• Alaknár@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    3
    ·
    4 days ago

    Yes, it does, but telemetry is not what people think it is.

    Remember how Microsoft regularly kills those “cool features” for “no reason at all”? That’s because those that use them have telemetry blocked, so - from MS point of view - it seems like nobody is using them. Why waste dev time on something that nobody uses?

    That’s telemetry. It’s anonymous. It tells them which parts of the OS work, which cause issues, which features are utilised, which aren’t. It’s not spying, it’s diagnostics.

      • Alaknár@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        4 days ago

        You’re trusting Microsoft’s word that telemetry is anonymous

        Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?

        Microsoft’s word isn’t worth very much:

        Microsoft doesn’t publish detailed breakdowns of telemetry collection, which is a red flag in itself

        Huh?

        especially on the topic

        Oh yeah, Recall, the absolutely horrible… ummm… *checks notes* fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…

        Yeah, truly, the death of privacy is upon us.

        of privacy

        Have you read the article you linked?

        • witten@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          3 days ago

          Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?

          Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.

          Huh?

          I don’t know exactly what that’s referring to, but maybe it’s the fact that some (not all) of the bullet points in this telemetry doc are super high level, leaving much to the imagination: https://learn.microsoft.com/en-us/windows/privacy/optional-diagnostic-data

          Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.

          Oh yeah, Recall, the absolutely horrible… ummm… checks notes fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…

          Again, without source code, you’re taking Microsoft’s word about all of this. But let’s say it is 100% what they say. An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data. I have a hard time trusting an organization that is so clearly reckless like this. Either they don’t care about user privacy—or they do care and they’re just incompetent. I’m not sure which one is worse.

          Have you read the article you linked?

          Yup.

          • Alaknár@sopuli.xyz
            link
            fedilink
            English
            arrow-up
            1
            ·
            3 days ago

            Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.

            OK. Let’s assume nobody has ever gone through it. Do you imagine that - especially in the US - lawyers of massive companies didn’t wring out anything and everything about telemetry?

            Do you imagine companies like JP Morgan, or - famous for money laundering terrorist money - HSBC would be happily using operating systems with “spyware”?

            I don’t know exactly what that’s referring to, but maybe it’s the fact that some (not all) of the bullet points in this telemetry doc are super high level, leaving much to the imagination: https://learn.microsoft.com/en-us/windows/privacy/optional-diagnostic-data

            The one you linked is the Optional Diagnostics Data, this is the one you can disable by toggling telemetry to “basic”.

            Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.

            So every “power user” disables it, and then complains when Microsoft kills a power-user feature because their data showed that nobody was using it. :D

            Again, without source code, you’re taking Microsoft’s word about all of this

            I mean… You can easily tell if the data is being sent out (massive increase in outbound connections) or if it’s encrypted (… can’t read it without decrypting).

            An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data.

            Correct. An early test version had bugs. Colour me shocked.

            Either they don’t care about user privacy—or they do care and they’re just incompetent

            Or… the whole thing was about an early test version and everybody blew this massively out of proportion…

            Yup.

            So you know that the only problem and the reason for the lawsuit was that they were collecting the data in the wrong order (should’ve started with parent consent) and then kept it for too long? Not that they were endangering the children’s data, or gathering too much of it? As in: if they asked for parent’s consent first, THEN gathered the data they gathered, there would be no lawsuit?

            • witten@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              3 days ago

              OK. Let’s assume nobody has ever gone through it. Do you imagine that - especially in the US - lawyers of massive companies didn’t wring out anything and everything about telemetry?

              What is the legal mechanism they have for doing that? Microsoft is holding all the cards here.

              Do you imagine companies like JP Morgan, or - famous for money laundering terrorist money - HSBC would be happily using operating systems with “spyware”?

              Happily? That I can’t say. But they are using Windows despite any “spyware.” Likely because, like you, they deem the risks worth it.

              The one you linked is the Optional Diagnostics Data, this is the one you can disable by toggling telemetry to “basic”.

              What percentage of Windows users (power users or otherwise) would you guess disable it? Unless it’s the vast majority, the article’s quote still stands.

              Anyway, on the other points, I don’t think we’re going to come to an agreement here. You seem to be defending the questionable behavior of a massive corporation, and I’m not buying that it’s all a big misunderstanding, a beta feature, just a bug, etc etc.

              The fact remains that Microsoft has a long and sordid history of privacy violations and security lapses. You can choose to look past that and defend them, and that’s your choice.