Privacy is good. Coming from a large tech company with no social media offerings (LinkedIn is debatable) that's no surprise to me. Now all they have to do is update Windows 10 to allow me to block all those secret phone back home reports that they do for 'customer improvements'.
GDPR for everyone, cries Microsoft: We'll extend Europe's privacy rights worldwide
Microsoft has said it will extend new privacy rights that become law in Europe this week to all its users worldwide. The promise was outlined in a blog post on Tuesday written by the Windows giant's new deputy general counsel, Julie Brill, who was until recently a commissioner at the Federal Trade Commission (FTC). "We've …
COMMENTS
-
-
This post has been deleted by its author
-
-
Wednesday 23rd May 2018 09:31 GMT Anonymous Coward
Re: GDPR's here, where's the Delete Win10 Slurped-Data Button?
Like outlook.com (when a user knows all their login information), Microsoft will still lock you out of your account, then force you (under duress), to give a phone number to unlock the account. Microsoft even says this block is temporary but it doesn't get removed, with time.
Even a comment like this (against Microsoft) can be seen as an outlook.com policy violation.
It's much easier under the Investigatory Powers Act to track telephone metadata, to link accounts to real people. Is this one of those undemocratic #hashtag Amber Rudd (under the radar changes) to link social media email accounts to 'real people'? Seems so.
Rudd wanted anonymous emails accounts linked to telephone numbers, for this reason. It tracks you to a specific location too.
To remove 'slurp data'. Users have to give them even more information so they can link the 'slurp data' to a Microsoft.com account (job done), *before* they can delete it.
This is plain and simple, privacy-wash marketing bullshit by Microsoft, now the penny has dropped that users are becoming aware of how multi-nationals are using and processing their data.
-
This post has been deleted by its author
-
Wednesday 23rd May 2018 16:34 GMT Anonymous Coward
Re: GDPR's here, where's the Delete Win10 Slurped-Data Button?
Had a run in with Plex for similar reasons.
I dared to criticise their policy of adding Gobble & Feckbook slurp logins to what technically is my own server ever since the vulture capitalists took over and wanted their pound of flesh.
So I want to go the Plex box hosted on my own server, but to do that I have to effectively use a tracking page with slurpware.
Zero options to disable.
At least on the web page I can block the links, but not on the phone app.
I complained, had posts deleted, then got banned.
And there I was, a paying customer too, and couldn't even access the support forums.
Last time I give them a patch to fix their crap.
Bastards.
Off to Emby.
-
-
-
-
-
Wednesday 23rd May 2018 07:17 GMT Anonymous Coward
Coming from a large tech company with no social media offerings (LinkedIn is debatable)....
Nope, same as everyone else.
-
Wednesday 23rd May 2018 10:47 GMT rg287
Now all they have to do is update Windows 10 to allow me to block all those secret phone back home reports that they do for 'customer improvements'.
PiHole is your friend.
Set it up on my home network, fired up a W10 machine and before I'd even got a browser window open the PiHole had black-holed no fewer than 40 DNS requests from that machine to <vortex-win.data.microsoft.com> and various similar microsoft subdomains.
Microsoft telemetry subdomains remain at the top of the most-blocked list.
Of course they might have a hardcoded IP in there (to bypass DNS filtering) as a last resort - I haven't got around to wiresharking that yet. The PiHole logs are fascinating though! You shouldn't have to of course, but it seems to work quite well.
-
-
-
Wednesday 23rd May 2018 11:37 GMT Brewster's Angle Grinder
Re: The Brussels Effect
Rubbish! When Britain exits the EU we will impose even more stringent data standards and the whole world will be forced to follow our standards! Bwahahaha!
It will be like a repeat of how Zuckerberg gave MEPs the finger yet honoured British MPs with his precious time. Eventually, academics will come to call call this the Hogwash Effect.
-
-
-
Wednesday 23rd May 2018 06:08 GMT Anonymous Coward
Re: I'm wary of geeks bearing gifts
No trick, just desperation. Incumbent panic has often been a trigger for a quantum leap in customer satisfaction.
AT&T used to be like all the other telcos in preventing customers from doing anything cool with their mobile devices. At a point in time they were on the back foot and struck a deal with Apple, and this event created the whole modern smartphone market as we know it.
When Sony dominated the market they used to be standards-avoiding bastards who forced you to buy their $200 Sony peripherals instead of $20 generic jobs. When their market share started going backwards, they broke with their proprietary OS competitors and went with Android TV.
MS has failed abysmally at mobile but are planning to try and re-enter that market, and are willing to do what the others won't to secure a following - to actually offer reasonable security controls.
-
-
Thursday 24th May 2018 06:26 GMT Anonymous Coward
If there's one thing I wouldn't buy it's an Android TV
Me neither, we have a couple of Panasonic 4k TV's which have a Firefox OS, there's still some slurp, but it goes direct to Panasonic and is blockable at the DNS level. The various UK 'on demand' providers are now requiring users to have an 'account' to get to know you better, two of them accept an email address of invalid@nowhere.com with no confirmation...
-
-
Wednesday 23rd May 2018 07:04 GMT TonyJ
Re: I'm wary of geeks bearing gifts
"...When Sony dominated the market they used to be standards-avoiding bastards who forced you to buy their $200 Sony peripherals instead of $20 generic jobs..."
This is one of a few reasons I will never buy Sony again if I can help it.
My wife and I had recently moved into our new house and she'd saved money to buy me a PS2 for Christmas.
Having just moved, and being fairly young, as you can imagine money wasn't exactly something we were awash with so to find out that I couldn't save my game unless I bought an expensive and proprietary storage card was a kick in the nuts.
Then there was the time I'd bought a second hand 8mm camcorder that failed. I took it into the local Sony repair centre where it languished for weeks and weeks and upon calling once a week, I'd be told different things. One day they forgot to put me on hold and I heard the guy I was speaking to say to his boss "i'ts that moaning c**t asking about his f***ing camcorder again...what bulls**t do I give him this time?" Needless to say my complaint was listened to at that point.
And of course, there are the things they've done since that don't directly impact me but are still disgusting behaviour...no we don't have to pay the additional tax on our PS3's m'lud as look - that little tick box means a version of Linux can go on and make it a general purpose computer...fast forward and if you want to be able to play online you need to accept this update that turns that functionality off.
Then there's the whole way they treated Geohot and his family.
The root kit.
The way they mishandled the major breach some years ago on PSNet or whatever it is called.
And so on.
Not a company I'd be particularly sad to see go, to be honest.
-
Wednesday 23rd May 2018 15:58 GMT onefang
Re: I'm wary of geeks bearing gifts
"no we don't have to pay the additional tax on our PS3's m'lud as look - that little tick box means a version of Linux can go on and make it a general purpose computer...fast forward and if you want to be able to play online you need to accept this update that turns that functionality off."
I have the worlds first PS3 that was sold in the world with Linux pre-installed on it, and one of the first three that came to Australia (I think it was number 2 from memory, IBM brought in number 1, and an IBM employee number 3, we all met at linux.conf.au and compared notes, the IBM employee had to borrow mine for a talk, coz his hadn't arrived yet, I also gave a talk about it using mine). Been a long time since I turned it on, but Linux still works on it, coz I've not booted into the game OS or connected it to the 'net since Sony pushed out that notorious update.
Mine would have been the first, but it spent a month sitting in a snowed in warehouse before it arrived in Australia.
Amusingly enough, the USA versions (which mine was, coz the Aussie version hadn't been released yet) came with a free movie in the box. The Aussie versions gave you a different free movie if you sent in your serial number. I did so and ended up with both. B-)
-
Wednesday 23rd May 2018 21:06 GMT JohnFen
Re: I'm wary of geeks bearing gifts
"The root kit."
This is when I stopped buying all things Sony. I can eventually get over being treated badly by a company, but I will never get over a company actively attempting to crack into my machines. When they did this, they demonstrated that they are to be treated exactly the same as any other criminal attacker. Some bridges, once burnt, can never be rebuilt.
-
-
-
-
Tuesday 22nd May 2018 21:11 GMT alain williams
So will telemetry be switched off ?
I doubt it.
MS did release a tool that it claims decodes what is being sent, but since the tool is closed source ... who knows ? I'm OK with MS keeping much of its stuff closed source, but things like this absolutely demand open source. Fully specifying the byte-stream format would be another way of doing it.
-
Tuesday 22nd May 2018 21:18 GMT Anonymous Coward
MS: 'We believe privacy is a fundamental human right.'
Hardly!!!! :-
--------------
Microsoft is forcing Windows 10 Build 1709 onto users who opted out of data collection
https://www.theinquirer.net/inquirer/news/3028147/updategate-microsoft-is-forcing-windows-10-build-1709-to-users-who-opted-out
-
Tuesday 22nd May 2018 22:19 GMT Claverhouse
"But don't fear, the world hasn't flipped. Despite the headline, the post has nothing to do with giving US citizens more privacy rights and comprises little more than an attack on GDPR and Europe's dastardly plan to try to tell freedom-loving Americans what to do."
More than simple, just require all F-L Americans to store every part of their digital life out in the open, uploaded to a F-L corporation guaranteed to a free-market and patriotic certification by the F-L Kochs, which can display the information to any fee-paying F-L entity.
“The man who can keep a secret may be wise, but he is not half as wise as the man with no secrets to keep”
American, of course.
-
Wednesday 23rd May 2018 16:59 GMT Anonymous Coward
Pair-a-Ducks
“The man who can keep a secret may be wise, but he is not half as wise as the man with no secrets to keep”
Do I have any secrets? Think I'd tell you that? Damn, I'm withholding information: seems I'm keeping a secret. But then it's not a secret, because you know I'm not telling you.
-
-
Tuesday 22nd May 2018 22:38 GMT Anonymous Coward
Privacy "Fit for Purpose"
Among all other aspects of software.
Well the law in Australia states software must be "Fit for Purpose" along with other products, Microsoft along with all other companies "should" follow that law and distribute world wide on that issue like is says it will observe EU privacy judgements worldwide.
As for MS Remote control, as in a previous post That during a Defender scan I found a Remote Access Virus in a MS.Technet download .zip of a program that would extract my OEM keys from the BIOS (to help recover after System fail). Why would they need that I wonder aloud? Don't they have enough access already?
TO MS privacy is that assign a number to you device and don't use names, but can trace it back if they required. Using a system like that in Australia that showed people could be linked with anonymised health data. So no faith in privacy, it Abstinence I require.
-
This post has been deleted by its author
-
Tuesday 22nd May 2018 23:26 GMT The_Idiot
"Microsoft has said it will...
... Microsoft has said it will extend new privacy rights that become law in Europe this week to all its users worldwide"
Um, well - until a US judge tells them not to. Or an Attorney. Or, um, a secret court so they can;t tell anyone they've been told not to. Or the mailman. Or their granny's cat's playtoy...
What, cynical? _Moi_?
-
This post has been deleted by its author
-
Wednesday 23rd May 2018 02:10 GMT Anonymous Coward
Msft Employee Perspective
I work at Microsoft. I'm not in PR, just a lowly worker bee.
That being said, I can confirm that there's really been a lot of work internally to make GDPR compliance the global norm.
In fact, it's so strict that we're running into issues paying vendors. When we share PII with a vendor, the vendor needs to build an API for any user deletion requests that Msft receives so that the vendor will confirm they've deleted it too. If they don't, no more cash from us, or no more PII sharing. If you think about it, even doing something as simple as a webinar registration will not be allowed.
There's also a LOT of new rules around storing PII. Since GDPR says that we HAVE TO delete any PII when requested, it is no longer permitted to make copies of PII in Excel files and share it internally. Everything has to be centralized, everything is logged, everything can be deleted on user request. Lots of new process to get email lists, privacy has to be involved from day 1 (or else your PO request will be denied).. things like that. Every employee has had to take GDPR training (globally).
I'm not saying I disagree on the Windows 10 stuff - lots of employees agree with you on this - but there's definitely lots of emphasis on GDPR being our new global standard. Personally, I like it.
I'm not a senior exec so don't ask me how the sausage gets made. Anon for obvious reasons.
-
Wednesday 23rd May 2018 08:23 GMT Doctor Syntax
Re: Msft Employee Perspective
"There's also a LOT of new rules around storing PII." (My emphasis)
One of the main rules in GDPR is the need for specific permission to collect anything beyond what's needed to process a transaction or what's legally required. It makes no difference having your own rules about storing information if you don't have the permission to acquire it. Couple that with the fact that the law in the US might be quite different to the law in Europe about what's legally required (and we note that MS welcomed the CLOUD Act) and it's still difficult to see how this makes MS GDPR compliant. My suspicion remains that by concentrating on what MS can do that doesn't greatly impinge on telemetry they're trying to deflect any EU investigation to the latter.
-
Wednesday 23rd May 2018 08:45 GMT Tomato42
Re: Msft Employee Perspective
> Couple that with the fact that the law in the US might be quite different to the law in Europe about what's legally required
first, contrary to public opinion, courts are sensible, so if it really is required, and is not a far departure of items listed in GDPR, it likely will be let slide through; though I am quite curious of examples of PII data like this
second, there's a difference in having the data and sharing it willy-nilly: if they are required by US law to collect some data, they can, but that doesn't mean that the access to it has to be easy, that it can't be pseudoanonymised in storage, etc. "being required legally to collect data" is a "reasonable business need" in GDPR, but that means that this data can be used only for that specific law-complying purpose
and I fail to see how that's not an improvement
-
-
Wednesday 23rd May 2018 12:31 GMT Nick Ryan
Re: Msft Employee Perspective
/sigh
It's amazing how people get GDPR so wrong...
The basic principles are:
1) Collect only the data necessary for the process, or processes, that the data is required for - do not collect other data "just because".
2) Only use the collected data for the process, or processes, that it was collected for.
3) Dispose of the data when it is no longer necessary to keep it.
There are six different permitted reasons for consent, the weakest one is explicit consent, i.e. an individual providing their details and specifically agreeing to the processing. Others, such as the collection of data for the provision of goods or services, are implicit and do not require that an individual specifically consents to their data being processed. The "right to erasure" is not all encompassing: if an individual explicitly gave consent then they can remove this consent at any time, which covers the explicit consent reason. However, if an individual provides data for goods or service then in many ways the "right to erasure" has little impact because an organisation is not required to delete factual records. An organisation should reduce the details held on the individual and to ensure that no further processing that affects the individual is performed, but that is different to complete erasure.
For example, if you run an online or mail-order shop, you do not have to delete all records of an individual that placed an order with you. You should delete, or at least reduce the information stored, after a defined period of time but that's it. On the other hand, if the same shop has a newsletter or something similar, then this is separate data consideration and this is entirely optional and an individual may require that their information is erased in this regard. Linking the purchase of an item to a subscription to such a newsletter in any way other than a very clear and optional opt-in is forbidden post GDPR, it's not permitted to make subscription to such a newsletter a requirement to the purchase.
-
-
Wednesday 23rd May 2018 05:28 GMT Anonymous Coward
Re: Microsoft is now the self-appointed white knight and priesthood of privacy rights
Nobody reads the EULAs anymore?
Oh, you mean the ones that
1) state clearly that you can't sue MS for any reason
2) Is not legal in many parts of the world.
Why would I bother to read the EULA from a scumbag company like Microsoft? I don't use their shit any more and fully intend to see out my remaining years doing the same.
This statement is nothing more than their version of the 'Emperors new clothes'.
MS is still a pig and putting lipstick on a pig does not alter that.
-