What I want is Little Snitch on steroids built into the OS where every process, including all native ones, including UI apps, are blocked from network connectivity by default, and the user gets an easy monitor of outgoing traffic with TLS/SSL inspection built in (you'd need some OS API to enable that).<p>Kind of like granular oauth permissions, apps should have to declare which outgoing they have, a description/why, and allow inspection of the actual traffic.<p>What Adobe CC, Google Chrome, MS Office, and macOS/Windows itself do with this background network connectivity is completely out of control and abusive to the user. They get away with it because the vast majority of users are non-technical and don't realize it's happening.<p>I've profiled and decrypted the background traffic on a stock Android install and the volume was also appalling. Getting macOS to 0 background traffic involved blackholing large Apple IP blocks at the router, whereas some of their processes use random IPs from these ranges and don't use DNS.<p>Just as the general public doesn't have the awareness or ability to fight for their privacy rights I doubt any of this will ever be remedied.
This is a one paragraph claim that doesn't provide resources to show that their claim has basis. It could very well be entirely accurate, but there's no information contained here to know one way or the other.<p>For example there have been numerous claims made previously that link ANY network traffic to a supposed invasion of privacy, but once you delve into the underlying traffic it isn't nearly as nefarious as it initially seemed.<p>This article is telling you to "open up the network monitor of your choice" but network traffic and CONTENT are apples Vs. oranges, and yet we're meant to draw conclusions from that? We're meant to know Microsoft are taking your slide's content whole-hog? Isn't that yet to be determined?
I've raised this point repeatedly in different orgs. It's met with some combination of indifference and lack of understanding and not-my-responsibility-ism, but I'm sure that this will eventually blow up hard in some company's face - like 9-digit settlement for breach of contract, or worse things like breach of export control laws.<p>Enterprise data security on the "MS Office level" at this point is like driving 60 mph on a road with no lane dividers. You just pray that you never meet a drunk driver or someone texting in oncoming traffic who suddenly swerves into your lane. You pray that none of your employees click the wrong button and bankrupt the company.
There's a pervasive lack of precision in privacy discussions. There's a difference between a network request that does some computation on the server side, one that does the same but may log errors and increment counters, and one that actually stores the data temporarily or for a long time. And in the last case, there's a difference between the data being nigh-impossible for internal employees to access (perhaps only used as input for other automated systems), and data with few controls. What about the ability of the user to invoke a delete for all their data on the server side? There's so many dimensions.<p>This is not a useless feature. I can imagine it might help someone make a better presentation. We have to weigh the <i>potential</i> privacy implications against that.<p>And asking the user to consent for every little thing isn't the solution either. It's so annoying to be pin-pricked by dialogs. At work, this sorta thing should be decided at the organization level, by setting appropriate fine-grained org policies for Office.
This seems blindingly obvious? They use a cloud powered feature, then complain that information is sent to the cloud? According to this help article using designer for the first time will request permissions.<p><a href="https://support.microsoft.com/en-us/office/create-professional-slide-layouts-with-designer-53c77d7b-dc40-45c2-b684-81415eac0617" rel="nofollow">https://support.microsoft.com/en-us/office/create-profession...</a>
The future of personal computing is really dark these days. I just attended an apple event for education and government. The amount of data tracking and the standardization/normalization of this behavior is dystopian.<p>What happened to computers being just fun and a source of exploration and freedom?<p>Microsoft, Gooogle, Apple all constantly push their cloud based accounts … where everything is tracked.
This post is dubious at best. It makes a “do your own research claim” without sharing anything concrete.<p>Yet, this plays into people’s own confirmation biases so it’s already being taken verbatim by people here.
Obtaining user data should be a horrifying prospect for companies. They should obsessively work for alternative ways to not need it for their goals. And when they need it, to be ridiculously careful about it. (you could substitute "user data" for "application state" here)<p>But it's not because there aren't sufficient consequences. Memory leaks don't properly crash the company as they should.
This doesn't bother me too much (but it would if I worked at a different company - I'd have concerns over company secrets). It's the browsing history which is by default sent to GOOG/MSFT which bugs me. On by default, and I'd swear I've seen it get reset on Chrome.<p>Chrome:<p>Settings > Sync and Google Services > Make searches and browsing better<p>Edge:<p>Settings > Privacy, Search and services > Personalize your web experience
LibreOffice FTW.<p><a href="https://libreoffice.org/" rel="nofollow">https://libreoffice.org/</a><p>It may be glitchy in some areas, but I've been using it since graduating high school, and I can do whatever I want with it.
Microsoft and Google have OneDrive and Google Drive where most slide decks are stored anyway so in some ways this is barely newsworthy, on the other hand I guess if someone purposefully selected Office instead of Google slides for their presentations and thought using an offline app which doesn't save the files to their OneDrive would keep them secret might get surprised by this feature.
I can't say whether the blog is correct or not, as I haven't seen the actual network traffic, but there are privacy controls that the author probably hasn't configured [1]. If it was configured correctly, Designer wouldn't even be available. So it's not as though every user of PowerPoint will have their data collected by Microsoft.<p>[1] <a href="https://learn.microsoft.com/en-us/deployoffice/privacy/manage-privacy-controls" rel="nofollow">https://learn.microsoft.com/en-us/deployoffice/privacy/manag...</a>
I guess since we all use MS mostly for business purposes we don't care so much about privacy. It's something our managers sign off on, in the name of security, features and really nice value for money. But oh boy, do they know a lot about us and our businesses. I mean, my office apps have "LinkedIn services" on by default [0], so they are linking all the things to all the things.<p>[0]: <a href="https://support.microsoft.com/en-us/office/linkedin-in-microsoft-apps-and-services-6d7c5b09-d525-424a-9c18-8081ee7a67e8" rel="nofollow">https://support.microsoft.com/en-us/office/linkedin-in-micro...</a>
Like I said last time:<p>> Did we consent to this?<p>Yes, unless Microsoft doesn't ask for consent in whatever country the author is from. There's a consent popup that you need to click through that informs you that the content of your slides are shared with Microsoft. This is part of "intelligent services" in case you're looking for the details.<p>The author should be able to turn this feature off easily, but yes, they did consent to this. They just might have done so months ago and forgotten about it.<p>Find out more about the "intelligent services" that also send the contents of your document to the cloud if you click on their respective buttons here: <a href="https://learn.microsoft.com/en-us/deployoffice/privacy/connected-experiences" rel="nofollow">https://learn.microsoft.com/en-us/deployoffice/privacy/conne...</a>
Is there any way to tell if your company has opted in? Mine makes a <i>huge</i> show of classifying Office documents and barking about the policies of what can be shown to outside people. It would be hilarious to find out that they've done this, and are letting Microsoft slurp up all the stuff that would get us fired if we sent it to an outside email address.
Dear Lazy OP,<p>Please use wireshark or something else to explain what those packages are. It might be downloading design features or some other data it requires.<p>100 word article really doesn't do it for me.
PowerPoint has a feature where it uses machine learning to suggest layout and design changes for your content. This feature most likely can be turned off, but of course it needs some data on what's on your slide to suggest changes.<p>I hope this submission is flagged and removed. Just because you don't like Microsoft doesn't mean such misrepresentation is okay.
I wonder what the NSA or any other of these three-letter agencies think about that, I can remember much of the leaked information consisting of Powerpoint slides.
This post seems to lack any useful information to come to the conclusion of "phoning home the content of PowerPoint slides". That said, if you use the tool in question, you'll notice that it only suggests layouts and these seem to be fairly generic. They don't seem to take into account the content so much as how the content is laid out.<p>This could be as "simple" as Microsoft phoning home with the layout of the data (bullets vs title vs paragraph of text) combined with perhaps hash codes of any topical features (things that indicate technology vs food).<p>I've never been "surprised" by the feature the way I am with Github Copilot where it sometimes feels like it's reading my mind. The Designer is just a simple way to click a button and get back 5+ recommendations on how you can layout the data.<p>Without some kind of evidence, my explanation is just as valid as the blog. That which can be asserted without evidence can be dismissed without evidence.
Well that's cool, it's just like Copilot but for confidential and proprietary information! I wonder if I can get a sneak peek into my competitor's quarterly reports using this suggestion feature...
Just because it is phoning home data doesn't mean automatically it's sending your data - more than likely it's a block of stuff representing what is your data, because nobody wants to traffic in your copy/pasted email FW:FW:FW:FW graphic at 6MB you use on every slide for your company logo. It's just not practical to me, and if you don't like that generic thing, well, disable Design suggestions. Pretty sure there's a switch for that somewhere. Usually there is with Microsoft.<p>Paint: having Admin rights when you can find it since Windows 95
This is a fascinating multi-faceted problem...there is the outright concern of how much of the data is being exposed, but there is also a much more subtle action at play.<p>It appears that MS is using our data to continuously train their large DL networks to provide these recommendations...so what is to prevent a bad actor from cunningly constructing an asset that may trick the recommender into leaking insights from another company (or possibly poisoning the network itself)? These adversarial attacks have been well documented in academia.
What I am kinda waiting ( and it is coming ) is for someone to find out that Excel actually gathers all interesting data under guise of automatic analysis ( ala copilot ). The financial sector will tremble as almost the entire human population existing in the spreadsheets in one form or another ( as long as they are on o365_v2 ) will have their data harvested daily and banks will be unlikely do anything about it.<p>Oh, look. We don't need enter Jenkins account. Everything auto populates. And we did not even map it yet...
Microsoft and confidentiality of your data are two incompatible concepts.<p>Microsoft is basically the editor of a set of tools designed to make employees more productive. As long as you use Microsoft products with this in mind, there's no ambiguity: you give Microsoft the data you work on, and it gives you productivity in return.<p>Unless you are the actual CEO of a company involved in trade secrets (or a defense organization), you shouldn't care about Microsoft snitching the content of your slides, and everything else you write or see, to its own servers on the justification that it will make your experience better.<p>It's not worth entering the debate, and if you accuse Microsoft you will probably need to accuse its competitors.<p>Just remember to keep out of anything Microsoft when you process anything strictly personal, and you will be more than fine.<p>P.s.: I almost forgot to answer your question. Yes, you approved this. And again, if it's not your company, your boss very likely approved it and wouldn't even consider the effort of looking into this, so it's not your business. Literally.
This isn't a black/white issue. How about we let each person evaluate it for themselves? I find this feature useful, but if I were a sysadmin, I'd probably block it. Not because I don't trust MS, but just that it opens up a vector that I would not want to manage.
It's not just PowerPoint, but other Microsoft products too. Their browser (Edge) is known for being on constant phone home, close doesn't really mean close, self-update without user interaction, odd settings that cause privacy problems, after it updates itself makes changes to settings without user permissions or breaking various security-related extensions, etc...<p>It's a pattern of general disrespect for user privacy and exploitation of unaware users for corporate and 3rd party entity benefit. Look no further than Microsoft's Copilot, which is in the spotlight, and arguably has no respect for users copyright.<p>That PowerPoint (and other Office products) are phoning home users data, should be of no surprise whatsoever.
On Windows there is Glasswire[0] for blocking applications that phone home. Just find the offending process and block it. It's not a perfect solution though as Windows 10/11 has hundreds of things that phone home and blocking them has unintended side effects (things crash randomly if they can't talk to the Internet).<p>[0] <a href="https://www.glasswire.com/" rel="nofollow">https://www.glasswire.com/</a>
I use "simplewall" [1], a firewall to windows. What I like about it is you get a popup window every time a new program want to send data out, then you could block or accept it or temporary accept it. It's crazy how many programs that wants to talk to the internet constantly.<p>[1] <a href="https://www.henrypp.org/product/simplewall" rel="nofollow">https://www.henrypp.org/product/simplewall</a>
Microsft windows store does the same thing, but worse.<p>Check out the developer panel to see for yourself.<p>Windows store downloads are accompanied by mouse trackers, keyloggers, and more.
Office itself is a cloud service nowadays. That phoning home feature is part of the online saving so that you can resume work from a browser or contribute collaboratively with other users across the network like a google docs, but on the desktop.<p>Does it beam home? Yes
Do I like it? No<p>We have LibreOffice for decades. Be the change.
Just wondering along the lines of 'perhaps a cigar <i>really</i> is a cigar'.<p>What would Microsoft be doing with the text of every PowerPoint presentation once they have analysed the style/font/content information?<p>Must be thousands of slides per hour 24/7 for years. How long is this information kept?
Microsoft Office is, in general, straight up spyware now. It reports usage statistics back to your boss. Marietta can now see exactly how long YT's mom took to read that toilet paper memo, and make disciplinary decisions accordingly.
how was it determined that it is phoning home the content of the slides? One thing is to exchange network packets with a remote server, and another thing is to claim that it's leaking slide content.
Well, you do agree to license Microsoft any intellectual property you create with their software, for free, in perpetuity. So it’s kind of on YOU if you still use their products.
I don't have PowerPoint on my computer so I don't know if it works without Internet connection. Can someone tell me what happens if there is no network access?
While this isn't acceptable, millions enjoy sharing the content of their documents every day with Google, with a document suite running on their servers.
So, what is the best way to game the system? Make many offensive Power Point presentations or silly layouts and hope the system starts to recommend them to others?
"Informed Consent is just a theory. Besides [other app] already spies on you so who cares? Whaddareya doing in PowerPoint that's so sekret?"
So when US politicians say TikTok needs to be banned because it's effectively spyware, why are they silent when the same happens from US companies