Posted on 12/13/2018 1:42:01 PM PST by dayglored
All your activity are belong to us
Updated A feature introduced in the April 2018 Update of Windows 10 may have set off a privacy landmine within the bowels of Redmond as users have discovered that their data was still flowing into the intestines of the Windows giant, even with the thing apparently turned off.
In what is likely to be more cock-up than conspiracy, it appears that Microsoft is continuing to collect data on recent user activities even when the user has explicitly said NO, DAMMIT!
First noted in an increasingly shouty thread over on Reddit, the issue is related to Activity History, which is needed to make the much-vaunted and little-used Timeline feature work in Windows 10.
Introduced in what had previously been regarded as one of Microsoft's flakiest updates prior to the glory of the October 2018 Update, of course Timeline allows users to go back through apps as well as websites to get back to what they were doing at a given point.
Use a Microsoft account, and a user can view this over multiple PCs and mobile devices (as long you are signed in with that same Microsoft account). The key setting is that "Send my activity history to Microsoft" check box. Uncheck it and you'd be forgiven for thinking your activity would not be sent Redmondwards. Right?
Except, er, the slurping appears to be carrying on unabated.
The Redditors reported that if one takes a look at the Activity History in the Privacy Dashboard lurking within their account, apps and sites are still showing up.
The fellows over at How To Geek have speculated the issue may be something to do with Windows' default diagnostic setting, which is set to Full and will send back app and history unless changed to Basic. Of course, Windows Insiders have no option but to accept Full, although a bit of slurping is likely to be the least of their problems.
A thread at TenForums has also provided a guide to turning the thing off, ranging from tinkering with Group Policies through to diving headlong into the Registry. Neither are options likely to appeal to users who would expect that clearing the "Send data" box would stop data being sent.
Deliberate slurpage, or a case of poor QA and one team not talking to the other aside, it isn't a great look for Microsoft and users are muttering about potential legal action. Privacy lawyers will certainly be taking a close look after all, the gang at Redmond are already under scrutiny for harvesting data and telemetry from lucky users of Windows 10.
Google has been on the receiving end of a sueball for slurping location data from user's phones and providing an over-complicated way to turn off the "feature".
It is all a bit of a mess and has left users unsure of what is being collected and when. We have contacted Microsoft to find out how it plans to deal with the situation (ideally before 2018's privacy bogeyman, GDPR, makes an appearance) and will update if a response is forthcoming. ®
Microsoft got in touch to insist it is committed to privacy and transparency, but admitted there is indeed a bit of naming problem, with "Activity History" cropping up in both Windows 10 and the Microsoft Privacy dashboard.
Marisa Rogers, Privacy Officer at the software giant, told us: "We are working to address this naming issue in a future update."
The slurpage collection is of course for your benefit and Rogers added that users have "controls to manage your data."
As for turning the thing off, Microsoft confirmed that, yes, you have to go to two places to actually stop your Activity History being shared with Redmond:
1. Under Settings->Privacy->Activity history: ensure the setting "Let Windows sync my activities from this PC to the cloud" is not checked
2. Under Settings->Privacy->Diagnostics & feedback: ensure Diagnostic data is set to Basic
Windows and Office telemetry still does. Load up Wireshark, which allows network packet sniffing, and watch the data fly.
There are ways to turn that off in Group Policy in Windows Pro that go beyond the settings in Windows and Office.
Any backdoor “feature” that allows windows to pump out your data can be hijacked by criminals.
If that computer is running Windows 10, it isn’t your computer. It belongs to MS and they’ll do what ever they please with it.
Like not allowing you to log on until they are satisfied it is “updated”.
Absolutely true. I run the "Pro" versions of 7 and 10 exclusively. Well, actually one of my 7 installs is "Ultimate", but since I don't use any of the extra features it's really acting as "Pro".
Your good and sane advice in these comments is much appreciated! Do I guess correctly you're a Windows Admin somewhere?
Even though I don't use MS Office, MS seems intent on re-enabling the telemetry for its latest offering quite often.
I hate it when that happens.
My Win10 VM at work periodically disappears from my RDP connection (disconnects me, logs me out, loads updates, and reboots) without my approval. Very annoying, since I sometimes have a fair amount of context on the desktop from day to day.
I've had to stop using Win10 for anything that might have to run overnight. Luckily the things I have to run overnight will also run on my Win7 VM. Other than the Win10 compatibility tests...
Most of what I do that's important, I now do on Linux. Windows is relegated to transient tasks that, if they die when I'm not looking, I don't lose significant context.
It's really a shame -- only 5 years ago I was using Windows as my primary desktop environment at work (had done so for the prior 8 years) and it was fine. That's just a fond but dimmer-every-year memory.
You notice over the years, the "My Computer" icon got renamed "Computer", and then "This PC". That's a hint. Even Microsoft admits, it's not your computer. It's just this PC that you're sitting in front of. Most of the time, you might as well be downtown at the Library in front of a terminal.
What he said. ^^
Indeed. Storage is cheap, but not free, and analytics sure as heck isn't free.
I've been thinking the same thing for almost 20 years.
Exactly right!
My first secure computer was a Pied Piper running CP/M on 5 1/4” disks. No need for an air gap. Long before the Internet.
It seems the only way to avoid the slurping would be to disconnect, hard wire the peripherals and return to snail mail. Barring that who slurps less? Apple? Linux Mint?
Asking for a friend.
I think Linux is probably the least snoopy. Apple does a great job of encrypting anything it sends or stores, using individual keys that only you have. But if I had to guess, Linux sends less overall, and its trivial to make sure it doesnt even send the minimal stuff like crash reports.
I found some cpm diskettes from a Wang system at work and out them into a pc running DOS. I was able to read everything, just couldn’t run the executables.
This.
But having nearly everything in an OS encrypted does hog some resources a little, although not as much as M$. So use a fairly fast machine.
During Windows 10 setup, you will be asked a lot of questions. The one word to remember is "no."
Last I checked, setting up a Microsoft account was not absolutely required, though Microsoft certainly tries to convince you to set one up.
I think it ends up being more convenient to just set up the damn account. If necessary you can create a new email account at Microsoft's Outlook.com
All the Features That Require a Microsoft Account in Windows 10:
https://www.howtogeek.com/121975/htg-explains-microsoft-accounts-vs.-local-accounts-in-windows-8/
bump
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.