You’re trusting Microsoft’s word that telemetry is anonymous, because you can’t inspect the Windows source code to find out what they’re actually sending.
You’re trusting Microsoft’s word that telemetry is anonymous
Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?
Microsoft’s word isn’t worth very much:
Microsoft doesn’t publish detailed breakdowns of telemetry collection, which is a red flag in itself
Oh yeah, Recall, the absolutely horrible… ummm… *checks notes* fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…
Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?
Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.
Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.
Oh yeah, Recall, the absolutely horrible… ummm… checks notes fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…
Again, without source code, you’re taking Microsoft’s word about all of this. But let’s say it is 100% what they say. An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data. I have a hard time trusting an organization that is so clearly reckless like this. Either they don’t care about user privacy—or they do care and they’re just incompetent. I’m not sure which one is worse.
Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.
OK. Let’s assume nobody has ever gone through it. Do you imagine that - especially in the US - lawyers of massive companies didn’t wring out anything and everything about telemetry?
Do you imagine companies like JP Morgan, or - famous for money laundering terrorist money - HSBC would be happily using operating systems with “spyware”?
The one you linked is the Optional Diagnostics Data, this is the one you can disable by toggling telemetry to “basic”.
Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.
So every “power user” disables it, and then complains when Microsoft kills a power-user feature because their data showed that nobody was using it. :D
Again, without source code, you’re taking Microsoft’s word about all of this
I mean… You can easily tell if the data is being sent out (massive increase in outbound connections) or if it’s encrypted (… can’t read it without decrypting).
An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data.
Correct. An early test version had bugs. Colour me shocked.
Either they don’t care about user privacy—or they do care and they’re just incompetent
Or… the whole thing was about an early test version and everybody blew this massively out of proportion…
Yup.
So you know that the only problem and the reason for the lawsuit was that they were collecting the data in the wrong order (should’ve started with parent consent) and then kept it for too long? Not that they were endangering the children’s data, or gathering too much of it? As in: if they asked for parent’s consent first, THEN gathered the data they gathered, there would be no lawsuit?
Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?
Huh?
Oh yeah, Recall, the absolutely horrible… ummm… *checks notes* fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…
Yeah, truly, the death of privacy is upon us.
Have you read the article you linked?
Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.
I don’t know exactly what that’s referring to, but maybe it’s the fact that some (not all) of the bullet points in this telemetry doc are super high level, leaving much to the imagination: https://learn.microsoft.com/en-us/windows/privacy/optional-diagnostic-data
Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.
Again, without source code, you’re taking Microsoft’s word about all of this. But let’s say it is 100% what they say. An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data. I have a hard time trusting an organization that is so clearly reckless like this. Either they don’t care about user privacy—or they do care and they’re just incompetent. I’m not sure which one is worse.
Yup.
OK. Let’s assume nobody has ever gone through it. Do you imagine that - especially in the US - lawyers of massive companies didn’t wring out anything and everything about telemetry?
Do you imagine companies like JP Morgan, or - famous for money laundering terrorist money - HSBC would be happily using operating systems with “spyware”?
The one you linked is the Optional Diagnostics Data, this is the one you can disable by toggling telemetry to “basic”.
So every “power user” disables it, and then complains when Microsoft kills a power-user feature because their data showed that nobody was using it. :D
I mean… You can easily tell if the data is being sent out (massive increase in outbound connections) or if it’s encrypted (… can’t read it without decrypting).
Correct. An early test version had bugs. Colour me shocked.
Or… the whole thing was about an early test version and everybody blew this massively out of proportion…
So you know that the only problem and the reason for the lawsuit was that they were collecting the data in the wrong order (should’ve started with parent consent) and then kept it for too long? Not that they were endangering the children’s data, or gathering too much of it? As in: if they asked for parent’s consent first, THEN gathered the data they gathered, there would be no lawsuit?