Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Windows Microsoft Privacy Your Rights Online

Microsoft Shares Windows 10 Telemetry Data With Third Parties (betanews.com) 175

An anonymous reader shares a report: To help with the smooth running of Windows 10, and to get an idea of how users interact with the operating system, Microsoft collects telemetry data, which includes information on the device Windows 10 is running on, a list of installed apps, crash dumps, and more. Telemetry data recorded by Windows 10 is, in a nutshell, just technical information about the device the OS is on, and how Windows and any installed software is performing, but it can occasionally include personal information. If you're worried about that, the news that Microsoft is sharing telemetry data with third parties might concern you. Microsoft recently struck a deal with security firm FireEye to provide access to Windows 10 telemetry data, in exchange for having FireEye's iSIGHT Threat Intelligence technology included in its Windows Defender Advanced Threat Protection service. WDATP is an enterprise security product that helps enterprises detect, investigate, and respond to advanced attacks on their networks and is different from the free version of Windows Defender. The upsides of the deal are obvious for both Microsoft and FireEye, and enterprise customers will certainly benefit from the partnership. It's not known exactly what data Microsoft has made available to FireEye, but in a detailed TechNet article on its telemetry gathering the software giant originally said: "Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management."
This discussion has been archived. No new comments can be posted.

Microsoft Shares Windows 10 Telemetry Data With Third Parties

Comments Filter:
  • by Anonymous Coward on Friday November 25, 2016 @12:42PM (#53360351)

    ...not really, you buy their product and then they sell you as a product.

  • by Anonymous Coward

    It's a trustworthy operating system.

  • ...it is too bad they do not offer a paid version of the OS without the spyware. This behavior is the best thing to happen for Apple sales in a long time.
    • by DogDude ( 805747 )
      They do. FTFA:
      "You can change the level under Diagnostic and usage data and also set the Feedback frequency to Never if you simply want to opt out."
      • Dollars to doughnuts that gets flipped after updates every 6 months or so.
      • by JustAnotherOldGuy ( 4145623 ) on Friday November 25, 2016 @01:45PM (#53360693) Journal

        "You can change the level under Diagnostic and usage data and also set the Feedback frequency to Never if you simply want to opt out."

        To be frank, I don't believe you can actually "opt-out" of the monitoring and telelmetry, no matter what they claim.

        I bet you could turn off every single telemetry-related setting and disable all of the "Diagnostic and usage data" widgets, and Windows would still be found to be sending all sorts of info back to Microsoft.

        I just don't believe a word Microsoft says about monitoring or not monitoring users anymore, period.

        • Correct. That's just "Feedback frequency". You can't opt-out of telemetry completely, according to their own settings. You can only set "Diagnostics and usage data" to "Full (recommended)", "Enhanced", or "Basic."

          This is the part that really bothers me. I'm completely fine with whatever default settings there are, but users should be able to turn it off. It wouldn't have even hurt Microsoft, since most people wouldn't have bothered, but instead they feel the need to force some minimal levels of data co

        • by mea2214 ( 935585 )
          I'm worried about a keylogger that would reveal usernames and passwords. Because of this I can't trust this box for any sensitive sites like banking even when doing most all browsing in a Virtual Box Ubuntu VM. Is there any way to verify Microsoft isn't keylogging?
          • Is there any way to verify Microsoft isn't keylogging?

            I doubt it. Perhaps by logging all the outbound traffic and inspecting it closely, but if they've encrypted it or obfuscated it in some way then you might not spot it. In short, I don't think you can trust MS with your sensitive info no matter what they say.

            I do think that what you're doing,using a VM in Ubuntu, is probably pretty secure,

      • The lowest Microsoft will permit you to go is Basic unless you are using Enterprise Edition. If you are using Home or Pro, you cannot shut off Telemetry, nor can you shut off updates.

      • They do. FTFA: "You can change the level under Diagnostic and usage data and also set the Feedback frequency to Never if you simply want to opt out."

        Which you will have to remember to RE-SET Every single time there's an Update, Security Patch, or it's Tuesday.

    • They do. It's enterprise edition. Currently only available to companies with Software Assurance, but they are apparently planning on making it available to us plebes on a subscription basis ($8/month, I believe)

      • It's also available via an MSDN subscription.
        • True, but then you're promising to only use the licenses for development purposes. MSDN subscriptions are not permitted for production (ie: end user) user.

    • ...it is too bad they do not offer a paid version of the OS without the spyware. This behavior is the best thing to happen for Apple sales in a long time.

      I agree.

      Apple not only doesn't care to market user data, it has additionally found that PRIVACY is actually a marketable and DISTINGUISHABLE FEATURE.

  • by Anonymous Coward
    Seriously who is surprised by this breaking news?
  • Of course they do. (Score:5, Insightful)

    by fahrbot-bot ( 874524 ) on Friday November 25, 2016 @12:50PM (#53360399)

    Duh.

    /thread

  • Flabberghasted! (Score:2, Interesting)

    by scunc ( 4201789 )
    I for one am shocked--SHOCKED!--that a company that needlessly tracks everything I do would turn around and sell that data to a 3rd party just to increase their profits. I mean, it's almost like they have no respect for the privacy of their users ...
    ---
    Windows 10--the world's first Freemium OS!
  • I found it funny that the Windows 10 Anniversary Update can't install on any of my systems at home because the updater thinks my SSD's are USB sticks and it won't install on USB sticks.
    • Re:Go figure... (Score:5, Informative)

      by Dorianny ( 1847922 ) on Friday November 25, 2016 @01:19PM (#53360551) Journal

      I found it funny that the Windows 10 Anniversary Update can't install on any of my systems at home because the updater thinks my SSD's are USB sticks and it won't install on USB sticks.

      That's a problem with the firmware on SSD's that were released to work with the Windows 7 broken SSD support. SP1 fixed SSD support unfortunately the workaround used by the SSD manufacturers for pre SP1 made them appear as removable devices. Most SSD manufacturers released firmware updates to address the issue. I would check to see if there are firmware updates for yours even if you don't intend to upgrade to windows 10.

      • Most SSD manufacturers released firmware updates to address the issue.

        No firmware update available for my SSD model that came out last year. Windows 10 was already installed on the hard drive before I got the SSD drives. I had no trouble migrating from HDD to SSD.

        • Most SSD manufacturers released firmware updates to address the issue.

          No firmware update available for my SSD model that came out last year. Windows 10 was already installed on the hard drive before I got the SSD drives. I had no trouble migrating from HDD to SSD.

          Try switching the SSD from AHCI to legacy IDE mode in the BIOS and see if the installer will accept it. No chance that the installer will see it as removable if its in IDE mode. If it works, before switching back to AHCI set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\StartOverride from 3 to 0, or the system might not boot

          • Most SSD manufacturers released firmware updates to address the issue.

            No firmware update available for my SSD model that came out last year. Windows 10 was already installed on the hard drive before I got the SSD drives. I had no trouble migrating from HDD to SSD.

            Try switching the SSD from AHCI to legacy IDE mode in the BIOS and see if the installer will accept it. No chance that the installer will see it as removable if its in IDE mode. If it works, before switching back to AHCI set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\StartOverride from 3 to 0, or the system might not boot

            Wow! Windows is making installing LINUX look easy!

            • Wow! Windows is making installing LINUX look easy!

              You obviously haven't attempted a Linux Distribution install in a long time. Now-day's even Debian has a pretty straight-forward "click Next a bunch of times" Installer.

              Rest In Peace Ian Murdock

  • by Anonymous Coward on Friday November 25, 2016 @01:08PM (#53360487)

    I was a software engineer in Windows Client, back in the good old Vista days. Microsoft's telemetry relies on Event Tracing for Windows (ETW), the lowest latency logging mechanism possible in the operating system, and the ETL files produced therein are usually post-processed by a performance analyst or software engineer to review timing, call stack, and memory utilization. Older OS tools like Dr. Watson were components of the Windows Customer Experience Program, and we would get crash dumps and other data from people who opted in.

    Once, I wanted to look directly at a willing customer's machine remotely so I could gather some more information and do a debugging session. Remember, this was a willing customer who volunteered for this in his crash report. To do this, I had to go to a special training class on privacy and get permission from my management chain, just to look at the crash dump info.

    This except is from Microsoft's current telemetry policy, found here: https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization

    These are the same policies we had to follow then. We really had to follow them, or be fired. It's real.

    However, before more data is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:

            Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.

            Ability to get registry keys.

            All crash dump types, including heap dumps and full dumps.

    • by phresno ( 677793 )

      How does this apply to them wholesale sending data to 3rd parties who are not subject to their internal policies?

      • How does this apply to them wholesale sending data to 3rd parties who are not subject to their internal policies?

        Who said anything about wholesale data?

        From what anyone knows they are getting part of the telemetry data. What does that mean? No one knows, because we don't even know what's being collected in the first place.

    • by QuietLagoon ( 813062 ) on Friday November 25, 2016 @01:30PM (#53360603)
      If Microsoft did respect user privacy, then Microsoft would not collect the telemetry data in Windows 10 and subsequently sell that data to third parties.
      • If Microsoft did respect user privacy, then Microsoft would not collect the telemetry data in Windows 10 and subsequently sell that data to third parties.

        Not all data is equal. You want to share crash reports of mine? Go ahead. You want to share what's currently on my screen? GTFO!

        All we know is that in the grand scheme of things we know nothing because we don't know what is collected, we don't know how it is anonymised, and we don't know what or how it's shared.

        They could be protecting your privacy very well. They could also be sharing videos of you naked at your computer along with your name and telephone number.

        • by Anonymous Coward

          FYI: Crash dump may contain system memory, including the webcam.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      The bullshit floweth over. If MS is so concerned with privacy, then why can't I as a paying customer shut the fucking telemetry off?

      Privacy only works as a policy implemented from top to bottom with no holes in between. I don't give two flying fucks whether you had to go to a "special training class". That just enforces the fact that the wall you speak of was indeed the strongest link in the entire privacy chain.

      The weakest? Do I even need to say it? Constantly sending data over the public internet to

    • by Anonymous Coward

      I don't know how this got modded up as high as it has. Your statement is not much more than 'selective' ancient facts mixed with 'selective' current facts and blended into a nice little story that doesn't represent any of the real facts.

      I was a software engineer in Windows Client, back in the good old Vista days

      That doesn't qualify you to say squat about windows 10. That's no better than saying "I was a mechanic back in the good old Model T days" like it gives you any expertise to comment on a modern fuel-injected auto mobile when all you've ever worked on are carburetors and cra

    • by yuhong ( 1378501 )

      This is a good time to mention https://blogs.technet.microsof... [microsoft.com]
      MS at least does have an attempt to protect privacy in crash dumps (dating long before Win10 BTW): https://blogs.msdn.microsoft.c... [microsoft.com]

    • I was a software engineer in Windows Client, back in the good old Vista days. Microsoft's telemetry relies on Event Tracing for Windows (ETW), the lowest latency logging mechanism possible in the operating system, and the ETL files produced therein are usually post-processed by a performance analyst or software engineer to review timing, call stack, and memory utilization. Older OS tools like Dr. Watson were components of the Windows Customer Experience Program, and we would get crash dumps and other data from people who opted in.

      Once, I wanted to look directly at a willing customer's machine remotely so I could gather some more information and do a debugging session. Remember, this was a willing customer who volunteered for this in his crash report. To do this, I had to go to a special training class on privacy and get permission from my management chain, just to look at the crash dump info.

      This except is from Microsoft's current telemetry policy, found here: https://technet.microsoft.com/... [microsoft.com]

      Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.

      Ability to get registry keys.

      All crash dump types, including heap dumps and full dumps.

      Nice try Microsoft Shill - DEFAULT "privacy" settings for Windows 10 grants MS this access. There is no OPT-IN or people explicitly granting anything there is only an IMPLICIT reliance on IGNORANCE.... You know those foolish enough to buy a computer and just use it as-is. They "deserve" what they get right?

      There is no dialogue or prompt or message the user sees to control or approve of explicit data being EXFILTRATED from their systems WITHOUT THEIR KNOWLEDGE. You don't even obtain EXPLICIT CONSENT. Wha

    • Is this 2.0 version of "security through obscurity"...now it's "security through anecdote"?

    • A microsoft software engineer who can't spell excerpt? Anyway..
      For microsoft to force users to surrender telemetry data, and then have the audacity to claim that they respect user privacy, is beyond the pale. You are completely and utterly out of touch with reality. The very fact that you have the opportunity to access users' data without their express permission is the problem; what you do with that data once you've taken it is beside the point.
    • Policies are for the little people... like you.

      If the EULA basically translates to, "We do what the fuck we want and we can change our minds at any time and you automatically agree to said changes without even seeing them", then I'm not dealing with such a company.

    • These are the same policies we had to follow then. We really had to follow them, or be fired. It's real.

      While I have no reason to believe the veracity of your story, I will take it at its face value and give you some advice: The reason you were made to go to the class about privacy and such is because you are an engineer. This data is not for you. If you had been in marketing, the same data would have been available to you but without all of those pesky controls.

  • by Anonymous Coward

    I don't see an issue here. This company is no different than AVG and Kaspersky when it comes to anti-virus services. Both AVG and Kaspersky collect info to better detect threats. The new anti-virus feature that will be implemented into DEFENDER will greatly help against cyber threats. I doubt MS is monetizing your personal data. Regardless of what the patriot act says It's illegal for any company to take what ever is on your hard drive(personal files) and sell it to third parties.

    • DEFENDER

      any serious business had really used this shit? I think not...

    • This company is no different than AVG and Kaspersky when it comes to anti-virus services.

      It's very different. With software from AVG or anyone else, you have a choice. If you object to their collection practices, you can simply not use their software. That's not really the case with Windows for most people. You're locked in, and you can't turn the collection off.

  • If you're worried about that, the news that Microsoft is sharing telemetry data with third parties might concern you.

    I'm worried about this, but not concerned, because my worry motivated me to drop Microsoft entirely.

    • You only just now decided to do that? I jumped off that sinking ship known as XP when the dark storm known as Vista started approaching and became too close for comfort. This was 2004-2006... there was a brief transition period during tht time when I was dual-booting but almost always using Linux, but since I blew away those NTFS partitions I never looked back. It's been great.

      • You only just now decided to do that? I jumped off that sinking ship known as XP when the dark storm known as Vista started approaching and became too close for comfort. This was 2004-2006... there was a brief transition period during tht time when I was dual-booting but almost always using Linux, but since I blew away those NTFS partitions I never looked back. It's been great.

        And I've never OWNED a Windows-based computer. My only experiences with them have been through employers, or others that asked me to troubleshoot their (many and varied) Windows issues.

        For that, I am forever grateful that I don't have to deal with that crap on my Apple gear. Because I am their Customer, not their Product.

  • Just get Spybot anti beacon, and you're good to go, no more phoning home.

  • Hope they've put aside some money to defend against a lawsuit from Apple

  • by Anonymous Coward

    Telemetry data recorded by Windows 10 is, in a nutshell, just technical information about the device the OS is on, and how Windows and any installed software is performing, but it can occasionally include personal information.

    That bit "about any installed software," includes per Microsoft's own documentation on the mandatory Basic telemetry level [microsoft.com]:
    App usage data. Includes how an app is used, including how long an app is used, when the app has focus, and when the app is started
    So basically a record of every p

  • Microsoft Shares Windows 10 Telemetry Data

    Back when I used Windows there were many times I wanted to throw the computer across the room, but I never actually did it...

    Windows 10 must be one hell of an update.

  • If you're on Win 10 and you care, use Shut Up Windows 10 ( https://www.oo-software.com/en... [oo-software.com] ).

    You'll have less telemetry than Windows 7 or 8, MacOS, and probably Ubuntu (I forget, are they spying this month or not?).

    • If you're on Win 10 and you care

      Those two are mutually exclusive. If you care about your privacy, you aren't on Windows 10.

      • by Sarusa ( 104047 )

        You use what you need to. Sometimes I use Windows, sometimes I use BSD, sometimes I use MacOS, sometimes I use Debian, sometimes CentOS yadda yadda yadda. The craftsman skill is to know the strengths and weaknesses of each one and how to fix them. They're all sgreat in various ways and all shit in various ways and they can all be redeemed if you know how.

        Or you can just hold your nose and be RMS tootling his recorder while dancing in a tutu.

  • Every file could get realtime scans with networked checksums. So don't have any files of interest to any NGO, gov, charity, mil or the private sector on any Windows computer.
  • My question involves differences in the ways which the normal users use their Home editions of Windows 10 software and enterprise users use the various enterprise editions. How can the telemetry data from home users be used to help enterprise users? First, I'm guessing no enterprise is ever going to allow telemetry data to escape its premises. I would also expect any enterprise is going to try to make use of the strongest security measures possible, although we sometimes read about incredible stupidity when
  • In every Windows telemetry story we get here, the first couple comments deny the truth, then ist' soff to the races deflecting the truth to the olde Windows Versus Mac chestnut.

    The post truth is strong in the Slashdeflectors.

    As proof, watch this get modded down as flamebiat or troll in 3..2..1..

  • The only thing enterprise customers benefit from is the ability to turn it off.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...