Is there any accurate analysis of exactly <i>what</i> Microsoft collects in Windows 10? I understand you cannot totally disable the telemetry (with the exception of an Enterprise version) but when put down to the "basic" level is there any capture of what is being sent? Everything I have seen is bullshit anti-Microsoft fairy tale stuff.<p>I understand text and voice data will be captured and sent if you use Cortana but that is pretty obvious, the same is true of Google, Bing, Siri, etc. [0]<p>What I want to know is when I put things at the lowest setting possible what do MS get and how often?<p>Edit: [0] I mean captured and sent for processing. I expect (perhaps wrongly) for it to be deleted from Microsoft's servers as soon as my request has been answered. Unlike Google which stores <i>everything</i> you say to Google Now for example.
I would like laws that would force companies to disclose the bad side of what they are doing.<p>When they ask if you want to share what you type or say with them, in order to improve the experience and for you to get more relevant suggestions or more accurate spell checking or whatever, they only focus on the positives.<p>But that's not enough. I want them to say that your delicate and private conversations might leak and be used for nefarious purposes by disgruntled employees, state agencies, hackers or future owners of that data, because that's the truth.<p>Much like how cigarettes packs have graphical warnings on them. I'd like that very much, because as an ex-smoker I can tell you that those work. But of course, it would hurt their business to admit it, so they'll never do it willfully.
People are giving special attention to the things that Microsoft is doing, but history shows that they will eventually accept it and live with it.<p>Facebook has been doing this for a long time, to extremely high degrees of invasiveness. Google as well, and pretty much every single web startup in existence. Collecting data is how you compete in modern business.<p>If you think this Microsoft stuff is a big deal you should have another look at the entire foundation of modern tech.
I switched to Ubuntu because of Windows 10. Using Linux as a primary operating system works great as a developer.<p>There is a saying which says if a product are free "you are the product". Microsoft made the upgrade to Windows 10 free a guess so that they can mine data about you and your habits. That data is valuable for marketing purposes.<p>Wireshark traffic dumps show a lot of data going to Microsoft telemetery.<p>I choose to say no to that data collection, instead wanting to keep a bit of privacy.<p>Have some security wiz MITM the Microsoft telemetry server with their own cert to inspect the data collection traffic?
> the four-character PIN system used to access Microsoft services is insecure, because there is no limit on the number of attempts a user can make.<p>I just tried logging in with my pin.<p>After a handful of tries I was given a string to enter before I could try again. I did that. After another try I got told to restart the device before I could try again.<p>So it doesn't look like 10 tries and locked out forever, but rather increasing penalties for incorrect attempts. Which is fine.<p>oh and my pin is 6 characters long.<p>If they don't have this right why should we believe them about any of their other claims?
<i>> Microsoft: users are in control with the ability to determine what information is collected<p>> Microsoft: so enterprise customers will be able to completely turn off telemetry if they choose[1]</i><p>Which is it, Microsoft?<p>[1]: <a href="http://www.techrepublic.com/article/windows-10-now-lets-you-turn-off-tracking-but-only-if-youre-a-business/" rel="nofollow">http://www.techrepublic.com/article/windows-10-now-lets-you-...</a>
This is a step in the right direction, but no fine they can levy will be sufficiently punitive.<p>Companies like this will continue on and consider things like this simply the cost of doing business.<p>Kind of like banks. They don't give a fuck.
With LinkedIn [0], Microsoft has much more in its arsenal.<p>That said, who cares. I've hardly seen anyone use uBlock Origin, Ghostery or Privacy Badger. OTOH, people love tools [1] that read your email and notify about due bills and the like.<p>[0] <a href="https://twitter.com/darylginn/status/590664399041519617" rel="nofollow">https://twitter.com/darylginn/status/590664399041519617</a><p>[1] Google Now
I have LittleSnitch on my Mac and observe the requests that my Windows VM makes. I believe you can use an equivalent tool on Windows, such as GlassWire, or also the very useful tool O&O ShutUp10 with which you can disable telemetry settings.
Ah, CNIL.<p>What counts as "excessive"? Apparently whatever someone at CNIL thinks is excessive. I can imagine that Microsoft learning what apps you download is inevitable given their reputation based malware detection scheme: no way for that to easily work except by IE checking in with Microsoft to find out if a program is known malicious or not. And figuring out if a program is actually interacted with or not seems like a pretty good signal to determine if a new, unknown program is a silent botnet or not.<p>"4-PIN limit is insecure, because there's no limit on the number of accesses" is exactly the kind of bureaucratic central-planning nonsense that France has so many problems with. You do not need absolute counted limits on a password/PIN system to make it secure. You just need to take other steps to make brute forcing infeasible, like throttling the rate of attempts. Why is CNIL attempting to micro-manage the code for the Windows authentication systems, something they are clearly not qualified to do? The details of Microsoft's security system is their concern alone: if users dislike the way Microsoft do it, then they have other alternatives they can easily switch to.<p>I suspect Microsoft may do what other big companies do and simply ignore CNIL completely. They can only hand out relatively small fines and it's easy for big companies to just pay them off to make them go away. Their rulings have a long history of being completely unreasonable so it's usually the easiest path.