A terrifying side-effect of AI is that everything is now potential "training data" and there's financial incentive to vacuum up any and all possible data. The situation on Windows is much worse than Chrome extensions (which have been attempting this for awhile) because of the near non-existent permission limits on Windows. I was shocked to learn just yesterday that Nvidia drivers were doing this. It feels extremely gross, like someone has broken into your home.
This might actually be a good thing. For the longest time, very few people cared about privacy issues, which is why we live in a privacy hellscape today. If AI fears can motivate people to start taking privacy issues seriously, then we might actually see some strong privacy legislation, or more privacy-focused businesses to meet new demand.
I'm still holding out from the days when basically everyone on the internet understood you shouldn't post intimate details about your life online (the age before social ~~cancer~~ media).
I long for a return to common sense. Maybe AI will do the trick, but I doubt it. Plenty of people are happy with behavioral prediction if it means convenience without caring about the implications.
> I long for a return to common sense. Maybe AI will do the trick, but I doubt it. Plenty of people are happy with behavioral prediction if it means convenience without caring about the implications.
The general population isn't going to care about "privacy" in the abstract, that kind of thinking reserved for an activist fringe. IMHO, the only way any progress will every be made on such abstract things is activists influencing government to force the changes.
The general population will respond to realistic fear and danger, though (e.g. witness all the rituals people do to avoid identity theft). Maybe the best way forward is to cultivate fear in people of losing their livelihood to AI, and present these privacy invasions as an attack on that front.
> The general population isn't going to care about "privacy" in the abstract,
Totally agree. It's better to frame it in terms of "Nvidia tracks every porn site you visit and what you do there" or "company x knows everything you buy online and sells it to anyone who can pay".
Well, be careful how you word it. At the core of the problem, nobody has control over their devices. If you beat a drum complaining about Nvidia having DMA access then you have to go after Apple and Microsoft next, which would probably lead to most people getting confused. If they found out about PRISM or XKeyscore, they would probably feel hopeless and give up.
Treating privacy in the abstract is how you help people meaningfully resist it. In the literal sense, we can do very little to ensure our privacy on consumer hardware.
Poison the data wells to such an extent that data becomes unuseful. For hardware drivers, submitting plausible or random info may be a good start. For handset apps which send geolocation, developer mode which spoofs a city circle tour may be a good start.
That said, there's a huge difference between voluntarily offering up personal data in a public forum and having personal data extracted without your consent.
Maybe this is a bit of a hardline stance, but at this point I'd argue that not running extensions like Ublock origin and umatrix is implicit consent to have all that data collected. Not a strongly-held opinion, but boy does it seem like a properly-informed person would use protection to interact online with how diseased the internet has become.
Mind, neither of those are perfect, but they're Pretty Damn Good and everyone should be running something similar at this point.
Oh, we're on the same page there. It is unjust and amoral that "implicit consent" is assumed when collecting data, but that appears to be how things operate.
We're in the Faustian era of the internet, though. The only winning move is not to play.
Another aspect--even if the disclosure is voluntary--involves channels which go through our evolved human social filters (like expectations of how that data will spread) and channels that bypass or subvert them.
For example, if I express a controversial opinion to a friend, some part of my mind is running a safety calculation on that, as well as considering who that person might tell and whether that would make next Thanksgiving with relatives awkward.
In contrast, I'm not thinking (even subconsciously) that some grammar checking software running on the other person's computer is going to pick up on the same keywords and then somehow ding my credit score.
The company or code isn't even a person present anywhere near the conversation. I have a reasonable expectation of privacy, and no amount of flim-flam in a ToS is changing that unless the code pops up like Clippy to signal its presence.
These are really niche issues and most people aren't even aware, let alone care about this. The only real solution to this is some kind of legislation that makes it difficult to carry on with business as usual. I wonder how this data collection squares with GDPR?
> The only real solution to this is some kind of legislation that makes it difficult to carry on with business as usual.
I have watched the voluntary full body scans at TSA checkpoints for years and have concluded people do not care to opt out of any data collection. The people don't care, or how many people do you see opting out of full body scans at TSA? People gleefully pose for TSA's new and voluntary facial recognition.
People go along with coercion even by government, so why do you think we can rely on government to solve privacy issues?
Ha! I get so much shit from my partner because I refuse to go through those scanners.
I don't make a big scene about it, but it's fun to note how much social pressure there is to just follow.
Most Airports are actually totally fine with the opt-out, except the British ones for some reason. "You won't always be able to opt out y'know" - yes mate, but then I probably won't fly anymore.
An airline put me in precheck a few years ago due to FF status. Now it requires an application to government and fingerprint. And global entry (immigration) wants an eyeball scan. Biometric collection to avoid a TSA massage is not privacy.
It basically always required all those things. For a brief period they were doing a trial with frequent fliers, but it was always the exception and never the norm.
But uh, make no mistake, they were only putting you into Pre because they had all the data you are being asked to provide already. The application is like your tax returns - the goal is to see if you provide what they already know, not to surprise them with something new.
That seems reasonable using existing data, but why a finger print?
And I thought the checkpoints were to prevent physical contraband on planes. TSA facial recognition, while also allowing old people and precheck to wear shoes, doesn't stop that.
> These are really niche issues and most people aren't even aware, let alone care about this.
Everyone seems to be aware of the protests in Hollywood, and I don't think it's too much of a stretch to tie that to privacy issues. Those AI models taking artists' jobs were trained with data scraped from the internet. Even if you aren't an artist, there's a risk that the data these companies collect on you will be used to train an AI model that will take your job, so you shouldn't be giving it away for free.
I do think that's a bit of a stretch. Regardless of your opinions on the ethics of AI companies training on scraped data, how is scraping publicly available artistic works a privacy issue?
Me, personally, I might call it unethical and undesirable, but I wouldn't call it an issue of "privacy" on its face.
It's great that the bourgeoisie are treating workers so poorly: maybe soon we can start eating them in public!
I don't feel optimistic about any of this. What we know already is that safety should not be determined by the boundary of "what people take seriously".
> A terrifying side-effect of AI is that everything is now potential "training data" and there's financial incentive to vacuum up any and all possible data.
Good thing that extensive user-tracking by advertising companies already prepared us for it!
Desktop software has been a consistent and egregious offender when it comes to overstepping bounds for a long, long time… especially big corporate desktop software (hi Adobe).
It’s honestly kind of shocking that all desktop OSes didn’t gain something like mobile permissions over a decade ago. macOS has some as do a few configurations of Linux, and yeah Windows is happy to hand over not only your farm but also a few acres from that of your neighbors’ farm to anybody who even suggests slight interest.
I know there’s been much consternation over permissions, sandboxing, etc and how they complicate software development and power user workflows, but I don’t see a path forward where they aren’t necessary.
I feel like most people just want to pretend the privacy respecting alternatives don't even exist so they can give up. See the endless parade of excuses about why people can't help but use Chrome still.
The battle is well and truly lost on Windows but the line is mostly being held on linux still.
Plus any Internet connected and proprietary (as in closed) device.
AI will be trained on home appliances usage, what fridges contain, washing machine cycles, robot lawnmowers cleans, and of course phones, TVs and cars usage. Pretty much every connected and proprietary device, from vehicles down to electric toothbrushes, will phone home usage data that will be used to train AI, besides of course users profiling for marketing purposes.
An old tagline once said something like "Windows, security, networking; choose only two, you can't have them all". Now it would be "proprietary, privacy, connected; ...".
What is the thought process that goes into thinking such a thing is a good idea, then proposing it, arguing for it, and then it being approved (presumably) by product managers and executives?
It's just a downward spiral at this point as each new generation of software and each new year brings a worse and worse privacy default with even more self-justification and half-assed anonymization.
Drivers need to know website usage statistics. Are we really here now?
Add to this a total and utter lack of any interest from any political parties with any chance of being elected to govern a country.
User-hostility in the privacy realm is open slather. It's (more than?) likely to be encouraged by political parties because they can buy and use the data for their, inarguably worse for society, constituent-hostile political gaming.
The pirates are the corporates and there is no law under which the pillaged can seek protection.
Yeah, you can't say a big no-no to private companies doing this and in the same time collect everything on everybody without any good law to back it up, even about hobo half around the world as long as they leave any kind of data trail (or somebody else does on their behalf).
Somebody may connect the dots and uses it against you in election campaigns. So we are where we are, all politicians are well aware of this topic, all pros and cons, but nobody wants to touch it with 10m pole unless they can somehow spin it into their advantage. But then again, politicians have supporters, donations etc. Can't bite the hand that feeds you, can you.
And there is always that cheap argument about 'think about the children...' when terrorists don't terrorize general population enough.
Sadly yes. I've dealt with product managers that want these sort of things, and when I explain why I think it's a bad idea, it completely flies over their head at mach 2. They really don't get it. At least the ones I've dealt with in this context.
As much as I hate to say it, I think trying to push back at the individual level in a corp setting is not going to work.
It's still an invasion of privacy, and Intel has no business knowing I play (and how much), e.g., a gay dating simulator, Postal, Hogwarts Legacy, or any number of other games that either are or will be controversial, incriminating, or just useful as another data point in a personality profile.
So many of the devil's advocate posts justify it by explaining how spying on users can be useful. But the complaint isn't that it's "not useful"!
Exactly, this information being harvested can 100% be used against you.
For example, Texas Attorney General, Ken Paxton, attempted to secure a list of every Texan who changed their gender within the past 24 months, stating they may need drivers license numbers in the future to look up their information. The only reason that didn't happen is because the Department of Public Safety said they couldn't accurately produce that information.
Just imagine a state, or a foreign government subpoenaing or hacking Nvidia to get this information they're collecting. Now that state or foreign government doesn't just have your browser history like if they subpoenaed your ISP. They have everything you did on that computer. What's on your hard drive, what games you played, what devices are connected to your computer, etc.
I try to not go down the slippery slope analogies, but a company having this treasure trove of information on 82% of desktop users is going to make it ripe for hacking and state-sanctioned spying.
You have to understand that national security letters (NSLs) are the tip of the spear here. If the target of surveillance is sufficiently bad or scary, the government has tools and absolutely will use them to get this information. Once that is normalized, and companies literally build platforms to service those requests, then that capability gets pushed down to federal investigators, then local law enforcement.
A tiny scrappy startup like Intel definitely needs to prioritise between YouTube and Twitch optimisation, and the best way to get that information is by spying on everyone, all the time.
the category of a website (out of 30 possible categories??) seems orthogonal to whether or not it had embedded video or webgl, which should be pretty trivial to detect from GPU activity without knowing anything about the contents of the page that contains it.
Have you ever worked in a big company? Appeals to ethics or even common sense won't get you very far. On the other hand, just doing what you're told is expected and rewarded. Like the Emperor's New Clothes. You either play along with the narrow-minded, often cultish, pursuit of whatever is deemed good for "the business", or you leave.
<devils advocate> Knowing what websites people visit and for how long isn’t unreasonable if you want to create a test that mimics how a GPU gets used in practice.
Compare your GPU’s performance with competitors across the top X popular websites looking for outliers. Then start optimizing and retest while regularly updating that list with new data in case something starts to become popular.
They could get this kind of data from a third party, but collecting it themselves is more representative of their customers and possibly cheaper.
I would hope they are looking well pat the top 500, top 5,000 or 50,000 perhaps but then the bottom of larger lists also vary more.
I think we can all agree the most likely explanation isn’t so flattering here, but it’s possible they really are trying to model the real world accurately in their test environment.
I was considering the reverse. How well can they assign a category for a site your visiting if they are only have mapping for the top 500 websites to those 30 categories? Anything they don’t have a mapping for is presumably just ‘other’ which isn’t useful.
ARC gammers will likely be spending a lot of time on game specific message boards for example, but individually few of those websites are going to rank high on global top 500 lists.
Having such wide categories seems useless, but it might help justify fixing bugs on say pornographic websites if a large percentage of users are having issues. Not the kind of conversation you want to have with your boss, but it’s exactly the kind of problem that could harm sales without anyone noticing.
>I don't understand the need to include "the types of websites you visit" in GPU driver telemetry.
Do you visit Youtube and Twitch other streaming services often? Focus on video decoding.
Do you visit sites that heavily utilize graphics[1]? Focus on 3D acceleration.
There are reasons this data can be useful, especially since Intel wants to unfuck their otherwise imperially fucked drivers. Websites aren't just plain text with window dressing anymore, they are entire programs unto themselves.
Do they need telemetry to know this? I could ask around, but I don't think anyone exists who doesn't game and also watch video on the same system.
Should Creative also track my listening habits, to determine whether soundcard development resources need pooled into system sounds or MP3 decoding? Wouldn't that be a tad silly of them?
> I don't think anyone exists who doesn't game and also watch video on the same system.
Actually I have a dedicated computer connected to my TV to watch videos. My gaming computer is dedicated to gaming (and doesn't get much use these days). I have a Linux computer for everything else.
Surely they don't need to monitor the websites you visit to get this information. They can see what the GPU is being asked to do, after all, which would tell them everything they need to know.
I've noticed an influx of awful takes that seem like astroturfing like the one you replied to... Anyway, if you open task manager, they show you what the GPU is doing https://imgur.com/a/gM1pgoI
> Do you visit Youtube and Twitch other streaming services often? Focus on video decoding.
> Do you visit sites that heavily utilize graphics[1]? Focus on 3D acceleration.
This is almost cynical. Why not track your user's eyes and record the screen to see where or if visual fidelity at certain parts is necessary? You know, to optimize the architecture.
I don't think that you did, though. The data that is gathered by monitoring what websites you go to can be obtained without monitoring what websites you go to. So why do they feel the need to monitor what sites you go to?
You're just making up reasons why you think they are collecting this data. You haven't even verified this or actually know anything about why they are collecting it.
No, I didn't confirm anything since I don't work at Intel, but I can make reasonably educated guesses as to why they could want this information.
If you're just going to discuss in bad faith, and I wouldn't be surprised since telemetry is always going to be criticized no matter what, you can take a look at the Hacker News Guidelines[1] and re-evaluate your presence here.
Lmao. Anyone who cares about this likely isn't using Windows to begin with, and has already fallen into some Parabola Trisquel rabbit hole.
Microsoft isn't crippling their user experience considering that doesn't benefit them; it's bad-actors cultivating that idea to push people on less-secure platforms, and/or naive Arch Linux first-time installer bros that want to push the idea of a worst desktop experience everywhere for no deep reason.
Microsoft doing whatever they're doing to Windows benefits the average person who otherwise isn't going to deep lengths to improve their security and experience. I want more people to be as-secure as possible considering they'll become bot net contributors otherwise, or leak data that I share with them in some manner.
> Microsoft isn't crippling their user experience considering that doesn't benefit them
I have to use Windows at work, and have done so for decades. From where I sit, Microsoft is absolutely crippling the user experience. Every release after Win 7 has been a degradation in that.
Compare KDE's Dolphin with Windows's Explorer (tabs, split view, dark theme a decade ago, file size/mod date under filename...)
Ten Dutch guys can make for free a better piece of software than a multi-billion dollar corporation can because better UX isn't profitable when you've already captured 99% of the market. :p
KDE is not relevant or even heard of aside from people on Arch forums and more isolated communities. Heck the rare times I've seen Linux in the wild, guess what DE they were using? It's the one that's actually used by mainstream Linux distros, and even outside of GNOME, I even saw a wild Ubuntu terminal running Unity about a week ago. KDE should stop assisting with fragmenting Linux, or get the DE up-to-par for mainsream distros to use :p
Meanwhile, guess what's the most popular operating systems for workstation use is. You're implying everyone using Windows willingly is dumb and being inefficient. Dolphin works, so does Explorer, Nautilus, and even Thunar. Only two of those are relevant for most people.
I know quite a few Linux users, and not all of them are computer nerds (and none of them use Arch or are part of some small niche group). I'd say about 1/3 of them use Gnome, 1/3 use KDE, and 1/3 use something other than those two.
In general, it seems that those who are used to Windows get along better with KDE.
> KDE should stop assisting with fragmenting Linux
Having a selection of DEs to choose from is not "fragmenting Linux". It's a rather large strength of Linux to be able to select the DE that works best for you. I wish that were possible with Windows!
The fragment part comes from KDE nor GNOME coming close to the efficiency of DWM and Windows Explorer.
DWM and Explorer have low-latency, good hardware-acceleration, and power efficiency down to a T. GNOME 44 isn't on-par. I haven't heard anyone ever compliment KDE in these regards recently and back when I last tried it when Plasma 5 was relatively new it also wasn't up-to-par.
More work should go towards making these GUI toolkits run as efficiently as possible, instead of re-inventing the wheel slowly while macOS and Windows continue going strong.
The only way to make Linux DEs (at least on X11 -- I've never tried Wayland) as smooth as Windows 10's DE, I've found, is to disable composition. And KDE is the only DE I know of that lets you disable composition (yet another reason it's awesome). ;p
You lose transparency and animations, but the smoooooothness is amazing (and it even extends to games)!
I don't recall how smooth Windows 7 or Vista felt, but my conspiracy theory is that Windows lost all that Aero transparency IN ORDER to be so smooth (but that's probably apocryphal).
Nevertheless, Windows's DE and platform limitations are still horrible compared to Linux with KDE. :D As for Mac, that's tantamount to GNOME, so to me it's not worth considering as a contending GUI.
Just wait until you hear about your cursor being tracked on pages and what images and positions on the site you hover and stop scrolling over :p
Intel isn't giving my browser data to enemies of the state. What do you really think Intel is doing with this information?
And yeah, website URLs are important since people want to bootstrap and toss WebGL all over the place needlessly; all that is GPU accelerated. Blame anyone not using a plain-text website.
> Intel isn't giving my browser data to enemies of the state. What do you really think Intel is doing with this information?
I actually have no idea, which is part of the point. The concern isn't [primarily] Intel. Eventually, it will be leaked or sold or shared with third party contractors who will leak or sell it or share with third party contractors who will...
Once private data leaves your system, you have no control over it. The reputation of any one company doesn't protect it.
AMD is what you get without telemetry; crap API support on Windows (they took their already mangled stack and Jay Wilson'd it May 2022), next to no innovation with AI, flopped OpenCL, and have to concede with HIP since CUDA is too good. They can't even fix their botched TPM support that's so bad it had to be disabled globally on Linux.
This is definitely not what I'd be ready to approve:
"Intel provides a long list of the types of data it collects" ... "Those include the types of websites you visit, which Intel says are dumped into 30 categories and logged without URLs or information that identifies you, including how long and how often you visit certain types of sites."
Emphasis mine. I surely don't expect that from a GPU driver company. Damn.
So depending on the categories it would potentially not be sensationalist to say “Intel GPU drivers are recording how much you watch porn”. And this potentially covers a lot of people if integrated video is covered by the same drivers. I suspect I won’t be the only person to adopt a principled position and avoid Intel devices from now on after a lifetime of choosing only Intel.
How are we 2023 and there still not legal protections against this sort of thing. It’s basically the tech version of peeping tom.
My understanding is that Nvidia GPUs require GeForce Experience to enable all of the advertised features, which also includes telemetry that tracks your windows and URLs.
GeForce Experience has telemetry, but I can't tell you if the driver packages from Nvidia has any. There's a Disable-Nvidia-Telemetry tool, but I can't say I know anything about it (I use AMD).
I surely wouldn't call Intel a "GPU driver company" (like how I'd call American Megatrends a BIOS/Firmware company), but rather a Processor company that is also making drivers (but that is neither here nor there).
This is still so weird of them (not weird in the sense I wouldn't put it past them, but weird in a sense that someone even had the idea), even if they make it optional. Like, I don't care if you want to use that information to try to make better drivers by knowing which sites break the GPU, I will report that to you if I feel so inclined to it.
I'd understand if it were "We wanna know what programs are using hardware acceleration", but it's not limited to that...
I never had a goal to reduce Intel to a single role in today's world. Instead:
For a company Y, where Y produces GPU driver, I can't believe there's a plausible explanation for Y to globally collect information about the web sites visited by all users in order to improve the GPU driver code.
The time seems to be getting closer to the ubiquitous need for an 'allow list' for outbound internet connections. OpenSnitch or equivalent (per device) + Pi-Hole / Adguard (per network).
Inverse WEI. Sorry, this request fails our Web Environment Integrity validation, you will not be receiving any data from this device.
> And DNS of HTTPS, so we can't even get all our traffic to go over the same DNS server.
I bet there's a market for something like a user-friendly mitmproxy variant to plug that hole. It might even be able to be a part of pi-hole for pi-hole users.
I bet there would be, but I'd also make a big bet that MS, Google, and Apple will make "trusted TLS chains" or some BS part of the trusted computing model "for your safety".
I know that Nvidia does extensive telemetry with GeForce Experience (the optional but heavily pushed companion software to the driver) but do they do it in the driver package also? The article makes no distinction and says there's no opt out. I thought choosing to not install GeForce Experience was the opt out (though that is not communicated to you at all during installation).
Even if the driver sent data in a format which is easily inspectable by user, and with only benign-looking data, it would be really hard to prove that something nefarious and underhanded is not being sent instead under that guise.
How is that a problem? Nobody is reviewing open-source driver code aside from the people actually working on improving it.
Also lmao; do you really believe Intel is going to sabotage their own platform? If you're doing something so "nefarious and underhanded" on your computer for that to be a concern, you likely have no reason to be concerned since you should be using a platform and OS that makes this a non-issue. Only bad-actors would be concerned and raise this as a point.
Not only bad actors would be concerned. There is a rather small but vocal minority that values privacy extremely high. They make noise, even when a threat of identification, or of siphoning out any consequential information, is extremely low.
To avoid sabotaging their own platform, Intel should remember about that, and give no food for bad PR.
As they write in employment agreements, you should avoid any real conflicts of interests, and also any appearance of conflicts of interests, because if it gets reported in media, but you end up completely clean and conflict-free, the hard-to-repair damage to public perception already would have been done.
Yeah there might be one person discussing this in social media that legitimately values privacy.
If you value privacy, you aren't using Windows. If you value privacy, you should realize that most people only care about it to the extent of it just working, and it only does so for most people running major Windows and macOS desktop operating systems If you value privacy, then you know how to read Microsoft's privacy policy to know what your data is going towards on Windows. And if you value privacy, you can respect why Intel is doing this and also read their privacy policy as to how they use the data.
People are fear-mongering that Intel is taking usage data as if Intel has some interest in using the data maliciously. None of these major companies increasing and gathering telemetry have used the data in a truly malicious manner, unless you twist the wording for specific situations where bad-actors got caught doing bad-actor activity and have to comply with legal requests for information.
This is only beneficial for the audience Intel is targeting.
> If you see where the packets are going you might be able to block at the DNS level.
There are many DNS blocklists out there and some of them do indeed block domain names from known telemetry (aka "spying") services. But if some telemetry directly report to specific IP addresses then blocking at the DNS level won't help.
FWIW my firewall blocks some companies' known IP CIDR blocks (like FB/Meta) and my DNS (unbound) blocks all known malware, porn and telemetry services (among others).
In addition to that the only process allowed to emit ongoing traffic to port 443 is the process running my browser.
Unless they circumvent the system set DNS and use a hard coded one, which many that collect telemetry seem to do. On Android I see lots of traffic to Google's DNS even though I do not use their DNS servers (and it is in fact blocked).
How will this affect GNU/Linux? They mention an installer and a yes/no prompt, which to me implies Windows. If it can be disabled, I suppose distro packagers will likely make the choice for the user when they create the package. Or is this a driver that would be included in the kernel itself?
Intel provides open source drivers GPU drivers for GNU/Linux. As long as that remains true it is unlikely they'd try to collect telemetry through those drivers. If they do, it would get stripped out long before it reaches the kernel.
Yeah that kind of silly selfish behavior is exactly why NVIDIA buries the telemetry deep in their drivers and doesn't offer an option.
Most people have no reason to limit or even be concerned with this. Intel is adding telemetry to improve the GPU drivers. Who would be against improving GPU drivers? Why are you considering Intel hostile?
My takeaway from this was that Nvidia is the only GPU manufacturer that doesn’t even have an opt-out for telemetry and seems to be the least transparent about it.
One question I don't see asked in the various threads covering this: why does windows freely offer such data? At least Intel does give you an opt out (should be opt in really), but other applications can freely collect this data without you knowing.
Windows needs to have much better control maybe a "telemetry" setting to control each apps access to the data, but that would most likely require some serious reengineering.
Just use an app like Simplewall and block outbound connections, you should be doing that anyway as windows sends so much data off to the NSA anyway.
Windows is architected such that any app running as a given user can spy on that user because operations like listing running processes and accessing other processes memory (when run as the same user) are completely unrestricted.
A big part of what makes Windows so free and powerful is that it was architected during a time when security simply wasn't a concern. This is good because it enpowers users to use their computers as they see fit, but also bad because with great powers come great responsibilities that are often thrown to the wind.
So to answer your question of why, the answer is simply that Windows doesn't care.
> A big part of what makes Windows so free and powerful is that it was architected during a time when security simply wasn't a concern.
Wouldn't that be true for BSD and Linux as well? Windows seems to be slow with implementing meaningful security/privacy features to the end user. Windows also has a good track record with backwards compatibility (compared to Linux at least), but that might also be the underlying problem here.
> Wouldn't that be true for BSD and Linux as well?
Depends on how it's done, I think. The security story in the unices is better than in Windows, but you can't lock down any system too tightly or it becomes unbearable for most to use.
But if we're talking system-level drivers, they are in effect extensions of the kernel and largely have administrator rights, whether we're talking Windows or *nix.
Hopefully these destination IP addresses or domains or hosts are bing added to some lists so it can be filtered. Does anyone have these new Intel telemetry destination info.?
While Nvidia's driver installer doesn't ask permission, does anyone happen to know if there's a way after installation to disable their telemetry collection?
I leave mapping out the rest of their IP space as an exercise to the reader.
Found using `whois` against the IPs and domain from that reddit post. Their primary website appears to be on EC2, so nothing terribly useful there. I'm personally expecting companies that do this nonsense to move all their collection infra to EC2 or similar to make it harder to do simple blocks. Those that haven't already.
I'm not familiar with the details of such things, but would it be possible to "port" the Intel's open source Linux GPU driver to Windows? That would make for a working driver without this junk
Even if you were to overcome the massive hurdle of porting a driver between two completely different kernel architectures, you would not be able to load it without enabling driver testing mode at boot time, or without buying a code signing certificate.
Its the wrong priority anyway. Windows is utterly infested with far worse telemetry at this point so it would be like fixing pinhole hull leaks in the titanic after the ship had snapped in half.
> Even if you were to overcome the massive hurdle of porting a driver between two completely different kernel architectures
Hmm, would that be a massive hurdle? I haven't looked at that driver code, but I have done a lot of driver development for both Windows and Linux, and have ported a number of drivers between the two. Sight unseen, it's not obvious to me that this would be a huge hurdle.
The code signing is an issue, but that's a manageable one.
I was most intrigued by the “collect, use, and combine” language. Specifically, I didn’t see anything limiting them to combining only information they collect. So, what’s stopping them from purchasing additional data from data brokers to combine with what they collect in order to develop an even more in-depth profile of you? Nothing in the language quoted.
> Those include the types of websites you visit, which Intel says are dumped into 30 categories and logged without URLs or information that identifies you, including how long and how often you visit certain types of sites.
I want Intel to improve the driver stack I use on my hardware, and if information how I use their graphics stack is useful for that, cool. I continue on my usual usage, and Intel gets data on how to improve the experience for free.
How does anyone expect software to improve if nobody gives feedback? Ya'll know those website surveys, bug report apps in GPU control panels? If people used those, maybe secret telemetry wouldn't be required. It's easier to complain vaguely online in random communities.
Data collection isn't going away. Nor is it inherently harmful, unless you feed into the idea you're intentionally using hostile hardware and software for some reason.
> If people used those, maybe secret telemetry wouldn't be required.
That argument is simple extortion. Secret telemetry is never required, period.
If people are unwilling to volunteer such data, then the devs simply have to do without. If that means that software won't improve[1], too bad.
[1] Which isn't what that means. Software has always been improving even back when spying on people wasn't a feasible thing to do at scale, so spying is clearly not necessary. It's just cheaper than the old ways.
It's not spying. Spying implies being observed without consent, and that the adversary is gaining information to use against you. The average person who is using Windows and likely the only ones to see this do not fall under this.
People were unwilling to volunteer the data exactly because of this fear-mongering. Ya'll act like Intel is sitting in a back room watching flowing logcats of your activity and cherry-picking ones to target you personally, as if some of ya'll are that important lmao :p
It doesn't imply it, that's what it means. If data is being collected about me, my machine, or my use of my machine without my consent, it's spying.
> and that the adversary is gaining information to use against you.
I disagree that this is required in order for it to be spying. The reason it's collected is irrelevant. If I didn't give consent, it's spying.
> Ya'll act like Intel is sitting in a back room watching flowing logcats of your activity and cherry-picking ones to target you personally
I don't think that's what's happening at all, and certainly aren't meaning to imply it. What I think is happening is that data is being collected without consent. What makes it worse is that some of that data is clearly being collected for marketing purposes.
