Windows 10 is spying on you - at least that's what this developer thinks.

[sid_16]

Content source

http://www.businessinsider.in/Windows-10-is-spying-on-you-at-least-thats-what-this-developer-thinks/articleshow/48297433.cms

Web developer Jonathan Porta reported uncovering the issues in a blog post on Friday.

His concerns focus on seven key privacy settings that are switched on by default in Windows 10.

The settings allow Windows 10 to:

• "Personalize your speech, typing, and inking input by sending contacts and calendar details, along with other associated input data to Microsoft."
• "Send typing and inking data to Microsoft to improve the recognition and suggestion platform."
• "Let Windows and apps request your location, including location history, and send Microsoft and trusted partners some location data to improve location services."
• "Send Microsoft and trusted partners some location data to improve location services."
• "Use page prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers."
• "Automatically connect to suggested open hotspots. Not all networks are secure."
• "Send error and diagnostic information to Microsoft."

The settings are officially designed to improve Windows 10's services, such as the Cortana voice assistant, and tailor the operating system to meet its user's needs.

However, according to Porta, there are two key issues with the settings. First, Porta thinks they are overly vague and do not adequately explain what specific data is being collected.

Second, Porta thinks the settings do not offer enough clarity on which third party companies Windows 10 customers' data is being shared with.

Porta says, when the settings are on, Microsoft will have free reign to collect any data it wants and concludes: "I might as well relocate my computer to Microsoft headquarters and have the entire company look over my shoulder."

Time to get the tinfoil hat
Porta is not alone in his concerns about Windows 10's privacy issues. A conspiracy theory has appeared on the 4Chan message board claiming Windows 10 is actually connecting machines to a surveillance botnet. Botnets are a network of machines that have been enslaved by a hacker.

There is no solid evidence to support the claim. However, Microsoft has been linked to government-sponsored surveillance campaigns in the past.

Documents leaked to the press by whistleblower Edward Snowden showed Microsoft was one of the technology companies the NSA siphoned web user data from during its PRISM campaign. The campaign saw the NSA siphon data from many tech firms including Facebook, Twitter, Google, Yahoo and Apple.

During it the NSA forced firms to hand over data using special secret court orders. Microsoft has since publicly campaigned to combat the orders. Microsoft was one of 140 companies to send an open letter to US President Barack Obama urging him to hamper intelligence agencies, such as the NSA's, ability to collect customer data.

A reality check
A Microsoft spokesperson moved to downplay the concerns about Windows 10's privacy settings in a statement sent to Business Insider. Microsoft said the data is being collected purely for product improvement purposes.

"To effectively provide Windows as a service, Microsoft collects some performance, diagnostic and usage information that helps keep Windows and apps running properly," said the spokesperson.

"Microsoft does not sell this data or use it for advertising purposes. We give a select number of Microsoft employees and third party engineers access to select portions of the information to repair or improve Microsoft products and services."

Trend Micro cyber security consultant Bharat Mistry lent credence to Microsoft's claim telling Business Insider, while the settings are vague, it is unlikely Windows 10 is actually spying on its users.

"The settings would suggest that Microsoft is trying to understand user behaviour in more detail - in terms of sites accessed, the time of day and also from location as well," he said.

"Users should be concerned - [but] just don't accept the defaults!"

Another article says- Microsoft’s new small print – how your personal data is (ab)used.

https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/

Microsoft’s new small print – how your personal data is (ab)used
By Heini Järvinen
Microsoft has renewed its Privacy Policy and Service Agreement. The new services agreement goes into effect on 1 August 2015, only a couple of days after the launch of the Windows 10 operating system on 29 July.

The new “privacy dashboard” is presented to give the users a possibility to control their data related to various products in a centralised manner. Microsoft’s deputy general counsel, Horacio Gutierrez, wrote in a blog post that Microsoft believes “that real transparency starts with straightforward terms and policies that people can clearly understand”. We copied and pasted the Microsoft Privacy Statement and the Services Agreement into a document editor and found that these “straightforward” terms are 22 and 23 pages long respectively. Summing up these 45 pages, one can say that Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent “or as necessary”.

A French tech news website Numerama analysed the new privacy policy and found a number of conditions users should be aware of:

By default, when signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example “web browser history, favorites, and websites you have open” as well as “saved app, website, mobile hotspot, and Wi-Fi network names and passwords”. Users can however deactivate this transfer to the Microsoft servers by changing their settings.

More problematic from a data protection perspective is however the fact that Windows generates a unique advertising ID for each user on a device. This advertising ID can be used by third parties, such as app developers and advertising networks for profiling purposes.

Also, when device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account.

Microsoft’s updated terms also state that they collect basic information “from you and your devices, including for example “app use data for apps that run on Windows” and “data about the networks you connect to.”

Users who chose to enable Microsoft’s personal assistant software “Cortana” have to live with the following invasion to their privacy: “To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.” But this is not all, as this piece of software also analyses undefined “speech data”: “we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames.”

But Microsoft’s updated privacy policy is not only bad news for privacy. Your free speech rights can also be violated on an ad hoc basis as the company warns:

“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to”, for example, “protect their customers” or “enforce the terms governing the use of the services”.

So much for clearly understandable and straightforward terms of service.

Microsoft Privacy Statement
https://www.microsoft.com/en-us/privacystatement/default.aspx

Microsoft Services Agreement
https://www.microsoft.com/en-gb/servicesagreement/default.aspx

Windows 10, Microsoft and your personal data: what you need to know (only in French, 11.06.2015)
http://www.numerama.com/magazine/33...donnees-privees-ce-que-vous-devez-savoir.html

Microsoft provides privacy dashboard ahead of Windows 10 launch (04.06.2015)
http://www.pcworld.com/article/2932...acy-dashboard-ahead-of-windows-10-launch.html

What do you say about windows 10? Do you want it or leave it (back to the previous OS Win.7/8/8.1...)?

 

[Razor555]

Spy or not i still love it. ))
Anyone who thinks your info is not being collected is deluded...

 

[Kardo Kristal]

I think there is no matter what version of Windows you are using. If they want to spy on you then they can just release some kind of updates (anytime) for all "supported" Windows (7, 8, 8.1 and maybe older versions). Just my opinion.

Regards,
Kardo

 

[Sloth]

If you think that only Windows 10 is spying on you then I don't know what to say.

Ill just leave this here.

• https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
• https://prism-break.org/en/

But they don't care about your data so seriously as they have tons of other work to do.

 

[Cats-4_Owners-2]

My wife actually got me up out of my chair to read an article on the subject which is how I found this thread, and also the reason I (the man of the house) is typing this sitting on her chair, and upon a very pink Vaio laptop (not upgraded to 10 yet).
I'll contribute the link here rather than posting a redundant thread.

• http://malwaretips.com/threads/wind...what-this-developer-thinks.49080/#post-417314

 

[jamescv7]

As always many companies are doing quality products but its more literally isolated on privacy issues, that's always a normal trend, surely 'OCD' users will steer away everything but the point here, there's no such hacking happen here. For the good cause, this information will be use as evidence when someone commit a cybercrime.

 

[sid_16]

Windows 10: The first 5 things you need to do immediately after you install it

It’s your own fault if you don’t know that Windows 10 is spying on you. That’s what people always say when users fail to read through a company’s terms of service document, right?
Well, here is Microsoft’s 12,000-word service agreement. Some of it is probably in English. We’re pretty sure it says you can’t steal Windows or use Windows to send spam, and also that Microsoft retains the right to take possession of your first-born child if it so chooses. And that’s only one of several documents you’ll have to read through.
Actually, here’s one excerpt from Microsoft’s terms of use that everyone can understand:
"We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to."
If that sentence sent shudders down your spine, don’t worry. As invasive as it is, Microsoft does allow Windows 10 users to opt out of all of the features that might be considered invasions of privacy. Of course, users are opted in by default, which is more than a little disconcerting, but let’s focus on the solution.
Rock Paper Shotgun has broken things down into four main bullet points that will guide you through regaining control of your personal data.

First, you’ll want to open Settings and click on Privacy. There, you’ll find 13 different screens — yes, 13 — to go through, and you’ll want to disable anything that seems worrying. The blog notes that most of the important settings can be found on the General tab, though other tabs are important as well. For example, you’ll definitely want to adjust what types of data each app on your system can access.
Next, users should consider dumping Cortana. Yes, the voice-driven assistant is easily one of the best new features in Windows 10, but it also plays fast and loose with your data. As a result, many users will find that the benefits do not outweigh the risks.
For the third task, you’ll have to venture outside the confines of your PC and hit the web. Perhaps this is a good opportunity to check out Microsoft’s nifty new Edge browser. In it, click on this link and set both “Personalised ads in this browser” and “Personalised ads wherever I use my Microsoft account” to off. This will disable Microsoft’s Google-style ad tracking features.
The last tip is one that most users will likely forgo, as it is a bit excessive. Rock Paper Shotgun recommends removing your Microsoft account from Windows 10 completely and using a newly made local account instead. This way, Microsoft doesn’t grab hold of all your data to sync it across machines. To us that’s a great and useful feature, but if you want to kill it just follow the link below in our source section for complete instructions and plenty more details.


Source: Rock Paper Shotgun

There is no world in which 45 pages of policy documents and opt-out settings split across 13 different Settings screens and an external website constitutes “real transparency.”

How to opt out;

OK, here’s how to take control of this stuff if you’re worried about it. No, opting out is not especially simple, although if you take an absolutist approach it doesn’t take at all long to set everything to ‘no.’ If you’re yet to install Windows 10 and are concerned about all this stuff, you can head most of it off at the pass by declining Express settings and choosing options yourself, refusing any request to let the OS or apps access your location and turning the Cortana search assistant off. If you missed the boat there, you’ll need to do any and all of the following. Even if you were super-cautious during setup, be sure to follow step 3 below if you’re concerned.
1. Go to Settings – Privacy and go through the 13 different screens there and turn anything which concerns you to off. The biggest, most universal settings are under ‘General’, while the other screens let you choose which apps can and can’t access your calendar, messages, camera, mic, etcetera. There may well be stuff you want to leave on – for instance, I do actually want Windows’ Calendar app to access my calendar data (obv), I just don’t want it to sell that data on because I don’t want to be bombarded with flower ads when it’s my mum’s birthday.
2. Depending on whether you’ve been finding it useful or not, you may want to go to Cortana’s settings and turn off everything there. It’s just working as a basic file search for me now, as I didn’t want its ‘suggestions’, I didn’t want it to lock me into Bing and I didn’t want a tiny part of my processor to be forever dedicated to listening out for voice commands I will never use.
3. This is the crucial one, and so fundamental to Windows 10’s tracking that Microsoft have stuck the setting on an external website, which they say is so that it’s on one easy dashboard, but I find it hard not to wonder if it’s in the hope that we don’t easily stumble across it while browsing Windows 10’s own Privacy menus. Said website is colorful and cheerful and can play a video at you talking about how wonderful targeted advertising is. Ignore the bumf and instead go directly here and set both options to Off. It’s the innocuous-sounding “Personalised ads wherever I use my Microsoft account” which is the likely root of all this, because having that on means Windows 10 itself becomes a hub for targeted ads. You’ll probably have set up Windows 10 with a Microsoft account, because it heavily encourages you to do so with talk of synchronised files and settings and a OneDrive cloud account during installation, but this means the OS is signed into that account all the time. As a result, Windows 10 itself has it spyglasses on, not just apps or pages that you’re signed into with your MS account.

I notice that every time I go back to that page, the “Personalized ads in this browser” setting has silently turned itself back on again. This is concerning, but I’m not yet sure if it’s a bug or if it’s exploiting sessions as an excuse to reset regularly. Judicious ad and cookie control with your plugins and browser options of choice can change this, however. Again, do remember that many websites are dependent on advertising revenue to survive, but opting out of targeted advertising – and having that opt out be respected – is another matter entirely.

4. You may also wish to remove your Microsoft account from Windows 10 and use a local account instead. This will double-down on restricting what’s harvested, though you’ll lose out on features such as settings synchronisation across all your PCs and will suffer more nagging from stuff like the Windows Store and OneDrive. Probably not a big deal for many people, I suspect. Go to Settings – Accounts – Your Account within Windows 10 (or just type ‘Accounts’ into haha Cortana) to get to the relevant options.
If you have multiple PCs already running Windows 10 you’ll need to do all of this on each of them, although your Microsoft account opt-out should be universal.
None of these options mean you’ll see fewer ads, but they do mean that not quite so much information about you will be gathered and sold, and also that the ads you do see won’t be ‘relevant’ to what algorithms have decided your interests are. It is worth noting that some folk find the latter to be preferable to entirely irrelevant ads, and in some cases even useful – but certainly not everyone. Hopefully you can use the information here to make an informed choice about what happens. Again, in many respects it’s not wildly different from what already happens on your smart phone or your browser, but it’s important that you should know about it, and that Windows now has something of an ulterior motive.
More options, or clearer options, may become available in time, depending on how much of the world frowns at Microsoft about this. I’ll let you know if I hear of anything else that needs doing in order to have Windows 10 respect your privacy.

 

[juhful]

What else is new lol