Microsoft Starts Collecting User Data from Windows 7 and Windows 8 PCs

By LimeMaster
in Back Page News

 Share

Recommended Posts

Grand Master

Active.

Posted
Posted (edited)

 You think Apple don't collect telemetry on OS usage?

Easily controlled and turned off by default (as far as I'm aware – you're certainly asked very specifically whether you want this to be turned on when you first install / start using OS X)

privacy.thumb.png.7f0a9f7458895df8b0dcba

Edited by Active.
Link to comment
Share on other sites
Grand Master

Raa

Posted
Posted

Yeah, because bank details and usage telemetry are 100% the same.  Why not compare Microsoft to the Nazi's while you're at it?

I didn't have to, because I knew someone else would. :rolleyes:

 

Staying on topic - the comment was referring to the privacy comment, not the usage telemetry.

And let's face it, how do we actually know what's inside that telemetry - has anyone broken it down? (Merely curious - not tin-foil-hatting.)

Link to comment
Share on other sites
Grand Master

Ian W

Posted
Posted

Glad I still use XP.

And Windows Vista!

I've used both, but Vista's CEIP was optional.

I'm not saying it's bad anyway, I was just posting some interesting news I found, because It's good to stay informed after all. Though I won't deny that I find it a pointless addition to add to the older OSes. 

Correct. CEIP in Windows Vista is entirely optional—it is not even listed among the express settings during installation!
How-to-install-Windows-Vista-Upgrade_vis

Link to comment
Share on other sites
Grand Master

Active.

Posted
Posted

" year of Linux hurr hurr hurr"

I know this makes me somewhat of a hypocrite as I'm not a Linux user, but there is something to be said about an OS whose source is out in the open. You have to put a whole lot of trust in the OS vendor otherwise Not sure I'd consider that a laughing matter. There's a whole conversation starting about open source software with respect to medical/life support devices as well.

Link to comment
Share on other sites
Grand Master

Ian W

Posted
Posted

I know this makes me somewhat of a hypocrite as I'm not a Linux user, but there is something to be said about an OS whose source is out in the open. You have to put a whole lot of trust in the OS vendor otherwise Not sure I'd consider that a laughing matter. There's a whole conversation starting about open source software with respect to medical/life support devices as well.

One would apparently have to put a whole lot of trust in open source too (see: Heartbleed).

Link to comment
Share on other sites
Grand Master

LimeMaster

Posted
  • Author
Posted

And Windows Vista!

Correct. CEIP in Windows Vista is entirely optional—it is not even listed among the express settings during installation!
How-to-install-Windows-Vista-Upgrade_vis

Ah, a small change in Windows 7 that I did not realize. Probably because I mostly avoid the recommended options when installing Windows:

win7_rtm_34.jpg

 

 

 

  • Active. and Ian W
  • Like 2
Link to comment
Share on other sites
Grand Master

Jim K Global Moderator

Posted
  • Global Moderator
Posted

" year of Linux hurr hurr hurr"

Helpful as always Dot.

Anyway...another huplado over nothing.  If Microsoft was caught "red handed" trying to track you without detailing what each patch did...ok.  That isn't the case here though.  Each KB tells you what the patch does and the intended purpose.  Microsoft doesn't give a damn about your illegal bootleg copy of Justin Bieber's Greatest Hits, Twilight Saga or the Desperate Housewives video game you downloaded.  

Ironically...none of these updates reverted my default settings (Action Center > Change Action Center Settings > Customer Experience Improvement) from do not participate to participate (or any other CEIP program like Office).  

Easily controlled and turned off by default (as far as I'm aware – you're certainly asked very specifically whether you want this to be turned on when you first install / start using OS X)

 

Same with Windows.

 

 

Capture.JPG

Link to comment
Share on other sites
Grand Master

exotoxic

Posted
Posted

 Each KB tells you what the patch does and the intended purpose. 

It was posted the other week that Microsoft were no longer going to be providing KB/details on patches.

Link to comment
Share on other sites
Grand Master

Jim K Global Moderator

Posted
  • Global Moderator
Posted

 

It was posted the other week that Microsoft were no longer going to be providing KB/details on patches.

The KB's cited in this article have detailed information (they aren't Windows 10 KBs).  For example... KB3068708 (which is a KB cited in this article)

Also, your statement isn't entirely accurate.  They are no longer detailing Windows 10 updates unless they're "significant".

http://www.theregister.co.uk/2015/08/21/microsoft_will_explain_only_significant_windows_10_updates/

Link to comment
Share on other sites
Grand Master

Yogurth

Posted
Posted

 

 

You realise that MS have been collecting usage telemetry from Windows since XP, right?  How do you think they discerned that most folks aren't using the Start menu as part of their reason for dropping it from W8?

It's just usage data, used to help them improve features and provide a better user experience. There's no personal data involved, and you can always turn it off.

More silly FUD.

Have a read and then decide if it is FUD.

http://localghost.org/

Link to comment
Share on other sites
Grand Master

Yogurth

Posted
Posted (edited)

 

I see an awful lot of claims in there, and not a lot of proof.

 

Not sure how You missed some of the points in the analisys...like these ...

"The implications of this are significant: because this is an OS-level keylogger, all the data you're trying to transmit securely is now sitting on some MS server. This includes passwords and encrypted chats. This also includes the on-screen keyboard, so there is no way to authenticate to a website without MS also getting your password." ... When a webcam is first enabled, ~35mb of data gets immediately transmitted to: 
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net...

Everything that is said into an enabled microphone is immediately transmitted to: 
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com....

The only proof that is missing is what is MS doing with all Your data, not if it is collecting even if disabled through multitude of switches available withing the OS.Still here is and excerpt from Windows EULA what will MS already doing with Your data...

"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement."

Edited by Yogurth
Link to comment
Share on other sites
Community Regular

Gabe84

Posted
Posted

Not sure how You missed some of the points in the analisys...like these ...

If the claims in those articles are true I'm really surprised the EU hasn't started investigating Microsoft yet.

Link to comment
Share on other sites
Community Regular

Gabe84

Posted
Posted

 

Because there's nothing to investigate.

Well... If those claims are true I wouldn't be too happy to have Microsoft collect and keep data about my folders, files and private communications.


I already know that whenever I send and e-mail Microsoft knows the content of that e-mail, since I use Outlook.com, and the receiver's provider of said e-mail knows the content, I know that Microsoft has full access to my OneDrive, it's their website after all, but what would be the point for Microsoft to know and store info about the files I have on my HDD?

I get what they're doing in regards of Bing, Cortana, voice, typing, etc, I'm a linguist so I know very very well how important it is for such services to deeply understand how people express their ideas using language, I also know how important it is for software companies to collect crash reports, that's why I've always sent a report whenever something crashed, regardless of the OS I use, the software or what I was doing with it - I don't think companies really care if I was watching a flash video on YouTube or a porn site, all they care about is, I guess, that Flash caused a crash - but I really don't get why they need to log everything I type on my PC, why would then someone, for example, use paid privacy oriented communication services if Microsoft is going to log those conversations anyway? I guess it's because their services don't have as many users as Google's and the only way for them to improve those services is to log what people do on the product - Windows - that people actually use.

My position is that it's ok for Microsoft, Google, or Amazon, Facebook, Twitter, to keep track of everything I do using their services, I accept that, what I don't really get - even though Windows is Microsoft's - is why Microsoft needs to know everything I do on my PC, I've always thought that my PC and their on line services were two separate things and I would like to keep it that way, what I type on Bing, Outlook.com and what I upload on OneDrive is also their business, but what I store on my PC and type locally on LibreOffice is my business.

Link to comment
Share on other sites
Rising Star

Art_X

Posted
Posted

Not sure how You missed some of the points in the analisys...like these ...

"The implications of this are significant: because this is an OS-level keylogger, all the data you're trying to transmit securely is now sitting on some MS server. This includes passwords and encrypted chats. This also includes the on-screen keyboard, so there is no way to authenticate to a website without MS also getting your password." ... When a webcam is first enabled, ~35mb of data gets immediately transmitted to: 
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net...

Everything that is said into an enabled microphone is immediately transmitted to: 
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com....

The only proof that is missing is what is MS doing with all Your data, not if it is collecting even if disabled through multitude of switches available withing the OS.Still here is and excerpt from Windows EULA what will MS already doing with Your data...

"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement."

Do what most people I have spoken to about this have done, put the addresses in your host file and then they cant send anything

Link to comment
Share on other sites
Community Regular

Gabe84

Posted
Posted

Do what most people I have spoken to about this have done, put the addresses in your host file and then they cant send anything

According to the article it doesn't work.

While the initial reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted.

 

Link to comment
Share on other sites
Grand Master

FloatingFatMan

Posted
Posted

Not sure how You missed some of the points in the analisys...like these ...

"The implications of this are significant: because this is an OS-level keylogger, all the data you're trying to transmit securely is now sitting on some MS server. This includes passwords and encrypted chats. This also includes the on-screen keyboard, so there is no way to authenticate to a website without MS also getting your password." ... When a webcam is first enabled, ~35mb of data gets immediately transmitted to: 
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net...

Everything that is said into an enabled microphone is immediately transmitted to: 
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com....

The only proof that is missing is what is MS doing with all Your data, not if it is collecting even if disabled through multitude of switches available withing the OS.Still here is and excerpt from Windows EULA what will MS already doing with Your data...

"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement."

Oh, I read the entire article, and as I said, I see an awful lot of claims in there, but I don't see a whole lot of proof.

 

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing