message.

      Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".

      This is tree hugging. Impractical and in many cases suicidal.

      What would be more effective is if everyone contributed some of their time to WINE or heck even ReactOS. With enough effort this would provide the world with a low impedance path away from Windows.

  • by Z80a ( 971949 ) on Thursday February 25, 2016 @06:30AM (#51581167)

    We're still talking about a lot of basically untested internet aware services running on your background that have a microsoft tier of security, which means it is probably exploitable the hell and back, and basically identical on every single windows 10 box.

    That sounds like a gros michel banana scenario here pretty much, where someone with evil intentions would be able to abuse one of those flaws and pretty much wipe out a large quantity of windows 10 machines if not all of em in a whim.

    • If that happens, there won't be some movement to drop Windows and migrate to Linux / OSX. No, what will happen is that "out of the interesest of national security", The US Government will create a whole new Department Of Federal IT policy (DOFIT) which includes OS, app, and encryption standards (back doors); the most basic of course. For now. And Microsoft will lead (surprise surprise!!) the way in this endeavor (failure rewarded). The ultimate idea is to get all the young, hip, creative people to have as c

    • by ljw1004 ( 764174 ) on Thursday February 25, 2016 @08:58AM (#51581503)

      That's a FUD stretch. There's been no suggestion that any telemetry stuff accepts inbound connections.

      • by gstoddart ( 321705 ) on Thursday February 25, 2016 @10:30AM (#51582009) Homepage

        That's a FUD stretch. There's been no suggestion that any telemetry stuff accepts inbound connections.

        Sorry, but that is complete and utter bullshit .. or at least, there is an indirect mechanism:

        Full is where things get a little dicey, depending on how much you prize your privacy. If your system reports back strange crashes that Microsoft techies can't get their heads around, they can request extra data from your machine, which Windows 10 will hand over under remote control if management approves. This extra information can include some of your files so the engineers can recreate the exact crash in their labs using your data and apps. Microsofties can also run diagnostic tools on your system to gather more evidence. Here's Microsoft's explanation of the process:
        Before more info is gathered, Microsoft's privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
        Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
        Ability to get registry keys.
        Ability to gather user content, such as documents, if they might have been the trigger for the issue.

        If Microsoft engineers can request information about your machine -- like we're meant to believe they're sitting around looking for problems on everybody's machine -- then that either has to be a push to you, or on your next upload you get sent a payload which says "gather the following".

        But you'll notice it says "remote control" and provides a mechanism to run programs - which tells me there is now a mechanism to remotely control machines and run software. Like that won't get exploited real quick.

        They're using this because Windows 10 is essentially an extended fucking beta where they're building it as they go, and want to measure how much of a shit job they're doing.

        And if most versions can't select the Security only policy, what's to say that it won't be long before you can't deselect full?

        Sorry, but Microsoft has given themselves the right to do remote administration and data gathering ... and for all but the ones which can select Security, they'll do it in such a way that they can personally identify you. Oh, and apparently they'll gather some of your documents as well.

        No fucking way we can trust them with this, because as soon as they have the ability to tell your computer to package up some data and send it to them, some asshole in law enforcement is going to demand they misuse it. And don't say they won't, because that's exactly the kind of shit law enforcement and the security agencies are doing. No way they won't show up with an NSL demanding information and forbidding Microsoft from admitting to it.

        There needs to be a setting which says "you mayyro.slashdot.orgumstances collect any information as I do not consent to it". If there isn't, Windows 10 is going to cause Microsoft headaches they can't even begin to imagine ... starting with any country which has privacy laws that a fucking EULA can't overrule.

        Some of what is described should be illegal for them to do. In fact, in some places, I'm pretty sure it is.

    • That sounds like a gros michel banana scenario here pretty much, where someone with evil intentions would be able to abuse one of those flaws and pretty much wipe out a large quantity of windows 10 machines if not all of em in a whim.

      Remember the 20 lines of code needed to brick a UEFI based computer?

      Now imagine the Angler exploit kit.

      Now imagine sites that have been used to distribute it via advertisements

      Now imagine the move to make adblockers illegal.

      This house of cards is in pretty bad shape already, Microsoft's frontdoors only make it worse. Apocalyptic scenarios aside, the large push to discard all privacy ends up being as bad, or maybe worse for the vendors.

      • by Z00L00K ( 682162 )

        Like "rm -rf /sys" on Linux boxes. A lot less than 20 lines and could nuke the UEFI.

        • Like "rm -rf /sys" on Linux boxes. A lot less than 20 lines and could nuke the UEFI.

          Your point? It's like being excited about falling off a thousand foot cliff instead of a 300 foot cliff.

    • For those of you who were wondering what z80a meant, apparently the Gros Michel banana was one of the main banana species used and was wiped out by a fungal plague.

      In the 1950s, Panama disease, a wilt caused by the fungus Fusarium oxysporum, wiped out vast tracts of ‘Gros Michel’ plantations in South America and Africa, but the cultivar survived in Thailand.

      By 1960, the major importers of Gros Michel bananas were nearly bankrupt, and had waited to deal with the financial and environmental crisis

  • by jenningsthecat ( 1525947 ) on Thursday February 25, 2016 @07:35AM (#51581293)

    The founder of the company has sided with the DOJ against Apple. And Microsoft seems only to have gotten worse since Gates handed over the reins. That tells me all I need to know about Microsoft's trustworthiness as far as user privacy is concerned. Even if telemetry truly can be fully disabled, who's to say it won't be re-introduced without notice? Microsoft is sneaky that way.

    I almost wish I was still a Windows user so I could quit in protest, but I moved to Linux almost 10 years ago and haven't looked back. I feel for those who are stuck with it, for whatever reason. I never thought I would say this, but if my only two choices were Apple and MS, I'd choose Apple.

    • I didn't see BG say anything that Google didn't also say. I saw that BG's lukewarm "we should start a discussion, this is important" was interpreted as support for the DOJ, and Google's "this is important, we should start a discussion" was interpreted as support for Apple.

      But I could have misread their statements. But I didn't see it.

    • The founder of the company has sided with the DOJ against Apple.

      So have the majority of Americans if polls are to be believed. That stance carries no weight.

  • Microsoft sure knows how to dig a big hole and fall in it. With Windows 8 it was the infamous Metro UI. Now with Windows 10 it's an all-out user spying program, one you can't really even turn off. Who the hell makes these decisions?! Anyone here could've told them it's a really bad idea and skilled security analysts would easily find out about all the semi-hidden "features".

    It's as if they want to fail time after time, like a sadomasochistic hamster that enjoys electric shocks.

    • No, it's as if they know there's limited alternatives for the consumer market. Grandma isn't going to use Linux, sorry people -- and Apple costs money. This leaves Windows, and assuming they can lower the entry point and make up the money by forcible observation -- a tactic already shown to be accepted by the general public because its transparent and people cannot opt-out of it -- then they win. It's clever from the purely fiscal perspective, and shit for the long term as people find better, more user frie
      • Grandma isn't going to use Linux, sorry people

        Depends on what you mean by 'Linux'. If you mean GNU/Linux with X11, I agree. If you mean something running on a Linux kernel... a lot of people are using cheap Android tablets as their primary computing device.

      • No, it's as if they know there's limited alternatives for the consumer market. Grandma isn't going to use Linux, sorry people -- and Apple costs money.

        You are quite wrong there. I've got a lot of grandmas to run Linux - Mint is more like their old computer than W8 or W10 will ever be.

        OSX? That too expensive meme is getting old and creaky. Forgetting for a moment that buying an equivalent Windows machine exposes the canard, but the machines tend to last longer before needing a new one. But yes, it is true that you can go buy a cheap desktop at WallyWorld for maybe 350 dollars, which is a lot cheaper than my iMac. But that's like saying a Toyota Corolla i

      • by steveha ( 103154 )

        Grandma isn't going to use Linux, sorry people

        The thing is: why not? If you are volunteering as tech support for Grandma, you can make things easy for yourself by setting her up with Linux instead of Windows.

        That's what I have done. My father is over 80 and he is exclusively running Linux. (Specifically: Linux Mint 17.3, 64-bit with MATE)

        Once it's set up, it Just Works. It keeps on working. My father is completely happy. He has one must-have Windows app (Adobe FrameMaker, versions 5.5.6 and 7) and tha

      • Depends on what Grandma does with her computer. People like her are likely to be happy with something like Ubuntu, because they tend to do web browsing, light word processing, and maybe email and/or casual gaming, and not anything else. Someone who is more into computers is much more likely to want software that's only on Windows, or Windows and Mac OSX, and won't be happy with Ubuntu.

      • But I agree with the OP, Grandpa may still use windows, hell mom and dad might still use windows, but they are basically hammering nails into their coffin. It may take a while, but as Linux gets more and more user friendly (and free) in a generation or two Windows will be dead. The one thing still heavily in favour of windows for teenagers is the gaming, but with Steam leading the charge to get games cross platform how long is that going to last? If I was Microsoft I would have done my utmost best to mak
  • by some old guy ( 674482 ) on Thursday February 25, 2016 @08:28AM (#51581407)

    I run a windows boot for gaming only. Tried the *free win 10 upgrade* and after 20 minutes of unidentified net traffic and hideous I lag was reinstalling win 7.

    Solution? Since Steam now has Mac ports for pretty much everything I play, the next gaming rig will be an incredibly over-priced Mac Pro.

    I feel for the poor sods who are stuck with win 10 as a work platform or are too uninterested/uninformed to make a better choice for home use.

    • by GuB-42 ( 2483988 )

      Solution? Since Steam now has Mac ports for pretty much everything I play, the next gaming rig will be an incredibly over-priced Mac Pro.

      Why don't you try a "Hackintosh" build? That's a PC with carefully selected components so that you can run OSX on it.
      The Mac Pro is good but unless you actually are a pro and need it for your work, it is simply too expensive for what it has to offer.

      • Seconded. These days, with good EFI support across the board on new hardware and better bootloaders, you can install full OS X upgrades within the OS without having to know that it's a Hackintosh.

    • Since Steam now has Mac ports for pretty much everything I play, the next gaming rig will be an incredibly over-priced Mac Pro.

      But they are so sweet. I've moved onto iMacs since retiring, but at work, I used Mac Pros since they were available.

      But you have me thinking - I'm going to blame you if the wife gets pissed at me buying a new Pro.......

    • by antdude ( 79039 )

      What about Linux?

  • by TractorBarry ( 788340 ) on Thursday February 25, 2016 @09:40AM (#51581713) Homepage

    > what they are doing with the telemetry data that Windows 10 is collecting ?

    They're spying on you with no way to turn it off. That *IS* what they're doing. Windows 10 *IS* spyware. let's go through the questions... again...

    1 Downloads itself to your machine without you specifically asking for it ? YES

    2 Aggressively attempts to install itself taking over your computer in the process ? YES

    3 Sends unknown and/or encrypted data to unknown third parties ? YES

    4 Sends personally identifying information to unknown third parties ? YES

    5 Easy to remove ? NO

    Hmmm... Looks like spyware, smells like spyware, walks like spyware and talks like spyware. Windows 10 *IS* spyware.

    Anyone willingly using it is a moron. Microsoft shills go f**** yourself.

    • Sounds more like a trojan than spyware, really.
      • by Z00L00K ( 682162 )

        Today malware is multi-purpose.

        Sometimes I wish going back to the time of DOS viruses. At least they were more entertaining even though they were annoying.

  • It seems to be a state secret, but a significant number of rural Americans are stuck with noisy phone lines for connectivity. They get 32K connections. Maybe. On good days. I, fortuitously, live in the big city and have a DSL connection that typically runs at maybe 20% of it's asserted speed. Hell, we can even stream Netflix. Most of the time.

    With all this telemetry nonsense can Windows 10 even run on rural user's PCs?

  • by ISoldat53 ( 977164 ) on Thursday February 25, 2016 @11:25AM (#51582585)
    Didn't MS test this OS? Telemetry collection seems like a universal beta test. "Let put this stuff out there then see what happens. Then fix that."
    • Sure it's tested. But if their tests don't line up with customer experiences and behaviors, the tests are falling short. So by gathering telemetry, they can know what the end to end tests need to be testing.
  • I don't care, I block them all.

  • Granting themselves a backdoor by default whereby humans are able to selectively exfiltrate whatever data and configuration they please from your machines without your knowledge or approval.

    Absolutely stunning criminal trespass. No secret my opinion of Microsoft has taken a nose dive as of late but this is insane.

    • But its not criminal trespass see any privacy groups up in arms?? its a free OS no ones pointing guns at peoples heads to get it. The ones who pay are i guess getting enterprise editions which are more controllable by the owners but not 100%they are the ones IMO who can complain.Not the free installers though, brilliant move making DX12 win 10 compatible only that garunteess gamers will get 10.

Disclaimer: "These opinions are my own, though for a small fee they be yours too." -- Dave Haynie

Working...