by bsilvereagle on 8/13/15, 12:08 PM
> And finally, some traffic seems quite impenetrable. We configured our test virtual machine to use an HTTP and HTTPS proxy (both as a user-level proxy and a system-wide proxy) so that we could more easily monitor its traffic, but Windows 10 seems to make requests to a content delivery network that bypass the proxy.
Does this mean a Win10 machine setup to use something like Tor will leak the user's actual IP back to Microsoft? If you're VPN'd, is some traffic still leaking outside of the VPN?
From an engineering perspective, how is this happening? Does Microsoft have a second network interface hidden away using hardcoded settings for DNS, etc?
On a somewhat related note, if a Win10 app is cert pinning, is there a way to force it to use your cert so you can MITM it?
by thescrewdriver on 8/13/15, 1:55 PM
Until recently Microsoft had taken a far more reasonable approach to privacy than say Google. Anyone remember the MS "gmail man" ads mocking the way Google inspects your email when MS doesn't? It seems that MS under Nadella has taken a decidedly Google-like turn away from privacy with Windows 10. MS seems as hell-bent as Google and Facebook to collect as much data about you as possible, even if it is for seemingly innocuous purposes.
by jammycakes on 8/13/15, 12:35 PM
In all these discussions about Windows 10 phoning home, there are a couple of things that I haven't yet seen properly discussed.
1. Do the different versions of Windows (Home/Pro/Enterprise/Education) behave differently? If so, how?
2. Do the pro/enterprise versions behave differently when they're connected to a domain?
I'd imagine that the answer to at least one of these questions would be "yes." This kind of behaviour would be a deal-breaker in many enterprises.
by bhouston on 8/13/15, 4:29 PM
Given that it is proven that the NSA spied on European companies for economic reasons, this isn't a good idea. Now the NSA can just tap into Microsoft, either covertly or through court order, and spy on the whole world.
Details of economic spying -- may not be the best article but the easiest to find:
http://www.hurriyetdailynews.com/nsa-spied-on-french-economy...
by datainplace on 8/13/15, 5:50 PM
Stupid question, but my Mom lives in a really rural area. Pays quite a bit for internet and is charged by the MB. Can we ask Microsoft to pay for their bandwidth usage?
Since upgrading to Windows 10 she's been hit with $200 in overages.
by enqk on 8/13/15, 3:01 PM
This highlights what we really lost when consumer operating systems started replacing enterprise-grade operating systems. I would have never imagined this kind of things happening on something like Solaris or Irix, which were the base operating systems of many workstations. At some point when Linux became popular it suggested that the regular consumer would benefit from the robustness, focus, reliability of an entreprise grade OS. Not so..
That large companies accept this state of affair is extremely surprising.
That we accept that our electricity and communication bills are being diverted to serve the interest of an operating system's creator.. that sounds crazy. It's like letting the creator of your fridge eat your food and drive your car.
by mark_l_watson on 8/13/15, 6:21 PM
I was downvoted and criticised a few days ago for defending Microsoft on Windows 10. I am starting to change my opinion after looking into the issue more. I watched a recent Richard Stallman talk on youtube and went through the process of making the tightest privacy settings I could on my iPad, Windows 10 laptop, and Android phone. (I left my Mac and Linux laptops as is since I just use those for development.)
I think that Microsoft looked at the Google Now user experience on Android phones and decided to emulate that type of AI assistent in Windows. Google collects all sorts of user context information and Microsoft decided to do the same.
This is a guess but the difference may be that (some) people are willing to have less privacy on their smartphones but care more about privacy on their computers.
by pdkl95 on 8/13/15, 12:26 PM
From the image of the captured data that is sent when telemetry is "off", a few bits are obviously Windows-style UTF-16. The GUID is obvious, and is that an assert error message? Very strange...
prod
e5ff4669-311a-0933-dee2-9444eee86460
instrumentation.cpp
Instrumentation::StartQosExperience
(Utilities::HashMapContains(_qosUXScenarioDataById, scenerioId) == false)
Assertfailed: (Utilities::HashMapContains(_qosUXScenarioDataById, scenerioId) == false):
Instrumentation is active when we try
(it cuts off after "try")
by jellicle on 8/13/15, 4:22 PM
I have a really hard time understanding how "enterprises" are going to upgrade to Windows 10.
An operating system that is sending random internal data to random places on the internet seems to violate both a wide selection of national laws related to data privacy, and many corporate policies relating to trade secrets, privacy, internal operations and so on.
Microsoft must have thought of this. What's their plan for continuing to sell to these customers?
by cautious_int on 8/13/15, 1:36 PM
Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn't connected to a Microsoft Account.Well there you go. If you ever wondered whether this is happening only on the Microsoft Account(tm).
by yellowapple on 8/13/15, 6:07 PM
It's hard to know without inspecting the exact data involved, but I feel like this is dangerously close to a HIPAA or HITECH breach, and I know of several hospitals who are strongly on the Microsoft bandwagon and are considering Windows 10.
The "send search data to an internet endpoint even if it's patently obvious that the search is for local resources" reeks strongly of Ubuntu's Amazon Shopping Lens. Did Mark Shuttleworth switch gears from Canonical to Microsoft when I wasn't looking?
by ultramancool on 8/13/15, 3:00 PM
by jcadam on 8/13/15, 2:21 PM
Wow. I use Linux and BSD on my own machines, but the rest of the family is on Windows 10. This sort of thing makes me seriously think about trying to get the wife and kids to consider switching :/
by jorgecastillo on 8/13/15, 12:51 PM
I am sticking with Windows 7 until I get out of college and after that I am ditching Windows forever.
by otis_inf on 8/13/15, 4:50 PM
In the post-Snowden era, USA tech corporations, like Microsoft, felt the downturn on trust from non-USA companies and citizens in their online offerings. With Microsoft betting more and more on their cloud services, I find it strange (or maybe it isn't strange, but let's be naive for a minute here) that Microsoft goes against this and actually gives people _more_ reasons to not trust them than less.
As if they're thinking we all don't give a shit. But if we all didn't, why the downturn in trust in USA tech corporations post-Snowden?
I can't help but think that this is either massively naive from their part (people/companies won't care, they will buy our stuff and services regardless) or very short-sighted (as it will hurt their cloud services offerings in the long run, the more they hammer down the trust from their own users in MS' wares.)
by fumar on 8/13/15, 1:58 PM
I'm not savvy enough to discern whether OSX os iOS does this. Does anyone know if iDevices also ping back to Apple?
by elcct on 8/13/15, 12:36 PM
Is Microsoft paying for that traffic?
by tdkl on 8/13/15, 8:12 PM
Funny, nowadays there seem to be more firewall rules needed for outbound traffic then inbound on Windows. In the old days we had a name for that - spyware.
by PythonicAlpha on 8/13/15, 1:04 PM
You agreed to the privacy terms, so you are at the mercy of whatsoever Microsoft implemented. Windows 10 even could totally ignore your settings.
I say this, not because I think that this is OK, but to reflect, that even the change of the settings do not save you from the harm, that was done from the privacy terms!
Why downvoted? When you disagree, than give arguments, not gutless clicks!
by w8rbt on 8/13/15, 6:04 PM
Windows 10 reminds me of a saying an old co-worker of mine used a lot, "Vendors lie... packets don't."
by cryptophreak on 8/13/15, 5:06 PM
Of course this is true. Companies make money by spying on their customers. Did we really imagine that flipping the “Stop making money” preference was going to work?
by tempodox on 8/13/15, 12:29 PM
Maybe I'm just jaded, but does that really surprise anyone? Most “developments” at MS have been nothing but successive layers of lipstick-on-a-pig. No amount of lipstick can make the pig underneath go away.
by mjcohen on 8/13/15, 5:01 PM
I got a refurbished HP Stream 11 for $120 (Groupon) and spent 3 hours upgrading to Windows 10. I then installed Chrome and LibreOffice. It works fine, but, with all these privacy invasions, I see no reason to use it. My Acer C720 Chromebook (upgraded to a 128GB SSD) with Crouton and Ubuntu 14.04 is much more useful to me.