• Alaknár@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    4
    ·
    1 day ago

    I’m always amused at people just randomly talking about telemetry (without understanding what it is), even unprompted.

    Pray tell, why did you feel the need to say it, especially say it this way? I never mentioned anything about telemetry in the first place…

    Oh, wait! Do you believe that the existence of an MS account on your device changes something related to telemetry…?

    • witten@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      20 hours ago

      I mentioned telemetry because Windows (by default) regularly shares information collected from your computer with Microsoft. Some people try to work around that when they could instead invest that time elsewhere (say, installing Linux).

      • Alaknár@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        19 hours ago

        Yes, it does, but telemetry is not what people think it is.

        Remember how Microsoft regularly kills those “cool features” for “no reason at all”? That’s because those that use them have telemetry blocked, so - from MS point of view - it seems like nobody is using them. Why waste dev time on something that nobody uses?

        That’s telemetry. It’s anonymous. It tells them which parts of the OS work, which cause issues, which features are utilised, which aren’t. It’s not spying, it’s diagnostics.

          • Alaknár@sopuli.xyz
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            18 hours ago

            You’re trusting Microsoft’s word that telemetry is anonymous

            Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?

            Microsoft’s word isn’t worth very much:

            Microsoft doesn’t publish detailed breakdowns of telemetry collection, which is a red flag in itself

            Huh?

            especially on the topic

            Oh yeah, Recall, the absolutely horrible… ummm… *checks notes* fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…

            Yeah, truly, the death of privacy is upon us.

            of privacy

            Have you read the article you linked?

            • witten@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              10 hours ago

              Do you honestly and truly believe that nobody has ever analysed these packets? That nobody in any security position, especially in business, has ever checked if sensitive information wasn’t being transmitted? That the entire IT and Data Security world just goes “huh, I guess they’re spying on us, nothing we can do about it”?

              Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.

              Huh?

              I don’t know exactly what that’s referring to, but maybe it’s the fact that some (not all) of the bullet points in this telemetry doc are super high level, leaving much to the imagination: https://learn.microsoft.com/en-us/windows/privacy/optional-diagnostic-data

              Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.

              Oh yeah, Recall, the absolutely horrible… ummm… checks notes fully local and encrypted system… That isn’t even implemented yet… but when it is, you’ll need to manually turn it on…

              Again, without source code, you’re taking Microsoft’s word about all of this. But let’s say it is 100% what they say. An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data. I have a hard time trusting an organization that is so clearly reckless like this. Either they don’t care about user privacy—or they do care and they’re just incompetent. I’m not sure which one is worse.

              Have you read the article you linked?

              Yup.

              • Alaknár@sopuli.xyz
                link
                fedilink
                English
                arrow-up
                1
                ·
                9 hours ago

                Windows telemetry is encrypted, which as you can imagine, makes it hard to analyze.

                OK. Let’s assume nobody has ever gone through it. Do you imagine that - especially in the US - lawyers of massive companies didn’t wring out anything and everything about telemetry?

                Do you imagine companies like JP Morgan, or - famous for money laundering terrorist money - HSBC would be happily using operating systems with “spyware”?

                I don’t know exactly what that’s referring to, but maybe it’s the fact that some (not all) of the bullet points in this telemetry doc are super high level, leaving much to the imagination: https://learn.microsoft.com/en-us/windows/privacy/optional-diagnostic-data

                The one you linked is the Optional Diagnostics Data, this is the one you can disable by toggling telemetry to “basic”.

                Also, even if every last bit of telemetry was completely documented, that doesn’t make it cool to send all that information to a company known for abusing user data.

                So every “power user” disables it, and then complains when Microsoft kills a power-user feature because their data showed that nobody was using it. :D

                Again, without source code, you’re taking Microsoft’s word about all of this

                I mean… You can easily tell if the data is being sent out (massive increase in outbound connections) or if it’s encrypted (… can’t read it without decrypting).

                An earlier version leaked the user’s private information to other processes on the machine and failed to filter out sensitive user data.

                Correct. An early test version had bugs. Colour me shocked.

                Either they don’t care about user privacy—or they do care and they’re just incompetent

                Or… the whole thing was about an early test version and everybody blew this massively out of proportion…

                Yup.

                So you know that the only problem and the reason for the lawsuit was that they were collecting the data in the wrong order (should’ve started with parent consent) and then kept it for too long? Not that they were endangering the children’s data, or gathering too much of it? As in: if they asked for parent’s consent first, THEN gathered the data they gathered, there would be no lawsuit?