• witten@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    6 days ago

    Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?

    Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.

    Huh?

    I don’t know exactly what that’s referring to, but maybe it’s the fact that some (not all) of the bullet points in this telemetry doc are super high level, leaving much to the imagination: https://learn.microsoft.com/en-us/windows/privacy/optional-diagnostic-data

    Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.

    Oh yeah, Recall, the absolutely horrible… ummm… checks notes fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…

    Again, without source code, you’re taking Microsoft’s word about all of this. But let’s say it is 100% what they say. An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data. I have a hard time trusting an organization that is so clearly reckless like this. Either they don’t care about user privacy—or they do care and they’re just incompetent. I’m not sure which one is worse.

    Have you read the article you linked?

    Yup.

    • Alaknár@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 days ago

      Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.

      OK. Let’s assume nobody has ever gone through it. Do you imagine that - especially in the US - lawyers of massive companies didn’t wring out anything and everything about telemetry?

      Do you imagine companies like JP Morgan, or - famous for money laundering terrorist money - HSBC would be happily using operating systems with “spyware”?

      I don’t know exactly what that’s referring to, but maybe it’s the fact that some (not all) of the bullet points in this telemetry doc are super high level, leaving much to the imagination: https://learn.microsoft.com/en-us/windows/privacy/optional-diagnostic-data

      The one you linked is the Optional Diagnostics Data, this is the one you can disable by toggling telemetry to “basic”.

      Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.

      So every “power user” disables it, and then complains when Microsoft kills a power-user feature because their data showed that nobody was using it. :D

      Again, without source code, you’re taking Microsoft’s word about all of this

      I mean… You can easily tell if the data is being sent out (massive increase in outbound connections) or if it’s encrypted (… can’t read it without decrypting).

      An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data.

      Correct. An early test version had bugs. Colour me shocked.

      Either they don’t care about user privacy—or they do care and they’re just incompetent

      Or… the whole thing was about an early test version and everybody blew this massively out of proportion…

      Yup.

      So you know that the only problem and the reason for the lawsuit was that they were collecting the data in the wrong order (should’ve started with parent consent) and then kept it for too long? Not that they were endangering the children’s data, or gathering too much of it? As in: if they asked for parent’s consent first, THEN gathered the data they gathered, there would be no lawsuit?

      • witten@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        5 days ago

        OK. Let’s assume nobody has ever gone through it. Do you imagine that - especially in the US - lawyers of massive companies didn’t wring out anything and everything about telemetry?

        What is the legal mechanism they have for doing that? Microsoft is holding all the cards here.

        Do you imagine companies like JP Morgan, or - famous for money laundering terrorist money - HSBC would be happily using operating systems with “spyware”?

        Happily? That I can’t say. But they are using Windows despite any “spyware.” Likely because, like you, they deem the risks worth it.

        The one you linked is the Optional Diagnostics Data, this is the one you can disable by toggling telemetry to “basic”.

        What percentage of Windows users (power users or otherwise) would you guess disable it? Unless it’s the vast majority, the article’s quote still stands.

        Anyway, on the other points, I don’t think we’re going to come to an agreement here. You seem to be defending the questionable behavior of a massive corporation, and I’m not buying that it’s all a big misunderstanding, a beta feature, just a bug, etc etc.

        The fact remains that Microsoft has a long and sordid history of privacy violations and security lapses. You can choose to look past that and defend them, and that’s your choice.