Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Microsoft Privacy Security Windows IT

Does Windows 10's Data Collection Trade Privacy For Microsoft's Security? (pcworld.com) 181

jader3rd shares an article from PC World arguing that Windows 10's data collection "trades your privacy for Microsoft's security." [Anonymized] usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft's director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender... For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences.

Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers.

The article points out that unlike home users, enterprise users of Windows 10 can select a lower level of data-sharing, but argues that enterprises "need to think twice before turning off Windows telemetry to increase corporate privacy" because Windows Update won't work without information about whether previous updates succeeded or failed.
This discussion has been archived. No new comments can be posted.

Does Windows 10's Data Collection Trade Privacy For Microsoft's Security?

Comments Filter:
  • by Anonymous Coward on Sunday December 04, 2016 @08:21PM (#53422145)

    So we are all essentially honeypots for Microsoft Security. Good to know.

    • by skids ( 119237 ) on Sunday December 04, 2016 @09:12PM (#53422317) Homepage

      There is no such thing as a customer anymore, only unpaid beta testers.

    • by Motherfucking Shit ( 636021 ) on Sunday December 04, 2016 @09:50PM (#53422413) Journal

      You got it. After Microsoft fired all their QA testers, the SDLC concept for Windows 10 seems to be:

      • * Insiders are the alpha testers, but at least they volunteered for that.
      • * The general public are unwitting surveillance subjects and beta testers. Microsoft will Do The Needful to your computer whether you want it done or not. These mandatory patches can make your computer stop working, blue screen, lose data, or somehow fuck up previously perfectly working peripherals at any time. You can't decline a patch even if you know in advance it's going to fuck you up!
      • * Only Enterprise users get the finished product and they have to pay through the teeth for that privilege. Whatever patches didn't fuck up millions of consumer PCs may eventually make their way here.

      Add in the telemetry/spying and the only winning move is not to play.

      • by stooo ( 2202012 )

        Use Linux :)

      • With you until the last bit. Enterprise users get the Business Branch releases. This option is available to ANY user who ticks the defer update option on ANY version of Windows 10.

        I'll not talk about telemetry since it will just start a flamewar.

    • by ( 4475953 ) on Monday December 05, 2016 @06:49AM (#53423813)

      Actually, Windows 10 is less secure than any previous version of Windows, because it is almost impossible for any administrator to distinguish legitimate outbound network traffic from that of trojans and viruses. If Microsoft published a definitive list of all servers their software connects to without asking the user, explain what it does and what it transmits, and allowed you to block the traffic at will, then maybe it would be more secure. But right now, no way. It opens so many connections, it's impossible for anyone outside Microsoft to know what's really going on. (Don't forget that allegedly Microsoft-owned can also be hijacked, e.g. by direct attack on Microsoft's infrastructure or by DNS poisoning.)

  • No (Score:5, Interesting)

    by smooth wombat ( 796938 ) on Sunday December 04, 2016 @08:21PM (#53422149) Journal

    Next question. Do I get to see the telemetry of Microsoft employees since I or my employer is the one paying their salaries?

    After all, seeing how they use Windows 10 might help my organization improve its service to its customers.

  • What is a Microsoft talking head going to say? That Windows sucks to high heaven and that it does not spy more thoroughly into users because it can't? That would be news, for nerds or anybody else; this is not news, for nerds or anybody else.
    • It's better to keep your mouth shut and keep people guessing whether you're a crook than to open your mouth and eliminate any doubt.

  • by melting_clock ( 659274 ) on Sunday December 04, 2016 @08:33PM (#53422181)

    Telemetry should be able to be switched off entirely, on all Windows installs, so that our right to privacy in respected. Many of the apps that I use include telemetry but I only use those that provide an option to disable their telemetry, even though I will allow telemetry from some trusted apps. MS have repeated demonstrated that they cannot be trusted and it is scary that the released an entire OS that is actually spyware. In any case, it means that Windows 7 will be the last version I allow to be installed on any computer I own.

    If Windows update doesn't work without telemetry, that is a demonstration of MS incompetence and a very bad design decision. Linux is my main OS and it sends no telemetry for updates, while still managing to install updates. Those Linux updates also cover every piece of software I have installed in that OS, not just OS updates.

    • You're getting upset about the wrong thing because you apparently believe that software proprietors can be trusted. Ultimately who would tell you that a particular variant of Windows allows you switch some privacy-busting feature off? The proprietor — the very party you can't trust to tell you the truth.

      Structurally no proprietor is any different in this regard: they're all untrustworthy by default no matter what they tell you a feature is for, how to disable that feature, or whether you can trust the

    • Nonono, Microsoft needs to know if/when one of their may bugs is getting exploited by http://horseporn.com/ [horseporn.com] or not! Or liveleak.com or wikileaks.org for that matter.

    • by Sipper ( 462582 ) on Sunday December 04, 2016 @10:16PM (#53422509)

      Telemetry should be able to be switched off entirely, on all Windows installs, so that our right to privacy in respected.

      I agree; sharing of data online should be an opt-in operation rather than something that for the most part cannot be completely opted-out-of. Microsoft's EULA allows for sharing any data they collect with third-parties, and there are reports that they already have and are continuing to do so. There are those that are proponents of what Microsoft is doing, saying that it's "good" for the OS, however if any open-source operating system were to do what Microsoft is doing, it would receive a lot of criticism for sharing data without opt-in consent.

      There is some relief to be had however: on Windows 10 Pro and above the Telemetry service can be disabled. The service is named "Customer User Experiences and Telemetry". Look in "Administrative Tools" in "Services" and stop + disable it. The way to verify that the service is disabled is to look at the hidden folder %Program Data%\Microsoft\Diagnostics before-and-after stopping and disabling the service; before stopping the service the encrypted files there cannot be deleted because they're "in use", after stopping the service the files can be deleted and don't return.

      There are firewall rules concerning the "Customer User Experience and Telemetry" service that can be disabled too -- but (from what I've read) supposedly disabling these rules won't block the service from the Internet. i.e. similar to how some sites cannot be blocked via "hosts" file entries because Microsoft has hardcoded certain names/IPs in their DNS resolver, supposedly there are certain hardcoded bypasses to the firewall as well.

      It's possible to get Windows Update working over Tor, BTW. Windows Update unfortunately only understands an HTTP proxy, not Socks5, so another proxy (such as Privoxy, which is open source) is required to forward traffic to Tor via Socks5. Windows Update follows the proxy set by 'netsh winhttp set proxy IP:PORT;exception_list' (which requires being run from an Admin command prompt). Then firewall rules to block all traffic not coming from the Tor daemon. Verification via packet sniffing or via 'Tcpview' from SysInternals. Unfortunately what I see after all that is there is still some System-level traffic that accesses the 'Net directly, i.e. bypassing the firewall, so this still doesn't seem to be 100% trustable. (Not that it could be, anyway, given that Windows is not open source.)

      • by AmiMoJo ( 196126 )

        The safest option is to delete/rename the "Diagnostics" directory and then create an empty file called "Diagnostics". Remove system level privileges from it (only your user account has access) for good measure. Then even if an update or Windows Defender or whatever re-enables it, it won't be able to create any data to send.

        The system level stuff that bypasses proxies is there to prevent viruses simply setting up a proxy to prevent Windows Defender and Windows Update working. Similarly they will ignore entri

        • by Sipper ( 462582 )

          The safest option is to delete/rename the "Diagnostics" directory and then create an empty file called "Diagnostics". Remove system level privileges from it (only your user account has access) for good measure. Then even if an update or Windows Defender or whatever re-enables it, it won't be able to create any data to send.

          I like it, and I plan to implement it. Thanks for the idea.

          I didn't understand the following statement:

          The system level stuff that bypasses proxies is there to prevent viruses simply setting up a proxy to prevent Windows Defender and Windows Update working.

          I don't understand this as-is and I've re-read this a few times trying to figure out "what you probably meant instead" and haven't been able to figure that out either. If you wouldn't mind, please respond with a tad more detail so I can try to understand better. Thanks.

          • by AmiMoJo ( 196126 )

            Certain critical functions like Windows Update, Activation and Defender can bypass the hosts file, any proxies and have hard coded IP addresses so that they don't have to rely on DNS.

            It's too stop them being interfered with by, say, setting up a fake update server or adding "microsoft.com 127.0.0.1" to the hosts file.

            It's maybe a bit redundant now, because they sign updates with their private key. I guess it's just another layer of security.

    • by houghi ( 78078 )

      Default for telemetry should be off, not on.

    • If Windows update doesn't work without telemetry, that is a demonstration of MS incompetence and a very bad design decision.

      How is that a bad design decision or incompetence? I think it's quite the opposite. Why should Windows Update work without telemetry? MS gets more profit by having telemetry enabled on all systems, and it doesn't benefit them at all to allow users to disable it. After all, what are disgruntled users going to do? Stop using Windows? Fat chance. MS might as well force them to keep

  • by gweihir ( 88907 ) on Sunday December 04, 2016 @08:33PM (#53422185)

    Because that could be done with a fairly small number of users, no need to spy on all of them. Anyways, while I would pay money for Win10, it would have to be the LTSB-version, because spying can be fully turned off and no new "features" all the time. As at the moment there seems to be no way to get LTSB as private user or small business, I will stay on Win7 for anything that needs Windows (Office, gaming) and try to move everything else to Linux, where I at least have control over what gets sent to the distro (nothing). In the worst case I will get a gaming-only PC with Win10 (no email, no browsing, no work) in a few years, jail Office in a no-network Win7 VM and do everything else on Linux.

    • You're in The Matrix only instead of body heat they want your thoughts via the actions you take.

      • I'm sure the money they get paid by police/NSA more than pays for the loss of customers.
      • by gweihir ( 88907 )

        Good analogy. Yes, I think that is what is going on and I expect MS is both training some rather large classifiers as well as looks at any outliers manually.

    • by mathew7 ( 863867 )

      In the worst case I will get a gaming-only PC with Win10 (no email, no browsing, no work) in a few years

      Haven't you seen the automatic updates? There was a FPS streamer who's streaming suddenly got a "windows is updating"-bluescreen during a live session.
      Also, I personally have been impacted in a racing (lucky it was just practice) where I would see bad connection syptoms (cars skipping on the track) and only on shutting down Windows I realized it was "my connection" that was the problem (as I got the update-installing screen).

      So as gaming PC is also unsuable.

      • by gweihir ( 88907 )

        I have. But while a gaming PC being sabotaged by MS is annoying, it is not critical.

      • I don't see the problem here at all. Gamers should be *happy* to have Windows force an update during one of their games.

        I've been hearing for *years* from "gamers" how Windows is the One True Platform for games, and everyone needs to use Windows just because of games. So I'm quite happy to see them getting their games disrupted by Windows Update. Any of them who complain about this are hypocrites, given their steadfast support and advocacy for Microsoft and Windows.

        • by gweihir ( 88907 )

          I agree. I really hope Vulcan will finally break the MS dominance for games. Android already made some inroads (game-developers familiar with OpenGL and not being on Windows), but not enough.

    • by Holi ( 250190 )
      The problem is the backported all that telemetry to 8 and 7, except you get none of the benefits that they supposedly give you on 10. Which makes me think this is just a bunch of lies to make people feel better about it.
  • Does a chicken have lips?

  • by Anonymous Coward

    With Windows 10, you and your privacy are the product - sold down the road by Microsoft for commercial gain. Any potential that the OS might become more secure as a result of this data leaching is merely an unintended side effect.

  • by Anonymous Coward

    The information wheter a specific update failed to install is approximately the same as knowing which files user $USER$ had opened under whatever name. Seems appropriate M$.

  • by Anonymous Coward

    ...I have one simple demand: Guarantee that it will never be used against me. Ever. For any reason. Even if somebody holds a gun to their head (e.g. national security letter). And I get to define what "used against me" means. And if my data is ever used against me, Microsoft is strictly liable to pay me one billion dollars.

    If Microsoft is absolutely certain that telemetry data will never be used against the users it was collected from, these terms won't bother them.

    If Microsoft has even the slightest

  • by XSportSeeker ( 4641865 ) on Sunday December 04, 2016 @09:19PM (#53422335)

    Stop skirting around the theme and get to the point: the fact that data collection is obligatory and there is no option to completely disable it is the problem itself. Data collection in Windows systems have always been there more or less, the problem is how it became something that cannot be disabled, which is bad specially for companies with sensitive data.

    I don't care if Microsoft can post updates faster and enhance security with it, the way they figure that out is the company's own responsibility. Stuff like that cannot be pinned down as something users should be responsible for, specially for OSs that are still essencially commercial in nature.

    This has always been the problem with data collection schemes, and it'll continue being regardless if Microsoft PR talks it'll improve the experience or not. It's the same crappy excuse that all companies that profit on data collection use. All of them say the exact same thing. So I couldn't care less on what Microsoft PR declares they'll do with it, it doesn't diminish the disgust in any way. Privacy has always been a matter of principle, not on what some company says it'll do after the fact.

    If they want to go that route, fine, keep sending data back and making it harder and harder for clients to dial back on that shit. But don't expect users to change their views if they are not willing to back down. Windows 10 will keep having and deserving the image of being an OS that spy on it's users. And that's exactly what it does. It's extracting data from people's desktop, doing it's best to make that invisible, and taking away options to disable it.

    Much like they forced the Windows 10 update down lots of people's throats using some very dirty tactics, there's no excuse for what they are doing with ads and with stealing user data. I don't care if they say it's anonymized or whatever, I don't want my desktop sending anything back, period. People who are against this trend don't want to hear your promises on what you'll do with the data, we don't care. We're going for alternative routes that are not opting for data collection. That's it.

  • by Anonymous Coward

    Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

  • by ArtemaOne ( 1300025 ) on Sunday December 04, 2016 @09:55PM (#53422431)
    This is all a push to get people on the subscription model. Windows 10 Enterprise can disable it, and costs $7 a month. This is what Microsoft has been working toward for quite a while, and did it already with Office 365. If you want to continue to use Windows, they either make their money off your data, or a subscription fee. It's really that simple.
  • What's happening here in practice is that you're running a bunch of new, and possibly full of flaw network programs that probably can be exploited the hell and back.
    And you can't turn em off.

  • by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Sunday December 04, 2016 @10:26PM (#53422555)

    So when I offer a client confidentiality, it's supposed to be between him/her and me...Oh, and those guys over there at Microsoft. The guys who have already proved they'll roll over for any of the US letter agencies (and probably the government of Communist China among many others), and who have proved in the past to be embarrassingly incapable of "not fucking up".

    Not happening.

    My business computers will never, ever have Windows 10 on them. And that is one of my selling points.

  • Opposite of security - more people know your stuff.
    I wonder how long it will be before we hear of an intern at Microsoft abusing credit card numbers and other harvested information.
    It is a very stupid accident waiting to happen and only seems to have been done for a bit of one-upmanship on Google with their databases of search history.
    • That would never happen, like TSA would never be caught trading X-ray scans of passengers of all ages on the internet. It was designed so that's against a rule, so it wont ever occur!
  • If trading privacy for security is a thing, then why is Linux so much more secure than Windows?

  • ... that I am and feel more secure with Microsoft harvesting all that data from me. I don't, and I doubt I am more secure, even though Microsoft's PR machine says I am.

    .
    If Microsoft really wants to make my computing more secure, design a better OS architecture that doesn't need all these add-ons in order to feign security benefits.

  • "...unlike home users, enterprise users of Windows 10 can select a lower level of data-sharing, but argues that enterprises "need to think twice before turning off Windows telemetry to increase corporate privacy" because Windows Update won't work without information about whether previous updates succeeded or failed."

    Translation: Enable Telemetry, or we break your Security Kneecaps. Fuck You Very Much, and Have a Nice Day.

    Kills me that this is legal when IE landed them in court for way less than this mafia licensing bullshit.

  • So, it's bad enough that Microsoft is forcing telemetry and updates on Home and Pro users, but if Enterprise users *don't* enable telemetry, then their updates won't function properly?

    I'm guessing that the only reason they haven't been slapped with enough anti-trust lawsuits to suffocate under, is cause people are still able to stick with Windows 7 for the time being... Unless they've retroactively pulled the same crap update crap on Windows 7 like they did with telemetry?

  • So they are including Jails. Actually in 2016 I do think paravirtualization is quite handy for desktop use for all apps. Not just for FreeBSD, but for Linux, MacOSX, and even Windows.

    I disagree with the privacy and article. MS got a well deserved bad wrap with IE 6 and never quite recovered when it came to security.

Nothing will dispel enthusiasm like a small admission fee. -- Kim Hubbard

Working...