SHARE
TWEET

ZDNet_Response

a guest Sep 28th, 2015 523 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. tl;dr: When critically examined, this set of statements proves the need for better privacy controls in Windows 10, and Microsoft's insultingly clear unwillingness to truly address the issues.
  2.  
  3. "Microsoft has a privacy problem."
  4. Yes, they do.
  5.  
  6. "Apple sparked a furor over ad blockers with the recent release of iOS 9, for example, but Microsoft built nearly identical tracking protection features into Internet Explorer 9 nearly five years ago."
  7. Internet Explorer has never had an ad blocker enabled. It had a "do-not-track" option, that was opt-in BY THE TRACKERS to honor. Run Ghostery on ZDNet and see the amount of tracking that happens, even when 'do not track' is selected. Thse are NOT the same things, Ed.
  8.  
  9. "the virulent attacks against Windows 10 this summer came as an unwelcome surprise."
  10. Microsoft sends data out the door with a legalese-at-best set of catch-all clauses, and the pushback is a "surprise"?!?
  11.  
  12. "Critics have accused Windows 10 of spying on customers and collecting data for nefarious purposes, and those criticisms, despite a lack of supporting evidence, have persisted."
  13. Run Wireshark on Windows 10. I don't care WHY they're doing it, data IS being collected. "Nefarious purposes" is misleading - they're not nefarious NOW, I'll certainly grant you that. However, once they decide to BECOME nefarious, they've got your data - they're not getting rid of the data once they start.
  14.  
  15. "Windows 10 collects information so the product will work better for you."
  16. And if I decide that the product is stable enough, and wish to roll the dice with no data whatsoever going back to Redomond? Well then, I need to take care of that between my laptop and my modem using PFSense or similar, because Windows 10 doesn't afford that option at a software level.
  17.  
  18. "You are in control with the ability to determine what information is collected."
  19. Where's the verification? How come Microsoft won't show me the data they're collecting?
  20.  
  21. "Most of the criticisms I've seen were based on misreading of the privacy policies for Windows 10 and for Microsoft's online services."
  22. Picture a stereotypical Hollywood bad guy, complete with the maniacal laugh, the mustache twirling, and a habit of tying women to railroad tracks. What does the privacy policy allow HIM to do with the data that's collected? Given fully malicious intent, what does the privacy policy LEGALLY allow Microsoft to do with the data collected?
  23.  
  24. The thesis of most of these arguments is that Microsoft is /unwilling/ do unwanted things with my data, not that they're /unable/ to do so. A privacy policy protecting a huge amount of data that hinges upon Microsoft's own scruples is an extremely dangerous notion to defend...and no, it does NOT mean that I trust Apple or Google or Amazon any more than Microsoft - you can run a "Replace All" command on this comment response, exchanging "Microsoft" with "Google", and I believe the EXACT same things.
  25.  
  26. "To operate at its most basic level, Windows 10 collects and uses a limited set of data."
  27. Show me the data.
  28.  
  29. "To make your device more personal and delightful to you"
  30. My own "personal", "delightful" device does EXACTLY what I want, no more, no less.
  31.  
  32. "we give you choices to use additional features."
  33. And where's the "send no bits, at all, ever" choice? Because that's the one I want.
  34.  
  35. "These features are optional, and they work better if Windows 10 understands your interests and preferences."
  36. Give me a copy of Windows 10 that is completely absolved of all of these features, and I'll buy it. With cash. TOMORROW.
  37.  
  38. "We collect a limited amount of information to help us provide a secure and reliable experience"
  39. ...try the forums. There are tens of thousands of people who have provided very thorough, very explicit descriptions of some problems they have had with Windows. I'm not saying that telemetry isn't worth having the possibility of getting, but when there are people explicitly stating opinions and descriptions of problems, and they are being ignored, that tells me that the telemetry is more for Microsoft's convenience rather than the benefit of the users.
  40.  
  41. "...that ID is essential to tell whether 100 identical problem reports are from a single device or from 100 different devices."
  42. A fair point. The question really is "how isolated" they are. Anyone want to give me a tour of the datacenter? I'm up for a Skype session.
  43.  
  44. "Basic...Enhanced...Full..."
  45. No details about EXPLICITLY what these contain. MAC addresses? IPs? Geolocation data? Lists of installed programs? I'm pretty sure that my Start Menu is unique...
  46.  
  47. "Organizations running Windows 10 Enterprise or Education have the option to disable telemetry completely, although Microsoft recommends against it."
  48. Why are these settings only in the Enterprise and Education SKUs? Why does MS not allow this setting, even if it requires a separate download, for regular users?
  49.  
  50.  
  51. "software companies have to "collect" your information to carry out your wishes."
  52. They "collect" my wishes by giving me a user interface that enables me to make my wishes known.
  53.  
  54. "If you upload a file to OneDrive, for example, the software has to collect its contents to store it online and index it for your later retrieval and use. To make that happen, you have to grant permission for the software to act on your behalf."
  55. That's certainly accurate, no argument there. The fact that Onedrive is their go-to example though, is worrisome - one of the criticisms of Windows 10 is the fact that it's a Herculean effort to /remove/ the OneDrive integration. Why is this so?
  56.  
  57. "Windows sends and gets info ... to give you access to online services like Outlook, OneDrive, Cortana, Skype, Bing and the Microsoft Store, to personalize your experiences on Windows, to help you keep your preferences and files in sync on all your devices, to help keep your device up to date, and so that we can make the next features of Windows ones that you'll enjoy."
  58. Do. Not. Want. Any of these. This is the crux of the problem. Microsoft cannot seem to understand that I wish to use a LOCAL account, a mail account provided through a third party, haveno desire for Skype, the extent of my use of Bing is when I accidentally forget to type "http://" before "192.168.1.1" in a web browser, and finding a useful app in the Microsoft Store is a terrible experience, because there are no useful filters. Bittorrent Sync has completely made "file sync across devices" a solved problem, WSUS Offline is something that Microsoft should have been offering since Windows XP SP2, and if Microsoft wanted to make Windows 10++ a version "[I'll] enjoy", all they have to do is pay attention.
  59.  
  60. "The fact that the operating systems and connected services are collecting data on your behalf does not mean that the company running those services is keeping a separate copy for its own use."
  61. Prove it.
  62.  
  63. "But that's what critics misunderstand after reading the various privacy policies."
  64. So pull those clauses out of the privacy policy.
  65.  
  66. "...those broad terms of service are essential for those services to work properly."
  67. So let me completely do without them.
  68.  
  69. "What really matters is that the agreement makes clear that the data collection is necessary only to fulfill your specific requests, and that the actions of the service match with its policy."
  70. Except that "complete opt out" has become the realm of third parties.
  71.  
  72. "In addition, as our devices get smarter, we expect them to anticipate our needs and make suggestions rather than simply waiting passively for commands."
  73. I expect my computer to do what I tell it to do, when I tell it to, and how I tell it to do it. How is this concept so difficult to understand?
  74.  
  75. "That's the goal of Apple's Siri, Google's Google Now, and Microsoft's Cortana."
  76. Great. For those who want this kind of functionality, yes, make it happen, and make it as easy and effective as possible. For the rest of us, kindly explain why it required me to do a "deny all" at the file permission level to prevent Cortana.exe from running, even with every possible privacy setting closed, and the Indexing service disabled?
  77.  
  78. "As usually happens, the Internet echo chamber turned the complex technical details of Windows 10 privacy into a series of gross oversimplifications."
  79. And, as usually happens, the core issues and simple solutions are summarily ignored, downplayed, dismissed, and hand-waved away. Make a "Windows 10, Paranoid Edition". Sell it for $300 a pop. Watch what happens.
  80.  
  81. "First and foremost, the Cortana service, which has the capability to use personal information based on your typing or voice input, is off by default. You have to specifically enable it."
  82. This is a truckload of fertilizer! It's all but impossible to DISABLE!
  83.  
  84. "To give you text suggestions and auto-corrections that actually help, we make your personalized dictionary by using a sample of your typed and handwritten words."
  85. Fine. I'm okay with this. It's one of the nifty features of Swype, and I give them a pass...to an extent. The "extent" is that I use Xprivacy to summarily deny any and all internet traffic from Swype to the internet.
  86.  
  87. "The typing data includes a sample of characters and words you type, changes you manually make to text and words you add to your dictionary. We automatically take out things that could potentially be used to identify you, like IDs and IP addresses."
  88. And how do you know what's a password, and what isn't?
  89.  
  90. "That's not a keylogger, by any definition of the word."
  91. Keylogger: Software that stores keystrokes and saves them for review by a third party. It may not be /malware/, but let's not pretend it's not a keylogger. Even if we assume 100% altruistic intent by Microsoft, the fact that they're twisting the definition of "keylogger" to account for intent shows a lack of understanding of what is going on outside of Redmond.
  92.  
  93. "Windows 10 includes an advertising ID that makes it possible for Microsoft's ad servers to keep track of which ads you've seen as you move across apps...If you don't like that idea, you can disable the advertising ID in apps."
  94. I appreciate this functionality. Sincerely. It seems like a reasonable compromise.
  95.  
  96. "More to the point, Microsoft doesn't collect global information and use it as the foundation of its ad business, the way Google does."
  97. Combo bonus! Saying "we're not as bad as Google" doesn't make Microsoft's actions good. Second, Microsoft is a software company. Google is an advertising company. I submit that Google is in more direct competition with ClearChannel than with Microsoft, purely from a business perspective. Yes, Google will more thoroughly utilize collected data to advertise...it's why I use their products as little as possible.
  98.  
  99. "Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you."
  100. Is this a backhanded admission that it's being collected, and utilized by Microsoft, just not for the sake of targeting ads?
  101.  
  102. "In a world where our computing experiences are increasingly defined by interactions with online services, the definition of privacy is evolving rapidly."
  103. What was wrong with the definition of "privacy" from 30 years ago, to the point where it needs to undergo evolution? I'm not so sure I'd call it evolution, either - each incremental alteration of the concept has seemed to happen in the direction of "less privacy experienced by users", not the other way around. Furthermore, I find it amusing that amongst the most privacy-respecting mobile OSes to ever be released, was made by Microsoft. Windows Mobile 6.x never did anything with its user's data that wasn't explicitly requested.
  104.  
  105. "That makes people understandably uncomfortable, which is why this sort of dialog is so important."
  106. The term "dialog" implies that both sides are listening.
  107.  
  108. "The idea that a computing device can be entirely disconnected is increasingly quaint."
  109. Another combo bonus! 1.) why is it a bad thing for a computing device to be entirely disconnected? Windows is used by hundreds of millions of people, every day, to do things that the folks who made these statements would have trouble thinking of. To have a flagrant disregard for users who use computers in a use case that Microsoft doesn't consider to be viable is not a reasonable stance to take. 2.) There's a world of difference between "wanting to be completely disconnected" and "wanting control over what connections are made".
  110.  
  111. "There are certainly edge cases"
  112. ...people who actually want privacy are considered "edge cases" now.
  113.  
  114. "That's why Windows 10 includes a broad range of Group Policy settings for IT professionals to lock down devices."
  115. So, the code is available, but explicitly not included in the mainstream releases of Windows 10, but Microsoft wants to label their privacy policy as "misunderstood"?
  116.  
  117. "But for most of us ordinary citizens"
  118. ...that have nothing to hide, so should have no need for privacy, right? That's the only way this statement makes sense. By their own admission, there's a version of Windows with more privacy controls than the mainstream releases, and those privacy controls are explicitly not shipped with the mainstream versions. How is this making ANYONE feel more at ease?
  119.  
  120. "the Internet is a better place when we share information with other people and organizations."
  121. Yes. Information I *CHOOSE* to share. Information I have consciously deemed appropriate for Microsoft to have. That is what makes the internet a better place.
  122.  
  123. "Those transactions require transparency and ongoing monitoring to be sure that policies and practices are in alignment."
  124. Please. I beg of Microsoft to provide that transparency. Show me data dumps. Show me the network isolation. Show me how Microsoft has taken steps to ensure that even the most malicious caricature of Bill Gates would be technologically incapable of using the received data to do something nefarious. I will yield, 100%, TODAY, if Microsoft provides this transparency...or is it that /we/ are supposed to be transparent and monitored, and /they/ only need my trust?
  125.  
  126. "To make that world possible, we also need to calmly discuss these issues and avoid succumbing to paranoia."
  127. Agreed. I am more than willing to have a calm, reasonable, rational discussion with anybody at Microsoft who wishes to address any of the objections I've outlined here. I'm a reasonable person, I understand that there are tradeoffs to be made, and I understand that in a true compromise, I really won't be happy. I don't see compromise here. Before Edward Snowden, those who said "the NSA is monitoring everything" sounded paranoid. Now, we /know/ that it's happening. At that point, it is no longer paranoia.
  128.  
  129. "For Microsoft, today's communications are a a good first step in that discussion."
  130. I'll call it a first step. The next step (there *is* a next step, right?) is to truly address the problems. Make OneDrive removable. Make Cortana removable. Give a REAL choice between a Microsoft account and a Local account when configuring Windows 10. Provide the same levels of opt-out into the home and professional versions of Win10 as are available for the Enterprise versions, ideally even more.
  131.  
  132. What it really boils down to is this: If Microsoft was sufficiently confident in the superiority of the features available in Windows 10, and how useful they were to the users, then there would be no problem making them all completely opt-in, because most people would do it, and those who don't do it are happier with their computer having less functionality and more privacy. The fact that it takes a whole lot of highly technical, very-explicit, exclusively third party utility requiring, warranty-voiding effort to make an end run around these features, leaves me to be of the persuasion that this isn't attempting to address concerns - this is damage control.
  133.  
  134. Joey
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top