Win 10 to capture everything?

[lewmur]

According to this article, the Window 10 Preview captures everything you do. From tracking browsing to keystroke logging even while you are not surfing the net. And you can't opt out without violating the EULA.

 

While there may be a slight justification for this in a developer's preview version, so far MS has refused to say it won't still be required in the final release version.

[securitybreach]

Well considering this is a technical preview from microsoft and they want feedback to finalize the final version, why are you surprised. That and if you click Agree you agree for them to record your keystrokes as it is plainly in the EULA

[securitybreach]

Someone said this in a comment on my post on G+ about this:

"Since most Windows users download a virus shortly after they install Windows, we decided to install the virus for you!"

 

https://plus.google....sts/KUGSWfeYsW4

[lewmur]

Well considering this is a technical preview from microsoft and they want feedback to finalize the final version, why are you surprised. That and if you click Agree you agree for them to record your keystrokes as it is plainly in the EULA

And of course we know that everyone carefully reads the EULA. I stated that there was "a slight justification" for it in this version. But they hardly need a keystroke logger for feedback. And why hasn't MS denied it will be required in the release version?

 

edit: My guess is that they are waiting to see how much stink is raised about it If there is only a marginal beef about it, then they'll tolerate that and include it in the final. But if we raise enough stink about it now, they'll probably back down. Which is why I started this thread.

Edited October 7, 2014 by lewmur

[crp]

I hardly consider it a "slight" justification. They want and need the telemetry data, this is a developers preview addition. If you want to claim to be a developer and want to guinea pig the OS then this is what you should expect.

This is a bogus security and privacy issue. This is how beta testing works. You don't want to give the telemetry , then don't sign up.

[lewmur]

I hardly consider it a "slight" justification. They want and need the telemetry data, this is a developers preview addition. If you want to claim to be a developer and want to guinea pig the OS then this is what you should expect.

This is a bogus security and privacy issue. This is how beta testing works. You don't want to give the telemetry , then don't sign up.

To each his own. But I know if I was a serious Win developer, the last thing I'd want to do would be to telegraph my ideas back to MS.

 

And if this is so important to MS, why haven't they ever required it before? And, btw, neither has any other company. Pure, unadulterated hogwash.

[Guest LilBambi]

That is something they need to let people know they are doing so people can make informed decisions as to whether they want to help beta test their new OS.

 

Was that listed in the documents before you download Windows 10?

[goretsky]

Hello,

 

This is actually just the latest implementation of Microsoft's Watson system that is used to capture information errors in Windows, which dates back to Windows 3.1, at least, and possibly earlier. Microsoft has had various telemetry programs for a long time as well, such as the Windows Customer Experience Improvement Program (which I think was available under Windows XP) and similar programs in the Office and Windows Live products.

 

Right now I'm installing it in a VM in the background and it's paused on the License terms. Here's the URL from those for the Privacy Policy: http://windows.microsoft.com/en-us/windows/preview-privacy-statement. There are also links to the Windows Store terms, Microsoft Services Agreement, XBox Live Terms of Use, Adobe Flash Player license terms and even export restrictions (no ITAR-embargoed countries, as usual).

 

So far, I have installed the Windows 10 Technical Preview on three computers so far and plan to install it on many more in order to help my employer test its software. Of course, I'll also be looking around at the various new features and changes, with an eye towards any interesting security features, but that's kind of secondary at this point.

 

The idea here is the Microsoft needs as much real-world feedback as possible, and that's often impossible to gauge from surveys, interviews and other question-and-answer systems. Users may not understand what's being asked, my provide incorrect information (unintentionally or otherwise) or may be unable to express themselves in a meaningful way. Watching how people use your software, stumble through it and bang their head against the wall as they fail to understand what is the most implicitly obvious and simple task in the world (exclusive to any operating system developer, of course), is a great way to ensure that your product is useful to and will be purchased by anyone other than operating system developers.

 

That said, simply collecting gobs of telemetry from an application or operating system isn't a magical pathway to releasing better products. I recall Microsoft's former president of its Windows division, Steven Sinofsky, gushing off poetically about how the unparalleled usage of telemetry collection systems in Windows 8 would result in that operating system taking the computing market by storm. From what I recollect, that didn't exactly happen.

 

So, it becomes even more important to make smart judgements not just about what your telemetry tells you, but what you choose to do--or not do--as a result.

 

Regards,

 

Aryeh Goretsky

[crp]

To each his own. But I know if I was a serious Win developer, the last thing I'd want to do would be to telegraph my ideas back to MS.

 

And if this is so important to MS, why haven't they ever required it before? And, btw, neither has any other company. Pure, unadulterated hogwash.

"neither has any other company"? That is simply not true. If you really believe that than you are not using too many applications. All OS development has telemetry gathering from pre-release versions users. And if a programmer wanted to include it, there are several software options to choose from to implement such telemetry in the program and/or application.

[Guest LilBambi]

That said, simply collecting gobs of telemetry from an application or operating system isn't a magical pathway to releasing better products. I recall Microsoft's former president of its Windows division, Steven Sinofsky, gushing off poetically about how the unparalleled usage of telemetry collection systems in Windows 8 would result in that operating system taking the computing market by storm. From what I recollect, that didn't exactly happen.

 

So, it becomes even more important to make smart judgements not just about what your telemetry tells you, but what you choose to do--or not do--as a result.

 

Regards,

 

Aryeh Goretsky

 

So true Aryeh!

[lewmur]

Is there or isn't there a GIANT leap from "crash reports" to "keystroke loggers"? Sure, MS has been "collecting data" clear back to 3.1 but NEVER has an OS contained a "keystroke logger". And as far as I know, "phone home" data collection has ALWAYS been optional. I've seen people in this forum slam Canonical simply because some browser tracking required opting out rather than in. Yet MS is given a pass for REQUIRING a "keystroke logger".

Edited October 8, 2014 by lewmur

[Corrine]

If you're concerned about it, don't use the Technical Preview. Simple as that.

 

It started with a Friday-afternoon article in The Inquirer, a tech tabloid known for its breathless headlines and factually challenged prose. In true Inky fashion, the headline declared that Windows 10 "has permission to watch your every move," adding, ominously: "Its 'privacy' policy includes permission to use a keylogger."

From a legalistic point of view, this headline is cleverly constructed. It doesn’t actually say that Windows 10 contains surveillance software that monitors your keystrokes and sends a log of those keystrokes to Redmond. In fact, the implication that there is an actual keylogger embedded in the Windows 10 code is contradicted by this key graf, buried near the end of the story:

In other words,

in effect,

you are giving permission for Microsoft to screen your files, and

in effect

keylog your keyboard input.

[emphasis added]

“In effect.” Not in actuality. And in fact there’s little evidence that the author has enough background in computer science or security to tell a keylogger from a key lime pie.

 

More in Ed Bott's article: Windows 10: You've got questions, I've got answers

[lewmur]

If you're concerned about it, don't use the Technical Preview. Simple as that.

 

If only that were true. Reality says that MS is "the elephant in the room" and what it does effects us all. As I said before, this version isn't the big concern. The question is, is MS using this as a "trial baloon" so see what they can get away with with future versions. By the reaction I've seen here it's "anything they d@mn well please".

[Corrine]

It is for the Technical Preview, not Windows 10 RTM which reportedly won't happen until some time mid-2015.

[Guest LilBambi]

Totally agree Corrine.

 

I would not expect Microsoft to include all that crap in the final product. That would be very unwise of them and they wouldn't do it.

[goretsky]

Hello,

 

During a crash, it's possible that all sorts of information might accidentally be gathered:

 

- environment variables (including the username)

- list of running processes, paths (which might include the username, language preferences, IP addresses, time zone, etc.)

- IP addresses or hostnames of network connections

- contents of windows (text, pictures, etc.)

 

Microsoft has an amazingly thorough privacy policy and strict procedures in place to automatically scrub PII out of data and anonymize it, and that data gets further scrubbed before giving it to a third party, who has to sign all confidentiality agreements. That typically only comes into play though when doing things like debugging driver issues, and Microsoft needs to give someone like AMD or nVidia some crash data related to their graphics drivers.

 

In previous pre-release versions of Windows OSes, I think the CEIP participation could be disabled, which is just not the case with Windows 10 Technical Preview. I suspect it may return as an option that can be disabled as it gets further into the release process (beta builds, consumer technology previews, whatever) but that's just a guess on my part.

 

Keep in mind, that the Windows 10 Technical Preview is explicitly released so that Microsoft can get feedback on how the OS is being used, and to allow software and hardware manufacturers to test their products. It's not a shipping version of an operating system that you can buy on a PC at the store. It's unpolished code that's been released to solicit bug reports.

 

If you're not in the mindset of wanting to use Windows 10 Technical Preview to help Microsoft find bugs, or to verify compatibility for products that you're developing, I'd suggest giving it a pass until a future build is available that better meets your needs, whatever those might be.

 

Regards,

 

Aryeh Goretsky

 

 

 

 

Is there or isn't there a GIANT leap from "crash reports" to "keystroke loggers"? Sure, MS has been "collecting data" clear back to 3.1 but NEVER has an OS contained a "keystroke logger". And as far as I know, "phone home" data collection has ALWAYS been optional. I've seen people in this forum slam Canonical simply because some browser tracking required opting out rather than in. Yet MS is given a pass for REQUIRING a "keystroke logger".

[goretsky]

Hello,

 

Software manufacturers instrument telemetry into non-productions builds of their software all the time. It's part of the process of going out and hunting for all those bugs, corner cases, crashes and errors that just don't show up in your internal testing. No matter how good your internal testing is, there's always going to be stuff that doesn't show up in it.

 

Microsoft is most certainly not going to have this level of data gathering in the production version of Windows 10. If they did, nobody would buy it and their business would change from "software and services" to "testifying in front of regulators full time."

 

Regards,

 

Aryeh Goretsky

 

 

If only that were true. Reality says that MS is "the elephant in the room" and what it does effects us all. As I said before, this version isn't the big concern. The question is, is MS using this as a "trial balloon" so see what they can get away with with future versions. By the reaction I've seen here it's "anything they d@mn well please".

[Guest LilBambi]

Hello,

 

During a crash, it's possible that all sorts of information might accidentally be gathered:

 

- environment variables (including the username)

- list of running processes, paths (which might include the username, language preferences, IP addresses, time zone, etc.)

- IP addresses or hostnames of network connections

- contents of windows (text, pictures, etc.)

 

Microsoft has an amazingly thorough privacy policy and strict procedures in place to automatically scrub PII out of data and anonymize it, and that data gets further scrubbed before giving it to a third party, who has to sign all confidentiality agreements. That typically only comes into play though when doing things like debugging driver issues, and Microsoft needs to give someone like AMD or nVidia some crash data related to their graphics drivers.

 

In previous pre-release versions of Windows OSes, I think the CEIP participation could be disabled, which is just not the case with Windows 10 Technical Preview. I suspect it may return as an option that can be disabled as it gets further into the release process (beta builds, consumer technology previews, whatever) but that's just a guess on my part.

 

Keep in mind, that the Windows 10 Technical Preview is explicitly released so that Microsoft can get feedback on how the OS is being used, and to allow software and hardware manufacturers to test their products. It's not a shipping version of an operating system that you can buy on a PC at the store. It's unpolished code that's been released to solicit bug reports.

 

If you're not in the mindset of wanting to use Windows 10 Technical Preview to help Microsoft find bugs, or to verify compatibility for products that you're developing, I'd suggest giving it a pass until a future build is available that better meets your needs, whatever those might be.

 

Regards,

 

Aryeh Goretsky

 

 

 

Yes, you have a choice on whether to submit them though. Many financial institutions tell their clients NOT to allow those submittals. Or at least they used to.

 

Hello,

 

Software manufacturers instrument telemetry into non-productions builds of their software all the time. It's part of the process of going out and hunting for all those bugs, corner cases, crashes and errors that just don't show up in your internal testing. No matter how good your internal testing is, there's always going to be stuff that doesn't show up in it.

 

Microsoft is most certainly not going to have this level of data gathering in the production version of Windows 10. If they did, nobody would buy it and their business would change from "software and services" to "testifying in front of regulators full time."

 

Regards,

 

Aryeh Goretsky

 

Excellent point.

Edited October 9, 2014 by LilBambi

[Guest LilBambi]

I hope Microsoft has learned the less from other companies that that information should be encrypted that it sends back to their servers for crash data.

[goretsky]

Hello,

 

Microsoft Windows XP, Microsoft Windows 7 and Microsoft Windows 8.0 all encrypt the connection for the crash logs, although with Windows XP it was added via a hotfix.

 

Regards,

 

Aryeh Goretsky

 

 

 

I hope Microsoft has learned the less from other companies that that information should be encrypted that it sends back to their servers for crash data.

[Guest LilBambi]

Awesome!