And what secrets are those? If you think that you are secure because you don't use bitlocker or windows AND THAT'S ALL that you do...you aren't secure, you just have bad UI.
I might just be tired of hearing the same arguments over and over, but it I did see the assertion that BitLocker shouldn't be used to keep your "secrets". As if the choice of which drive encryption software you use on your laptop should be your primary concern when securing yourself against an adversary. (The primary concern is to thoroughly evaluate your adversary and look at your available options for opsec and InfoSec. Maybe you need drive encryption. Maybe you need burners. Maybe you should only use public terminals. Etc. It also means seriously asking yourself if you actually have an adversary or just like to think that you might some day.)
Just sort of saying..."How can you trust MS NOT to have backdoored bitlocker just use Linux. Suck it NSA." Won't actually make you secure.
That's not really accurate. Maybe we can reach out to someone at MS and they can explain exactly what is being sent. It certainly isn't virtually everything that you do...it's something, it's not accurate to say its everything.
MS people frequent this site. Maybe one of them could get some detail on the subject?
It is keystrokes, app you use, browsing and search history, speech, encryption keys.. That's a concerning amount of information.
This is where I strongly prefer the Apple way of signing in with a normal account and -- if you choose -- linking it to an iCloud account. This is very different from the Windows style where MS accounts take over your local login.
I just don't think that's an accurate picture. They aren't recording your voice and storing it somewhere. Browsing and search history are collected by other platforms for predictive browse ahead and autocomplete, and it's a useful feature. App usage is collected for diagnostic purposes.
You don't have to use a MS account. You can use a local account. 10 is different from windows 8 in that regard. You can take Cortana off the taskbar. Use a different browser in incognito mode all the time. Store your encryption keys in a TPM, smartcard, or Active Directory. There are actually lots of options. You have to actually look into it though.
So, a second ago it was that you can't use a local account...but you can, so now it's..."The defaults are bad and people are dumb."
Literally all of the people who install it or buy a PC with it installed have the choice of making that decision or purchase.
And you're right, they won't change the defaults and that's not a travesty of some kind. It actually really doesn't matter to most people. Not because they don't understand it. They do, and they want to use it for one reason or another. People in our technical circles overestimate the importance of this stuff by some fairly crazy amounts.
Since I can't reply to your reply I'm going to post here.
These problems are not mutually exclusive. They are all serious problems.
And you seriously think most people know what that stuff means?
"Oh! Gee thanks Microsoft. Record everything I type in the operating system to make your autocorrect better" or whatever the hell they do with it.
They absolutely do not then realize that when they named a file "my-pot.jpg" and then search for "pot" in Cortana (which is stored by the way.. even for local searches) that information could be used against them in the future.
See http://thenextweb.com/microsoft/2015/07/29/wind-nos/ ; "Windows 10 automatically encrypts the drive its installed on and generates a BitLocker recovery key. That’s backed up to your OneDrive account." Together with the ToS: "We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services."
> We will access, disclose and preserve personal data, including [...] files in private folders
I don't see any language that restricts that to their cloud offerings. It's in the privacy statement that covers windows too.
So unless i'm missing something they're granting themselves the right to disclose your harddrive to government agencies or their own legal department on a good-faith basis.
Every company that has access to your encryption keys can be prompted to give them up with a warrant.
You can keep them from having the key. That's one way around it. Using hardware of some kind (and there are multiple.)
You are also free to use another solution that might meet your strict requirements to personally review the encryption, filesystem, device driver, and memory management code of your operating system to verify it's operating to your specifications. There have literally never been so many options for the privacy minded person with the time to pour through a metric ton of C code.
I believe that you are mistaken. Could they turn over your BitLocker recovery key to the authorities that would then use it to decrypt your HDD that they have already taken from you? Yes.
Are they going to reach out over the internet and take your data? No. They are not going to do that. I follow this stuff really closely. I promise I haven't seen or heard of a capability where they can remotely take data from your machine and turn it over to the government.
The point is that they're granting themselves the permission to do so if anyone ever deemed it necessary and that the user has to agree to their terms to use windows.
So you're basically signing away your rights to privacy. Not based on due process but on "good faith belief".
Someone at microsoft thought there is a need to do that to cover their legal asses. They would only think that in case they anticipated needing it in the future.
You are completely free to not use it. I'm not trying to be a smart-a here. There have never been more options for end users.
You aren't signing away your rights to privacy without due process...that's your part to evaluate. "Is this useful enough to me that it's worth agreeing to this?"
Also, this is version dependent. The TOS for an individual consumer is different than a developer with an MSDN license, and a business with a volume agreement. Do you have different privacy requirements? Are you willing to pay for them? If they can't make money with the product that they built in the manner that they came up with then it isn't illegal, or really even remotely morally odious, for them to ask for a different payment arrangement.
Now. Do I like everything about life in a capitalist national security state? No way. But do I whine when some vendor doesn't do exactly what I want when I'm really not event scratching the surface of enough money to get their attention? Seriously, man.
YOU installed their software. You didn't have to. No one forced you to. Don't like the TOS? Call them and schedule a meeting to talk about coming up with a different arrangement...they will want money for that, but you can certainly have it.
The truth is that there is jack all that I or anyone else can say to you that would change your mind about any of this.
Also, I'm not willing to grant that you are reading the TOS correctly...so there's that point. No offense, but its pretty dense and things that are probably pretty reasonable come across as a privacy invasion to people that are really sensitive on the subject.
I did? I never said so. I'm just looking at their Privacy Statement and find questionable clauses there.
> Also, I'm not willing to grant that you are reading the TOS correctly
I did say that's a possibility from the start. But as long as nobody shows that it's not possible that my reading is not how a lawyer or judge would read it I remain deeply skeptical about it.
There are two approaches: give someone a pile of power over you and trust them not to abuse it, or never give them that power in the first place. Given the repeated demonstrations of what can and does go wrong with the former...
One other thing. A "pile of power over you"...that's not helping, man. They have some commercial legal arrangement that you don't particularly care for. They can't come and kick you in the shin and torture you. They can't beat you to death and plant a weapon on you or anything. We are talking about an issue that is squarely within middle and upper class privilege in an industry that literally could not exist without government defense funding.
Take, for instance, Richard Stallman is an Alumn of Harvard and MIT. There literally can't be a place that is more establishment. So all of that "freedom" is about being able to use an expensive commercial product that was developed with RnD money from the DOD...but somehow it's morally wrong to not ship source code to a compiler? Can you see where I'm coming from here? The moralizing is pretty arbitrary.
Furthermore, if they did give your content to the Government because of a national security letter how is that abuse of power? Should they not comply with the law? I disagree with a lot of the laws that have been passed in support the war efforts of the last decade, but that's kind of the way that democracy works. I lost, but I still have to live by the rules.
I just think that the privacy absolutism that everyone keeps bringing up isn't reasonable. Even Bruce Schneier says that the way that you actually change these things is through the political process.
Power is a boot on your neck. This is more of an inconvenience.
Leaving aside the tangent in your comment (we were talking about governments having access to your encrypted data, not about Free Software)...
> Furthermore, if they did give your content to the Government because of a national security letter how is that abuse of power? Should they not comply with the law?
I fully expect that they would have little choice in doing so if they received a warrant from a government with jurisdiction over them. (Though I'd also be unsurprised if they did so even if asked without a warrant.) I don't want them to have anything to give if asked.
> I just think that the privacy absolutism that everyone keeps bringing up isn't reasonable.
Different people value their privacy differently. If you don't value it as much, feel free to trade it for things you consider more valuable. Don't assume everyone else wants to make the same trade you do, though.
I'm not advocating absolutism. You should be able to have as much or as little privacy as you want, which may even mean different amounts of privacy in different contexts.
> Power is a boot on your neck. This is more of an inconvenience.
The government having full access to the contents of your encrypted drive is an "inconvenience"? I'd hate to know what you consider an abuse of privacy, then.
The whole point of encryption is to keep unauthorized people from having access to your data.
What kind of fee do you have in mind for not using their contract of adhesion? Unless I'm buying thousands of copies of the OS I doubt I can even get that negotiation started.
Some of it's pay as you go, oddly enough. But you are largely correct that more money equals more access to these kinds of things.
There is a company in China that paid them to install Office 365 in their data center. There is an amount of money that will make them install it in your data center, too.
I just think that there has never been more choice for end users and a lot of this stuff about privacy is disingenuous. There are a group of people that wouldn't be happy even if MS released their own version of TAILS and hosted part of the Tor network. (It would be "embrace, extend, extinguish!"..."Tor is part sponsored by the Navy...I be MS gives your Tor traffic directly to the NSA."...It's really not hard to imagine the BS.)
OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.
The other thing is that it sounds like a lot of privacy minded people can't trust BitLocker despite any number of assurances from MS or code reviews by third parties. AND THAT'S OK. Use something else.
EDIT: I forgot to mention that if you are an admin or just operate your own AD installation you can store the key in Active Directory. The behavior is version specific, I think.
EDIT EDIT: I believe that the TOS you are talking about is specifically referring to online services. I don't have time to stop and read it right now, but I think that you are misconstruing the intent.
> OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.
Except that the default is both insecure and privacy-violating.
It's insecure by a standard that you are setting. If they can demonstrate an audit log of every admin who has escalated their permission to logon to the container of your data and access it, including the files they accessed, would that be good? (Because they do that.)
Again privacy-violating by your, arguably, very narrow standard. I'm sorry friend, but you are stating these things as if there's no question as to what you say.
More accurately, you might say that there are higher privacy and audit-ability standards that you would require for your given situation or application. I wouldn't be able to argue with that at all.
If they can demonstrate an audit log of every admin who has escalated their permission to logon to the container of your data and access it, including the files they accessed, would that be good? (Because they do that.)
They are legally prevented from showing you such an audit log if a National Security Letter is involved.
And -unless there have recently been great strides in the NSL gag order battle- they are legally prevented from indicating to you that you or your data has been targeted by an NSL.
Read this warning on release day, went to read this myself and haven't found such statement neither in ToS, nor in Privacy Policy.
This paragraph (about private communications and files in private folders) seems to be gone from their Privacy Policy. Google cache confirms it was present (in PP, not ToS), but I suppose MS spotted had this insane statement and removed in a hurry - or hid somewhere else, deeper in small fine print and with another wording.
(Or maybe I had totally missed something, scrolling through the document and my browser's search function malfunctioned.)
Did you expand the sections in the Privacy Statement [1]? Open the page in Firefox or Chrome, hit F12 to get to the browser console, then run this to expand all the sections:
$('.learnMoreLabel').click()
If you search the page for "disclose", you'll see that that exact wording is no longer present, but very similar wording is in the "Reasons We Share Personal Data" and "Skype - Partner companies" sections.
Of course you did. Large companies have no vested interest in building systems that do the "right thing" for you as defined by tech types like us who are arguably more sensitive on this subject than most people.
They are building services that take your information and try to do something interesting enough with it to make it worthwhile...and why is it on by default? Because they want to make money off of the new features and deep integration with your information.
This isn't news. But it certainly may be another excuse to have the exact same conversation that nothing will come from.
Never mind that data generated and collected from cell phone usage will always make the privacy impinging features of your laptop look tame in comparison.
Never mind that the only way to stop companies from doing this is through the political processes that everyone seems to have written off.
EDIT: Downvoting because someone disagrees with the principal argument of the post is lame. Cheers.
Granted most individuals may not be concerned with these intrusions-by-design, but businesses dealing with sensitive information - or who simply have a vested interest in security - may see this as a reason to forgo the Microsoft Office suite altogether, which is one of Microsoft's few stable revenue streams after all these years.
Exactly. I work for defense attorneys, and they deal with a huge amount of private, protected, highly-confidential data. I honestly don't know how we can keep implementing Microsoft solutions... have been debating switching everything over to Mac.
businesses actually can get a very different deal when it comes to data "sovereignty" issues.
it's really consumers who have the least leverage. If you want an arrangement where your data is encrypted with keys that you store in a tamer proof hardware module you can. It's priced differently, but you certainly can have that. (It's not all that expensive in the scheme of things.)
Something like Cortana could have been built to work locally, using your own resources. But it wasn't. This was an opportunity to say "we're not like Siri and Google Now, we respect your privacy", but instead they built something just like them.
I imagine the resource costs would be too high to really make that worthwhile. The choice is probably between bad privacy settings, a bad personal assistant, or bad battery life and disk usage. Microsoft chose the option that would likely upset the smallest group of people.
I don't buy it. My Windows 10 machines will be Ivy Bridge, Broadwell, and soon Skylake-powered desktop processors running with gobs of excess computing capacity. Voice recognition should be feasible with this hardware, as it has been in the past with Windows 7 and Windows 8's often-ignored voice transcription feature. Furthermore, even if the performance were slightly worse, I would gladly sacrifice some performance for local execution with local data.
Now, I expect that such a local agent would need to have quite a bit of fine-grained control to satisfy privacy concerns (e.g., do you agree to allow me to send your query about films in your zip code to the MSN Movies site to get showtimes?) But I feel the actual processing of the day-to-day personal assistant features is not only eminently feasible on my desktop, but most likely also on my Surface or laptop.
The cloud is pernicious and voracious, its dominion grows quickly enough without needlessly exaggerating the necessity of offloading computation like this. Local computing devices—especially those that conventionally run Windows (desktop PCs and laptops)—are extremely capable.
Cortana is a cloud agent not because of requisite processing power. Illusory local processing deficiency is just a convenient justification for why it doesn't run locally.
But then, I am a strong advocate of personal compute servers and mainstreaming secure private networks. So I am obviously fringe in today's culture that embraces the centralized cloud.
I agree with you with everything except the expectation of performance of your desktop - you're underestimating the ever-growing bloat. Faster hardware is just an excuse for businesses to include more useless shi^H^H^Hvalue-added features and a way to speed up their delivery by caring about performance even less.
WRT cloud, we've already reached the point of ridicule with the new generation of Internet-connected hardware. So many useless webapps (er, "value-added cloud analytics platforms") and so many devices sitting centimeters from each other but communicating all the way around the world. There is absolutely no engineering reason for it to look that way - it's all just attempts to milk users by making them depend on cloud services.
processors running with gobs of excess computing capacity
You're right about the CPU. However, it's possible that good voice recognition also requires gigabytes of data. That wouldn't work so well for a tablet. Or maybe there is some custom hardware (like DSP chips) in the data center that is used? I don't know, I'm just playing devil's advocate.
I do agree with your sentiments. I'm not about to opt in to this garbage. I came of age in the era of the mainframe and I despised the lack of personal control. I won't willingly return to that. Today's cloud is just yesterday's mainframes and time-sharing by another name.
You know they sell things like the Surface 3 using an Intel i3 processor, and still sell Windows tablets with Atom processors, right? Just because you have a 12-core i7 with 320GB of RAM doesn't mean every Windows machine does.
Well, like I said, Windows 7 and 8 had voice transcription support built-in and it worked well on my old computers from 2009, with plenty of CPU capacity to spare. I expect a modern i3 would probably match my desktop i7 from '09.
For now. This crap is going to get a lot harder to avoid when the Intel SGX instructions are widely deployed and it becomes possible to extend the lockdown from SecureBoot to the kernel and kernel-authorized apps.
I suggest fighting it now, while it is still just an annoyance.
But the entire point of the service was to use data mining techniques so that you could use natural language directives to say "add a reminder to my team's calendar to update some presentation in O365, etc"...
Maybe you don't find it that useful, but I think that a lot of people would. It will, in a future release, be genuinely useful. It's getting there.
That's actually how it works. You give it permission to use your O365 account. You give it permission to use your location either at setup or in the config settings at a later date.
A whole host of the Cortana functionality is local that interacts with online services via API's that you authorize.
I don't think that really anything that I say is going to change your mind, but you could check out some of the video's on Channel9 where they go into it in detail. Some of it's pretty good and if you use headphones you can't hear your co-workers talk about stuff that makes you want to slap someone.
The claim that started this thread was that Cortana needed this data to be supplied to Microsoft, as controlled by the privacy settings mentioned in the linked article. If Cortana or similar services don't actually need this data, great; then they shouldn't ask for it or need to have privacy settings that allow it to be sent to Microsoft.
Josh, maybe you don't get how difficult Speech Recognition is now that it comes as standard in your smartphone, but they use Google/Apple (delete as appropriate) servers for a reason. There's a reason people were amazed at the response time of Cortana - local speech recognition that doesn't hog the processor is a big deal.
And connecting to O365 calendars offline? Is that not a stupid concept?
Last time I checked, and it was few years ago, analyzing voice locally was much faster than what phones do today - because well, mobile networks have latency. The round-trip to cloud and back itself can easily take a second.
I'm well aware of how phones handle speech recognition; there are reasons they do so via services that have little to do with the computational difficulty of speech recognition. It's not by any means necessary to upload raw voice data to a server and process it there, especially if we're talking about full computers rather than just phones.
> And connecting to O365 calendars offline? Is that not a stupid concept?
I said "local", not "offline". Though in any case, you should likely have a locally synced cache of your calendar for efficiency and the ability to read it offline. Web apps are quite capable of working while offline.
> And connecting to O365 calendars offline? Is that not a stupid concept?
Did we enter a new era where using your calendar offline is considered a special case ? I would assume there are few people who actively modify the same calendar, and it's pretty easy to tell a user when they modify a calendar offline meaning that it's not synchronized on other devices; is there really a need for making calendars online first ?
There are dialogs and UI hints that come up when the service is first accessed. Is it enough to placate someone who is seriously concerned with online privacy...probably not. It meets the minimum requirements to not be too sneaky.
I made a similar suggestion in a somewhat related topic concerning browsers and was told this is bad UX so it shouldn't be done. Informing people of what's going on and giving them power over their choices is bad UX. Somehow.
UX people can't seem to agree on much of anything. On environments where permissions must be explicitly granted (like iOS), I've seen articles saying to go both ways: "ask for everything right at the start", and "ask immediately before use".
> UX people can't seem to agree on much of anything.
It's almost as if "UX people" isn't referring to "UX person." Go to Stack Overflow and the vast majority of questions have multiple answers, as if "programmer people" can't agree on much of anything.
It's not wrong or evil or even criminally negligent to want programs that you write to work as intended. With new systems that have fancy machine learning based features developers face the difficulty that making an accurate training data set is impossible, especially at the scale at which Microsoft ships its software. Cortana's abilities to be smart assistant all involve polling the data mentioned in the post, sure you can disable all of them and be blissfully disconnected from network assisted features like her and better handwriting recognition. It's a choice and by default there isnt any harm in leaving most of those options enabled, the average user will only benefit from the interaction. It's okay to be conscious about where you're sending your data but its just ridiculous to frame each new feature released by company as morally wrong or "having no vested interest in doing the right thing".
God forbid we become slaves to the evil corporations. /s
I didn't mean to make it sound that way. I actually agree with you completely. I was trying to write for my audience there...my point was just that obviously they will want to gain something from the relationship as well.
You and I are in complete agreement on the subject...I just fell into hyperbole...
That's the thing, though. I find the constant kvetching about privacy the most cynical thing. None of these posts are news, new information, or even a new take on existing information.
He makes some really good points about the way that the capital owning classes actually don't want greater democratic enfranchisement. He also makes some great points about how there doesn't seem to be as much inclination towards revolutionary art.
As people come to grips with the decline of American power and begin to realize that, in fact, we aren't free or special or really living up to any of the high ideals that are described in some of our founding documents and rhetoric you will see more arguments like these.
At the root of his critique is that he really does believe that we are special and this place can be magic. It isn't and it won't be.
EDIT: Libertarianism is a dying hooker licking 9V alkaline batteries for that metallic taste of excitement every time it gets to posit a counterfactual notion about some basic human tenant. It's a foolish sounding semi-sorta ideology when espoused by the middle class who are algorithmically incapable of seeing any benefit from it's implementation and a smug blanket of self-serving satisfaction for the wealthy who use it to make their social position intellectually palatable in a "dinner party" conversational sense.
While the wealthy capitalists in this article may really entertain ludicrous thoughts of building a treehouse-fort-island where they are the biggest bully, they don't do so in any way that might upset their own apple cart's on the way to markets created and policed by a political process that they go out of their way to openly despise but are intravenously connected to in ways that conjoined twins sharing a single heart would consider too close for comfort.
Libertarianism's philosopher's are the unpopular clowns at the children's birthday party of society hoping that bending their "business innovation's" into balloon animals will convince the starving attendees to actually enjoy watching them eat all of the cake. "Look it's a lion! Rawr!"
EDIT EDIT: COME ON. You know that's good. Come on!
In fact I think that you can have a functional Democracy without any freedom. That's kind of what I mean. I don't think that people are interested in freedom and I don't mean that to sound like a tea party fan. I just think that this place wouldn't be the way it is if people were genuinely interested in freedom...in fact it's such a nebulous term that it's almost meaningless.
Remember in Braveheart where Mel WahtsHisFAce rides in front of the soldiers waiting to go into battle to establish yet another monarchy, "What will you do without freedom?" That's a great summation of Americans arguing about freedom during an election cycle. We are an open society. We are a little d democratic society. I don't think that we are a free society.
Sorry for the blahblah blah stuff. It's just been on my mind a lot for some reason. Back to the salt mine.
Thanks for the memories HN, but this just isn't worth it. I could have been coding. From now on I will be.
Adieu.