back to article EU privacy gurus peer at Windows 10, still don't like what they see

The EU’s top privacy body has been probing Windows 10, but isn’t satisfied, even after Microsoft agreed to tweak the consent settings. Microsoft unveiled new privacy controls as part of its forthcoming “Creators Update” to Windows 10 due this spring. However, Reuters reports that the Article 29 Working Party, which represents …

Page:

  1. Dwarf

    Even if they are forced to back down, they've already got the data on all those people they are abusing with Windows 10 ?

    Can we actually trust any of the mega corps to remove the data when they are told to, after all we've seen time and time again that supposedly deleted data wasn't

    1. Anonymous Coward
      Anonymous Coward

      Can we actually trust any of the mega corps to remove the data when they are told to, after all we've seen time and time again that supposedly deleted data wasn't

      The blunt and simple answer is "no" unless the companies in question have also implemented an audit process which is executed by independent 3rd parties, by preference NOT paid by the same organisation (one of the problems with company audits).

      There is no viable argument to believe any assertion by companies that pertains to protecting your rights if said assertion conflicts with their ability to derive a profit from it. Ever.

      1. Trigonoceps occipitalis

        Deleted personal data is the only thing that is properly backed up and always recoverable.

        Trigonoceps' First Law of Data Storage.

        If you want to make sure that your raid never fails ensure there is a deleted personal data partition on it.

        Trigonoceps' Second Law of Data Storage.

    2. Anonymous Coward
      Anonymous Coward

      "Can we actually trust any of the mega corps to remove the data"

      Of course no. Ebay, for example, terminated my account because I didn't use it for a while. I wasn't unable to reset the password using the username or email, but when I tried through PayPal, it returned as the account name as <number>@deleted and the email address I used - but it didn't re-activated the account and suggested me to call support. It is clear the account wasn't deleted, and my data still there, although not accessible by me. Guess I will go through my country privacy law to ask for a full removal of my data, and see what happens...

      1. Jonathan 27

        Re: "Can we actually trust any of the mega corps to remove the data"

        Most computer systems are backed by relational databases, if you've ever had any transactions on eBay, eBay can't remove your account without removing all records of any transaction you had on eBay. Because of this you can't actually delete your account in any web application you've ever used, at least not until every single record your user was ever attached to has been archived, which in most cases will NEVER actually happen.

        They best they can do is just set the fields for your personal information to something else, they may have already done that and legally that is all they have to do.

        1. eldakka

          Re: "Can we actually trust any of the mega corps to remove the data"

          You can selectively delete parts of those tables tho.

          For example, there'd be a unique ID (a key) that us used to relate your customer identity details (name, address, DoB, etc etc) with the transactions. And any eBay transaction (bid, winning bid, etc) won't have your identity details in it, it will have the unique ID, the key, which is then used to pull out the identity details to list it with a purchase for example.

          So while the TRANSACTIONS won't be deleted, or the keys (unique IDs), the data within the identity tables can be deleted (or replaced with NULL or a standard string like, "DELETED").

          Therefore while all the transactions are still there (since they involve other people who might still want to know ID XYZ bought/sold the item), the individual identifying information can be deleted from a relational-based database (or any other for that matter), so rather than seeing "John Doe of 2343 Wanking Ave, Cayman Is. won the bid for Fleshlight", you'd see "345428946593 won the bid for Fleshlight".

      2. Ken Moorhouse Silver badge

        Re: "Can we actually trust any of the mega corps to remove the data"

        There is a conflict with this kind of situation. If, for example, data is deleted and the tax authorities descend on ebay then that very same data needs to be accessible (for at least six financial years). It could be argued that the information can be anonymised by replacing John Smith with custid1234, but there may be complex relationships between customers and the organisation being scrutinised that needs that non-anonymised connection. A possible example might be VAT fraud - there would need to be a tie-up between their anonymised data and data that nails someone's identity, such as a VAT registration number. Where does one set the boundary point between anonymised and non-anonymised information?

    3. chivo243 Silver badge

      @Dwarf

      even if they say they did, some middle manager probably "forgot" to also remove it from the back up system. Yes, the data is off of our servers.... You didn't mention tapes...

      1. Steve Davies 3 Silver badge

        Off the servers is one thing

        but deleted from all Historical backups? Are you having a larf?

        As for that, how many people here have used the wayback archive?

        Sometimes it is great to know that someting hasn't entirely gone to the bitbucket in the sky.

      2. Captain DaFt

        "even if they say they did, some middle manager probably "forgot" to also remove it from the back up system. Yes, the data is off of our servers.... You didn't mention tapes..."

        And even if they could prove all your data had been deleted by them from all their servers and backups, How about those third party partners they've shared (sold) your data to prior to deletion?

  2. ForthIsNotDead
    Unhappy

    What information does Win 10 slurp?

    Does anybody know what information Windows 10 actually slurps? I don't use it (I use Win 7 and Linux Mint).

    I refuse to use Win 10 (with the exception of my employer, where I have no choice) and Win 7 is now my last MS OS. I only use it because there are two programs I use that are not available for Linux.

    1. Anonymous Coward
      Anonymous Coward

      Re: What information does Win 10 slurp?

      Does anybody know what information Windows 10 actually slurps? I don't use it (I use Win 7 and Linux Mint).

      I'd welcome an indication of that too, but the problem is that you hit the one area where Microsoft HAS improved security because it affects them making a profit (the quality of customer protection has never influenced their profit, which is why that has never seen that much improvement).

    2. CAPS LOCK

      Win 7? Uh-oh...

      ...http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/

      1. This post has been deleted by its author

        1. Dwarf

          Re: Win 7? Uh-oh...

          Thats why scripts such as this one exist - it removes the telemetry from Windows 7 and 8.1

          Telemetry remover for Win7 / 8.1

          There appear to be others too.

        2. Infernoz Bronze badge

          Re: Win 7? Uh-oh...

          Some of the Windows 10 lock-down tools will also work with earlier OSs and have config. files which can be re-purposed. A lot can be done by blocking several dubious Microsoft domains in the OS (e.g. the hosts file) or in better routers.

      2. DanceMan

        Re: Win 7? Uh-oh...

        I use DWS, which makes changes that block the data slurping.

    3. Anonymous Coward
      Anonymous Coward

      Re: What information does Win 10 slurp?

      https://privacy.microsoft.com/en-us/privacystatement

      Enjoy, it's a long read, and that's only the public statement...

      1. alain williams Silver badge

        Re: What information does Win 10 slurp?

        OK: that is what they say. How can an owner of a MS Windows 10 machine actually see (read) what is being sent to Redmond ? Until the owner can see (in plain text - with good documentation that fully describes the XML or whatever) then it is not transparent.

      2. Vimes

        Re: What information does Win 10 slurp? @LDS

        From the privacy statement:

        'We also obtain data from third parties.'

        I wonder who these 'third parties' are and what data is being shared with them? For that matter has consent been gained from the user to share it with Microsoft in the first place?

      3. Captain DaFt

        Re: What information does Win 10 slurp?

        "https://privacy.microsoft.com/en-us/privacystatement

        Enjoy, it's a long read, and that's only the public statement..."

        I prefer the musical version

    4. big_D Silver badge

      Re: What information does Win 10 slurp?

      At the most basic level, if you turn on all privacy settings, about the same amount of data as Windows 7.

      If you want to use Cortana and search, then you give away more data.

      If you want personalised advertising, then you give away more data.

      If you want Edge or IE Smartscreen to protect you, you give away more data (same as Windows 7).

      etc.

    5. Anonymous Coward
      Anonymous Coward

      Re: What information does Win 10 slurp?

      I've just had to set up a Win10 ('Home') laptop for my wife, who frustratingly needs stuff like powerpoint for her job (no, the libreoffice equiv won't fly with her).

      During the process I was confronted with Cortana, which I attempted to remove or at least disable, only to find that in Win10 'Home' this is all but impossible.

      Apparently Cortana collects data about _everything you do_, so that it can 'help' you. GRRRRRR. It has a specific interest in flight and hotel bookings by the look of it, but it does seem all-pervasive ... its even embedded now in the bloody Win10 Netflix 'app' so that it can monitor which movies you watch AAGAGAGGAGGHHHHH!!!

      ...and the second we logged into the laptop and told it what her Hotmail address was, oh my god that really seemed to join a few dots for it and it knows a LOT about her already.

      The urge to simply wipe Win10 off the damned thing and replace with a user-friendly Linux is almost overpowering ... am thinking of paying the money for Win10 Pro, which I've found 'remove cortana' instructions for.

      Oh, and I didn't mention the bundled 'Office 365' starter which is clearly intended to push you further toward the cloud ...

      1. Down not across

        Re: What information does Win 10 slurp?

        During the process I was confronted with Cortana, which I attempted to remove or at least disable, only to find that in Win10 'Home' this is all but impossible.

        I got a laptop which came with Win10 on it. I thought I'd take the opportunity to see what it was like before proceeding to wipe it (and enable to use it at least for some browsing while I work out which distro works best on it).

        Cortana (and most of the bundled basic apps) seem to take a dim view to the fact that I have not supplied it with a Microsoft account. About 80-90% of the pre-installed stuff refuse to work without MS Account. Cortana occasionally whimpers but has so far suggested nothing.

        So it appears that if you don't provide MS account and install applications the normal way (ie none of the MS cloudy stuff) it may hamper what they get. Don't use Edge either as I prefer Firefox and/or Palemoon.

        Should probably have a look with wireshark to see how much it phones home, although I suspect the contents are likely to be encrypted.

        1. nkuk

          Re: What information does Win 10 slurp?

          It does encrypt the data that's sent back, it is also deferred making it extremely difficult to know what is being sent when.

          1. Boothy

            Re: What information does Win 10 slurp?

            One little tip for the Win 10 Microsoft Account issue, is don't connect the device to the Internet until after you've finished the install/initial set-up. i.e. Don't plug in the Ethernet, or select a Wi-Fi network.

            Without Internet, Windows 10 bypasses all the Microsoft Account stuff, and only asks you to provide a local username and password.

            Obviously once set-up is complete, you can connect and do what you want afterwards.

            One additional warning for anyone using a local account in Win 10 (as I do), if you do use MS services (like XBox/hotmail/O365 etc), and you decide you want to access those services when logged in to Win 10 with the local account, be careful, as some services when adding an MS account, will ask if you want to move/convert your local account to the MS one. Don't do it, just don't!

        2. Willyn

          Re: What information does Win 10 slurp?

          I too purchased a new HP win 10 second computer and tried removing the MS accounts that caused problems. I also found that I could not install SKYPE, you cannot go P2P, the moment you do MS send in a total verbal full screen block which you cannot remove or shut down the machine in the normal way and is not prevent by any type of fire wall, it advises you to call MS on 0800 ????????? or your machine will be locked for good in 5 mins. I instantly switched off everything.

          I found exactly the same refusal to to get the machine to work when I tried to disable any requests by MS for account sign ups. After a short while there came the famous BLACK screen of death. Then after 6 months without the machine while being repaired in Spain I again tried where I left off but this this time there was BLUE screen claiming that some vital program had failed. There was absolutely no way to repair it or reboot. I was totally shut out. I hate Windows 10 and want to return it to Win 7.

      2. Boothy

        Re: What information does Win 10 slurp?

        Try https://www.oo-software.com/en/shutup10

        That disables Cortana for me, and lots of the other 'extras' you get in Win 10.

        1. Aus Tech

          Re: What information does Win 10 slurp?

          Thanks for that link. Just finished running the program, and I simply don't want to believe how much MS was getting off my PC. I'll be regularly checking the settings from now on.

      3. Snake Silver badge

        Re: What information does Win 10 slurp?

        "During the process I was confronted with Cortana, which I attempted to remove or at least disable, only to find that in Win10 'Home' this is all but impossible."

        Absolutely 100% completely untrue.

        Start with Microsoft's built- in Cortana and general privacy settings in Win10 Home, which are a bit obtuse to locate but ARE there. Then go on to

        https://www.oo-software.com/en/shutup10

        which works perfectly with all levels of Windows 10, yes even Home.

        And then, possibly, consider never touching your wife's computer again.

        Seriously.

        You have brought up the thought of using your own anti-Microsoft bias in an attempt to force a user into a "solution" that is completely wrong for them and will not work. Rather than put in a bit of time and effort into research to find out how to manipulate the OS to your liking, some of which is built in to the UI itself. Cortana does indeed have a shut down feature within Windows, if only you'd had looked for it.

      4. eldakka

        Re: What information does Win 10 slurp?

        You can buy cheap ($20-$30) Pro upgrade keys from Kinguin.net

        However, what do you mean by "logged into the laptop and told it what her Hotmail address was"?

        What/how did you tell "it" (I assume you mean the laptop/Win10 OS) what her hotmail address was?

        You didn't actually create a Microsoft Account and provide the email address as part of creating that account did you? You don't need an MS Account to use Windows, you can create a local-only account that requires nothing more than a username and a password to create. When the installation screen (or first time use if it came pre-installed with win10) asks you to login with or create a Microsoft Account, ignore it, skip/cancel/next, and then it'll ask about creating a local account. Since MS wants you to use an MS account, it's the first thing they ask about, but don't give in and create one,

        Using a local only account gets rid of most (but not all) of the telemetry, the most personal telemetry. If you don't log in with an MS Account, the telemetry, while still troubling, is much less, generally non-personal (usually aggreated-type) information like what features of windows are used, etc. And even this can be gotten rid of with the right tools, like shutup10 as others have mentioned, or even, as I did on a recent laptop that came with win10 pre-installed, setting up an IP-MAC binding on my firewalls built-in DHCP server, and then put a DENY outbound rule so that nothing would go out until I'd finished 'tuning' (i.e. getting rid of all the telemetry) win10.

    6. PNGuinn
      Boffin

      ... I only use it because there are two programs I use that are not available for Linux.

      If anyone can point me in the right direction to getting Claris Works version 1 running in Wine I'll be a very happy bunny. I've never managed to get it beyond the splash screen.

      Seriously. I've largely migrated to Libre Office, but compared to Claris Works it's clunky and over complex for most of what I used CW for. And CW's word processor still has a few tricks up it's sleeve that LO can't, as far as I can tell, yet manage.

      1. Aus Tech

        Re: ... I only use it because there are two programs I use that are not available for Linux.

        You might find it easier to run something like WinXP in a VM, and access Claris Works through that. I remember using CW in NT4 Workstation, and I'm reasonably certain that it will run in XP too. All you have to do is to disable networking in the VM, so that XP cannot call home.

    7. Infernoz Bronze badge
      Boffin

      Re: What information does Win 10 slurp?

      There are some GitHub projects which block/disable double digits of suspect Microsoft domains and functionality which the deceptive Microsoft security switches may not, some of my bookmarked sites for Windows 10 lock-down are:

      http://www.majorgeeks.com/files/details/destroy_windows_10_spying.html

      https://modzero.github.io/fix-windows-privacy/

      The above tools disable lots of dubious OS functionality and domains.

      A Windows 10 Enterprise version is probably the safest because it can be formally locked down even more than the Professional version, but it should be commons sense to never do any personal stuff on work kit which you not OK with being monitored, because some employers do, so no private, NSFW or P2P stuff.

      I also block several domains, I never want any machines to access, in my router's domain filter, just-case an OS tries to bypass my lock-down measures.

      1. Trixr

        Re: What information does Win 10 slurp?

        I have W10 Pro at home, and it's fine in terms of being able to be locked down. GPEdit is your friend.

        And no, as far as I'm concerned, work kit remains just that. I'm not letting my personal data anywhere near it.

  3. Dan 55 Silver badge

    No company has done more than MS to challenge laws that provide insufficient data [protection]

    USAians not liking the government hoarding data but not minding corporations hoarding it allows Microsoft to do what it does - take the government to court and at the same time produce an OS that hoards data.

    No, I don't get it either. Perhaps a USAian will be along in a moment to explain.

    1. bombastic bob Silver badge
      Unhappy

      Re: No company has done more than MS to challenge laws that provide insufficient data [protection]

      I don't like either form of data collection (private sector OR gummint). However, if gummint DOES slurp data, and it's done in secret, it can't legally be used against you in court. Still, it can be used against you to park agents in places to survey you and collect evidence that CAN be used against you in court. 'Grey area' for national intelligence gathering and preventing crimes and terrorism, etc. and as long as I don't know about it, I'm willing to look the other way (up to a point).

      THEN AGAIN, when Micro-shaft collects data on you, ESPECIALLY without being given permission to do so, AND it's being used to MARKET YOUR BEHAVIOR as a commodity, then THAT is DISTURBING. It means they think that we are nothing but CATTLE. Moo.

      1. Captain DaFt

        Re: No company has done more than MS to challenge laws that provide insufficient data [protection]

        "It means they think that we are nothing but CATTLE. Moo."

        The fall and fall of the average citizen:

        Once upon a time, business viewed us as customers.

        Then, gradually, we became mere consumers.

        With the rise of internet, we've all been relegated to assets that are 'monetized'.

      2. Vimes

        Re: No company has done more than MS[...] @bombastic bob

        it can't legally be used against you in court.

        Two words: parallel reconstruction.

        http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130805

    2. 404

      Re: No company has done more than MS to challenge laws that provide insufficient data [protection]

      Quid pro quo...

      'USAians not liking the government hoarding data but not minding corporations hoarding it allows Microsoft to do what it does - take the government to court and at the same time produce an OS that hoards data.'

      <rant>

      ^this^ is what drives me crazy as a USAian - <deleted>Silicon Valley has been practically living in the <deleted> White House for the last 8 years and the <deleted> gov types allow it to happen as long as they get access to the <deleted> data. This gives them that <deleted><deleted> legal crevice is which to say 'Oh No, We Don't Have The Data - They Do' and the <deleted> corporations playing the <deleted> martyr card protecting the <deleted> poor American from Big Gov', all the while sharing everything you hold dear WITH the <deleted> bastards 'perfecting their machine language/prediction/world domination'

      My Ass! <deleted> <deleted>

      </rant>

      Ahem... 'scuse me...

  4. Vimes

    Paradoxically, no company has done more than Microsoft to challenge antiquated laws that provide insufficient personal data to users

    And to government too.

    They were amongst the first participants in PRISM, and the current fuss over legal niceties regarding Irish servers only started *after* their shady dealings with the US government were revealed by Snowden. They had to resist this in court. They simply had no other choice. They have known for years that this was an issue but did nothing until they were forced to do so.

    If Microsoft cared so much about how their customers are treated why did they fire Caspar Bowden?

    1. eldakka

      They were amongst the first participants in PRISM

      Not to mention after MS purchased skype, it's architecture went from difficult to intercept end-to-end peer-to-peer encryption with only the peers involved in the conversation and having the keys, to a client-server-client with MITM encryption which could be easily monitored and eavesdropped on by listening in on that central server using the server side keys known to MS.

  5. adam payne

    Where is the turn everything off button?

    "Paradoxically, no company has done more than Microsoft to challenge antiquated laws that provide insufficient personal data to users. It has filed four separate lawsuits against the US government – with some success, particularly over a law that allows the state to access personal information stored on Microsoft servers overseas – the so-called “Dublin Warrant” case"

    So you want to slurp the personal data of Windows 10 users but don't want anyone else having access to that information. Hmmmm.....

    1. John G Imrie

      Where is the turn everything off button?

      There is no off button, everything now just goes into standby mode.

      1. Anonymous Coward
        Anonymous Coward

        Re: Where is the turn everything off button?

        > There is no off button, everything now just goes into standby mode.

        Note that this isn't a joke. By default the power-off button in Windows 8.x and 10 puts the computer into a suspend state. It's not actually off.

        I installed the latest version of Shutup10 the other day. I noticed it had sprouted a new toggle switch.

        'Disable conducting experiments with this machine by Microsoft'

        'Microsoft can "experimentally" change particular settings on the Windows system remotely. This is done to test and / or check certain configurations.'

        The anniversary edition appears to ship with a setting that allows MS to remotely screw around with your machine in order to see if it breaks...

    2. Harry Stottle

      You probably can't turn EVERYTHING off but

      The privacy problem is closely related to the loss of control over Updates. The fixes for one are useful for the other. All those mentioned below are free of charge.

      You can take reasonable control with a combination of Spybot Antibeacon (as well as "Immunise" on the first tab, remember to select all the optional telemetry blocks on the second tab) and Winaerotweaker, which will let you do such useful things as setting your ethernet connection to "metred" which stops Windoze updates in its tracks (because they fear class actions caused by forcing users to download GB on $/gb connections). You can also use it to disable many of the auto updates and rebooting after update.

      In the Pro or Enterprise versions you can also use gpedit to force W-update into "Notify Only" mode, but that won't prevent "Security" updates.

      However, be aware that MS is writing its own countermeasures to these countermeasures. For example, many of the IP addresses blocked by Spybot AntiBeacon have now been hard coded around by subsequent updates.

      Finally download Wushowdiag.cab, which MS were forced to release, I believe, as a consequence of another court case resulting from an update borking one or more users systems. It is presented as a "troubleshooter" but what it really does is allow you to preview all outstanding updates and select those you don't want. Those "hidden" updates will then be ignored when you choose to permit an update.

      1. Mystic Megabyte
        Linux

        Re: You probably can't turn EVERYTHING off butm @Harry Stottle

        You have just reminded me I dumped Windows when Vista arrived. In XP I had to run multiple anti-this, anti-that and anti-whatever just to keep XP working. I'd rather *be* working.

        I now only have one Windows machine but so far I have not needed to switch it on :)

        1. Harry Stottle

          Re: You probably can't turn EVERYTHING off butm @Harry Stottle

          unfortunately I don't have that option. My principle programming language is still Visual Foxpro and that only co-operates with windoze

      2. Anonymous Coward
        Anonymous Coward

        Re: You probably can't turn EVERYTHING off but

        "Finally download Wushowdiag.cab" The only reference to this file in google is your register post.

        1. Harry Stottle

          Re: You probably can't turn EVERYTHING off but

          apologies. Memory failure on my part.

          the real name is at the end of this link!

          http://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like