Is Windows 11 Spyware? Microsoft Defends Sending User Data to Third Parties

An anonymous reader shares a report from Tom's Hardware: According to the PC Security Channel (via TechSpot), Microsoft's Windows 11 sends data not only to the Redmond, Washington-based software giant, but also to multiple third parties. To analyze DNS traffic generated by a freshly installed copy of Windows 11 on a brand-new notebook, the PC Security Channel used the Wireshark network protocol analyzer that reveals precisely what is happening on a network. The results were astounding enough for the YouTube channel to call Microsoft's Windows 11 "spyware."

As it turned out, an all-new Windows 11 PC that was never used to browse the Internet contacted not only Windows Update, MSN and Bing servers, but also Steam, McAfee, geo.prod.do, and Comscore ScorecardResearch.com. Apparently, the latest operating system from Microsoft collected and sent telemetry data to various market research companies, advertising services, and the like.
When Tom's Hardware contacted Microsoft, their spokesperson argued that flowing data is common in modern operating systems "to help them remain secure, up to date, and keep the system working as anticipated."

"We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy."

What?

[quonset]

flowing data is common in modern operating systems "to help them remain secure, up to date, and keep the system working as anticipated."

1) Though I am a basic Linux user, last I checked, no version of Linux is sending data to any outside source

2) Is anyone surprised at this "revelation"? Anyone with at least one brain cell knows Windows is spyware.

"We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy."

Then you wouldn't mind if people opt out completely from having their data sent to outside third parties, right? For privacy.

Re:

[AmiMoJo]

Didn't Ubuntu send some data to third parties by default, at least for a while? Something to do with their app store I seem to recall.

Anyway, this is one of those rare occasions when Betteridge's Law doesn't apply.

Re: What?

[doragasu]

Yes, they integrated Amazon search in the dash. That's when I stopped used Ubuntu.

Re:

[jmccue]

And that is the thing, it is very easy to move from Ubuntu to another distro or to a *BSD. Windows, SOL.

No lock-in with Linux or BSD, but sadly to me, one commercial distro seems to be slowly following Microsoft down the same path.

Re:

[Luckyo]

There are ways to gut windows sufficiently so most spyware features stop working.

It does shut down quite a lot of functionality though.

Re:

[drinkypoo]

It's also a PITA to do, or you have to trust a sketchy tool to do it, and you can not only never really prevent all of the data collection but since none of the system is OSS, but it's difficult to be sure that Microsoft isn't exfiltrating data through Windows Update.

Paranoid? Maybe. But given the abject state of computer security, maybe more paranoia is warranted.

Re:What?

[Brain-Fu]

You are probably thinking of this [arstechnica.com].

Summary: a very long time ago Ubuntu shipped with Unity as the default desktop. Unity included integration with Amazon in its "dash" which you used to find your apps. It would include Amazon results and track your click through to get credit if you bought the thing from Amazon.

People screamed, Canonical corrected itself. For a long time now the default desktop environment has been Gnome instead. No Unity, no Amazon integration, no tracking. And, even back when Unity was the default, the tracking could be completely disabled by un-checking one easy-to-find setting. Or you also could have ditched unity and switched out to a different desktop environment.

I would like to point out that this tracking was minuscule compared to what Windows tracks (and doesn't let you disable). We really are comparing a molehill to a mountain here. People keep bringing this up as if to say "HAH! Even Linux is rife with evil tracking and is just as bad as Microsoft!" It's simply not true. Here's the side-by-side:

MS: A whole lot of stuff sent to many third parties and itself. Ubuntu: A shopping ad from Amazon
MS: Hard to reduce, impossible to disable. Ubuntu: Easily completely disabled
MS: Even more there now despite customer complaints. Ubuntu: Completely removed in response to customer complaints
MS: Still there today and growing. Ubuntu: Removed many years ago

Re:

[ufgrat]

People keep bringing this up as if to say "HAH! Even Linux is rife with evil tracking and is just as bad as Microsoft!" It's simply not true.

Speaking of false equivalencies... No, this is just another indication that even a supposedly well-meaning corporation can skewer your privacy in the name of "features".

A better equivalence would be comparing Canonical to Microsoft, Google and Apple. Canonical still comes out ahead, but I'm not a fan of fatpaks.

Re:What?

[ctilsie242]

At the minimum, Ubuntu doesn't have in its T&C where it sends "sus" files to a mother ship by default. Most AV programs, IIRC even Windows Defender, this is the default, and we all know what havoc [seattletimes.com] that can wreak.

Most Linux distributions (excepting Android... which though can be considered "Linux", has a different userland and sub-implementations of AOSP are partially designed to ensure the user is locked out as much as possible to ensure maximum metadata slurpage) is inherently private, just because there is no real core distro maintainer who wants to get caught slurping metadata/telemetry, as there is no effective way to hide it. For most things, stuffing your Web browser in FireJail and redirecting its writes to a subdirectory is "good enough", and there are no known processes which are designed to "tattle" or constantly report on the user.

Re:What [about Windows 10 (and lower)]?

[shanen]

I was looking for that negative Betteridge Law reference... But maybe a Slashdot headline is like a tree falling in an empty forest these years?

The general topic is something I often wonder about. For example, right now this machine says it has sent about 15 million bytes and received 67 million (probably since the last re-connection to the WiFi). Both numbers are increasing fairly rapidly, even though I am not doing much of anything with the machine. Seems pretty unreasonable, but even stranger when I noti

Re:

[Linux Torvalds]

This x1000.

A more user -friendly WireShark could make all the difference, if only someone would build such a thing.

It would make it impossible for Joe Sixpack and Jane Boxwine to ignore what Microsoft is doing with their computer.

Re:

[account_deleted]

Comment removed based on user account deletion

Canned answers

[Lonewolf666]

Both of the quotes show that Microsoft's spokesperson does either not understand the subject matter or is just giving a standard, generic answer to this kind of question. Probably both.

Keeping the system up to date does not require contacting third parties.

Transparency would be better served if Microsoft would publish what exactly they transfer.

Re:

[edis]

This intellect can be well artificial.

Re:Canned answers

[Midnight Thunder]

This intellect can be well artificial.

You are suggesting ChatGPT is now their spokesperson? Though, given some of the answers a human spokesperson gives, it would make for a challenging Turing test.

Re:

[Luckyo]

Honestly, if it was chatGPT giving answers, we could just invoke DAN and get actual answers.

Re:Canned answers

[Anonymous Coward]

Transparency would be better served if Microsoft would publish what exactly they transfer.

Transparency is meaningless if you have no ability to opt-out. Simply telling someone "I'm going to fuck you, whether you like it or not", is not a meaningful form of transparency.

Re:

[ThurstonMoore]

If I had mod points I'd mod you up. Seems like some pussies who can't take adult language modded you down.

Re:

[HiThere]

Sorry, but that actually *is* transparency. It lets you know you want to avoid them.
Transparency doesn't mean that they're good, in and of itself. It's what the transparency reveals that determines that.

Re:

[doubledown00]

Came here to say exactly that.
"Transparency" refers to how clearly intent and the message are communicated. It says nothing about the merits of the message.

"I'm going to fuck you, whether you like it or not" is actually fairly good transparency. I wish other governments / corporations were that up front.

Re:

[jmccue]

Transparency would be better served if Microsoft would publish what exactly they transfer.

True, but I think this will do nothing. I assume the data sent is encrypted (I would hope). So even if they do publish what is being sent and how used, would anyone believe them ?

The only way to fix is to generate an email with the data, you review it and select a button that states "Yes I will send this to MS now" or "Do not send". Even if done, I doubt people will trust MS.

Re:What?

[Brain-Fu]

Well, no, MS said "empower customers to be more informed about their privacy."

Not "empower customers to take control of their privacy."

They have tremendous financial incentive to walk all over their customers as much as they can. They only things that hold them back are law (privacy protection law in this domain is a joke at present) and fear that they might actually drive customers away (which is barely there because they have learned that customers will put up with tremendous violations of privacy in return for an OS that basically works with little technical knowledge needed).

The bottom line is: privacy is only granted to those who stand up and fight for it (specifically by going through the pain and sacrifice of using Linux instead). And dumbphones instead of smartphones (yes, dumbphones spy on you too but not nearly as much).

Re:What?

[Joce640k]

"We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy."

They just 'publish' it in a disused basement lavatory with a sign on the door saying "beware of the leopard"...

PS: If your customers were 'empowered' they'd be able to turn it off. Just sayin'.

Re:

[rnturn]

So "keeping the system working as anticipated" means Win11 is intended, in part at least, to be means of collecting data on users in order to direct advertising to them. No thanks.

I had my belly full of Windows when WinXP keep crapping on itself and rendering itself unbootable. Nowadays, I'll only use an Microsoft operating system when an employer shoves it at me---but I'll looking for a means of running Linux in a VM.

Re:

[Deep Esophagus]

They expect us to believe that sending our data to Steam makes our system "more secure"?

Re:What?

[johnnys]

This is a strawman argument.

There's two scenarios here:

(1) Ubuntu openly ASKS PERMISSION to send a single report ONE time to Ubuntu, while publicly publishing the code for the report generator on Github AND publishing statistics generated from the data sent to Ubuntu for public use. The data collected only includes hardware and configuration information available during the initial installation of the OS.

(2) Microsoft surreptitiously collects data CONTINUALLY from the user and sells it to anyone who will pay for it. That information can include ANYTHING on the computer, including hardware, software and any personal data or information. There is no way to know what is being collected and sent, and there is NO way to definitively STOP OR MONITOR this process.

I have issues with Ubuntu but ongoing, privacy-destroying, and surreptitious telemetry is not one of them.

Re:

[NoWayNoShapeNoForm]

"no version of Linux is sending data to any outside source" Check again, e.g. https://www.bleepingcomputer.c... [bleepingcomputer.com]

4 year old web article

My new work laptop has 11...

[Kokuyo]

And I don't get local admin because tHat'S a SeCUriTy iSsUe...

Wonder whether they properly disaed telemetry via GPO...

Re:My new work laptop has 11...

[ThurstonMoore]

"When telemetry is disabled, the services continue running, SLOWING DOWN THE COMPUTER and gathering data. The only difference is that the data is not being sent anywhere"

I fixed that for you. Anytime my computer is running like shit if I look in Task Manager I'll see compatibility telemetry taking up 100% of the CPU and disk.

Why has Microsoft not been stopped by the GDPR ?

[Alain Williams]

It seems to me that this is illegal under the GDPR in many ways, for instance the principle of transparency [ico.org.uk]. Microsoft might try to claim that it mentions this in the Windows T&Cs but it most people are not aware then it is clear that the T&Cs are not transparent enough.

Microsoft has faced some GDPR pushback [theregister.com] but, IMHO, not enough.

Time for the regulators to get some teeth ... if this does not happen then we need to wonder why, who else is MS sharing this data with ?

Re:Why has Microsoft not been stopped by the GDPR

[uffe_nordholm]

... who else is MS sharing this data with ?

My guess is "anybody who pays enough"... And for every year that goes on, I am more and more happy that I have been using Linux since the early naughties.

Re:

[drinkypoo]

In short the Windows license grants Microsoft the right to share your data as they see fit [edri.org].

Re:Why has Microsoft not been stopped by the GDPR

[budgenator]

I'm wondering what kind of implications there are under HIPPA in the US as well, it seems like the data is a lot more than just is needed for strictly OS telemetry.

Re:

[UnknowingFool]

While I feel that MS may have breached some consumer laws, I cannot see how this has to do with any health related data privacy. Unless you happen to be storing private medical records on a Windows that MS is somehow transmitting to 3rd parties.

Re:

[drinkypoo]

I cannot see how this has to do with any health related data privacy. Unless you happen to be storing private medical records on a Windows

Windows Telemetry can collect your data from files, keystrokes, or the screen, and it doesn't matter if you're intentionally copying someone's HIPAA-protected information or not. As such, those who care about complying with the law actually go out of their way to avoid collecting health information, just as reputable websites do to avoid collecting CC information (which can leak from your browser back to the site you're doing business with if they're doing enough data collection.)

Re:

[UnknowingFool]

This story is about how a Windows 11 machine reports back to 3rd parties. Key logging was not part of it. Do you have evidence that Windows 11 records all your keystrokes, mouse clicks, and screen grabs? Such capture violates basic privacy much more than HIPAA.

Re:Why has Microsoft not been stopped by the GDPR

[drinkypoo]

Do you have evidence that Windows 11 records all your keystrokes, mouse clicks, and screen grabs?

That's not the claim. The claim is that it can, which we know to be true. When you see me say that they're doing that, then you can ask me that question. Don't move the goalposts.

Re:

[UnknowingFool]

That's not the claim. The claim is that it can, which we know to be true. When you see me say that they're doing that, then you can ask me that question. Don't move the goalposts.

Can you scroll up and read the original claim:"I'm wondering what kind of implications there are under HIPPA in the US as well, it seems like the data is a lot more than just is needed for strictly OS telemetry."

NOWHERE in his claim is there any mention of keylogging, screen grabbing, or such. There is only speculation that it must be more because there is a lot of data. You moved the goalposts by inserting all of those.

Re:

[whoever57]

Not "All" your keystrokes, but fragments of them. This could be enough to violate laws.

"Inking, typing, and speech utterance data This type of Optional diagnostic data includes details about the voice, inking, and typing input features on the device.

Samples of the content you type, write, or dictate on the device.
Details about status of transcribing input into text."
https://privacy.microsoft.com/... [microsoft.com]

This is optional, but remember that, in Microsoft

Re:

[lowvisioncomputing]

HIPPA has been regularly violated on hospital systems. And they don't want to answer questions about it [microsoft.com].

Re:

[jmccue]

I'm wondering what kind of implications there are under HIPPA in the US

Enforcement of laws in the US correlates to the size of the offenders bank account. The lower the account, the greater the penalty.

Re:

[phantomfive]

Is the telemetry data personally identifiable health data of patients? That's what you're really looking for with HIPPA.

Re:Why has Microsoft not been stopped by the GDPR

[lowvisioncomputing]

Doesn't matter if Microsoft mentions it in their T&C or not - illegal is still illegal.

Everything needs to be opt-in. We had problems with companies auto-signing up people for stuff, and auto-renewing stuff they never even signed up for, without user consent. They mostly don't do that now because they got smacked down for it. Time to do the same with all these stupid tech bros.

BTW, your Win10 install will continue to work after it goes out of support. Same as other software. If Microsoft tries to remotely disable it, they are in for a world of hurt, because that is definitely illegal tampering with your device, and they cannot show you knowingly consented to it, since the T&C don't even apply once it's out of support.

Re:

[Anon42Answer]

MS has done this before with zero real repercussions. Forced updates even when updates permission answered "no" and even when updates disabled. This even made some machines 100% unusable with no ability to roll back or revert. There answer was that operating system is 'too old' and 'not secure enough for you' - isn't that supposed to be the users decision?

"If Microsoft tries to remotely disable it, they are in for a world of hurt, because that is definitely illegal tampering with your device,"

Re:

[lowvisioncomputing]

And if people actually follow the complaint process, they get money. Just search for the woman who got $10,000 when an update she never accepted hosed her machine. Problem is, most people are big talkers and tiny doers. They get mad, then they go away grumbling.

Re:

[thegarbz]

People's lack of care is not covered under the GDPR. The transparency is based on information available, not information commuted to memory by users.

All your base are belong to us.

[thesjaakspoiler]

Who said that you could own your computer with Windows11?

Re:

[The Evil Atheist]

Technically, you don't own your computer if you run proprietary blobs in the firmware either. Remember MINIX being used as a secret management tool.

Re:

[Alain Williams]

The store salesman said your new PC, the word new implies ownership [dictionary.com]. George Orwell was wrong, newspeak [wikipedia.org] is created by corporations not totalitarian governments.

Re:

[lowvisioncomputing]

"New" does not imply ownership - never has. You bought a new house - but until the mortgage is paid off, you don't really own it, the bank does. You bought a new car, until you pay off the loan, you don't own it, the loan company does.

You bought a new phone on a pay-so-much-a-month plan. You don't own it. Lose it, you have to pay off the balance owing. If you owned it outright, you wouldn't have any obligation to pay shit to anyone.

You have a new kid. You don't "own" the kid. Don't believe me? Try abusi

Re:

[Darinbob]

The bank owns the house, but the bank cannot put spy cameras into the house unless you default on the loan. You have 100% control over your own house even with a large mortgage. The same with an automobile that you owe money on (and is not leased). You OWN the house and auto, the loan is a separate thing. If you stop paying the loan then the loan owner can repossess.

If you buy a computer, it is YOURS. If Intel has spyware management in their CPU they need to ask your permission to use it.

Software is iffy

Re:

[ThurstonMoore]

created by corporations not totalitarian governments

They seem to be becoming one and the same.

Something's missing here

[Anonymous Coward]

Windows 11 doesn't ship with Steam or McAfee. Was this a Dell/Alienware system with additional bloatware preloaded?

Re:

[rudy_wayne]

Windows 11 doesn't ship with Steam or McAfee. Was this a Dell/Alienware system with additional bloatware preloaded?

I'm betting that they used a computer from one of the big OEMs that ships with a metric fuckton of crapware pre-installed.

Gotta have a new click-bait headline for your shitty website.

Re:

[cascadingstylesheet]

Windows 11 doesn't ship with Steam or McAfee. Was this a Dell/Alienware system with additional bloatware preloaded?

I'm betting that they used a computer from one of the big OEMs that ships with a metric fuckton of crapware pre-installed.

Right. Which has nothing to do with MS itself.

Its partnerships, perhaps.

Re:

[Deathlizard]

Its a laptop, so definitely an OEM.

The only OEM that I know of that is devoid of crapware is Microsoft themselves, and even then Surfaces have some bloatware regarding the warranty and health checks, as well three installs of Office 365 for English, Spanish and French.

Even back in the day when Microsoft was touting the Signature Edition PC's which were supposed to be 3rd party OEM's devoid of crapware, the OEM's would sneak it in as part of a device manager package that was necessary for basic operation. Le

Re:

[Luckyo]

The office part is genuinely annoying too, because you must uninstall each language that is put on it. Which depends on a region. I recently had to prep two new win11 laptops, and it included uninstalling Finnish, Swedish and Danish versions of office trial. Which even on a decently fast modern gaming laptop took a minute or so for each version.

Re: Something's missing here

[doragasu]

Unfortunately you cannot do "clean Windows installs" on UEFI systems anymore, if they have been customized by the manufacturer (a practice very common on laptops). During install, Windows calls some UEFI crap that allows vendors to install crapware during the OS installation.

Re: Something's missing here

[lowvisioncomputing]

Unfortunately you cannot do "clean Windows installs" on UEFI systems anymore, if they have been customized by the manufacturer (a practice very common on laptops). During install, Windows calls some UEFI crap that allows vendors to install crapware during the OS installation.

All the more reason to build your own. And avoid laptops, or remove the drives and wipe them with an external device. Or if necessary, nuke them from orbit - it's the only way to be sure.

Or take the drive out and use it for something else, and install a new bare drive. Problem solved.

Re:

[phantomfive]

And avoid laptops,

This is not practical advice.

Re:

[lowvisioncomputing]

And avoid laptops,

This is not practical advice.

How is that NOT practical advice? You want to do serious work, get a desktop and multi-monitor setup. For everything else, get a phone, like the rest of the world.

Re:

[phantomfive]

Because people buy laptops when they need a portable device. People literally pay extra for the portability feature. If you don't need portability, then a desktop is cheaper.

In other words, if you ignore the requirements, then you are not giving practical advice.

Re:

[lowvisioncomputing]

How is a smartphone not portable? If you need something better, get a desktop and do it right. Even if you need to drag a mini pc in it's case to a job site - just make sure they have spare screens, a keyboard, and mice.

If gamers can drag their full-size rigs to lan parties, certainly IT pros can be arsed to drag a box to a job site instead of an inadequate laptop. I've done it. I'm sure others have as well. It's not hard to send an email to ask them to confirm that they have a spare screen or two and a

Re:

[phantomfive]

How is a smartphone not portable? If you need something better, get a desktop and do it right.

LOL now you're trying to pretend that the requirements for a laptop don't exist.

Get over it dude, you can't wish requirements out of existence. You don't want to be like the timezone guy who says "we have no use case for knowing when it is morning."

Re:

[tlhIngan]

Because people buy laptops when they need a portable device. People literally pay extra for the portability feature. If you don't need portability, then a desktop is cheaper.

Have you bought a PC lately? Desktop PCs aren't cheap. In fact, desktops have backed away from the "cheap" segment ages ago. The only reason to get a desktop over a laptop is if you need computing power - either you need a huge multicore beast of a PC or one with a powerful videocard (gaming, machine learning, AI, whatever). If you want

Re:

[phantomfive]

I don't know man, this one looks acceptable for $180 [amazon.com]. I don't know what Dell is selling, but you can get some good desktop computers in the $500 range with the Mini-ITX form factor.

Re:

[Bert64]

Did they do a bare metal install, or did they install it inside of a virtual machine?
I'd imagine the latter, since it makes it easier to monitor and throw away afterwards.

Re:

[Arnonyrnous Covvard]

They all watched Android and took notes, and Google obviously followed Apple's lead. You don't own your devices anymore.

Re:

[Luckyo]

Wait, you can't just run the windows tool that downloads the clean image from MS servers and puts it on a USB drive and then install from that drive?

Are you sure?

Re:

[Barny]

It was a laptop, if you RTFA. So, yes, it had bloatware. That's the activity they were seeing.

Re: Something's missing here

[Kitkoan]

Exactly this. I looked through the article and a quick skim of the video, and at no point does it mention anything about who made the computer, is it running a genuine Windows 11 version or is this some knockoff that has a bunch of pre-installed "value" software.

It makes great click bait though, and who needs accountability when you can get that sweet sweet ad revenue.

In case you haven't figured it out yet

[Big Hairy Gorilla]

There is only 1 business model now. Data Rape.

Everyone is doing it.
But you don't mind being raped.

Re:

[NoMoreACs]

There is only 1 business model now. Data Rape.

Everyone is doing it.
But you don't mind being raped.

Um, not everybody.

https://support.apple.com/guid... [apple.com]

Having a readily-accessible "off switch" is the real difference. Even when it means potentially reducing automatic protections for the User:

https://mashable.com/article/a... [mashable.com]

Re: In case you haven't figured it out yet

[Big Hairy Gorilla]

My dear child,

https://gizmodo.com/apple-iphone-privacy-analytics-class-action-suit-1849774313

Re:

[NoMoreACs]

My dear child,

https://gizmodo.com/apple-ipho... [gizmodo.com]

1. My link was about macOS, not iOS.

2. TFA was about sending info to Third-Parties. Unless you have proof Apple is doing that, then your "Citation" is off-topic.

3. Anybody can sue anybody anytime for anything. Doesn't prove a thing.

Re: In case you haven't figured it out yet

[drinkypoo]

1. My link was about macOS, not iOS.

Apple is part of PRISM [theguardian.com] and as such they should not be trusted, period. If you choose to trust them, that's on you.

Re:

[NoMoreACs]

1. My link was about macOS, not iOS.

Apple is part of PRISM [theguardian.com] and as such they should not be trusted, period. If you choose to trust them, that's on you.

Do you have better proof than the word PRISM hand-scrawled on an undated document?

Nice strawman, BTW.

Re:

[Big Hairy Gorilla]

from the article... watch the video and see for yourself, I think it does prove something: That you're a chump for believing Apple "cares deeply about your privacy"... oh wait, maybe it was Google that said that? ... Ooops. It was every company who wants to deny they are fucking you. Don't feel bad you've been misled, along with millions, maybe billions of others. But you HAVE been misled.

""the Apple App Store sends the company exhaustive information about nearly everything a user does in the app, despite a

Spyware = modern

[peppepz]

It's the second time in two days that I hear, from different spyware companies, that trafficking user data is "modern". It's their strategy: if all of them abuse the customer in the same way, then when caught they can say "eh, it's just what everyone does these days". I only wish there were more people in the tech press calling bullshit on claims such as "we need to sell your data to Steam in order to keep your PC secure".

Re:

[Darinbob]

You know what else is modern? Covid-19, drones carrying bombs, and putting classified docs in your sock drawer. Being modern is not necessarily a good thing.

Resist Mandatory Accounts

[RegistrationIsDumb83]

Given how much data they collect and share, it's no wonder they push so hard for an account. The data will be even more valuable if they tie it to a real identity. This is the real reason all their crap from visual studio classic to Minecraft to sea of thieves to win 11 pushes accounts so hard and why they ban throwaway accounts when you try to reg them.

Same company complicit with PRISM, never trust them.

Re:

[thegarbz]

Given how much data they collect and share, it's no wonder they push so hard for an account.

Don't be silly. Nothing about what they collect requires an account. Everything they collect can easily and directly be tied back to you regardless of how you log in.

They are pushing their accounts as a way to prevent jumping to other products. No need to find a cloud provider if you get OneDrive "for free with an account", no need to use Chrome if all the wonderful synchronisation settings are available in Edge "for free with an account".
They are pushing accounts to try and push their "value added features

Is Windows 11 spyware?

[Kevin108]

Yes, Windows has been spyware since at least Windows 8.

Re:

[drinkypoo]

Windows 8 didn't include telemetry out of the box, it was retconned into 7 and 8 after Windows 10 was released.

This does mean if you're doing updates you have to take additional measures to remove spyware from Windows 8 (Windows 8.1 Embedded is still getting updates) which usually means remove_crw.cmd [github.com].

Telemetry is baked into Windows 10 and later, so no amount of not updating (or removing updates after the fact) will avoid its installation.

The new Microsoft dictionary?

[petes_PoV]

to empower customers to be more informed about their privacy."

Knowing your data is being appropriated is not the same as being empowered to control it.

best way to stop it?

[PhantomHarlock]

So is the best way to stop it at this point at the router level? Of course they doesn't help when you're taking a laptop on the road. I try to disinfect and de-bloat new windows installs as much as possible but it's getting very hard to do.

Re:

[Bert64]

Nothing stopping you taking a small linux based computer (eg a raspberry pi) powered from USB and hanging it off your laptop... Route all of your connectivity through that.

Re:

[drinkypoo]

If you want to avoid the possibility of Microsoft exfiltrating your data, then you are going to have to use egress filtering with default deny.

Nobody has ever caught them sending your data out through Windows Update itself AFAIK, so that is ostensibly "safe" to permit. But it's physically possible to send data out through it, so it also arguably isn't.

While it represents a high level of paranoia, this threat could be avoided by using scripted, unattended installs for your applications, and storing your data

Air Gap

[GoJays]

flowing data is common in modern operating systems "to help them remain secure, up to date, and keep the system working as anticipated."

So a system that is air gapped would eventually just stop working if it wasn't able to phone home or call "friends"? I'm calling BS. I mean, anyone with half a brain knows that Windows has been spyware since Windows 8 and most likely earlier.

What if

[aglider]

Any of those 3rd parties gets hacked in?

What if any of those 1-way data channel can become a 2-way command and control?

Are you still using proprietary OSes?

Break up Microsoft

[Schoenlepel]

This is one of the reasons Microsoft should not be trusted and split up.

It should be split up in:
- A part which produces the OS, Visual Studio, and various other small bits and pieces. Visual studio and those small bits and pieces would be required to become cross-platform in x amount of time.
- A part which produces business software (which would be required by court to supply software to other OSs than Windows).
- A games publisher (which would be required by court to provide its games to other OSs than Windows).
- The online services part (bing, MSN, github, azure, for example). Perhaps these need to be split up further.

Then, these parts would need to convince a judge every time they want their software/services to interact with one another somehow. They would be disbarred from buying one another.

It's like that Spongebob episode...

[clawsoon]

...where Plankton kidnaps people to force them to eat chum. "Come on, it's a standard marketing technique!"

Awww, cute!

[VeryFluffyBunny]

Microsoft are trying to be just like Google! Yeah, haven't used Windows for years but it's pretty close to impossible to avoid being spied on by Google.

normalizing theft

[awwshit]

> flowing data is common in modern operating systems

Way to normalize theft, Microsoft. That may be one of the most evil things Microsoft has ever said.

Fuck visibility

[devslash0]

What about conscious, intentional consent?

how to block?

[Espectr0]

is there a public hosts file that we can use (or any other tool) to effectively block this traffic?

Re:

[GBH]

Didn't I read somewhere a while ago that MS were "retiring" the hosts file in a future OS?

It is SUCH a useful tool to have when you're troubleshooting I'd hate to lose the simplicity of hosts to fix problems.

YES

[RitchCraft]

Windows since version 8 has been spyware. Windows 7 updates also introduced telemetry which can easily be removed with something like Tronscript. I'm never using another Windows version beyond 7. Migrating to Linux or pencil and paper after 7.

âoeEverybody does it and weâ(TM)re trans

[trogdor8667]

Thatâ(TM)s fine and may be true, but:
A. As we were taught as kids, if everyone else were jumping off a building would you?
B. Doesnâ(TM)t magically make it not spyware

Re:

[Schoenlepel]

I think that would be almost any distribution.

You could install it on a separate partition, having taken away all the empty space from Windows, install the distribution (which can be done through a nice GUI), and after installation move all the files from your Windows partition to /home/. It should not hamper you at all.

I'm on KDE-neon, and it can do as you want.

However... confronting new users with such an aging idea for a configuration interface??? Are you out of your mind? What KDE/Plasma has these days