This also happens on iOS with spotlight. As far as I can tell there's no way to turn it off.
Source: MITM your iOS traffic.
Sidenote -- a possibly unforeseen side effect of end to end encryption everywhere is that it makes it far more difficult to man in the middle your traffic and hold companies accountable for their privacy policies.
a possibly unforeseen side effect of end to end encryption everywhere is that it makes it far more difficult to man in the middle your traffic and hold companies accountable for their privacy policies
I don't think it's an unforseen effect, but one that is highly downplayed by advocates pushing the security angle. When it was revealed that smart TVs phoned home with detailed viewing information, including filenames, I remember making a similar comment - if they had used TLS, that discovery might not have occurred.
The ability to MITM your own devices is very important, if only so you can figure out exactly what they're sending out.
Another thing is the widespread use of enforced code signing, accompanied by pinning to specific (e.g. MS) CAs; if this had happened a decade or more ago, it would've been pretty easy to pinpoint the parts of the OS responsible and just patch them out. Now the same thing is likely still possible (theoretically, as long as you can change any byte on the disk it is), but involves plenty of bypassing other protection mechanisms on the way and could get pretty hairy if hardware is involved (e.g. secure boot/TPM.) From this perspective, remote attestation and the other upcoming security technologies are immensely disturbing. The desktop PC ecosystem is gradually being locked-down in the same way that mobile is.
These security mechanisms certainly have benefits, but their goal is ensuring that your software is completely unchanged from what the author wants you to have; in situations like these, that is precisely what you don't want. Nevertheless, I hope the hackers/crackers out there find a solution so those that are forced to use Win10 can still retain some privacy.
The "feature" to worry about is the new SGX instructions. With those, the secure boot/TPM stuff is locked down at the hardware level, and we lose root access.
Unfortunately, given how many in this very thread are willing to apologize for MS's behavior and justify their power grabs, I don't expect there will be much resistance in this War On General Purpose Computing.
In general, as long as you have root access to a machine, you can decrypt any traffic coming out of it, either by locating the private key in the filesystem or memory, or by patching the encryption methods to skip the encryption step.
If you do not have root access to a machine, and software on it signs traffic with a certificate you do not have access to, then you simply cannot see the traffic. If you ask me, that's a huge problem, especially when coupled with the "locking down" of ecosystems that you describe.
The skeptic in me wonders if the same entities pushing the privacy agenda are the same ones with vested interest in encrypted traffic that phones home.
I think this is worse though. It fires even when you've disabled web search through most GUI interfaces. It might stop using Windows Firewall > block SearchUI.exe
It will even ignore a-0001.a-msedge.net in your hosts file.
Except apps like this should probably not be using the OS CA store, and instead just pin their own CA cert. Doesn't seem to be the case here but in general I think pinning is getting more adoption, isn't it?
Heard that on an old security now episode, https://www.grc.com/sn/sn-443-notes.pdf is the best I have unfortunately, there's mention of it near the bottom there.
No. No application or OS should impose it's own CA on an end user without choice. I get the importance of encrypted traffic flowing over the internet, but I also have concerns about traffic leaving my own network. Neither at my home or my business do I want an encrypted stream of traffic flowing out of my network without my being able to inspect the contents and know who the recipient is.
Privacy is a double-edged sword. If you want perfect privacy, you also throw away a lot of potential optimizations.
For example, you may leak information about sites recently visited, updates applied, etc. if you have a local proxy cache and subsequently look at response timings.
If you want perfect privacy, you also throw away a lot of potential optimizations.
That depends on what you mean by privacy. We share information, sometimes sensitive information, with other parties all the time when we interact with them. I believe the essence of privacy is more about being able to choose when and how and for what purposes information is collected and shared and used.
I can't make a purchase using a credit card without the card company at least knowing who I'm paying and how much money I'm giving them. There's not much point going to see a doctor if you're not going to discuss your medical situation with them. If I go out to visit friends, someone passing me in the street is going to know where I am at that moment in time. That doesn't mean anyone else needs to know any of those things, or that they need to be used for other purposes or correlated with other data.
In any case, with a lot of information sharing that is going on with software and networked systems these days, it is far from clear that many of those "potential optimizations" are actually in users' interests at all. Obviously some facilities do need to analyse relevant data sets to make useful predictions -- personal assistants like Siri and Cortana, say, or recommending new material that is similar to what you've accessed before on Amazon or Netflix. But even there, the limitation is often that the technology isn't powerful enough to do the same things locally yet, not that the organisations running these services inherently need to know lots of data about you.
> the essence of privacy is more about being able to choose when and how and for what purposes information is collected and shared and used
This is the core of the EU data protection principles. It's a very concise way of expressing things. There are two limitations:
- figleafing: the "cookie law" problem where everyone is made to agree to a useless dialog box, supposedly signing away their privacy in order to look at any web page with ads on
- it conflicts with the very strong American free speech principles, in which you can say anything you like about anyone on any basis. Privacy enforcement necessarily means silencing people talking about other people. The bad end of this is UK libel law. It's still present in the US "product libel" laws, although fortunately "ag-gag" was recently struck down.
The last time I have seen a proxy was in the 90s. Who still use proxies outside of corporate proxies which are there more to watch the traffic than reduce it?
The biggest problem with mobile phone privacy (assuming you seek it) is that no matter how trustworthy and privacy respecting the operating system and its software is, the baseband modem is usually at the behest of the network provider and also generally has full access to the main CPU and memory. There is one project I am aware of that is looking to address this problem - the Neo900 [1].
The platform should hopefully be 100 % trustworthy (from an "it's free software so I can inspect it" point of view), as long as you do not choose to use a non-free graphics driver.
A WiFi-only cellphone with Ubuntu, Cyanogenmod, FirefoxOS or Sailfish as an OS along with a mobile hotspot device that provides a WiFi access point might be able to get around this issue of the baseband modem having access to your CPU and memory [1].
Correct - by using two separate devices you can cheaply get around the issue today. This gets you a setup that I could agree to be trustworthy and privacy respecting.
The convenience of one device is a big sell though, plus I think a device with a built in cellular modem is more fairly called a "phone".
Nobody cares about perfect privacy, but people do care about Total Information Awareness. This is going in TIA direction, in fact it's already there. It's sickening. So I am happy to be a Linux user, and it's the right time to switch. Say goodbye to your corporate overlords and come on down here. The privacy is fine.
There is Jolla's Sailfish OS that has been built on Redhat Linux. However, the phone isn't exactly great hardware-wise. A better phone with the same OS is about to be released later this year by an Indian company (Intex) but I don't know whether it will be available globally.
Let's not talk about "perfect privacy" when we could still be happy with "reasonable privacy". Just because not everything is private by default, doesn't mean we should be okay with the ever more invasive privacy policies of these companies.
It reminds me of the argument that "of course NSA spies, that's what it does" completely merging together the spying on dangerous targets for national security with the spying on every single person on Earth and for economic, blackmail and so on purposes. Reality is more nuanced than that.
iOS does tell you have to turn it off but the user has to notice a small notice on the Spotlight control panel. Same with OS X. I believe this kind is unethical as Apple knows that most people won't change the default settings.
Yes but also the privacy implications are over exaggerated. This kind of "phoning home", at least for Apple Siri/Spotlight, goes through a session ID which is random, regenerated every 30 minutes, and not bound to Apple ID or other user profile. Moreover, IP addresses are not used, not communicated to third parties (eg: Bing for Siri) and anonymized in logs. So yes, it's a "phoning home", but with different implications compared to eg. inputting a wifi password on a logged-in Android phone.
The default setting should be to respect the privacy of the user first. Since they know most users will blindly go with the default, it's an asshole play.
Is it really necessary to use a host that requires JavaScript to display an image?
Anyway, I've confirmed this. I've disabled web search and all of the other privacy options I've seen with Windows 10 during and after install. As soon as the first character is typed into the Windows 10 search box, the request goes out to www.bing.com. It doesn't say what you searched for (as the request happens before you complete the search), but it does send a lot of info to Microsoft about your platform, including a unique identifier.
On my Mac I use Little Snitch to monitor outbound connections and I love it. I haven't found an equivalent simple and lightweight application for Windows yet.
As others have mentioned, GlassWire is quite simple and lightweight. Unfortunately, while it’s absolutely invaluable for monitoring changes to the system (DNS changes, application changes (becoming unsigned, etc.), webcam and microphone changes, etc.), its firewall is too simple compared to Little Snitch. Unlike Little Snitch, which lets you choose which domains and ports an application is and isn’t allowed to connect to as it attempts to make those connections, GlassWire only allows you to either allow all connections an application makes or deny all connections an application makes. NetLimiter¹ is much closer to Little Snitch in this regard (example²).
Personally, I’d recommend using a combination of GlassWire for monitoring system changes and NetLimiter for the firewall.
Oh man, I am racking my brain trying to think of the tool I used to have installed on my PC at my last job. It was built by somebody who posted on HN, lightsomething or something? It would warn you about new programs connecting to the network and do other neat stuff. Not quite the same as little snitch, but similar and very pleasant to use. I'll update if I think of it (or maybe somebody else can name it.)
[edit] Glasswire! https://www.glasswire.com/ It's super slick. Apparently the paid version has an "ask to connect" feature.
Do you actively block then grant-access to everything, or just periodically check what's happening? I've tried the active filter before, but found it to be very disruptive to my typical workflow.
I do active blocking. I permanently allow any application that I can trust. For example I will allow chrome to connect permanently. But if it is some cryptically named service trying to connect I will block it permanently. After an initial approval stage you do not see too may popups for approval.
But I can see how this can be a disruptive process, when all you want is some work done. I wish we lived in a place where I did not have to use tools like this.
Zonealarm back in the day did something similar, yes (I haven't used it recently so I'm not sure what it does now). Little Snitch is the OSX equivalent :).
Couldn't agree more. These days we have to protect ourselves more from our own software than from viruses. Assume any software is a trojan horse, even the OS.
Counterexample: Ubuntu sending local file system searches off to Amazon because apparently online shopping and file searching are things you want to do simultaneously.
"Your information is ours unless you are aware of it and spend unreasonable amount of time searching for the information leaking settings and disabling them." Yaay
This is incorrect. Ubuntu told me in clear words that dash searches will be sent after installation when I used dash. That's how I came to know of it, and that's why I disabled it.
I didn't like the fact that that it is opt-out and not opt-in, but yeah, way way better than Windows 10 for now.
Also note that Canonical took steps to ensure amazon doesn't get to imprint your system by proxying the requests through their server.
Free as in freedom, not beer. You can look at the code of the free software, therefore tell if it's phoning home or not. More importantly, changing it.
Exactly. This is how the Google Chromium always-on voice recognition payload was discovered, for example. We may never have known about it if it wasn't an open source project, or at least we wouldn't have heard about it until long after it shipped.
Not many, but the effort is parallelizable. If you find a security problem and report it in public, others can verify it, and still others can benefit from the fix even if they never would have bothered to look for themselves.
Many software projects I use are hosted on SourceForge. While SF has been using some nasty techniques with binary installers, the source code is, as far as I know, untouched.
And, as soon as it's touched, the project maintainers can shut down the SourceForge repos and move on to someplace else.
It's not a guarantee of security, privacy or anonymity, but open source is still your best chance to get any (or all) of the three.
You absolutely should be concerned about things getting out as much as things getting in.
Things getting in can damage your data, but that is what back-ups are for. On the other hand, things getting out can leak your data, which is likely to be a one-way trip and, depending on the type of data, potentially a very expensive one.
Of course things getting in can also interfere with your device's normal operation, and in the brave new world of always-online systems and reprogrammable everything, if your system does get compromised today it may be extremely difficult to reliably clean it. The days of booting from a operating system's install CD and reformatting as a reliable recovery mechanism have long passed. This is not a good thing.
As time goes by, computer software begins to feel more and more hostile to the user. When I installed Windows 10, all the privacy settings made me feel like I was wrangling a beast rather than setting up something that would help me.
I don't know if there's any solution or if privacy is just a remnant of the past. Is Linux any better? And is there any way to own a smartphone which is built not to leak my information, either through the operating system or through 3rd party apps that request access to everything on the phone?
I don't know if there's any solution or if privacy is
just a remnant of the past.
This always irritates me when I see it (not specific to you). It's not a remnant of the past and there is of course a solution! The solution is trading some of the conveniences you think you need. The solution is for once trying something other than what you're used to.
The reason why you (and everyone else who thinks this way) feel there's no solution is because in your world, giving up a smart-phone or even using a non-Windows/Google/Apple device is a non-starter.
There are new phones coming out like Ubuntu's and Mozilla's that, while not perfect, absolutely are better alternatives. If you keep digging there are projects like Neo900 that respect privacy in totality. You could use a feature phone, or an old n900, or any bevy of alternatives but the price they come with is convenience :)
> There are new phones coming out like Ubuntu's and Mozilla's that, while not perfect, absolutely are better alternatives.
The last time I checked, Mozilla's Firefox OS phones appeared to be sending all home screen search queries to some unknown company in Israel, with no clear way to disable it.
I mean, you linked a press release from 2012 for a partnership with Everything.me, and an Indian Mozilla video from 2014 about adaptive search which doesn't mention anything about that. I'm not saying FF is innocent in data-sharing, but at this point you're spreading FUD around. To make a claim like that, you need something way more definitive!
Edit:
You're right that it's not mentioned in the video. That's part of the problem; it's obviously something people care about and would like to be informed of.
Shout out for the N900. I've said for years I'd pay handily for an updated model. Your comment reminded me to check back on the Neo900 project, and it's still chugging along. Looks like they've started accepting pre-orders on the site.
Yea, it's moving slower than I want but they're accepting pre-orders (half-payments) and I think they will have a few working prototypes at CCC this month.
It's frustrating because there's no definitive end-date but they are much much further along than most thought.
I currently own a N9 mobile phone, witch is the successor of N900. I had a windows phone before that. And the N9 is superior to Windows phone in all aspects.
When Microsoft bought the company (Nokia) they shut down all support for the phone, including SDK, app store, music store, maps, roads and software updates.
So, just to clarify, your first 'it' meant Nokia, and the second 'it' was the N9 phone.
That's not what I was referring to, though. You and Nokia may have seen the N9 as the successor to the N900, but I certainly didn't, and I suspect the Neo900 team didn't, either.
The Iceweasel bug that downloaded some icons silently on the first run was a big deal few days ago. The problem was that iceweasel doesn't ship the search icons with the package (legal reasons maybe), so it downloads them on the first run [1].
And this is considered a bug that will be fixed. Compare this to the privacy issues on any proprietary OS where they are considered to be features not bugs. Maybe there are other bugs that leak your privacy even more, at least they are recognized as bugs when discovered.
I can't read your link unfortunately (get an SSL error when trying to connect), but that's interesting, given the sheer amount of trackable requests firefox makes silently in the background (like safe search/content blacklists from google, etc). Based on the goals stated by the iceweasel project, I assume they have not patched those things (as their goal is to be firefox-without-trademarks and nothing more).
I'm really disappointed in mozilla's track record on privacy. They always seem to choose features over privacy. See for example all of the patches sent by the Tor Browser developers for various info leaks that have been rejected as they would be inconvenient for average users.
It really seems quite pointless to work on a leak like this when there's so many others in the upstream that they refuse to patch (even if they have understandable reasons).
> See for example all of the patches sent by the Tor Browser developers for various info leaks that have been rejected as they would be inconvenient for average users.
I wasn't aware of this, what kinds of leaks are you talking about? Care to supply us with some references?
That's a list of the original planned features for the TBB. You can clearly see they intended it to be a temporary thing until patches were pushed upstream, but it's still around and still adding new patches to fix leaks. You might try to search for the tickets for the issues above in the mozilla bugtracker and you will see many WONTFIXes.
For a desktop OS, try OpenBSD, Slackware Linux, Debian, or Arch Linux, or if those are too obtuse (they can be difficult for the uninitiated to get into) try Ubuntu or Linux Mint. If you go with Ubuntu you'll want to go to the Security & Privacy tab and disable online search results and tracking.
For a smartphone, you have to dig back into the past and find a Nokia N900 or an old-school BlackBerry; anything based on Android, iOS, or Windows Phone is going to snoop on you even if you tell it not to. Even FirefoxOS has glaring security issues, and Ubuntu Touch isn't ready for prime time.
You're probably right, I was thinking back to my first real Linux learning curve with Slackware around 2000-2001. I dived in head-first and I'm glad I did, what I learned doing that built a foundation that has served me well.
Yeah, and you did that because you had to back then. :)
Thinking more about my post, I left out the option of just staying with Linux Mint after a noob gains experience.
Not that I'm anything like a role model, but it's my default personal distro, because it doesn't try to be the main focus of my computer experience, it just gets out of the way lets me focus on the work.
Mint is a great OS, I used it off and on for several years. I enjoy getting my hands dirty and I like fine-grained control over my OS though, so I've always gravitated back to Slackware long-term. Not to drag out the dreaded car-computer analogy, but it's why I keep my old 1982 farm truck instead of buying a more modern work truck; it's simple, I know it inside and out, and it runs just the way I want it to.
But you can't go wrong with Mint as a "get out of my way" OS, as you said.
Any company that installs adware on an operating system you paid for [1], and even forcibly reinstalls it after you remove it and block it, clearly doesn't give a shit about user experience or your privacy. Some Linux distros will also remind you to update, but they aren't paid updates and anyway you can turn those updates off if you like, and they won't come back.
Unless I'm missing something, this isn't a paid update either.
And you can turn it off in a few fairly trivial ways[1] (though I'll admit this might be past some users, anyone who has even heard the word 'distro' probably shouldn't have an issue with it)
Uninstalling and hiding that update only works until MS releases a new version of it, at which point Windows will unhide it and reinstall. It's not a solution.
I looked into blackphone a while ago. If I remember correctly the first thing it asks for is your e-mail address so it can sign you up to their proprietary anonymity/cloud service. I'm not sure if this is still the case, but if it is I think they've completely misunderstood their target audience. Thanks for reminding me though I will have another look into it.
I opened a bug (well, feedback item) during the preview about this. Even with the various group policy settings set, there was no way to disable web search. Rather unacceptable. One would think this has regulatory and compliance issues as well, no?
This is a big problem for us in the finance sector. We're SOL when it comes to Windows 10. It's a complete dead end if we can't lock stuff down with GPO.
There are meetings taking place to work out what to do about this in various companies and the general answer so far is jump the sinking platform ship and "thank fuck we wrote everything in Java". Some of the big guys are already rolling out RHEL desktops.
I wonder if it is even legal to use Windows 10 if you have to comply with HIPAA regulated.
I suggest using this incompatibility as leverage against this kind of data exfiltration. The only way a big company will change is when it hurts their pocket book. They might notice if enough businesses such as yours decline to use Windows 10 while complaining about this.
Of course, Linux is always a good choice, regardless of what MS is doing. If big players are already jumping to RHEL, now would definately be the time to switch.
The problem is that we deliver everything via the web so people will barely notice if we move our stuff over to an alternative platform from Windows.
Microsoft knows it has lock in from a lot of people and it will abuse this. I think their aggressive cloud move with Office 365 and Azure's PaaS stuff is an example of how they are moving this forward further yet retaining a subscription. NOTHING is portable away from them without significant cost.
Edit: just the effort I started two weeks ago to move all my data to platform neutral formats and shift to Linux is less than 50% of the way through and that's just one person with 20 years of data.
More and more I think I'm going to hold off on updating from Windows 7 - possibly except for one system, since I may fiddle with some Windows Phone development and I'm pretty sure I'll need 8+ for that.
Though I may still jump through the hoops to do upgrades on a couple more laptops just to get Windows 10 Pro licenses activated on them - fortunately one of them needs a wipe and reinstall anyway since it was factory restored with Win7Pro 32-bit instead of 64, and the other will need a larger SSD within the next year.
I wouldn't be surprised to see some updates to add better privacy controls - particularly for environments where privacy may be legally mandated. Not every small medical practice is going to be in a position to get Enterprise with possibly better handling of such things, nor will every small law office concerned about someone subpoenaing all of their search terms from Microsoft while they're preparing for a case.
I may have done something wrong but I wasn't able to install the Windows Phone 8 development tools a couple of weeks ago (Win 7 x64, VS Ultimate 2013).
You can use "netsh advfirewall firewall" commands to view rules. And you can use "netsh exec" to execute a script to modify rules. Unfortunately the "dump" command is not implemented, so there is some work involved to turn the "show rule" output into a script.
I'd hate seeing it too if this was the result of 1-2 bad comments or a mistake but a quick look through this poster's history shows their "contribution" is hardly better than spam.
Things like:
> No. Way. Everything big business does is for the greater good of man. Not for their own bottom line.
Who are you vegetables? [0]
> Why don't you just... Exercise? [1]
> No shit. [2]
> Thanks for that captain obvious [3]
> Hope you go away forever chairman Pao. [4]
> Have you heard women talk? [5]
And many more you can read for yourself. Being shadow banned sucks, no doubt, but this poster is obviously not contributing anything of worth to this site. It was just under a year ago that they appear to have been shadow banned for the last comment and nothing of any real value has been submitted since. So while I'd normally hate seeing this I can't help but think this is exactly what the system was put in place to do. The poster is free to create a new account and try to follow the rules and and realize this isn't reddit.
Reminds me of when canononical did something similar with ubuntu and extended searching your applications to searching merchandise on amazon and other stores. It's really funny when you open the start menu equivalent at work to launch the terminal* and as you type "t" you get to see items you can buy - one of them being "The Simpsons". Genius.
* before you complain I use the start menu to launch the terminal: I never remember ubuntu shortcuts, it's meta+t on my system
This behaviour bit me in the ass in work today. Had a new Mac, just installed Polycom (our video conferencing program), typed Polyc<enter> out of habit in spotlight to launch it, ended up on the wikipedia page for polycystic ovarian syndrome...
I rarely use the Spotlight or Start Menu keyboard searching because of stuff like this. If it doesn't reliably produce the right result each time if you only type a small amount of the name - which it doesn't - what's the point?
(Call me crazy, but because of this I've come to not mind the basic Windows 8 start screen. It's not as good as the classic start menu, but compared to the Windows 7 one you can at least arrange it for quick access to a larger number of programs.)
This. I previously loved Spotlight but it's getting strange in its old age. For example, if I type "i" or "it" or "ite" or "iter", Spotlight predicts "iTerm". But if I actually type "iTerm" in full it takes me to "Go2Shell" in the App Store – because it has the word "iterm" in the patch notes of the most recent version. Useful.
With Ubuntu, I had tried to launch brasero, the CD burning application, so I start typing 'bra...' and start seeing ads for women's bras. Thanks Ubuntu, that's helpful.
Which you could turn off without any problems. The issue with Windows 10 that is still being reported is that it searches when you turn that feature off.
Foreshadowing? From April 2014:
"To be able to truly benefit from this platform you need to have a data culture inside of your organization. For me, this perhaps is the most paramount thing inside of Microsoft," said Nadella.
"It's not going to happen without having that data culture where every engineer, every day, is looking at the usage data, learning from that usage data, questioning what new things to test out with our products and being on that improvement cycle which is the lifeblood of Microsoft."
http://www.reuters.com/article/2014/04/15/us-microsoft-ceo-d...
Apple, Microsoft, and Google are on the road to destroying computing autonomy. I have been an OS geek since 1992 and I have never felt so disgusted with the commercial OS market.
The following fix worked for me. I don't see any outbound traffic on Fiddler when typing searches in the Start menu or when actually running the search. Granted, Microsoft needs to make this MUCH easier to do; the VAST majority of Windows users have no idea what group policies are.
1. Run gpedit.msc
2. Navigate to Computer Configuration\Administrative Templates\Windows Components\Search
3. Set the State to Enabled for "Do not allow web search", "Don't search the web or display web results in Search", and "Don't search the web or display web results in Search over metered connections"
Be aware that software can choose to not use a system configure proxy. It's a good tool to use, but absence of traffic in fiddler is not a definitive result, not least because it's tracking http traffic only. Wireshark is probably the next best option.
It's really disturbing how many would be indistinguishable (to almost everyone) from malware servers. Lots of .net domains and entities I've never heard of.
A non-technical person's computer is often a source of agitation for a wide variety of reasons. Sometimes those reasons are reasonable. Sometimes they are not.
I don't think we're doing ourselves any favors by speculating what Aunt Tilly might think of a long list of human-unfriendly domain names.
> It's pretty common practice for a .com to run its backend stuff on the .net version of their .com domain.
Meaning the .com is basically just the UI that sends all its information to the .net to be processed, then back to the .com to be rendered? What's the benefit of that to the company, instead of having it all on the .com site?
I can't tell you why you'd want to have a front office/back office split like that, but I could speculate: Domains are cheap, and it might reduce cognitive overhead to have a .com/.net operational split.
Part of it is removing extra data when requesting style sheets and such - there's no need for a browser to send all of the set cookies it has for your web application when it's fetching styles, so people buy separate domains for them.
The problem is you can't explicitly tell a browser to fetch a cookie from cookie.example.com - and when you have multiple subdomains which rely on the cookie, plus analytics software which sets it for the whole domain, you can't do that.
Sort of: If you only ever need a cookie set on app.example.com, you can do that and use assets.example.com. It'll work for simple applications and not much else.
Things like Google Analytics also set cookies by default on *.example.com so you'll have to figure out a way around that.
This is not an authoritative or trustworthy measure in the least, but from running Little Snitch (and denying most things), I'd say OS X tries to contact maybe a quarter of those domains, maybe half as many. And that's not just on boot.
No, I am not using LTSB. I think LTSB desktop only would be safe from this as it doesn't have the new start menu UI, but I don't have a copy around to test.
When going through the "advanced" upgrade install of Win10, there was an option to NOT send Microsoft information about what you search for in the bar. It's set to send by default, but can be disabled.
I have everything disabled in privacy settings. Doesn't help. Check for yourself if you like.
It's important to note that this is _not_ info that you search for. No search query was included. Just a lot of identifying information about my machine.
> there are literally thousaunds of bytes exchanged
For people on capped connections, this is a nightmare. 4kB/search, for using your computer normally! Even though 100 searches/day is only 12MB of data/month, the fact that Microsoft thinks it's okay for the OS to slurp data like this boggles my mind.
It's not Microsoft's data traffic to grab. The user is paying for it and Microsoft should treat their users with respect. Not making users pay for data that benefits Microsoft would be a start.
The australian market where most providers bill at least a MB for every connection session (1B over some arbitrary time and you're down one of your MB)
It's the new norm apparently - everyone is doing this.
Apple gives OS X away but nobody has yet got the memo that you are becoming the product. (Yosemite does exactly that by default - you can disable it though.)
I thoroughly doubt that Apple's endgame here is to make their users the product – given that the operating system is only available to people who have paid them money in the first place.
A much more pragmatic conclusion is that they think this feature is something that users want. And in Apple's case, as well as others, it probably is.
You paid for the hardware and the OS that shipped with it. Developing a new OS version costs Apple non trivial amounts of money - development, deployment, testing, bandwidth, support etc. and they used to charge for them up until just a few years ago. Something's got to fund it - things like pushing more of Apple's online services, gathering user data etc provide some ROI to Apple.
You might be paying for the hardware and two or three OS versions. It's in Apple's interest to keep everyone upgrading, so they might as well just put the average expected OS upgrade cost into the hardware, and rely on planned obsolescence (which is pretty easy as computer hardware keeps improving) to keep that expectation relatively low. Sure, a few users will upgrade hardware all the time and a few will never upgrade, but that doesn't throw off the economics too much.
(I also feel like analyzing specific pricing decisions is missing the forest for the trees of "If you're not paying for it, you're the product." It mostly applies to whether an entire business model is free, e.g. Facebook. Several years back, Microsoft used to give out free memory-card-to-USB adapters for the original Xbox, intended for keyboards for MMORPGs, but also useful for jailbreakers. I requested one. Did I become the product?)
Are you intentionally ignoring the fact that Apple rakes in 95% of profits in the mobile sector?
Each thousand dollar phone is making many times its manufacturing costs in profits. I expect that there is a large enough margin on phones sold to fully fund R&D not just for iPhones and iOS but the Apple Car, its OS and battery technology, and whatever other projects are in the works.
Apple makes their money selling premium ITC. They don't need to sell your personal details.
They have to improve their products continuously to be competitive in the marketplace. Apple's competitive advantage is fundamentally in their software, not their hardware.
They innovate in the hardware space and physical design space, but all of their competitors will make copies of their hardware advantages after a few years. To keep on being competitive, their entire experience has to be superior. And what is harder to copy properly is the software experience.
Engineering cost wise, it's cheaper to just keep the software train rolling than to have older versions persisting that you have to continuously support. That is why they don't charge for it, because it's cheaper for them if you upgrade sooner and become part of the marginal few they can ignore if your a straggler. And 'free' has far higher adoption rates than even $1.00.
Does it though? All of spotlight's extra functionality seems to work even with wifi turned off. Even things like currency conversion rates seem to be stored locally.
EDIT: I just noticed I have spotlight settings turned off. Unless I forgot turning it off, I was either asked whether I wanted to turn it on, or it's off by default now.
Spotlight suggestions is the issue, and there are settings for both Safari and Spotlight to adjust so searches are not shared. This article shows the steps to disable:
Microsoft has almost always done this with Windows. Each new version had something new to phone home about. Previous Windows versions told Microsoft what apps you had installed, send in crash data, and other things.
Microsoft is doing the customer is the product thing that others have done for like the past decade. It is how they can give away Windows 10 upgrades for free, even to pirated copies, and still earn money off of it.
You shouldn't be using Windows but one of the free or open source alternatives instead.
HIPPA compliant offices cannot use Windows 10 because of the tracking it does and patient privacy laws.
Even worse is the Wifi sharing with social networks, if even one of your corporate employees has it turned on, their friends can get access to your Corporate Wifi and it is a security breach. You'll have crackers trying to friend employees on social networks of your company just to get the Windows 10 Wifi sharing password to get into your corporate network.
Even with all of the privacy settings turned off, there is most likely more stuff that phones home.
You know that given enough time video gamers will be forced into DirectX12 and have to use Windows 10. That business apps will be written for Windows 10 and force companies to upgrade. Sooner or later most people will have to upgrade to Windows 10 in order to run the software they need.
Woe be to the person who chooses express settings during startup. They will wonder why their Internet is so slow and woe be to them if they have a tablet with a data plan and wonder why they go over it.
> Even worse is the Wifi sharing with social networks, if even one of your corporate employees has it turned on, their friends can get access to your Corporate Wifi and it is a security breach. You'll have crackers trying to friend employees on social networks of your company just to get the Windows 10 Wifi sharing password to get into your corporate network.
Your first mistake was using a simple WPA pass-phrase to secure your corporate WLAN. If you aren't deploying RADIUS and requiring users either present a valid client certificate or their domain credentials to gain access to your corporate network you have already lost - and this goes for any of your wired ports too...
You'll be amazed at the small and mid-sized companies who don't do that to secure their network. Some even don't have an IT department and have tech savvy employees handle the network for them.
A lawyer of mine has her husband handle their network and PCs. Still running XP and Vista, using ClamAV for AV, has clients access the XP PC to watch videos and they could click on any link or browse any address when they aren't looking. You'll find a lot of small law firms work like that.
Check for connections being made by SearchUI.exe over HTTPS to Bing servers. A tool like TcpView or Wireshark should do the job.
If you really don't have these being made, please share with us your settings, anything you suspect may have disabled these? I've been unable to find anything and I've applied the tweaks from this article, including the GPO changes:
I can confirm this: it also does not happen on my machine.
However, it does download some app images that are displayed in my start menu for apps that are advertised in a "play and explore" category in the Start menu.
If I select Settings in the search menu it says "Online search isn't supported in your region". I can enable Online Search, but even then I need to explicitly select "Web" as opposed to the default "My Stuff" before it opens a browser and connects to Bing.
This machine including privacy settings was migrated from Windows 8.1. When I installed that I selected custom settings and disabled most of the privacy sensitive settings.
Just FYI, Microsoft has one of the clearer Privacy Statements. It's organized by service and provides an overview and then the option to drill-in. You might get some answers in there:
This is not happening to me either. I have disabled many things in the Settings => Privacy menu, I guess it might be related to Cortana (Settings => Privacy menu => Speech, inking, &typing), but I am not enabling it to find out.
It seems there would be a big market for an app with a nice GUI making it possible to change all the privacy settings of Windows 10 (as we go and discover stuff like this) in one single screen.
The in-box Settings app already has a privacy section that is easy to find, has a nice GUI, and breaks down privacy options into reasonable categories (location, contacts, calendar, feedback, devices, ect). Microsoft may need to add a few more options, but overall it's a huge improvement over the privacy controls of Windows 8.1.
I have the feeling. MS implements more Intrusive Adware and Ads in Windows 10 next year. And you basicly will have to decide if you want Ads or pay Monthly for an Advertising free experience (Enterprise Version).
The start menu is a combination web-search and local search. How could it not 'phone home' on a web search? Note the address it is 'phoning home' to is Bing.
As far as what the contents of the package being sent is, I'll assume it is more information than necessary, and probably over-reaching until they get a slap on the wrist, but to call this phoning home is probably a stretch in itself.
-- Edit --
Apparently the search still phones home even if search is disabled, which makes my point mostly... pointless.
I still suspect that this was an example of Microsoft (intentionally) over-reaching and that they'll backpedal on this now that it has been brought to light.
Shame is, it feels like they are breaking any goodwill that the community may have still had left for them.
This occurs with the web search disabled, which is the real concern. Sorry, I couldn't fit it all in the title, HN title limit is very short. I posted it in the thread but clearly people aren't reading that.
EDIT: I've changed the title of the post to clarify this. Hopefully that helps. 80 characters is quite annoying to work with.
I don't see how is that strange considering in WP8 they send all primary contacts and calendar entries to THE CLOUD with no option to opt out and of course without telling the user, and considering what they've shown in Win10. Microsoft clearly hates privacy.
1) I do use app stores (F-Droid, Play etc) but I have no use for the Windows Store. Windows ModernUI apps are basically stripped down versions of more feature-filled desktop applications, so why wouldn't I just use them instead?
2) Secure apps? What does this even mean?
3) I love AI. I play games, so I have to.
4) Again, not even sure what you're suggesting.
5) I do use cloud services. Just not Microsoft, Google or Apple ones.
6) Modern does not immediately equate to good. This kind of thinking is naive.
My Windows machine is for games and games alone. I have no need or want of any of Microsoft's cloud integration.
> My Windows machine is for games and games alone. I have no need or want of any of Microsoft's cloud integration.
Fair enough. You could have skipped the other six points.
> Windows ModernUI apps are basically stripped down versions of more feature-filled desktop applications, so why wouldn't I just use them instead?
Windows ModernUI apps are written to Windows Runtime, not the old Win32 API. This means they are available from a trusted source (not eg Download.com), they are easy to install, can be updated automatically, they are easy to uninstall, they are more controlled than Win32 apps, and they run sandboxed, so they are more secure.
If a ModernUI app does what you need, it would be sensible to run the app rather than a traditional desktop program.
> they are easy to install, can be updated automatically, they are easy to uninstall
I generally don't have problems with any of those things.
> they are more controlled than Win32 apps
Not necessarily a good thing for power users.
> and they run sandboxed, so they are more secure.
Already got my own solution for this.
> If a ModernUI app does what you need, it would be sensible to run the app rather than a traditional desktop program.
That's what I'm saying. In my experience they generally are inferior to most desktop applications that already exist and are far more powerful and featureful. It's been this way since Windows 8 debuted the Windows Store.
If at some point in the future that changes then I'll consider switching over to them properly. Until then, I'll stick with Win32 programs that are...well, better in both UI (in my opinion, they are easier to navigate) and features.
ModernUI apps are just Microsoft's foray into the walled garden ecosystem. I can't blame them for doing it this way, there is a lot of money to be made and Apple and Google are both doing it so they run the risk of being left behind.
I still like control over how my operating system and the applications on it run though. I'm not an error-prone casual user. I don't need the use of my OS and programs dictated to me., nor do I like my applications to be delivered through a single vendor-controlled portal.
> I generally don't have problems with any of those things.
Good for you. Sadly, roughly 1.5 billion people frequently do have problems with all of those things.
> Not necessarily a good thing for power users.
Windows isn't written for power users. If it were, Microsoft would be a very small and very poor company.
> Already got my own solution for this.
Good for you. Sadly, roughly 1.5 billion people don't.
> In my experience they generally are inferior to most desktop applications that already exist and are far more powerful and featureful. It's been this way since Windows 8 debuted the Windows Store.
Absolutely true. But, as you say, the vast bulk of users seem to be very happy with iOS- and Android-level apps. Microsoft's strategy is to run the apps that most people appear to want.
> I can't blame them for doing it this way, there is a lot of money to be made and Apple and Google are both doing it so they run the risk of being left behind.
Yes, well put. That hits the nail right on the head....
I installed Windows 10 yesterday and used it for a couple of hours before coming to the conclusion that I made an error in downgrading from Windows 7. Windows 10 feels more like their phone OS disguised as a desktop OS. Perhaps the most jarring part was how ugly legacy (Windows 7) apps looked in Windows 10. They didn't even bother trying to make these apps look nice. Also, their services are plastered all over the place and there's little you can do to turn these off. And then there's the numerous privacy invasive "features" proactively turned on for you when you install it.
Luckily, you have 30 days to change your mind and return to Windows 7. I did it within hours. I never liked Windows 8 and I think I dislike Windows 10 ever more. No wonder they're giving it away because had they tried to sell it then it would have probably met the same fate as Windows 8.
I wonder - does that get you in the door to do the free upgrade more than a year from now? I wouldn't mind upgrading once 10 has had a little time to age properly.
You have only a year to decide if you want the free upgrade. What I did, however, was record the product key for Windows 10 should I ever decide to go back. In any case, I'm glad to be back on Windows 7. Windows 10 was a horrific experience that signals that you are now the product instead of the consumer.
They already have a large update coming in the Fall and one next Spring that should bring additional features. Of course, fixes to things that are broken should be happening regularly.
I'm presuming this is some kind of analytics function. Just as most sites send DOM events to GA based on every user's activity on your site, I'm guessing Microsoft wants to gather aggregated search patterns to better its usability. It's not cool that they didn't provide an explicit opt-out for this.
I wonder if it'd be possible to either blackhole all this nonsense, or to "quasar" their data servers with preset queries like "I like my privacy", "mind your own business" instead of your original query.
Nope. I mean desktop linux. Every time MS, or Apple, launch a new OS with silly fine print and non-removable malware I get people asking about linux.
Actually, silly ToS language and spyware don't really matter. The entire update/versioning process with MS is so painful that distros like ubuntu start to seem the easier option.
So you're saying that 2015 is finally the year of Linux on the desktop? That prediction has been made before. That prediction has never come true, and never will. IMO.
I installed Windows 10. I turned off Cortana web search so it now only searches for stuff on my laptop. Convenient.
I also turned off all camera and microphone use. Easy enough to turn on if I need it.
Search for "privacy settings"' hit the first link and turn off what you want. (I turned off just about everything.)
I think that as long as I use privacy badger in my web browsers, use duck duck go as my default search engine, and make sure to install security updates and scan daily, that my cheap little Windows 10 laptop is reasonably comparably privacy wise to my two Mac laptops, but less private and secure than my three Linux laptops.
Seriously, I think it is a mistake to talk non-tech family and friends out of using Windows 10. Just help them make the right privacy settings.
...what paranoia are you talking about? The data-slurping defaults are there, that's a fact. They are also (during the installation) hidden under a small link that barely looks like a link at all (not to mention the process necessary to make a local account). When a device is doing local search, there is absolutely no reason to phone anywhere other than sloppy design or more data-slurping.
Additionally, the worst thing is that the average Joe probably won't even notice all those obfuscated settings. Of course a power-user can disable most of it, but it's not about them and that shouldn't be a thing to begin with, especially in a paid software where we are supposed to be the customers.
The thing is, I don't think avoiding Windows 10 is an overreaction at this point.
The default behaviour is highly intrusive. The accompanying privacy policy makes it clear that Microsoft are allowing themselves to hoover up large amounts of personal data. (The first warning sign is that desktop software even needs a privacy policy.)
The new business model, starting with giving Windows 10 away for free and aiming to make money on what you do with it instead, is a fundamental shift from previous Microsoft products under the Windows brand.
Finally, for most users, updates are now automatic and can't be turned off. That means any workarounds that are contrary to Microsoft's new business model can simply be turned off remotely by Microsoft. Nothing you configure in any settings or block in any firewall hosted on the Windows device itself can be trusted.
It's only paranoia if they're not out to get you.
Seriously, I think it is a mistake to talk non-tech family and friends out of using Windows 10. Just help them make the right privacy settings.
You can't make the right privacy settings in this context. They don't appear to exist as far as I can see, but even if they do, they can be altered against your will later. Microsoft's new business model motivates them to do exactly that, and with the Windows 10 terms and privacy policy, you are explicitly consenting to this kind of user-hostile behaviour when you install the OS.
I think it is a mistake not to talk anyone you know out of using Windows 10. You can opt out of using on-line services like Google or Facebook if you are concerned about your privacy. But if you can't even trust your own desktop OS, you essentially have no privacy at all the moment you switch on your computer. Even for a generation that thinks nothing of sharing a lot of personal thoughts and photos on social networks, that is a big step.
> The new business model, starting with giving Windows 10 away for free
There isn't a new business model, and Microsoft is not giving Windows 10 away for free. What it is offering is a free upgrade to Windows 10 to people who have paid for Windows 7 or 8. This isn't really any different from iOS and Android users getting free upgrades on devices they have also paid for. It's what people expect.
> Finally, for most users, updates are now automatic and can't be turned off. That means any workarounds that are contrary to Microsoft's new business model can simply be turned off remotely by Microsoft.
You can't turn off updates to Gmail or Facebook either. Same goes for most mobile apps. Or your Chromebook.
What has changed is that Microsoft is building a cross-platform mobile ecosystem in which Windows 10 is a mobile operating system. Think: cloud-first, mobile-first, and Software as a Service. (Windows 10 will run on phones.)
Now, I'm not saying that the permissions required in Windows 10 are right. What I am saying is that the permissions suitable for a cloud-based cross-platform ecosystem* with a built-in intelligent agent and deep learning (AI) capabilities are not the same as the ones required by an old-fashioned standalone operating system, and should be evaluated in that context.
* Windows 10 devices (phones, tablets, PCs, games consoles), OneDrive, Azure, Office 365 (PCs, Macs, tablets, smartphones), Windows Store, Bing, and dozens of apps on Windows 10, iOS and Android etc. This is comparable to the iOS and Android ecosystems, not to standalone Linux.
You have just stated that there isn't a new business model, and then immediately described in considerable detail a dramatic change where lots of people get a free new version of the OS (which has not happened before) and that new version is no longer a traditional desktop OS like previous versions of Windows but instead a new kind of thing that is about being cross-platform, cloud-friendly, mobile-first, service-driven, and generally more like what Google or Apple would offer. You also glossed over all the spyware and the ads that you can pay^Wsubscribe to remove even running basic software locally on your own system, though you did mention some of the other paid services that Microsoft have made pretty clear they will be promoting via Windows 10. If that isn't a fundamental (and user-hostile) change in business model, I don't know what is.
It's not a change in Windows 10's business model. It's still a paid-for operating system.
> that new version is no longer a traditional desktop OS like previous versions of Windows
It's no longer a traditional desktop OS, but that change is not new to Windows 10. It was already the case with Windows 8.
> You also glossed over all the spyware and the ads that you can pay^Wsubscribe to remove even running basic software locally on your own system
Not really. Windows Store apps behave just like other people's store apps. It's exactly in line with the current culture of "free". I'd guess that Microsoft doesn't like it any more than you do, but thinks it needs to become like Android to prosper in a world that's averse for paying for stuff, or even thinks that paying people to write code is evil.
Windows 10 is designed for people who aren't interested in computing and don't want to be bothered with having to maintain their PC.
There's certainly a change in the technology approach, but the idea of developing point releases may have been sub-optimal for five or 10 years. The idea with Windows 10 is to use Big Data from actual usage to drive continuous improvements. Exactly like Gmail, Facebook etc.
While I agree with you that people are overreacting, I think overreaction is to be expected given that MS chose pretty much the most intrusive defaults possible. People have to opt-out of this stuff rather than opt-in which causes people to lose confidence in MS.
The problem is how do you know that you succeeded at this whack a mole game of switching off all these features? And given this new cavalier approach, what confidence do you have that another of these call home things will not be quietly introduced through these new non optional automatic updates?
I personally choose to pay a premium for my mobile by using an iphone rather an android precisely because I am put off by this constant intrusion into our privacy. So I am not exactly thrilled to see Microsoft adopting the google approach.
There's an alternative appstore, Fdroid https://f-droid.org/, which has 1800 diverse apps at the moment.
You can use and choose your own geolocation provider like opencellid,mozilla, apple, openstreetmap.
This alternative is also part of "The google approach"
When I'm on my deathbed, I don't think I'll say "Damn! I wish I had enabled Javascript back in 2015 so I could read that clickbait article on Windows 10 privacy (or lack thereof)."
All hyperbole aside, I'm glad for HN threads like this. I don't need to read the article to get the gist. And I also gain perspective from all the comments posted here.
Opting into a FF program is voluntarily exchanging your personal info and loyalty to a brand for benefits in pricing. How is that the same as an OS uploading your information from a local search by default in an opt-out model? I'm really not trying to be snarky, I genuinely think I'm missing some point here.
I don't think this is a defining difference here. Sure, doing something by default without telling the customer seems sneaky, but its impact is small in comparison to other leaky privacy products most people use.
What I understand about the matter, the information sent is a regularly regenerated random ID and some machine information. Compare that with a Tesco's Clubcard or Walmart's Credit Card: given the information you provide them with, these companies may know what you eat, how much you spend, where you live. They can judge your income, they can project your financial situation into the future, and they probably know when you go on holiday. And I don't really think people opting in on those products really understand these implications.
I think this issue is overblown only due to it belonging in the area, where most commenters here work. As I see it, there are business practices way more harmful to privacy than this, but are happily ignored by the pop-privacy crowd just because they are convenient and have been in place for a long time.
Most of the stuff complained about in Windows 10 was already in Windows 8 (except Cortana), but "the pop-privacy crowd" has only just discovered it, apparently ;-)
If you opt into the Windows ecosystem, there's no point in complaining about leaking private info. If you care about this, you should choose to run an OS that you control.
Not all of us are all-in on the ecosystem. Personally, I just want to play some games and occasionally do some reverse engineering. Just for that, which was perfectly possible in the past, I should be forced to give up private info?
I'm not saying that building software which does not respect privacy is good. I'm saying that if you choose to use software that is designed by companies that are clearly motivated to monetize your personal info, then that is a trade-off which you accept. Render unto Caesar.
Applications that don't mark themselves as explicitly handling High DPI correctly will be autoscaled up by default in a way that does look pretty blurry (basically their GDI canvases are being bitmap scaled from much lower resolutions for final display) because blurry is better than unreadably small as a default.
You can opt out of this on a per-app basis (right click app icon, Compatibility tab, select "Disable display scaling on high DPI settings") and have them just display everything really tiny if you prefer that. This is actually a decent option if the app has its own scaling but doesn't properly interact with Windows to enable it. I still run Sublime Text 2 and have it set to disable High DPI scaling and then just use a bigger font point size to make the text readable; also used to do the same with Chrome back before it had proper High DPI scaling on Windows (disabled DPI scaling, then just used the normal web page render scaling).
It looked OK on my 4K screen when I installed it. I however fairly quickly went back to 8.1. It's soooo slow, lagging mouse pointer slow. There are lots of 'proportion' issues as well that aren't there with 8.1 (task bar too small, title bars too large), I couldn't get the Display settings to anything close to comfortable.
It also looks a mess, mainly the random font sizes, but also the fact that they've tried to modernise everything, like menus, etc. (that they clearly didn't get around to with W8), but there's still aspects that have been forgotten and are in the W7 style. So there's W7+W8+W10 all in one. I didn't mind so much with W8 because 'modern' was 'over there', and W7 with some flat tweaks is 'over here'. But now it's all thrown together. Not pretty.
Then when it would only randomly 'see' certain domains on my work VPN, and just be blind to others, I'd had enough... and bailed. I've never bailed on an OS before, always given it a chance to settle in. W10 just doesn't feel finished.
That's a consequence of the cheats that MS did a long time ago in how they render TrueType. The short version: instead of properly kerning the rendering, each glyph's x-location is rounded up to the next pixel boundary, causing nasty misalignments (some of which accumulate over the line).
I'll take one for the team here, I think it's important that people know about this and a one-off disclosure of these details is no big deal for me. However, a repeated one, sent with a unique identifier, from any location I bring my machine is more concerning and I know there are people with even greater privacy concerns than myself who will want to know this.
Utilitarianism - OP may have decided that the small amount of damage he's garnered from an IP + MAC leak (both of which are somewhat easily obtainable) was worth informing thousands of people that Microsoft is acting this way.
Source: MITM your iOS traffic.
Sidenote -- a possibly unforeseen side effect of end to end encryption everywhere is that it makes it far more difficult to man in the middle your traffic and hold companies accountable for their privacy policies.