> It's easy to run Windows 10 without any calling home at all.
Not true at all! It's impossible, without a hardware firewall. Their kernel network driver whitelists several microsoft domains and IP address ranges. What's worse Microsoft back-ported that phone-home crap and ships them as updates to Windows 7 and 8.x (of course the coincidentally stopped writting descriptions for their Windows updates). Not even mentioning how they force end users to upgrade to Windows 10 by displaying Windows 10 ads as popup dialogs and renaming Windows update buttons to click on the Upgrade button by accident, etc. It will hurt Microsoft's reputation a lot.
With Android and iOS an end user with a little bit of knowledge (power user) can deactivate the analytics, cloud sync and error reporting "features" by changing a handful of settings. Windows 10 resets the privacy settings every major update (Threshold 2), they go even as far as change the name of exe files and registry keys. It's not too late to fix Win10 and MS reputation though, do something in 2016.
All can be turned off in Windows 10 Enterprise LTSB (Long Term Servicing Branch) - it's very expensive and not sold to consumer nor small business at all.
But think about your doctor, your lawyer, etc. many smaller business, cheaper Windows 10 editon (non LTSB) they will unintentionally leak your confidential personal data. You say such PCs shouldn't be online at all? But they are and many of them run on Windows. Scary.
You say [doctors', lawyers' and many smaller businesses'] PCs shouldn't be online at all? But they are and many of them run on Windows. Scary.
And almost certainly very illegal in a lot of places. Not only do you have whatever routine data protection rules apply, but in cases like medical data or legally privileged information there are higher standards required in many jurisdictions as well.
> But think about your doctor, your lawyer, etc. many smaller business, cheaper Windows 10 editon (non LTSB) they will unintentionally leak your confidential personal data.
Are they more likely to than if they were using Windows 7? Or OS X, for that matter?
You make it sound as if Microsoft's software is actively trying to steal personal information, instead of just sending boring shit like "what error code did that crashing application just produce". Sure, it's possible that Windows 10 is more likely to leak data, but I'm not going to just accept it without at least a tiny bit of evidence.
Technically the bit about it not being sold to small business is not true. You can get LTSB through Software Assurance through Windows Intune licensing on a per-user basis through Microsoft Online Services for companies of 5-250 people.
And you don't need LTSB or Enterprise/Education SKUs to turn them off, you just get more convenient toggles there. Ultimately you're responsible for what services run on your computer, and your computer's configuration. If you don't trust the OS manufacturer, as someone else pointed out, why are you running their code in the first place? ;-)
Because you have external requirements (the software you need to run only supports Windows, there aren't any outsourced IT providers in your area that know how to manage any other OSes, regulators will be confused, etc.) that demand you run the OS regardless of whether you trust it.
Or because you don't trust any of the other options either, which is an entirely reasonable stance.
I wish people would stop downvoting posts that make reasonable points in a civilised way. The parent post gave two perfectly sensible and polite answers to the question that was asked, even if not everyone might agree with them.
You're a defendant in a trial against the government. You open an Explorer window that tries to render a preview for a PDF document titled "Doug Malone's Testimony." The PDF is busted and the preview renderer errors out, posting the error message with the file name automatically to Microsoft. The government subpoenas your Microsoft account, trolls the error reports and learns your legal strategy.
It didn't matter if the file was on your super duper secret encrypted drive. It doesn't even matter if it's in the file name; maybe the preview code dumps the whole file contents in the error report. Maybe the preview code is buggy and just logs file names. The report is cached until you're next connected to the Internet and delivered as part of "routine diagnostics."
If the government were after info like this I doubt they would spend too much time trolling through crash logs, why not just subpoena your email or phone logs.
The line I always hear from Microsoft apologists is that "You can turn these features off at any time", but everything I've seen suggests this is only true for Enterprise and Education.
Because the point of modern Internet-based services is to collect analytics and telemetry for marketing and engineering without annoying consumers with unnecessary checkboxes. There's a minimum amount of sync you want to make easy because it's a feature, not a bug. That new releases contain functions old software didn't have is called progress. Why does Apple or Ubuntu get a free pass when Microsoft doesn't?
But at least give consumers the option. Even if it's in Advanced Settings, just like every other obscure privacy invading Microsoft feature.
> It's a feature, not a bug.
Really? You might want to rethink your talking points here... There really isn't a good connotation with this phrase.
I criticize Apple and Ubuntu equally, as well. Apple's telemetry is comparable, though it is worth saying they've made major public pushes for privacy. This is not to say I trust them, but the effort is noted. (In fact, elsewhere in this thread I criticized Apple for sending data to iCloud.)
Comparing Ubuntu telemetry to Microsoft's is disingenuous at best, and outright deceptive at worst. I'm not a huge Canonical fan and I disagree with some of their practices, but saying they are at the same degree of privacy violations as Microsoft is ludicrous.
I asked at the Microsoft store for an Enterprise edition of Windows and they told me it's not sold to consumers (they tried to tell me I want Windows 10 Professional).
I'm not a student or a teacher, so I don't think I can buy the education edition either.
However, through the MOSP (for 5-250, now called "Microsoft Online Services"), you can get Windows Intune with Software Assurance for Windows for $11/user (at least when it was announced), which includes Software Assurance, which then includes a copy of Windows 10 Enterprise (to upgrade/install on PCs for licensed users) as well as management tools.
There's a way to add Office 365 on a per-user basis to your Intune subscription as well, as long as you maintain annual commitments (or some gibberish like that). I'm not entirely clear on the details, this is why Microsoft usually has folks call in for pricing and such. But I hear it's easy to manage.
There's two methods of enterprise/education licensing, per user and per machine. Home/Pro are sold per-machine only, with varying features. See license agreements for details ;-)
Ultimately, you can disable most/all of the Windows 10 spying yourself without special editions of Windows, they just make it easier for folks paying the big bucks.
You can buy Win10 Enterprise with Software Assurance through Open Licence just fine too (and even the renewal isn't that expensive). More precisely, what it gains you is access to the "Security" telemetry level.
Why do you think ordinary users should try to disable all the cloud based features of their OS? Surely a lot of the features they want (e.g. Google Now, Siri, Cortana) are based on the OS provider knowing about the users and having information about them.
If your threat model is that the OS provider is hostile, no amount of changing of settings will protect you from their actions...
>If your threat model is that the OS provider is hostile, no amount of changing of settings will protect you from their actions...
No, the threat model is that centrally collected data will be pilfered by the government or the company itself. If it's just not collected in the first place the temptation won't be there to abuse it.
It's like saying, "if your threat model is that the government is hostile, there is nothing you can do to prevent them from getting information from you."
There are lines the government won't cross (e.g. US govt torturing your family members in front of you) and there are lines Microsoft won't cross (e.g. secret exfiltration of your files).
And on that basis all modern consumer focused OS' are about as bad as each other, they all rely on cloud features which gather data about the user and hold it centrally.
It's why I'm so puzzled that people jump on MS specifically for this, Google have been doing all the same stuff for years and no-one seems to care.
That said on your lines that people wouldn't cross, I'm afraid I have not confidence in either of your examples. The US gov. has totured people for years, I see no reason to believe they wouldn't do it to family members if they thought it would meet their goals, and MS would exfiltrate data if provided an appropriately authorised requirement by the US government...
It's why I'm so puzzled that people jump on MS specifically for this, Google have been doing all the same stuff for years and no-one seems to care.
Probably because until recently, Microsoft software is what you used if you didn't want to use those cloud-everything services from organisations like Google.
Why do you think ordinary users should try to disable all the cloud based features of their OS? Surely a lot of the features they want (e.g. Google Now, Siri, Cortana)
The thing is, almost every piece of research I've seen from independent sources suggests that most users don't really want or care about these digital personal assistant gimmicks. Once you got past the hype, this was a point a few different articles made around the time Win11/Cortana became available.
That certainly seems more credible to me than the story the OS vendors' marketing teams would like us to believe. After all, I know plenty of people who use Android and iOS devices, but in my entire life I don't think I have heard the words "OK Google" spoken non-ironically outside of a tech presentation, and I have also literally never seen (heard?) anyone using Siri other than to show how badly it got something wrong and laugh at it. I mean, anecdotes and data and all that, but if almost everyone I know has a smartphone and literally no-one I know seems to be using these features that we're told users want, that's an astonishingly unrepresentative sample.
I expect that, in time, that is exactly what will happen. Realistically, some of these features will probably evolve into something that is more useful for more people.
Unfortunately, for the immediate future there is a lot of momentum behind these features, because so many corporate heavyweights have spent a fortune on promoting them. It would be borderline career suicide for any senior executive in a relevant position to hold their hands up and say they made a mistake on this one so soon.
I don't think they're being hostile, I think they're providing features they think people want.
Personally I hate this kind of feature and try to actively avoid products which have it, however I feel I am in a minority of general consumers in that feeling.
Your phrasing is a little odd. Personally, I don't think users should necessarily turn those features off, but if they don't want to use the feature, I don't think they should be forced to keep it on, either. I don't see why it can't be opt-in.
> If your threat model is that the OS provider is hostile, no amount of changing of settings will protect you from their actions...
IMO, it has less to do with the OS provider being hostile and more to do with eating up resources and increasing available malware attack vectors.
I don't think that users are forced to keep the features on are they (definitely I had no problems disabling them when installin Win10)
On defaults I would prefer it to be opt-in but I know exactly why it isn't. Software vendors want you to use the features they develop so that you'll be more involved in their ecosystem, if they're off by default chances are you won't turn them on, which defeats the purpose.
Gotta say I don't see your resource point, do you have any evidence that these features have an appreciable impact on the average system?
> If your threat model is that the OS provider is hostile, no amount of changing of settings will protect you from their actions...
I'm not sure what this even means in this context. It's not about protecting against a threat model that may someday manifest, it's actual, specific actions that are known to be occurring currently and that can't be opted out of (let alone opted in to) that are being objected to.
And certainly nothing to do with "cloud based features" of Windows 10.
I'd love to learn more about what's explicitly whitelisted, and can't be blocked by DWS or other on-system resources.
I've tried Googling, but it's hard to find pages which discuss it without knowing the right terms to search by. Can you help provide a link so I can learn more?
Why do you put cloud sync and error reporting features into scare quotes? For a developer, the error reporting features are awesome and users get direct benefit from them (bugs squashed faster).
I would take a crash dump over a poorly written (or nonexistent) bug report e-mail any time.
Apple has a history of avoiding the storage of personal data when possible. They also have a history of failing to comply with the demands of authorities to release personal information.
On the other hand, Microsoft has a history of complying with government authorities.
Apple has a history of telemetry collection without any checkboxes whatsoever. Consider http://security.stackexchange.com/questions/82765/osx-yosemi... and the existence of "com.apple.telemetry" as well as telemetry collection in their kernel and announcements on stage when they show how many people use certain features of OS X or iOS.
Considering that Win10 has been shown to run an always-on key-logger that reports in to Microsoft every 5 minutes, I think it's safe to call this especially bad.
Everything you type, in every application you run, all the time. You can't block this "telemetry" with Windows either. Microsoft has hard coded the DNS entries to bypass HOSTS file checking.
Also voice and camera records get sent to Microsoft.
None of this is contingent upon having or logging in to your Microsoft account. You don't even have to be using Microsoft features like Cortana or Bing. Microsoft has made the business decision that if you are running their OS, you are using their computer, not yours. They seem to be right that the majority are willing to hand over the keys for a "superior user experience".
The only way to prevent 10 from phoning home is either to disconnect it from the Internet, or connect through a dedicated firewall machine which blocks the collection endpoints. Win 10 will still be running that key logger in the background, though. It's built in.
I agree that the outrage over Windows 10 seems a little...inconsistent. For Android users (could be on iOS too, not sure), open up Maps. Open up the options menu in the upper left hand corner and choose "Your timeline." This will literally show you every place you have traveled, WHETHER OR NOT YOU EVEN SEARCHED FOR A PARTICULAR LOCATION (i.e. it just shows where you've been walking around). You can delete the data and opt out I think, but it's not by default.
And that's just one thing off the top of my head, I'm sure there are many others. Ultimately, if you REALLY care about privacy you probably shouldn't be using any mainstream operating systems for mobile, desktop, etc.
Location History is opt-in, and Google sends you frequent email reminders that you are opted in. I have email reminders in my gmail account dating back to 2011 when it was still called Latitude.
That's fine, but I don't personally recall a screen saying "Enable location but not location history" in my Google Now setup process. So they opt you in by default too. You can exclude data from Cortana's "Notebook" just as you can from Google Now.
can you say a little more about what these "frequent email reminders" that you receive look like, and how frequent they are? I've just discovered that I was opted in, had no idea I was opted in, and have never received an email saying I was opted in -- I'm genuinely curious what I missed. (Maybe somehow I opted out of the emails without knowing it either...)
Windows is not special. Android is not special. Apple is not special. I am equally upset at any operating system that chooses to collect and store information about me and how I use my device without my knowledge or explicit consent.
You don't get to point at some other examples of Bad Thing happening and hand-wave it all away like our concerns are not valid.
Windows PCs are not used for the same thing as smartphones. Most people don't have all their critical financial or business information on their phones; that's what PCs are for ("real work"). Most people probably don't care too much if Google knows that you're using Tinder.
Windows 10 runs on everything from USB thumbdrives to 84-inch Surface Hubs, including smartphones, tablets, 2-in-1s, laptops and desktops. If you remove all the corporate machines (with control via Global Policies) then the majority are probably mobile.
Some of Windows 10's features come from the convergence with the smartphone platform (Notifications, Cortana).
As well as being a mobile OS that runs lots of mobile apps, Windows 10 also has cloud integration (OneDrive, Windows Store etc).
This shouldn't be a shock. Nadella has been saying "mobile first, cloud first" since he got the CEO job.
> Most people don't have all their critical financial or business information on their phones
Why would you imagine Microsoft was incorporating such info in its anonymized telemetry? It's not like telemetry was exactly a new thing.
As a matter of fact, Windows Update has been scanning people's hard drives for years (with MRT, the Malware Removal Tool), and collecting crash data since XP.
that's an interesting perspective, but I'm not sure it chimes too closely with what I've seen these days.
in the UK at least most banks have mobile apps which run on android, people do e-mail (which controls most of their sensitive information) and other items on mobile devices, so their security would be every bit as important as a windows/OSX PC...
When you set-up Android phone, there is a screen with four checkboxes, that you have to go around and check/uncheck them.
There is no button before this screen with "convenient" recommended defaults that rob you of privacy. You pretty much have to go through this screen, agree (or not) to each one and continue.
And later, as you use the device, there is no changing your preferences behind your backs.
Doesn't a default Android phone also do a lot of calling home? And Apple phones? Why is it so special when it's Windows?